diff --git a/.coveragerc b/.coveragerc new file mode 100644 index 0000000..738d86f --- /dev/null +++ b/.coveragerc @@ -0,0 +1,27 @@ +[run] +branch = True +source = + ldap + ldif + ldapurl + slapdtest + +[paths] +source = + Lib/ + .tox/*/lib/python*/site-packages/ + +[report] +ignore_errors = False +precision = 1 +exclude_lines = + pragma: no cover + raise NotImplementedError + if 0: + if __name__ == .__main__.: + if PY2 + if not PY2 + +[html] +directory = build/htmlcov +title = python-ldap coverage report diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md new file mode 100644 index 0000000..41306be --- /dev/null +++ b/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,23 @@ +If you found a bug in python-ldap, or would request a new feature, +this is the place to let us know. + +Please describe the issue and your environment here. + +--- + +Issue description: + + + + + + +Steps to reproduce: + + + +Operating system: + +Python version: + +python-ldap version: diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..bab2187 --- /dev/null +++ b/.gitignore @@ -0,0 +1,26 @@ +# Auto-generated +.*.swp +*.pyc +__pycache__/ +.tox +.coverage* +!.coveragerc +/.cache +/.pytest_cache + +# shared libs installed by 'setup.py test' +/Lib/*.so* +/Lib/*.dylib +/Lib/*.pyd + +# Build related +*.egg-info +build/ +dist/ +PKG-INFO + +# generated in the sample workflow +/__venv__/ + +# test dirs +python-ldap-test-* diff --git a/.indent.pro b/.indent.pro new file mode 100644 index 0000000..4e8adc1 --- /dev/null +++ b/.indent.pro @@ -0,0 +1,31 @@ +--blank-lines-after-declarations +--blank-lines-after-procedures +--braces-after-func-def-line +--braces-on-if-line +--braces-on-struct-decl-line +--break-after-boolean-operator +--comment-indentation25 +--comment-line-length79 +--continue-at-parentheses +--dont-cuddle-do-while +--dont-cuddle-else +--indent-level4 +--line-length79 +--no-space-after-casts +--no-space-after-function-call-names +--no-space-after-parentheses +--no-tabs +--procnames-start-lines +--space-after-for +--space-after-if +--space-after-while +--swallow-optional-blank-lines +-T PyCFunction +-T PyObject +-T PyMethodDef +-T LDAP +-T LDAPMod +-T LDAPMessage +-T LDAPControl +-T LDAPObject +-T sasl_interact_t diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..95cc148 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,75 @@ +language: python +group: travis_latest + +cache: pip + +addons: + apt: + packages: + - ldap-utils + - slapd + - enchant + +# Note: when updating Python versions, also change setup.py and tox.ini +matrix: + include: + - os: osx + osx_image: xcode11.4 + language: minimal + env: + - TOXENV=macos + - CFLAGS_warnings="-Wall -Werror=declaration-after-statement" + - CFLAGS_std="-std=c99" + - python: 3.6 + env: + - TOXENV=py36 + - WITH_GCOV=1 + - python: pypy3 + env: + - TOXENV=pypy3 + - CFLAGS_std="-std=c99" + - python: 3.7 + env: + - TOXENV=py37 + - CFLAGS_std="-std=c99" + - WITH_GCOV=1 + - python: 3.8 + env: + - TOXENV=py38 + - CFLAGS_std="-std=c99" + - WITH_GCOV=1 + - python: 3.9 + env: + - TOXENV=py39 + - CFLAGS_std="-std=c99" + - WITH_GCOV=1 + - python: 3.6 + env: + - TOXENV=py3-nosasltls + - WITH_GCOV=1 + - python: 3.6 + env: + - TOXENV=py3-trace + - python: 3.6 + env: TOXENV=doc + allow_failures: + - env: + - TOXENV=pypy3 + +env: + global: + # -Wno-int-in-bool-context: don't complain about PyMem_MALLOC() + # -Werror: turn all warnings into fatal errors + # -Werror=declaration-after-statement: strict ISO C90 + - CFLAGS_warnings="-Wno-int-in-bool-context -Werror -Werror=declaration-after-statement" + # Keep C90 compatibility where possible. + # (Python 3.8+ headers use C99 features, so this needs to be overridable.) + - CFLAGS_std="-std=c90" + # pass CFLAGS, CI (for Travis CI) and WITH_GCOV to tox tasks + - TOX_TESTENV_PASSENV="CFLAGS CI WITH_GCOV" + +install: + - python3 -m pip install "pip>=7.1.0" + - python3 -m pip install tox-travis tox codecov + +script: CFLAGS="$CFLAGS_warnings $CFLAGS_std" python3 -m tox diff --git a/Build/build-openbsd/Makefile b/Build/build-openbsd/Makefile new file mode 100644 index 0000000..40ad81c --- /dev/null +++ b/Build/build-openbsd/Makefile @@ -0,0 +1,29 @@ +WRKDIST= ${.CURDIR}/../.. +VERSION!= sh ${WRKDIST}/Build/version.sh + +PKGNAME= python-ldap-${VERSION} +RUN_DEPENDS= python:lang/python +CATEGORIES= misc +MAINTAINER= leonard@users.sourceforge.net +HOMEPAGE= https://www.python-ldap.org/ + +FAKE= Yes +CONFIGURE_STYLE= gnu +SEPARATE_BUILD= Yes +EXTRACT_ONLY= + +CONFIGURE_ARGS+= --with-ldap=${LOCALBASE} + +do-fetch:; + +#-- put package on sourceforge ftp server +export-ftp: ${PKGFILE} + scp ${PKGFILE} python-ldap.sourceforge.net:/home/groups/ftp/pub/python-ldap/${PKGNAME}-${OPSYS}-${ARCH}${PKG_SUFX} + +post-build: + sed -e 's,^${PREFIX}/,,' <${WRKBUILD}/filelist >${WRKBUILD}/filelist2 + +SED_PLIST+= |sed -e '/^%%filelist/r${WRKBUILD}/filelist2' -e '//d' +ALL_TARGET= build filelist + +.include diff --git a/Build/build-openbsd/pkg/COMMENT b/Build/build-openbsd/pkg/COMMENT new file mode 100644 index 0000000..61e03fc --- /dev/null +++ b/Build/build-openbsd/pkg/COMMENT @@ -0,0 +1 @@ +Python interface to LDAP diff --git a/Build/build-openbsd/pkg/DESCR b/Build/build-openbsd/pkg/DESCR new file mode 100644 index 0000000..9e58e62 --- /dev/null +++ b/Build/build-openbsd/pkg/DESCR @@ -0,0 +1,2 @@ +This Python library provides access to the LDAP (Lightweight Directory Access +Protocol) RFC1823 C interface. diff --git a/Build/build-openbsd/pkg/PLIST b/Build/build-openbsd/pkg/PLIST new file mode 100644 index 0000000..e2fa811 --- /dev/null +++ b/Build/build-openbsd/pkg/PLIST @@ -0,0 +1,3 @@ +@comment $OpenBSD$ +%%filelist +@dirrm lib/python1.6/site-packages/python-ldap diff --git a/Build/setup.cfg.mingw b/Build/setup.cfg.mingw new file mode 100644 index 0000000..ffbd0d8 --- /dev/null +++ b/Build/setup.cfg.mingw @@ -0,0 +1,33 @@ +# Win32 setup.cfg +# You have to edit this file to reflect your system configuration + +# Section for compiling the C extension module +# for wrapping OpenLDAP 2 libs + +# Platform: Win32 +# Compile environment: MinGW +[_ldap] +class = OpenLDAP2 +maintainer = Mauro Cicognini +defines = WIN32 + +# modify these to fit your local configuration +library_dirs = C:/msys/1.0/home/mcicogni/openldap-mingw-build-4/openldap-2.2.18/libraries/libldap_r/.libs C:/msys/1.0/home/mcicogni/openldap-mingw-build-4/openldap-2.2.18/libraries/liblber/.libs C:\msys\1.0\home\mcicogni\openldap-mingw-build-4\openssl-0.9.7e +include_dirs = C:/msys/1.0/home/mcicogni/openldap-mingw-build-4/openldap-2.2.18/include + +extra_compile_args = +extra_objects = + +libs = ldap_r lber ssl crypto ws2_32 gdi32 + +[build] +compiler = mingw32 + +# Installation options +[install] +compile = 1 +optimize = 1 +record = python-ldap_install.log + +[bdist_wininst] +target_version = 2.4 diff --git a/Build/setup.cfg.suse-linux b/Build/setup.cfg.suse-linux new file mode 100644 index 0000000..0a48ef2 --- /dev/null +++ b/Build/setup.cfg.suse-linux @@ -0,0 +1,32 @@ +# Example for setup.cfg +# You have to edit this file to reflect your system configuation + +[_ldap] +# Section for compiling the C extension module +# for wrapping OpenLDAP 2 libs + +library_dirs = /usr/lib/sasl2 +include_dirs = /usr/include/sasl + +extra_compile_args = +extra_objects = + +# Example for full-featured SuSE build: +# Support for StartTLS/LDAPS, SASL bind and reentrant libldap_r. +# This needs recent OpenLDAP 2.0.26+ or 2.1.3+ built with +# ./configure --with-cyrus-sasl --with-tls +libs = ldap_r lber sasl2 ssl crypto + +[install] +# Installation options +compile = 1 +optimize = 1 + +# For SuSE Linux 8.2 +[bdist_rpm] +provides = python-ldap +requires = python openldap2-client openssl cyrus-sasl2 +distribution_name = SuSE Linux 8.2 +release = 1 +packager = Michael Stroeder +doc_files = CHANGES README INSTALL TODO Demo/ diff --git a/Build/setup.cfg.win32 b/Build/setup.cfg.win32 new file mode 100644 index 0000000..7c5270b --- /dev/null +++ b/Build/setup.cfg.win32 @@ -0,0 +1,33 @@ +# Section for compiling the C extension module +# for wrapping OpenLDAP 2 libs + +# Platform: Win32 +# Compile environment: Microsoft Visual Studio .NET 2003 +[_ldap] +class = OpenLDAP2 +defines = WIN32 + +# Cannot have SSL/TLS support under Win32 for the moment +# (OpenLDAP 2.x port is incomplete) +libs = olber32 oldap_r ws2_32 libsasl + +# Set these to your correct Openldap and Cyrus-sasl paths +library_dirs = ../openldap/openldap-2.1.22/Release ../openldap/cyrus-sasl/lib +include_dirs = ../openldap/openldap-2.1.22/include ../openldap/cyrus-sasl/include + +# Needs to compile as /MT ("MS libs to use: multithreaded statically-linked") +# instead of /MD ("MS libs to use: multithreaded DLL") which is distutils' default +# because OpenLDAP libs compile that way, too +# This may change, however +extra_compile_args = /MT +extra_link_args = /NODEFAULTLIB:msvcrt.lib + +# Pull in SASL DLL as a convenience to end-user (which almost never will have it) +# Destination path is a rather crude hack, but site-packages would be created anyway +# Set source path to your Cyrus-sasl lib path +extra_files = Lib/site-packages:../openldap/cyrus-sasl/lib/libsasl.dll + +# Installation options +[install] +compile = 1 +record = python-ldap_install.log diff --git a/CHANGES b/CHANGES new file mode 100644 index 0000000..711b665 --- /dev/null +++ b/CHANGES @@ -0,0 +1,1863 @@ +Released 3.3.0 2020-06-18 + +Highlights: +* ``LDAPError`` now contains additional fields, such as ctrls, result, msgid +* ``passwd_s`` can now extract the newly generated password +* LDAP connections can now be made from a file descriptor + +This release is tested on Python 3.8, and the beta of Python 3.9. + +The following undocumented functions are deprecated and scheduled for removal: +- ``ldap.cidict.strlist_intersection`` +- ``ldap.cidict.strlist_minus`` +- ``ldap.cidict.strlist_union`` + +Modules/ +* Ensure ReconnectLDAPObject is not left in an inconsistent state after + a reconnection timeout +* Syncrepl now correctly parses SyncInfoMessage when the message is a syncIdSet +* Release GIL around global get/set option call +* Do not leak serverctrls in result functions +* Don't overallocate memory in attrs_from_List() +* Fix thread support check for Python 3 +* With OpenLDAP 2.4.48, use the new header openldap.h + +Lib/ +* Fix some edge cases regarding quoting in the schema tokenizer +* Fix escaping a single space in ldap.escape_dn_chars +* Fix string formatting in ldap.compare_ext_s +* Prefer iterating dict instead of calling dict.keys() + +Doc/ +* Clarify the relationship between initialize() and LDAPObject() +* Improve documentation of TLS options +* Update FAQ to include Samba AD-DC error message + "Operation unavailable without authentication" +* Fix several incorrect examples and demos + (but note that these are not yet tested) +* Update Debian installation instructions for Debian Buster +* Typo fixes in docs and docstrings + +Test/ +* Test and document error cases in ldap.compare_s +* Test if reconnection is done after connection loss +* Make test certificates valid for the far future +* Use slapd -Tt instead of slaptest + +Infrastructure: +* Mark the LICENCE file as a license for setuptools +* Use "unittest discover" rather than "setup.py test" to run tests + + +---------------------------------------------------------------- +Released 3.2.0 2019-03-13 + +Lib/ +* Add support for X-ORIGIN in ldap.schema's ObjectClass +* Make initialize() pass extra keyword arguments to LDAPObject +* ldap.controls.sss: use str instead of basestring on Python 3 +* Provide ldap._trace_* atributes in non-debug mode + +Doc/ +* Fix ReST syntax for links to set_option and get_option + +Tests/ +* Use intersphinx to link to Python documentation +* Correct type of some attribute values to bytes +* Use system-specific ENOTCONN value + +Infrastructure: +* Add testing and document support for Python 3.7 +* Add Python 3.8-dev to Tox and CI configuration +* Add Doc/requirements.txt for building on Read the Docs + + +---------------------------------------------------------------- +Released 3.1.0 2018-05-25 + +This release brings two minor API changes: +- Long-deprecated functions `ldap.open()` and `ldap.init()` are removed +- `LDAPObject.compare_s()` and `compare_ext_s` return bool instead of 0 or 1 + +All changes since 3.0.0: + +Lib/ +* Remove long deprecated functions ldap.open() and ldap.init() +* LDAPObject.compare_s() and LDAPObject.compare_ext_s() now return a bool + instead of 1 or 0. +* Make iteration over cidict yield same values as keys() +* Fail if pyasn1 is not installed +* Fix parsing of PPolicyControl ASN.1 structure +* Use items() when appropriate in dict iteration +* Add support for tracing LDAP calls. Tracing can now be enabled with + the env var PYTHON_LDAP_TRACE_LEVEL and redirected to a file with + PYTHON_LDAP_TRACE_FILE. + (This is mainly intended for debugging and internal testing; the + configuration or output may change in future versions.) + +Modules/ +* Fix ref counting bug in LDAPmessage_to_python + +Doc/ +* Remove warning about unreleased version +* Doc: Replace Mac OS X -> macOS + +Tests/ +* Add tests and coverage for tracing +* Disable warnings-as-errors for Python 3.4 +* Fix assertTrue to assertEqual +* Mark several test values as bytes + +Lib/slapdtest/ +* Fix error message for missing commands +* Make SlapdObject a context manager +* Disable SASL external when missing SASL support +* Make SlapdObject.root_dn a property +* In SlapdObject, build include directives dynamically +* Move import statements to top level + +Code style: +* Add Makefile rules for automatic formatting of C and Python code +* Reformat and indent all C files +* Trim white space throughout the project + +Infrastructure: +* Add py3-trace tox environment to Travis CI config +* Add new Pytest cache directory to gitignore + +General: +* Update all pypi.python.org URLs to pypi.org + + +---------------------------------------------------------------- +Released 3.0.0 2018-03-12 + +Notable changes since 2.4.45 (please see detailed logs below): +* Python 3 support and bytes_mode + see: https://python-ldap.readthedocs.io/en/latest/bytes_mode.html +* The module `ldap.async` is renamed to `ldap.asyncsearch` +* New dependencies: pyasn1, pyasn1_modules +* Dropped support for Python 2.6 and 3.3 + + +Changes since 3.0.0b4: + +Lib/ +* Add bytes_strictness to allow configuring behavior on bytes/text mismatch + +Modules/ +* Add argument name to bytes mode TypeError +* Use correct integer types for BER encode/decode (fix for big endian machines) + +Test/ +* Set $LDAPNOINIT in all tests +* Add test for secure TLS default +* Ignore SASL methods in DSE test (fix for restricted environments) +* Remove filterstr workaround from syncrepl test +* Explicitly set TLS_REQUIRE_CERT option to TLS_HARD in test_tls_ext_noca + +Doc/ +* Link to bytes mode from text-string arguments in the ldap module + +Infrastructure: +* Include lber in list of libraries in setup.cfg + +---------------------------------------------------------------- +Released 3.0.0b4 2018-01-10 + +Changes since 3.0.0b3: + +Removed support for Python 3.3, which reached its end-of-life 2017-09-29. + +Lib/ +* Make default argument values work under bytes_mode +* Update use of map() to use list/set comprehensions instead + +Test/ +* Refactor syncrepl tests to run with bytes_mode + +Doc/ +* Document all_records attribute of LDIFRecordList + + +---------------------------------------------------------------- +Released 3.0.0b3 2017-12-20 + +Changes since 3.0.0b2: + +The functions `ldap.open()`, `ldap.init()`, `ldif.CreateLDIF()` +and `ldif.ParseLDIF()`, which were deprecated for over a decade, +are scheduled for removal in python-ldap 3.1. + +Infrastructure: +* Require setuptools to build +* Start running automatic tests on PyPy + +Lib/ +* When raising LDAPBytesWarning, give helpful code locations +* Use modern Python idioms in several places +* Avoid reimplementing UserDict.get() in cidict and models.Entry + +Doc/ +* Use https links + +Test/ +* Add reproducer for openldap's NSS shutdown/restart issue +* Make testing on non-Linux platforms easier + + +---------------------------------------------------------------- +Released 3.0.0b2 2017-12-11 + +Changes since 3.0.0b1: + +The module `ldap.async` is renamed to `ldap.asyncsearch`, due to +`async` becoming a keyword in Python 3.7. +The old module name is deprecated, but will be available as long +as Python 3.6 is supported. + +Lib/ +* Use custom ldap.LDAPBytesWarning class +* Rename ldap.async to ldap.asyncsearch + +Modules/ +* Support None for set_option(OPT_TIMEOUT) and OPT_NETWORK_TIMEOUT +* Fix error reporting of LDAPObject.set_option() +* Change memory handling in attrs_from_List() + +Test/ +* Remove workaround for OpenLDAP NSS issue + +Demo/ +* Use uniform shebang in all demos + +Doc/ +* Provide build deps for Alpine and CentOS +* Move sample workflow out of the main Contributing guide + +Infrastructure: +* Add valgrind target to check for memory leaks +* Minimal configuration for pytest + + +---------------------------------------------------------------- +Released 3.0.0b1 2017-12-04 + +Changes since 2.4.45: +(this list includes changes from 2.5.x) + +New dependencies (automatically installed when using pip): +* pyasn1 0.3.7+ +* pyasn1_modules 0.1.5+ + +Python 3 support and bytes_mode: +* merged from the pyldap fork (https://github.com/pyldap) +* please see documentation on bytes_mode and text/bytes handling: + https://python-ldap.readthedocs.io/en/latest/bytes_mode.html + +Removed support for Python 2.6. + +Infrastructure: +* Move to Git +* Don't define search path for includes and libs in the default setup.cfg +* Include sasl/sasl.h from the standard path +* Re-format README to ReStructured Text +* Setup for automatic testing using Travis CI +* Add coverage reporting for Python and C +* Add install requires into setup.py +* Remove distclean.sh in favor of make clean +* Use `package`, `depends`, `install_requires` in setup.py +* Add make target for scan-build (static analysis using clang) +* Add make target and suppression file for Valgrind (memory checker) + +Modules/ +* Remove unused LDAPberval helper functions +* Fix type conversion in page control +* Fix multiple ref leaks in error-handling code +* Fix reference leak in result4 +* Fix several compiler warnings +* Fix memory leak in whoami +* Fix internal error handling of LDAPControl_to_List() +* Fix two memory leaks and release GIL in encode_assertion_control +* Allow set_option() to set timeouts to infinity +and, thanks to Michael Ströder: +* removed unused code schema.c +* moved code from version.c to ldapmodule.c +* removed obsolete back-ward compability constants from common.h +* build checks whether LDAP_API_VERSION is OpenLDAP 2.4.x +* _ldap.__author__ and _ldap.__license__ also set from ldap.pkginfo +* assume C extension API for Python 2.7+ + +Lib/ +* Avoid eval() for getting module-level variables to fix running under pytest +* Compability changes for pyasn1 0.3 or newer +and, thanks to Michael Ströder: +* ldap.__version__, ldap.__author__ and ldap.__license__ now + imported from new sub-module ldap.pkginfo also to setup.py +* Added safety assertion when importing _ldap: + ldap.pkginfo.__version__ must match _ldap.__version__ +* removed stand-alone module dsml +* slapdtest.SlapdObject.restart() just restarts slapd + without cleaning any data +* The methods SSSResponseControl.decodeControlValue() and + VLVResponseControl.decodeControlValue() now follow the coding + convention to use camel-cased ASN.1 name as class attribute name. + The old class names are still set for back-ward compability + but should not be used in new code because they might be removed + in a later release. +* removed SSSRequestControl from ldap.controls.KNOWN_RESPONSE_CONTROLS +* removed all dependencies on modules string and types +* removed use of .has_key() +* removed class ldap.ldapobject.NonblockingLDAPObject +* new global constant ldap.LIBLDAP_API_INFO +* right after importing _ldap there is a call into libldap to initialize it +* method .decodeControlValue() of SSSResponseControl and VLVResponseControl + does not set class attribute result_code anymore +* always use bytes() for UUID() constructor in ldap.syncrepl +* module ldif now uses functions b64encode() and b64decode() +* fixed pickling and restoring of ReconnectLDAPObject + +Lib/slapdtest +* Automatically try some common locations for SCHEMADIR +* Ensure server is stopped when the process exits +* Check for LDAP schema and slapd binaries +* slapdtest is now a package and includes testing certificates + +Tests/ +* Expand cidict membership test +* Add test suite for binds +* Add test suite for edits +* Add a smoke-check for listall() and attribute_types() +* Add test case for SASL EXTERNAL auth +* Add tests for start_tls +* In CI, treat compiler warnings as fatal errors +* Added tests for ldap.syncrepl +and, thanks to Michael Ströder: +* added explicit reconnect tests for ReconnectLDAPObject +* scripts do not directly call SlapdTestCase.setUpClass() anymore +* added LDIF test with folded, base64-encoded attribute +* added more tests for sub-module ldap.dn + +Doc/ +* Build documentation without the compiled C extension +* Merge contents from python-ldap.org +* Move reference documentation in its own section +* Document return value of {modify,add,delete}_ext_s() as a tuple +* Add tests for documentation (build & spelling) +* Link to documentation of old versions +* Add a contributing guide + +---------------------------------------------------------------- +Released 2.4.45 2017-10-09 + +Changes since 2.4.44: + +Lib/ +* Fixed reraising of wrong exception in SimpleLDAPObject._ldap_call() + (thanks to Aigars Grins) + +Tests/ +* removed work-around in t_cext.py + +---------------------------------------------------------------- +Released 2.4.44 2017-09-08 + +Changes since 2.4.43: + +Modules/ +* more fine-grained GIL releasing in function l_ldap_result4() + +---------------------------------------------------------------- +Released 2.4.43 2017-09-06 + +Changes since 2.4.42: + +Lib/ +* fixed passing all arguments from LDAPObject.sasl_non_interactive_bind_s() + to LDAPObject.sasl_interactive_bind_s() + +Tests/ +* added test for LDAPObject.sasl_external_bind_s() + +Doc/ +* added docs for SASL bind methods +* more references +* better sorting of LDAPObject methods + +---------------------------------------------------------------- +Released 2.4.42 2017-09-04 + +Changes since 2.4.41: + +Lib/ +* added new SlapdObject methods _ln_schema_files() and + _create_sub_dirs() +* SlapdObject methods setup_rundir() and gen_config() + are now "public" methods +* removed pseudo test script from module ldap.cidict + +Tests/ +* added sub-module for testing class ldap.cidict.cidict +* avoid deprecated method alias unittest.TestCase.assertEquals + +---------------------------------------------------------------- +Released 2.4.41 2017-07-12 + +Changes since 2.4.40: + +Lib/ +* Added support for increment: lines in LDIF changes records + +---------------------------------------------------------------- +Released 2.4.40 2017-06-27 + +Changes since 2.4.39: + +Modules/ +* fixed memory leaks when using extended controls + (thanks to Erik Cumps) + +---------------------------------------------------------------- +Released 2.4.39 2017-05-31 + +Changes since 2.4.38: + +Lib/ +* fixed errno-related ldap.TIMEOUT regression + +Lib/slapdtest.py +* Removed obsolete assert statements + +---------------------------------------------------------------- +Released 2.4.38 2017-04-28 + +Changes since 2.4.37: + +Lib/slapdtest.py +* SlapdObject now evaluates env var SLAPD for optionally pointing + to OpenLDAP's slapd executable (e.g. with OpenLDAP LTB builds) +* added LDAPI support in slaptest.SlapdObject which is internally used + in methods ldapadd() and ldapwhoami() +* added method slaptest.SlapdObject.ldapmodify() +* fixed enabling logger in slaptest +* directory name now contains port to be able to run several SlapdObject + instances side-by-side (e.g. with replication) +* added authz-regexp mapping to rootdn for user running the test +* internally use SASL/EXTERNAL via LDAPI to bind +* SlapdObject.server_id used as serverID in slapd.conf for MMR +* Removed method SlapdObject.started() because SlapdTestCase.setUpClass() + will be used to add initial entries + +Tests/ +* ReconnectLDAPObject is also tested by sub-classing test class + +---------------------------------------------------------------- +Released 2.4.37 2017-04-27 + +Changes since 2.4.36: + +Lib/ +* fixed errno-related regression introduced in 2.4.35 + +Tests/ +* added more checks to t_cext.py +* renamed t_search.py to t_ldapobject.py and code-cleaning +* added test for errno-related regression to t_ldapobject.py + +---------------------------------------------------------------- +Released 2.4.36 2017-04-26 + +Changes since 2.4.35: + +Lib/ +* gracefully handle KeyError in LDAPObject._ldap_call() when + using errno +* added new stand-alone module slapdtest (formerly Tests/slapd.py) + for general use (still experimental) + +Tests/ +* re-factored t_cext.py and t_search.py +* set env var LDAPNOINIT=1 in t_cext.py and t_search.py to avoid + interference with locally installed .ldaprc or ldap.conf +* by default back-mdb is now used for slapd-based tests + which requires fairly recent OpenLDAP builds but implements + full feature set +* env vars can be set for slapd.py to tweak path names + of executables, temporary and schema data to be used +* new class SlapdTestCase + +---------------------------------------------------------------- +Released 2.4.35 2017-04-25 + +Changes since 2.4.33: +(2.4.34 is missing because of foolish pypi version madness) + +Modules/ +* use errno in a safer way +* set errno as LDAPError class item +* do not use strerror() which is not thread-safe and platform-specific + +Lib/ +* LDAPObject._ldap_call() sets LDAPError info to value returned + by platform-neutral os.stderror() + +---------------------------------------------------------------- +Released 2.4.33 2017-04-25 + +Changes since 2.4.32: + +Lib/ +* faster implementation of ldap.schema.tokenizer.split_tokens() + (thanks to Christian Heimes) +* removed unused 2nd argument of ldap.schema.tokenizer.split_tokens() +* fixed method calls in ReconnectLDAPObject (thanks to Philipp Hahn) + +Modules/ +* an empty info message is replaced with strerror(errno) if errno is non-zero + which gives more information e.g. in case of ldap.SERVER_DOWN + (thanks to Markus Klein) +* removed superfluous ldap_memfree(error) from LDAPerror() + (thanks to Markus Klein) + +Tests/ +* re-factored t_ldap_schema_tokenizer.py + +---------------------------------------------------------------- +Released 2.4.32 2017-02-14 + +Changes since 2.4.31: + +Running tests made easier: +- python setup.py test +- added tox.ini + +---------------------------------------------------------------- +Released 2.4.31 2017-02-14 + +Changes since 2.4.30: + +Tests/ +* new test scripts t_ldap_schema_tokenizer.py and t_ldap_modlist.py + on former raw scripts (thanks to Petr Viktorin) +* new test-cases in t_ldapurl.py based on former raw scripts + (thanks to Petr Viktorin) +* new test-cases in t_ldap_dn.py +* moved a script to Demo/ + +---------------------------------------------------------------- +Released 2.4.30 2017-02-08 + +Changes since 2.4.29: + +Lib/ +* compability fix in ldap.controls.deref to be compatible to + recent pyasn1 0.2.x (thanks to Ilya Etingof) + +---------------------------------------------------------------- +Released 2.4.29 2017-01-25 + +Changes since 2.4.28: + +Modules/ +* Fixed checking for empty server error message + (thanks to Bradley Baetz) +* Fixed releasing GIL when calling ldap_start_tls_s() + (thanks to Lars Munch) + +---------------------------------------------------------------- +Released 2.4.28 2016-11-17 + +Changes since 2.4.27: + +Lib/ +* LDAPObject.unbind_ext_s() invokes LDAPObject._trace_file.flush() + only if LDAPObject._trace_level is non-zero and Python is running + in debug mode +* LDAPObject.unbind_ext_s() now ignores AttributeError + in case LDAPObject._trace_file has no flush() method +* added dummy method ldap.logger.logging_file_class.flush() because + LDAPObject.unbind_ext_s() invokes it + +---------------------------------------------------------------- +Released 2.4.27 2016-08-01 + +Changes since 2.4.26: + +Lib/ +* added 'strf_secs' and 'strp_secs' to ldap.functions.__all__ +* fixed regression introduced with 2.4.26: + ldif.LDIFParser did not fully parse LDIF records without trailing empty + separator line + +---------------------------------------------------------------- +Released 2.4.26 2016-07-24 + +Changes since 2.4.25: + +Installation: +* added ldap.controls.sss to py_modules in setup.py + +Lib/ +* LDAPObject.unbind_ext() now removes class attribute + LDAPObject._l to completely invalidate C wrapper object +* LDAPObject.unbind_ext() now flushes trace file +* ldap.ldapobject.SimpleLDAPObject: + added convenience methods read_rootdse_s() and get_naming_contexts() +* added functions ldap.strf_secs() and ldap.strp_secs() +* added function ldap.filter.time_span_filter() +* Refactored ldif.LDIFParser + * ldif.LDIFParser.version ís now Integer + * ignore multiple empty lines between records +* Fixed ldap.dn.is_dn() + +Modules/ +* Fixed #69 Segmentation fault on whoami_s after unbind + (thanks to Christian Heimes and Petr Viktorin) + +Tests/ +* Fixed result3() being used instead of correct result4() + (see #66, thanks to David D. Riddle) +* Tests/slapd.py honors env var $TMP instead of just using + hard-coded /var/tmp +* Tests/slapd.py now expects schema to be in /etc/openldap/ +* Tests/t_ldapurl.py now independent of module ldap +* Tests/t_ldif.py now has more test-cases including change records +* added some more test scripts for sub-modules ldap.dn, ldap.filter and + ldap.functions (not complete yet) + +---------------------------------------------------------------- +Released 2.4.25 2016-01-18 + +Changes since 2.4.23: +(2.4.24 is missing because of foolish pypi version madness) + +Lib/ +* Fix for attrlist=None regression introduced in 2.4.23 + by ref count patch + +---------------------------------------------------------------- +Released 2.4.23 2016-01-17 + +Changes since 2.4.22: + +Modules/ +* Ref count issue in attrs_from_List() was fixed + (thanks to Elmir Jagudin) + +---------------------------------------------------------------- +Released 2.4.22 2015-10-25 + +Changes since 2.4.21: + +Lib/ +* LDIFParser now also accepts value-spec without a space + after the colon. +* Added key-word argument authz_id to LDAPObject methods + sasl_non_interactive_bind_s(), sasl_external_bind_s() and + sasl_gssapi_bind_s() +* Hmmpf! Added missing self to LDAPObject.fileno(). +* ReconnectLDAPObject.sasl_bind_s() now correctly uses + generic wrapper arguments *args,**kwargs +* Correct method name LDIFParser.handle_modify() +* Corrected __all__ in modules ldap.controls.pwdpolicy and + ldap.controls.openldap + +Doc/ +* Started missing docs for sub-module ldap.sasl. + +---------------------------------------------------------------- +Released 2.4.21 2015-09-25 + +Changes since 2.4.20: + +Lib/ +* LDAPObject.read_s() now returns None instead of raising + ldap.NO_SUCH_OBJECT in case the search operation returned emtpy result. +* ldap.resiter.ResultProcessor.allresults() now takes new key-word + argument add_ctrls which is internally passed to LDAPObject.result4() + and lets the method also return response control along with the search + results. +* Added ldap.controls.deref implementing support for dereference control + +Tests/ +* Unit tests for module ldif (thanks to Petr Viktorin) + +---------------------------------------------------------------- +Released 2.4.20 2015-07-07 + +Changes since 2.4.19: + +* New wrapping of OpenLDAP's function ldap_sasl_bind_s() allows + to intercept the SASL handshake (thanks to René Kijewski) + +Modules/ +* Added exceptions ldap.VLV_ERROR, ldap.X_PROXY_AUTHZ_FAILURE and + ldap.AUTH_METHOD_NOT_SUPPORTED + +Lib/ +* Abandoned old syntax when raising ValueError in modules ldif and + ldapurl, more information in some exceptions. +* ldap.ldapobject.LDAPObject: + New convenience methods for SASL GSSAPI or EXTERNAL binds +* Refactored parts in ldif.LDIFParser: + - New class attributes line_counter and byte_counter contain + amount of LDIF data read so far + - Renamed some internally used methods + - Added support for parsing change records currently limited to + changetype: modify + - New separate methods parse_entry_records() (also called by parse()) + and parse_change_records() + - Stricter order checking of dn:, changetype:, etc. + - Removed non-existent 'AttrTypeandValueLDIF' from ldif.__all__ +* New mix-in class ldap.controls.openldap.SearchNoOpMixIn + adds convience method noop_search_st() to LDAPObject class +* Added new modules which implement the control classes + for Virtual List View (see draft-ietf-ldapext-ldapv3-vlv) and + Server-side Sorting (see RFC 2891) (thanks to Benjamin Dauvergne) + Note: This is still experimental! Even the API can change later. + +---------------------------------------------------------------- +Released 2.4.19 2015-01-10 + +Changes since 2.4.18: + +Lib/ +* Fixed missing ReconnectLDAPObject._reconnect_lock when pickling + (see SF#64, thanks to Dan O'Reilly) +* Added ldap.controls.pagedresults which is pure Python implementation of + Simple Paged Results Control (see RFC 2696) and delivers the correct + result size + +---------------------------------------------------------------- +Released 2.4.18 2014-10-09 + +Changes since 2.4.17: + +Lib/ +* Fixed raising exception in LDAPObject.read_s() when reading + an entry returns empty search result + +---------------------------------------------------------------- +Released 2.4.17 2014-09-27 + +Changes since 2.4.16: + +Lib/ +* New hook syncrepl_refreshdone() in ldap.syncrepl.SyncReplConsumer + (thanks to Petr Spacek and Chris Mikkelson) + +Modules/ +* Added support for getting file descriptor of connection + with ldap.OPT_DESC + +---------------------------------------------------------------- +Released 2.4.16 2014-09-10 + +Changes since 2.4.15: + +Lib/ +* New convenience function ldap.dn.is_dn() +* New convenience function ldap.escape_str() +* New convenience methods LDAPObject.read_s() and + LDAPObject.find_unique_entry() +* Fixed invoking start_tls_s() in ReconnectLDAPObject.reconnect() + (thanks to Philipp Hahn) + +---------------------------------------------------------------- +Released 2.4.15 2014-03-24 + +Changes since 2.4.14: + +Lib/ +* Added missing modules ldap.controls.openldap and + ldap.controls.pwdpolicy to setup.py +* Added missing imports to ldap.controls.pwdpolicy +* Fixed ldap.controls.pwdpolicy.decodeControlValue() to decode + string of digits +* Support for X-SUBST in schema element class LDAPSyntax +* Support for X-ORDERED and X-ORIGIN in schema element class AttributeType +* ldapurl: New scope 'subordinates' defined in + draft-sermersheim-ldap-subordinate-scope + +Modules/ +* New constant ldap.SCOPE_SUBORDINATE derived from ldap.h for + draft-sermersheim-ldap-subordinate-scope +* Fixed constant ldap.sasl.CB_GETREALM (thanks to Martin Pfeifer) + +---------------------------------------------------------------- +Released 2.4.14 2014-01-31 + +Changes since 2.4.13: + +Lib/ +* Added ldap.controls.openldap.SearchNoOpControl +* New method ldap.async.AsyncSearchHandler.afterFirstResult() + for doing something right after successfully receiving but before + processing first result +* Better log data written when invoking ldap.LDAPLock.acquire() and + ldap.LDAPLock.release() +* LDAPObject and friends now pass `desc' to ldap.LDAPLock() which + results in better logging +* ldapobject.ReconnectLDAPObject now uses internal class-wide + lock for serializing reconnects +* Method signature of ReconnectLDAPObject.reconnect() changed to be able + to call it with separate retry_max and retry_delay values + +Modules/ +* Added support for retrieving negotiated TLS version/cipher + with LDAPObject.get_option() with the help of upcoming OpenLDAP libs + +---------------------------------------------------------------- +Released 2.4.13 2013-06-27 + +Changes since 2.4.12: + +Lib/ +* ldapobject.ReconnectLDAPObject._apply_last_bind() now sends + anonymous simple bind request even if the calling application + did not to provoke ldap.SERVER_DOWN in method reconnect() +* ldapobject.ReconnectLDAPObject.reconnect() now also catches + ldap.TIMEOUT exception after reconnection attempt +* Several other fixes for ldapobject.ReconnectLDAPObject + (thanks to Jonathan Giannuzzi) + +---------------------------------------------------------------- +Released 2.4.12 2013-06-01 + +Changes since 2.4.11: + +Lib/ +* Truly optional import of PyAsn1Error exception which should + not fail anymore if pyasn1 is not installed + +---------------------------------------------------------------- +Released 2.4.11 2013-05-27 + +Changes since 2.4.10: + +Lib/ +* ldap.controls.DecodeControlTuples() now simply ignores + PyAsn1Error exception raised during decoding malformed + response control values in case of non-critical controls. +* ldif.LDIFWriter.unparse() does not simply skip empty + records anymore. + +---------------------------------------------------------------- +Released 2.4.10 2012-06-07 + +Changes since 2.4.9: + +Lib/ +* ldapobject.ReconnectLDAPObject.reconnect() now preserves + order of options set with LDAPObject.set_option before. + This is needed e.g. for setting connection-specific TLS options. + +Demo/ +* Better version of Demo/pyasn1/syncrepl.py + (thanks to Ben Cooksley) + +---------------------------------------------------------------- +Released 2.4.9 2012-03-14 + +Changes since 2.4.8: + +Lib/ +* ldapobject.ReconnectLDAPObject.reconnect() now does kind of + an internal locking to pause other threads while reconnecting + is pending. +* Changes to bind- and startTLS-related operation methods of + class ReconnectLDAPObject for more robustness +* New constant ldap.OPT_NAMES_DICT contains mapping from + integer to variable name for all option-related constants. + +---------------------------------------------------------------- +Released 2.4.8 2012-02-21 + +Changes since 2.4.7: + +Lib/ +* Fixed overzealous check for non-unique NAMEs in + ldap.schema.subentry.SubSchema.__init__() +* Fixed typos in control decoding method + ldap.controls.simple.OctetStringInteger.decodeControlValue() +* Added experimental support for draft-vchu-ldap-pwd-policy + +---------------------------------------------------------------- +Released 2.4.7 2012-12-19 + +Changes since 2.4.6: + +Lib/ +* Separate classes for request/response controls for RFC 3829 +* Fixed ldap.schema.subentry.SubSchema.attribute_types() to + also eliminate double attribute types in MAY clause of + DIT content rule + +Modules/ +* Fixed memory leak (thanks to David Malcolm) + +---------------------------------------------------------------- +Released 2.4.6 2011-11-27 + +Changes since 2.4.5: + +Lib/ +* ldap.controls.ppolicy: + Another fix for decoding the password policy response control + +---------------------------------------------------------------- +Released 2.4.5 2011-11-25 + +Changes since 2.4.4: + +Installation: +* defines for SASL and SSL in setup.cfg to be more friendly to + Python setup tools (easy_install) + +Lib/ +* Fixed typo in ldap.functions._ldap_function_call() which + always released ldap._ldap_module_lock instead of local lock +* ldap.controls.ppolicy: + Fixed decoding the password policy response control + +Demo/ +* Demo script for ldap.controls.ppolicy + +---------------------------------------------------------------- +Released 2.4.4 2011-10-26 + +Changes since 2.4.3: + +Modules/ +* Format intermediate messages as 3-tuples instead of + 4-tuples to match the format of other response messages. + (thanks to Chris Mikkelson) +* Fixes for memory leaks (thanks to Chris Mikkelson) + +Lib/ +* New experimental(!) sub-module ldap.syncrepl implementing syncrepl + consumer (see RFC 4533, thanks to Chris Mikkelson) + +Doc/ +* Cleaned up rst files +* Added missing classes + +---------------------------------------------------------------- +Released 2.4.3 2011-07-23 + +Changes since 2.4.2: + +Lib/ +* Mostly corrected/updated __doc__ strings + +Doc/ +* Corrected rst files +* Added missing modules, functions, classes, methods, parameters etc. + at least as auto-generated doc + +---------------------------------------------------------------- +Released 2.4.2 2011-07-21 + +Changes since 2.4.1: + +Lib/ + +Logging: +* pprint.pformat() is now used when writing method/function + arguments to the trace log + +ldap.schema.subentry: +* SubSchema.__init__() now has new key-word argument check_uniqueness + which enables checking whether OIDs are unique in the subschema subentry +* Code-cleaning: consequent use of method SubSchema.getoid() instead of + accessing SubSchema.name2oid directly. +* SubSchema.getoid() and SubSchema.getoid() now have key-word argument + raise_keyerror=0 and raise KeyError with appropriate description. + +---------------------------------------------------------------- +Released 2.4.1 2011-07-05 + +Changes since 2.4.0: + +Modules: +* New LDAP option OPT_X_TLS_PACKAGE available in OpenLDAP 2.4.26+ + to determine the name of the SSL/TLS package OpenLDAP was + built with + +Lib/ +* ldap.modlist.modifyModlist(): New key-word argument + case_ignore_attr_types used to define attribute types for which + comparison of old and new values should be case-insensitive +* Minor changes to which data is sent to debug output for various + trace levels +* Now tag [1] is used in ldap.extop.dds.RefreshResponse in + compliance with RFC 2589 (fix available for OpenLDAP ITS#6886) +* New sub-module ldap.controls.sessiontrack implements request control + as described in draft-wahl-ldap-session (needs pyasn1_modules) + +---------------------------------------------------------------- +Released 2.4.0 2011-06-02 + +Changes since 2.3.13: + +* OpenLDAP 2.4.11+ required to build +* Support for extracting LDAPv3 extended controls in + LDAP_RES_SEARCH_ENTRY responses + (see SF#2829057, thanks to Rich) +* Generic support for LDAPv3 extended operations (thanks to Rich) + +Lib/ +* new class API in ldap.controls, not backwards-compatible! +* new sub-modules for ldap.controls, some require pyasn1 and pyasn1_modules +* New methods LDAPObject.result4() and LDAPObject.extop_result() +* New (optional) class ldap.controls.AssertionControl +* New helper module ldap.logger contains file-like object which + sends trace messages to logging.log() +* Removed non-functional method LDAPObject.set_cache_options() +* Removed unused dictionary ldap.controls.knownLDAPControls + +Modules/ +* ldapcontrol.c: Fixed encode_assertion_control() and function is no longer + hidden behind ifdef-statement + +---------------------------------------------------------------- +Released 2.3.13 2011-02-19 + +Changes since 2.3.12: + +Modules/ +* Correct #ifdef-statement for LDAP_OPT_X_TLS_CRLFILE in + constants.c fixes build with older OpenLDAP libs +* Support for LDAP_OPT_DEFBASE (see SF#3072016, thanks to Johannes) + +---------------------------------------------------------------- +Released 2.3.12 2010-08-05 + +Changes since 2.3.11: + +Lib/ +* Removed tabs from various modules to make things work with python -tt. +* Quick fix to ldif.is_dn() to let multi-valued RDNs pass as valid. + Is too liberal in some corner-cases though... +* Fix to ldif.is_dn() to allow dashes in attribute type (see SF#3020292) +* ldap.open() now outputs a deprecation warning +* module-wide locking is now limited to calling _ldap.initialize(). + Still ldap.functions._ldap_function_call() is used to wrap all + calls for writing debug log. + +Modules/ +* New LDAP options available in OpenLDAP 2.4.18+ supported in + LDAPObject.get/set_option(): + ldap.OPT_X_KEEPALIVE_IDLE, ldap.OPT_X_KEEPALIVE_PROBES, + ldap.OPT_X_KEEPALIVE_INTERVAL, + ldap.OPT_X_TLS_CRLCHECK, ldap.OPT_X_TLS_CRLFILE + +Doc/ +* Various small updates/improvements + +---------------------------------------------------------------- +Released 2.3.11 2010-02-26 + +Changes since 2.3.10: + +Lib/ +* Fixed LDAP URL parsing with four ? but no real extensions +* ldap.ldapobject.LDAPObject.rename_s() now also accepts arguments + serverctrls and clientctrls +* Removed untested and undocumented class ldap.ldapobject.SmartLDAPObject +* Removed broken method ldap.ldapobject.LDAPObject.manage_dsa_it() + +Modules/ +* Make use of LDAP_OPT_X_TLS_NEWCTX only if available in + OpenLDAP libs used for the build +* Fixed #ifdef-statements for OPT_X_TLS_PROTOCOL_MIN + +Doc/ +* Some updates and corrections regarding description of use of + LDAPv3 controls +* Some more descriptions for constants +* Removed comments related to old LaTeX-based documentation system + +---------------------------------------------------------------- +Released 2.3.10 2009-10-30 + +Changes since 2.3.9: + +Lib/ +* The diagnosticMessage returned by a server is written to the trace + output also for successful operations. +* Fixed handling of LDAP URL extensions with implicit value None which are + mapped to class attributes of LDAPUrl. +* Fixed handling of LDAP URLs with ? being part of extensions. +* Fixed exceptions raised by get_option/set_option (SF#1964993) +* ldap.functions: Fixed import trace-related variables from base-module ldap +* Fixed ldap.resiter missing in RPMs built with python setup.py bdist_rpm +* Fix in class ldap.schema.models.SchemaElement: + repr() was liberally used in methods key_attr() and key_list() to enclose + values in quotes. + +Modules/ +* Changed internal API List_to_LDAPControls() to LDAPControls_from_object() +* Supported was added for retrieving the SASL username during SASL bind with + ldap_get_option(LDAP_OPT_X_SASL_USERNAME) if available in libldap. +* New LDAP option constant ldap.OPT_X_TLS_NEWCTX supported + in LDAPObject.set_option() +* New LDAP option constants supported in LDAPObject.get/set_option(): + ldap.OPT_X_TLS_PROTOCOL_MIN, ldap.OPT_CONNECT_ASYNC, ldap.OPT_X_TLS_DHFILE +* Fixed setting _ldap.OPT_ON and _ldap.OPT_OFF +* l_ldap_result3(): controls are now parsed for all response types (SF#2829057) + +Doc/ +* Added example for ldap.resiter + +---------------------------------------------------------------- +Released 2.3.9 2009-07-26 + +Changes since 2.3.8: + +Lib/ +* All modules (ldap, ldif, dsml and ldapurl) have common version number now +* Non-exported function ldif.needs_base64() was abandoned and is now + implemented as method LDIFWriter._needs_base64_encoding(). + This allows sub-classes of LDIFWriter to implement determining whether + attribute values have to be base64-encoded in a different manner and is + the same approach like in class dsml.DSMLWriter. +* LDAPUrlExtension._parse() now gracefully handles LDAP URL extensions + without explicit exvalue as being set with implicit value None. + +Modules/ +* New LDAP option constant ldap.OPT_X_SASL_NOCANON supported + in LDAPObject.get/set_option() + +---------------------------------------------------------------- +Released 2.3.8 2009-04-30 + +Changes since 2.3.7: + +Lib/ +* ldap.schema.models: More fault-tolerant parsing of SYNTAX in + AttributeTypeDescription +* ldap.schema.tokenizer.split_tokens(): + More tolerant parsing of items separated only with a DOLLAR without + surrounding white-spaces (because WSP is declared as zero or more spaces + in RFC 4512) + +---------------------------------------------------------------- +Released 2.3.7 2009-04-09 + +Changes since 2.3.6: + +Lib/ +* urllib.quote() is now used in LDAPUrlExtension.unparse() to quote + all special URL characters in extension values + +Modules/ +* Fixed ldapcontrol.c not to raise ldap.ENCODING_ERROR in + function encode_rfc2696() on 64-bit systems +* Fixed seg fault if error code in a LDAP response was outside + the known error codes and could not be mapped to a specific + exception class (thanks to Sean) +* errors.c: LDAP_ERROR_MAX set to LDAP_PROXIED_AUTHORIZATION_DENIED + if available in OpenLDAP header +* new exception class ldap.PROXIED_AUTHORIZATION_DENIED + if available in OpenLDAP header +* Fixed functions.c not to raise ldap.ENCODING_ERROR in + function l_ldap_str2dn() on 64-bit systems (see SF#2725356) + +---------------------------------------------------------------- +Released 2.3.6 2009-02-22 + +Changes since 2.3.5: + +Lib/ +* Importing ldap.str2dn() which directly imported _ldap.str2dn() + is prohibited now (see SF#2181141) + +Modules/ +* get_option(): Added support for reading more SASL options. + (OPT_X_SASL_MECH, OPT_X_SASL_REALM, OPT_X_SASL_AUTHCID and + OPT_X_SASL_AUTHZID) +* Added some explicit type casts to fix issues while building + with SunStudio +* Fixed compiling issue with GCC 4.4 + (see SF#2555793, thanks to Matej and Martin) + +Doc/ +* Clarified not to use ldap_get_dn() directly +* Fixed description of ldap.SASL_AVAIL and ldap.TLS_AVAIL + (see SF#2555804, thanks to Matej and Martin) + +---------------------------------------------------------------- +Released 2.3.5 2008-07-06 + +Changes since 2.3.4: + +Lib/ +* Fixed methods ldap.cidict.__contains__() and + ldap.schema.models.Entry.__contains__() +* FWIW method LDAPObject.cancel_s() returns a result now +* Fixed ldap.schema.models.NameForm: Class attribute oc is now + of type string, not tuple to be compliant with RFC 4512 +---------------------------------------------------------------- +Released 2.3.4 2008-03-29 + +Changes since 2.3.3: + +Modules/ +* Fixed seg fault when calling LDAPObject.get_option() + (see SF#1926507, thanks to Matej) + +---------------------------------------------------------------- +Released 2.3.3 2008-03-26 + +Changes since 2.3.2: + +Fixed backward-compability when building with OpenLDAP 2.3.x libs. + +---------------------------------------------------------------- +Released 2.3.2 2008-03-26 + +Changes since 2.3.1: + +Lib/ +* ldap.dn.escape_dn_chars() now really adheres to + RFC 4514 section 2.4 by escaping null characters and a + space occurring at the beginning of the string +* New method ldap.cidict.cidict.__contains__() +* ldap.dn.explode_dn() and ldap.dn.explode_rdn() + have a new optional key-word argument flags which is + passed to ldap.dn.str2dn(). + +Modules/ +* Removed unused OPT_PRIVATE_EXTENSION_BASE from constants.c + +Doc/ +* Various additions, updates, polishing (thanks to James). + +---------------------------------------------------------------- +Released 2.3.1 2007-07-25 + +Changes since 2.3.0: + +* Support for setuptools (building .egg, thanks to Torsten) +* Support for matched values control (RFC 3876, thanks to Andreas) + +Lib/ +* Fixed ldif (see SF#1709111, thanks to Dmitry) +* ldap.schema.models: + SUP now separated by $ (method __str__() of classes + AttributeType, ObjectClass and DITStructureRule, thanks to Stefan) + +Modules/ +* Added constant MOD_INCREMENT to support + modify+increment extension (see RFC 4525, thanks to Andreas) +---------------------------------------------------------------- +Released 2.3.0 2007-03-27 + +Changes since 2.2.1: + +* OpenLDAP 2.3+ required now to build. +* Added support for Cancel operation ext. op. if supported +in OpenLDAP API of the libs used for the build. + +Modules/ +* Removed deprecated code for setting options by name +* Added l_ldap_cancel() +* Some modifications related to PEP 353 for + Python 2.5 on 64-bit platforms (see SF#1467529, thanks to Matej) +* Added new function l_ldap_str2dn(), removed functions + l_ldap_explode_dn() and l_ldap_explode_rdn() + (see SF#1657848, thanks to David) + +Lib/ +* Added method ldapobject.LDAPObject.cancel() +* ldap.schema.subentry.urlfetch() now can do non-anonymous + simple bind if the LDAP URL provided contains extensions + 'bindname' and 'X-BINDPW'. (see SF#1589206) +* ldap.filter.escape_filter_chars() has new a key-word argument + escape_mode now which defines which chars to be escaped + (see SF#1193271). +* Various important fixes to ldapobject.ReconnectLDAPObject +* Moved all DN-related functions to sub-module ldap.dn, + import them in ldap.functions for backward compability +* ldap.dn.explode_dn() and ldap.dn.explode_rdn() use the new + wrapper function ldap.dn.str2dn() (related to SF#1657848) +* changetype issue partially fixed (see SF#1683746) + +---------------------------------------------------------------- +Released 2.2.1 2006-11-15 + +Changes since 2.2.0: + +Modules/ +* Fix for Python 2.5 free(): invalid pointer (see SF#1575329) +* passwd() accepts None for arguments user, oldpw, newpw + (see SF#1440151) + +Lib/ +* ldif.LDIFWriter.unparse() now accepts instances of + derived dict and list classes (see SF#1489898) + +---------------------------------------------------------------- +Released 2.2.0 2006-04-10 + +Changes since 2.0.11: + +* OpenLDAP 2.2+ required now to build. + +Modules/ +* Dropped all occurences of '#ifdef #LDAP_VENDOR_VERSION'. +* Fixed wrong tuple size in l_ldap_result3() (see SF#1368108) +* Fixed get_option(ldap.OPT_API_INFO) (see SF#1440165) +* Fixed memory leak in l_ldap_result3() when all=0 + (see SF#1457325) +* Fixed memory leak in l_ldap_result3() in error cases + (see SF#1464085) + +Lib/ +* Fixed ldap.schema.models.DITStructureRule.__str__() to + separate SUP rule-ids with a single space instead of ' $ ' +* Fixed ldap.async.Dict +* Added ldap.async.IndexedDict +* ldap.schema.subentry.SubSchema.attribute_types() has new + key-word argument ignore_dit_content_rule +---------------------------------------------------------------- +Released 2.0.11 2005-11-07 + +Changes since 2.0.10: + +Lib/ +* Class ldap.ldapobject.LDAPObject: + Each method returns a result now +* Class ldap.ldapobject.ReconnectLDAPObject: + Some methods called the wrong methods of LDAPObject. Fixed. +* Added new class ldap.async.Dict +* Slightly cleaned up ldap.schema.subentry.attribute_types() +* New sub-module ldap.resiter which simply provides a mix-in + class for ldap.ldapobject.LDAPObject with a generator method + allresults(). + Obviously this only works with Python 2.3+. And + it's still experimental. + +---------------------------------------------------------------- +Released 2.0.10 2005-09-23 + +Changes since 2.0.9: + +Lib/ +* Switched back to old implementation of + ldap.schema.tokenizer.split_tokens() since the new one + had a bug which deletes the spaces from DESC +* ldap.INSUFFICIENT_ACCESS is now ignored in + ldap.ldapobject.LDAPObject.search_subschemasubentry_s() + +---------------------------------------------------------------- +Released 2.0.9 2005-07-28 + +Changes since 2.0.8: + +Modules/ +* Removed __doc__ strings from ldapcontrol.c to "fix" + build problems with Python versions 2.2 and earlier. + +---------------------------------------------------------------- +Released 2.0.8 2005-06-22 at Linuxtag 2005, Karlsruhe, Germany + +Changes since 2.0.7: + +* Preliminary support for receiving LDAP controls added. + Contributor: + - Andreas Ames + +Lib/ +- Added classes in module ldif to ldif.__all__ to fix + from ldif import * +- Removed BitString syntax from + ldap.schema.models.NOT_HUMAN_READABLE_LDAP_SYNTAXES + since the LDAP encoding is in fact human-readable +- ldapurl.LDAPUrlExtension.unparse() outputs empty string + if LDAPUrlExtension.exvalue is None +- Added ldap.controls.SimplePagedResultsControl + +---------------------------------------------------------------- +Released 2.0.7 2005-04-29 + +Changes since 2.0.6: + +* Added preliminary support for sending LDAP controls + with a request. + Contributors: + - Deepak Giridharagopal + - Ingo Steuwer + (Receiving controls in LDAP results still not supported.) + +Modules: +* LDAPObject.c: removed l_ldap_manage_dsa_it() +* LDAPObject.c: Added missing #ifdef around l_ldap_passwd() + for compability with older OpenLDAP libs. + +Lib/ +* New algorithm in ldap.schema.tokenizer.split_tokens() + contributed by Wido Depping which is more robust + when parsing very broken schema elements + (e.g. Oracle's OID). +* Fixed argument list (position of timeout) when calling + LDAPObject.search_ext_s() from search_st() and search_s(). +* LDAPObject.search_ext_s() correctly calls search_ext_s() now. +* Re-implemented LDAPObject.manage_dsa_it() without calling _ldap. + +---------------------------------------------------------------- +Released 2.0.6 2004-12-03 + +Changes since 2.0.5: + +Lib/ +* Added sub-module ldap.dn +* Added function ldap.dn.escape_dn_chars() +* Special check when implicitly setting SUP 'top' to + structural object classes without SUP defined to avoid + a loop in the super class chain. + +---------------------------------------------------------------- +Released 2.0.5 2004-11-11 + +Changes since 2.0.4: + +Some small improvements for SASL: +The noisy output during SASL bind is avoided now. Interaction +with output on stderr can be enabled by the calling application +by explicitly defining SASL flags. + +Removed obsolete directory Win32/. + +Lib/ +* Make sure that ldap.sasl.sasl.cb_value_dict is a dictionary + even when the caller passes in None to argument cb_value_dict +* Added new key-word arg sasl_flags to method + LDAPObject.sasl_interactive_bind_s() + +Modules/ +* l_ldap_sasl_interactive_bind_s(): + New key-word arg sasl_flags passed to + ldap_sasl_interactive_bind_s() + +---------------------------------------------------------------- +Released 2.0.4 2004-10-27 + +Changes since 2.0.3: + +Modules/ +* Applied some fixes for 64-bit platforms to LDAPObject.c +* Constants ldap.TLS_AVAIL and ldap.SASL_AVAIL will indicate + whether python-ldap was built with support for SSL/TLS + and/or SASL + +setup.py and Modules/ +* Applied some fixes for building under Win32 + +---------------------------------------------------------------- +Released 2.0.3 2004-10-06 + +Changes since 2.0.2: + +* Added support for LDAP Password Modify Extended Operation + (see RFC 3062) + +Demo/: +* Added passwd_ext_op.py + +Modules/ +* Added l_ldap_passwd() in LDAPObject.c + +Lib/ +* Added methods passwd() and passwd_s() to + ldap.ldapobject.LDAPObject + +---------------------------------------------------------------- +Released 2.0.2 2004-07-29 + +Changes since 2.0.1: + +Modules/ +* Fixed detecting appropriate OpenLDAP libs version for + determining whether ldap_whoami_s() is available or not. + This fixes build problems with OpenLDAP libs 2.1.0 up + to 2.1.12. + +---------------------------------------------------------------- +Released 2.0.1 2004-06-29 + +Changes since 2.0.0: + +dsml: +* Fixed wrong exception message format string + +ldap.schema.models: +* Fixed Entry.__delitem__() to delete really everything + when deleting an attribute dictionary item. + +---------------------------------------------------------------- +Released 2.0.0 2004-05-18 + +Changes since 2.0.0pre21: + +ldif: +* Empty records are simply ignored in ldif.LDIFWriter.unparse() + +Modules/ +* New method result2() returns 3-tuple containing the msgid + of the outstanding operation. + +ldap.ldapobject: +* New _ldap wrapper method LDAPObject.result2() (see above) + which is now used by LDAPObject.result(). + +---------------------------------------------------------------- +Released 2.0.0pre21 2004-03-29 + +Changes since 2.0.0pre20: + +setup.py: +* runtime_library_dirs is set + +Modules/ +* (Hopefully) fixed building with OpenLDAP 2.2 libs in errors.c +* Removed meaningless repr() function from LDAPObject.c +* Removed setting LDAP_OPT_PROTOCOL_VERSION in l_ldap_sasl_bind_s() +* Modified string handling via berval instead of *char + in l_ldap_compare_ext() makes it possible to compare attribute + values with null chars. +* Wrapped ldap_sasl_bind() for simple binds instead of ldap_bind() + since 1. the latter is marked deprecated and 2. ldap_sasl_bind() + allows password credentials with null chars. +* Removed unused sources linkedlist.c and linkedlist.h +* Function l_ldap_whoami_s() only added if built against + OpenLDAP 2.1.x+ libs (should preserve compability with 2.0 libs) + +ldap.ldapobject: +* LDAPObject.bind() only allows simple binds since Kerberos V4 + binds of LDAPv2 are not supported anymore. An assert statement + was added to make the coder aware of that. +* Renamed former LDAPObject.sasl_bind_s() to + LDAPObject.sasl_interactive_bind_s() since it wraps OpenLDAP's + ldap_sasl_interactive_bind_s() + +---------------------------------------------------------------- +Released 2.0.0pre20 2004-03-19 + +Changes since 2.0.0pre19: + +Modules/ +* Removed doc strings from functions.c +* Removed probably unused wrapper function l_ldap_dn2ufn() since + ldap_dn2ufn() is deprecated in OpenLDAP 2.1+ +* Removed wrapper function l_ldap_is_ldap_url(). +* Removed macro add_int_r() from constants.c since it caused + incompability issues with OpenLDAP 2.2 libs + (Warning: all result types are Integers now! Use the constants!) +* New wrapper function l_ldap_whoami_s() + +ldap.ldapobject: +* New wrapper method LDAPObject.whoami_s() + +ldap.functions: +* Removed is_ldap_url(). The more general function + ldapurl.isLDAPUrl() should be used instead. + +ldap.sasl: +* Added class cram_md5 (for SASL mech CRAM-MD5) + +ldap.async: +* Use constants for search result types (see note about + add_int_r() above). + +---------------------------------------------------------------- +Released 2.0.0pre19 2004-01-22 + +Changes since 2.0.0pre18: + +Modules/ +* LDAPObject.c: + Most deprecated functions of OpenLDAP C API are not used anymore. +* functions.c: + Removed unused default_ldap_port(). +* constants.c: + Removed unused or silly constants + AUTH_KRBV4, AUTH_KRBV41, AUTH_KRBV42, URL_ERR_BADSCOPE, URL_ERR_MEM +* errors.c: + Fixed building with OpenLDAP 2.2.x + (errors caused by negative error constants in ldap.h) + +ldap.ldapobject.LDAPObject: +* Removed unused wrapper methods uncache_entry(), uncache_request(), + url_search(), url_search_st() and url_search_s() +* New wrapper methods for all the _ext() methods in _ldap.LDAPObject. + +ldap.modlist: +* Some performance optimizations and simplifications + in function modifyModlist() + +---------------------------------------------------------------- +Released 2.0.0pre18 2003-12-09 + +Changes since 2.0.0pre17: + +ldap.ldapobject: +* Fixed missing ldap._ldap_function_call() in + ReconnectLDAPObject.reconnect() + +---------------------------------------------------------------- +Released 2.0.0pre17 2003-12-03 + +Changes since 2.0.0pre16: + +ldap.functions: +* Fixed ImportError when running python -O + +---------------------------------------------------------------- +Released 2.0.0pre16 2003-12-02 + +Changes since 2.0.0pre15: + +Modules/ +* Removed definition of unused constant RES_EXTENDED_PARTIAL since + the corresponding symbol LDAP_RES_EXTENDED_PARTIAL seems to not + be available in OpenLDAP-HEAD (pre 2.2) anymore. + +All in Lib/ +* Fixed some subtle bugs/oddities mentioned by pychecker. + +dsml: +* Renamed DSMLWriter._f to DSMLWriter._output_file +* Added wrapper method DSMLWriter.unparse() which simply + calls DSMLWriter.writeRecord() + +ldap.ldapobject: +* Simplified LDAPObject.search_subschemasubentry_s() + +ldap.functions: +* Moved ldap._ldap_function_call() into ldap.functions. +* apply() is not used anymore since it seems deprecated + +ldap.async: +* Added class DSMLWriter + +ldap.schema: +* Removed unused key-word argument strict from + ldap.schema.subentry.SubSchema.attribute_types() +* Fixed backward compability issue (for Python prior to 2.2) in + ldap.schema.subentry.SubSchema.listall() +---------------------------------------------------------------- +Released 2.0.0pre15 2003-11-11 + +Changes since 2.0.0pre14: + +Modules/ +Follow rule "Always include Python.h first" + +ldap.schema.subentry: +* Added new method SubSchema.get_structural_oc() +* Added new method SubSchema.get_applicable_aux_classes() +* Methods SubSchema.listall() and SubSchema.tree() have + new key-word argument schema_element_filters +* Support for DIT content rules in SubSchema.attribute_types() + +---------------------------------------------------------------- +Released 2.0.0pre14 2003-10-03 + +Changes since 2.0.0pre13: + +setup.py: +* Some modifications to ease building for Win32 +* Added directory Build/ mainly intended for platform-specific + examples of setup.cfg +* Fixed installing ldap.filter + +ldap.ldapobject: +* Added class attribute LDAPObject.network_timeout mapped to + set_option(ldap.OPT_NETWORK_TIMEOUT,..) +* LDAPObject.search_ext(): Pass arguments serverctrls,clientctrls + to _ldap.search_ext() + +ldap.sasl: +* Added class ldap.sasl.external for handling + the SASL mechanism EXTERNAL +* Dictionary ldap.sasl.saslmech_handler_class built during import + for all the known SASL mechanisms derived from class definitions + +ldap.schema: +* More graceful handling of KeyError in SubSchema.attribute_types() +* New method SubSchema.get_inheritedattr() for retrieving inherited + class attributes +* New method SubSchema.get_inheritedobj() for retrieving a + schema element instance including all inherited class attributes + +---------------------------------------------------------------- +Released 2.0.0pre13 2003-06-02 + +Changes since 2.0.0pre12: + +ldap.async: +* Checking type of argument writer_obj relaxed in + LDIFWriter.__init__() since file-like objects are + not necessarily an instance of file. + +ldap.schema: +* ldap.schema.subentry.SubSchema.attribute_types() now correctly + handles attribute types without NAME set +* If SUP is not defined for a structural object class 'top' is + assumed to be the only super-class by default +* '_' is now the abstract top node in SubSchema.tree() for all + schema element classes since ABSTRACT and AUXILIARY object + classes are not derived from 'top' by default + +---------------------------------------------------------------- +Released 2.0.0pre12 2003-05-27 + +Changes since 2.0.0pre11: + +New sub-module ldap.filter: +* Added functions escape_filter_chars() and filter_format() + +ldap.ldapobject: +* Trace log writes LDAP URI of connection instead of module name +* search_s() passes self.timeout as argument timeout when + calling search_ext_s() +* Key-word arguments for simple_bind() and simple_bind_s() + with defaults for anonymous bind. +* LDAPObject.protocol_version is set to LDAPv3 as default + (this might make code changes necessary in a real LDAPv2 + environment) +* Default for key-word argument trace_stack_limit passed to + __init__() is 5 +* Updated __doc__ strings +* Aligned and tested ReconnectLDAPObject and SmartLDAPObject + +ldap.async: +* LDIFWriter uses ldif.LDIFWriter instead of calling + function ldif.CreateLDIF +* LDIFWriter accepts either file-like object or ldif.LDIFWriter + instance as argument for specifying the output + +ldif: +* Abandoned argument all_records of LDIFRecordList.__init__() + +ldapurl: +* urllib.unquote() used instead of urllib.unquote_plus() + +---------------------------------------------------------------- +Released 2.0.0pre11 2003-05-02 + +Changes since 2.0.0pre10: + +ldap.ldapobject: +* Cosmetic change: Named argument list for LDAPObject.compare() + instead of *args,**kwargs. +* Fixed bug in ReconnectLDAPObject._apply_method_s() affecting + compability with Python 2.0. The bug was introduced with + 2.0.0pre09 by dropping use of apply(). + +ldap.modlist: +* modifyModlist(): Only None is filtered from attribute value lists, + '' is preserved as valid attribute value. But filtering applies + to old_value and new_value now. + +ldap.schema: +* Zero-length attribute values for schema elements are ignored + (needed on e.g. Active Directory) + +dsml: +Added support for parsing and generating DSMLv1. +Still experimental though. + + +---------------------------------------------------------------- +Released 2.0.0pre10 2003-04-19 + +Changes since 2.0.0pre09: + +ldap.schema: +* Emulate BooleanType for compability with Python2.3 in assert + statements + +---------------------------------------------------------------- +Released 2.0.0pre09 2003-04-19 + +Changes since 2.0.0pre08: + +Modified setup.py to support Cyrus-SASL 2.x. + +ldap.ldapobject: +* apply() is not used anymore since it seems deprecated +* Fixed __setstate__() and __getstate__() of ReconnectLDAPObject + +ldap.schema: +* Completed classes for nameForms, dITStructureRules and + dITContentRules + +---------------------------------------------------------------- +Released 2.0.0pre08 2003-04-11 + +Changes since 2.0.0pre07: + +ldap.schema: +* For backward compability with Python versions prior to 2.2 + Lib/ldap/schema/tokenizer.py and Lib/ldap/schema/models.py use + (()) instead of tuple() for creating empty tuples. + +---------------------------------------------------------------- +Released 2.0.0pre07 2003-04-03 + +Changes since 2.0.0pre06: + +LDAPObject.c: + * Wrapped OpenLDAP's ldap_search_ext() + * Removed empty __doc__ strings + * Removed fileno + * Removed all stuff related to caching in OpenLDAP libs + +ldap.ldapobject: + * Fixed SASL rebind in ldap.ldapobject.ReconnectLDAPObject + * use search_ext() instead ldap_search() + * new class attribute timeout for setting a global time-out + value for all synchronous operations + +ldap.schema: +* Fixed two typos in ldap.schema.models +* Some attempts to improve performance of parser/tokenizer +* Completely reworked to have separate OID dictionaries for + the different schema element classes +* Fixed the Demo/schema*.py to reflect changes to ldap.schema + +Documentation updates and various __doc__ string modifications. + +ldapurl: + * Removed all Unicode stuff from module ldapurl + * Consistent URL encoding in module ldapurl + +ldif: + * Removed ldif.FileWriter + * Proper handling of FILL (see RFC 2849) + +---------------------------------------------------------------- +Released 2.0.0pre06 2002-09-23 + +Changes since 2.0.0pre05: +- Fine-grained locking when linking against libldap_r +- New wrapper class ldap.ReconnectLDAPObject +- Security fix to module ldapurl +- Other fixes and improvements to whole package +- LDAPv3 schema support + (still somewhat premature and undocumented) + +---------------------------------------------------------------- +Released 2.0.0pre05 2002-07-20 + +---------------------------------------------------------------- +Released 2.0.0pre04 2002-02-09 + +---------------------------------------------------------------- +Released 2.0.0pre02 2002-02-01 + +---------------------------------------------------------------- +Released 1.10alpha3 2000-09-19 diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst new file mode 100644 index 0000000..7fd68fc --- /dev/null +++ b/CONTRIBUTING.rst @@ -0,0 +1,10 @@ +Thank you for your interest in python-ldap! + +If you wish to help, detailed instructions are in `Doc/contributing.rst`_, +and in `online documentation`_. + +.. _Doc/contributing.rst: Doc/contributing.rst +.. _online documentation: https://python-ldap.readthedocs.io/en/latest/contributing.html + + +Open-source veretans should find no surprises there. diff --git a/Demo/Lib/ldap/async/deltree.py b/Demo/Lib/ldap/async/deltree.py new file mode 100644 index 0000000..9db52c8 --- /dev/null +++ b/Demo/Lib/ldap/async/deltree.py @@ -0,0 +1,80 @@ +import ldap,ldap.async + +class DeleteLeafs(ldap.async.AsyncSearchHandler): + """ + Class for deleting entries which are results of a search. + + DNs of Non-leaf entries are collected in DeleteLeafs.nonLeafEntries. + """ + _entryResultTypes = ldap.async._entryResultTypes + + def __init__(self,l): + ldap.async.AsyncSearchHandler.__init__(self,l) + self.nonLeafEntries = [] + self.deletedEntries = 0 + + def startSearch(self,searchRoot,searchScope): + if not searchScope in [ldap.SCOPE_ONELEVEL,ldap.SCOPE_SUBTREE]: + raise ValueError("Parameter searchScope must be either ldap.SCOPE_ONELEVEL or ldap.SCOPE_SUBTREE.") + self.nonLeafEntries = [] + self.deletedEntries = 0 + ldap.async.AsyncSearchHandler.startSearch( + self, + searchRoot, + searchScope, + filterStr='(objectClass=*)', + attrList=['hasSubordinates','numSubordinates'], + attrsOnly=0, + ) + + def _processSingleResult(self,resultType,resultItem): + if resultType in self._entryResultTypes: + # Don't process search references + dn,entry = resultItem + hasSubordinates = entry.get( + 'hasSubordinates', + entry.get('hassubordinates',['FALSE'] + ) + )[0] + numSubordinates = entry.get( + 'numSubordinates', + entry.get('numsubordinates',['0']) + )[0] + if hasSubordinates=='TRUE' or int(numSubordinates): + self.nonLeafEntries.append(dn) + else: + try: + self._l.delete_s(dn) + except ldap.NOT_ALLOWED_ON_NONLEAF as e: + self.nonLeafEntries.append(dn) + else: + self.deletedEntries = self.deletedEntries+1 + + +def DelTree(l,dn,scope=ldap.SCOPE_ONELEVEL): + """ + Recursively delete entries below or including entry with name dn. + """ + leafs_deleter = DeleteLeafs(l) + leafs_deleter.startSearch(dn,scope) + leafs_deleter.processResults() + deleted_entries = leafs_deleter.deletedEntries + non_leaf_entries = leafs_deleter.nonLeafEntries[:] + while non_leaf_entries: + dn = non_leaf_entries.pop() + print(deleted_entries,len(non_leaf_entries),dn) + leafs_deleter.startSearch(dn,ldap.SCOPE_SUBTREE) + leafs_deleter.processResults() + deleted_entries = deleted_entries+leafs_deleter.deletedEntries + non_leaf_entries.extend(leafs_deleter.nonLeafEntries) + return # DelTree() + + +# Create LDAPObject instance +l = ldap.initialize('ldap://localhost:1390') + +# Try a bind to provoke failure if protocol version is not supported +l.simple_bind_s('cn=Directory Manager,dc=IMC,dc=org','controller') + +# Delete all entries *below* the entry dc=Delete,dc=IMC,dc=org +DelTree(l,'dc=Delete,dc=IMC,dc=org',ldap.SCOPE_ONELEVEL) diff --git a/Demo/Lib/ldap/async/ldifwriter.py b/Demo/Lib/ldap/async/ldifwriter.py new file mode 100644 index 0000000..9671762 --- /dev/null +++ b/Demo/Lib/ldap/async/ldifwriter.py @@ -0,0 +1,37 @@ +""" +ldifwriter - using ldap.async module for output of LDIF stream + of LDAP search results + +Written by Michael Stroeder + +This example translates the naming context of data read from +input, sanitizes some attributes, maps/removes object classes, +maps/removes attributes., etc. It's far from being complete though. +""" + +import sys,ldap,ldap.async + +s = ldap.async.LDIFWriter( + ldap.initialize('ldap://localhost:1390'), + sys.stdout +) + +s.startSearch( + 'dc=stroeder,dc=de', + ldap.SCOPE_SUBTREE, + '(objectClass=*)', +) + +try: + partial = s.processResults() +except ldap.SIZELIMIT_EXCEEDED: + sys.stderr.write('Warning: Server-side size limit exceeded.\n') +else: + if partial: + sys.stderr.write('Warning: Only partial results received.\n') + +sys.stderr.write( + '%d results received.\n' % ( + s.endResultBreak-s.beginResultsDropped + ) +) diff --git a/Demo/Lib/ldap/async/sizelimit.py b/Demo/Lib/ldap/async/sizelimit.py new file mode 100644 index 0000000..11ed7b6 --- /dev/null +++ b/Demo/Lib/ldap/async/sizelimit.py @@ -0,0 +1,37 @@ +""" +ldifwriter - using ldap.async module for retrieving partial results + in a list even though the exception ldap.SIZELIMIT_EXCEEDED + was raised.output of LDIF stream + +Written by Michael Stroeder + +This example translates the naming context of data read from +input, sanitizes some attributes, maps/removes object classes, +maps/removes attributes., etc. It's far from being complete though. +""" + +import sys,ldap,ldap.async + +s = ldap.async.List( + ldap.initialize('ldap://localhost:1390'), +) + +s.startSearch( + 'dc=stroeder,dc=de', + ldap.SCOPE_SUBTREE, + '(objectClass=*)', +) + +try: + partial = s.processResults() +except ldap.SIZELIMIT_EXCEEDED: + sys.stderr.write('Warning: Server-side size limit exceeded.\n') +else: + if partial: + sys.stderr.write('Warning: Only partial results received.\n') + +sys.stderr.write( + '%d results received.\n' % ( + len(s.allResults) + ) +) diff --git a/Demo/Lib/ldapurl/urlsearch.py b/Demo/Lib/ldapurl/urlsearch.py new file mode 100644 index 0000000..c58a195 --- /dev/null +++ b/Demo/Lib/ldapurl/urlsearch.py @@ -0,0 +1,31 @@ +""" +Do a search with the LDAP URL specified at command-line. + +No output of LDAP data is produced except trace output. +""" +import sys,getpass,ldap,ldapurl + +try: + ldapUrl = ldapurl.LDAPUrl(ldapUrl=sys.argv[1]) +except IndexError: + print('Usage: %s [LDAP URL]' % (sys.argv[0])) + sys.exit(1) + +for a in [ + 'urlscheme','hostport','dn','attrs','scope', + 'filterstr','extensions','who','cred' +]: + print(a,repr(getattr(ldapUrl,a))) + +l = ldap.initialize(ldapUrl.initializeUrl(),trace_level=1) +if ldapUrl.who!=None: + if ldapUrl.cred!=None: + cred=ldapUrl.cred + else: + print('Enter password for simple bind with',repr(ldapUrl.who)) + cred=getpass.getpass() + l.simple_bind_s(ldapUrl.who,cred) + +res = l.search_s(ldapUrl.dn,ldapUrl.scope,ldapUrl.filterstr,ldapUrl.attrs) + +print(len(res),'search results') diff --git a/Demo/Lib/ldif/ldifcopy.py b/Demo/Lib/ldif/ldifcopy.py new file mode 100644 index 0000000..3bbe3f3 --- /dev/null +++ b/Demo/Lib/ldif/ldifcopy.py @@ -0,0 +1,22 @@ +""" +ldifcopy - reads LDIF from stdin, retrieve values by URL and + write resulting LDIF to stdout + +Written by Michael Stroeder + +This example translates the naming context of data read from +input, sanitizes some attributes, maps/removes object classes, +maps/removes attributes., etc. It's far from being complete though. +""" + +import sys,ldif + +infile = sys.stdin +outfile = sys.stdout + +ldif_collector = ldif.LDIFCopy( + infile, + outfile, + process_url_schemes=['file','ftp','http'] +) +ldif_collector.parse() diff --git a/Demo/initialize.py b/Demo/initialize.py new file mode 100644 index 0000000..ab78cdb --- /dev/null +++ b/Demo/initialize.py @@ -0,0 +1,95 @@ +""" +Various examples how to connect to a LDAP host with the new +factory function ldap.initialize() introduced in OpenLDAP 2 API. + +Assuming you have LDAP servers running on +ldap://localhost:1390 (LDAP with StartTLS) +ldaps://localhost:1391 (LDAP over SSL) +ldapi://%2ftmp%2fopenldap2 (domain socket /tmp/openldap2) +""" + +import sys,os,ldap + +# Switch off processing .ldaprc or ldap.conf +os.environ['LDAPNOINIT']='1' + +# Set debugging level +#ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) +ldapmodule_trace_level = 1 +ldapmodule_trace_file = sys.stderr + +ldap._trace_level = ldapmodule_trace_level + +# Complete path name of the file containing all trusted CA certs +CACERTFILE='/etc/ssl/ca-bundle.pem' + +print("""################################################################## +# LDAPv3 connection with StartTLS ext. op. +################################################################## +""") + +# Create LDAPObject instance +l = ldap.initialize('ldap://localhost:1390',trace_level=ldapmodule_trace_level,trace_file=ldapmodule_trace_file) + +# Set LDAP protocol version used +l.protocol_version=ldap.VERSION3 + +# Force cert validation +l.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,ldap.OPT_X_TLS_DEMAND) +# Set path name of file containing all trusted CA certificates +l.set_option(ldap.OPT_X_TLS_CACERTFILE,CACERTFILE) +# Force libldap to create a new SSL context (must be last TLS option!) +l.set_option(ldap.OPT_X_TLS_NEWCTX,0) + +# Now try StartTLS extended operation +l.start_tls_s() + +print('***ldap.OPT_X_TLS_VERSION',l.get_option(ldap.OPT_X_TLS_VERSION)) +print('***ldap.OPT_X_TLS_CIPHER',l.get_option(ldap.OPT_X_TLS_CIPHER)) + +# Try an explicit anon bind to provoke failure +l.simple_bind_s('','') + +# Close connection +l.unbind_s() + +print("""################################################################## +# LDAPv3 connection over SSL +################################################################## +""") + +# Create LDAPObject instance +l = ldap.initialize('ldaps://localhost:1391',trace_level=ldapmodule_trace_level,trace_file=ldapmodule_trace_file) + +# Set LDAP protocol version used +l.protocol_version=ldap.VERSION3 + +# Force cert validation +l.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,ldap.OPT_X_TLS_DEMAND) +# Set path name of file containing all trusted CA certificates +l.set_option(ldap.OPT_X_TLS_CACERTFILE,CACERTFILE) +# Force libldap to create a new SSL context (must be last TLS option!) +l.set_option(ldap.OPT_X_TLS_NEWCTX,0) + +# Try an explicit anon bind to provoke failure +l.simple_bind_s('','') + +print('***ldap.OPT_X_TLS_VERSION',l.get_option(ldap.OPT_X_TLS_VERSION)) +print('***ldap.OPT_X_TLS_CIPHER',l.get_option(ldap.OPT_X_TLS_CIPHER)) + +# Close connection +l.unbind_s() + +print("""################################################################## +# LDAPv3 connection over Unix domain socket +################################################################## +""") + +# Create LDAPObject instance +l = ldap.initialize('ldapi://%2ftmp%2fopenldap-socket',trace_level=ldapmodule_trace_level,trace_file=ldapmodule_trace_file) +# Set LDAP protocol version used +l.protocol_version=ldap.VERSION3 +# Try an explicit anon bind to provoke failure +l.simple_bind_s('','') +# Close connection +l.unbind_s() diff --git a/Demo/ldapcontrols.py b/Demo/ldapcontrols.py new file mode 100644 index 0000000..eec86b4 --- /dev/null +++ b/Demo/ldapcontrols.py @@ -0,0 +1,33 @@ +import ldap,ldapurl,pprint + +from ldap.controls import LDAPControl,BooleanControl + +l = ldap.initialize('ldap://localhost:1390',trace_level=2) + +print(60*'#') + +pprint.pprint(l.get_option(ldap.OPT_SERVER_CONTROLS)) +l.manage_dsa_it(1,1) +pprint.pprint(l.get_option(ldap.OPT_SERVER_CONTROLS)) +print(60*'#') + +# Search with ManageDsaIT control (which has no value) +pprint.pprint(l.search_ext_s( + 'cn=Test-Referral,ou=Testing,dc=stroeder,dc=de', + ldap.SCOPE_BASE, + '(objectClass=*)', + ['*','+'], + serverctrls = [ LDAPControl('2.16.840.1.113730.3.4.2',1,None) ], +)) +print(60*'#') + +# Search with Subentries control (which has boolean value) +pprint.pprint(l.search_ext_s( + 'dc=stroeder,dc=de', + ldap.SCOPE_SUBTREE, + '(objectClass=subentry)', + ['*','+'], + serverctrls = [ BooleanControl('1.3.6.1.4.1.4203.1.10.1',1,1) ], +)) + +print(60*'#') diff --git a/Demo/ldapurl_search.py b/Demo/ldapurl_search.py new file mode 100644 index 0000000..614ba1a --- /dev/null +++ b/Demo/ldapurl_search.py @@ -0,0 +1,42 @@ +import sys,pprint,ldap + +from ldap.ldapobject import LDAPObject +from ldapurl import LDAPUrl + +class MyLDAPUrl(LDAPUrl): + attr2extype = { + 'who':'bindname', + 'cred':'X-BINDPW', + 'start_tls':'startTLS', + 'trace_level':'trace', + } + + +ldap_url = MyLDAPUrl(sys.argv[1]) +trace_level = int(ldap_url.trace_level or '0') + +print('***trace_level',trace_level) + +ldap.trace_level = trace_level + +l = LDAPObject( + ldap_url.initializeUrl(), + trace_level=trace_level, +) + +l.protocol_version = 3 +l.set_option(ldap.OPT_REFERRALS,0) +l.simple_bind_s((ldap_url.who or ''),(ldap_url.cred or '')) + +result = l.search_s( + ldap_url.dn, + ldap_url.scope or ldap.SCOPE_SUBTREE, + ldap_url.filterstr or '(objectClass=*)', + ldap_url.attrs or ['*'] +) + +pprint.pprint(result) + +print('***DIAGNOSTIC_MESSAGE',repr(l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE))) + +l.unbind_s() diff --git a/Demo/matchedvalues.py b/Demo/matchedvalues.py new file mode 100644 index 0000000..bbc2a1b --- /dev/null +++ b/Demo/matchedvalues.py @@ -0,0 +1,62 @@ +#!/usr/bin/env python +# +# demo for matched values control (RFC 3876) +# +# suppose the uid=jsmith LDAP entry has two mail attributes: +# +# dn: uid=jsmith,ou=People,dc=example,dc=com +# (...) +# mail: jsmith@example.com +# mail: jsmith@example.org +# +# Let's say you want to fetch only the example.org email. Without MV, +# you would first fetch all mail attributes and then filter them further +# on the client. With the MV control, the result can be given to the +# client already filtered. +# +# Sample output: +# $ ./matchedvalues.py +# LDAP filter used: (&(objectClass=inetOrgPerson)(mail=*@example.org)) +# Requesting 'mail' attribute back +# +# No matched values control: +# dn: uid=jsmith,ou=People,dc=example,dc=com +# mail: jsmith@example.org +# mail: john@example.com +# +# Matched values control: (mail=*@example.org) +# dn: uid=jsmith,ou=People,dc=example,dc=com +# mail: jsmith@example.org + +import ldap +from ldap.controls import MatchedValuesControl + +def print_result(search_result): + for n in range(len(search_result)): + print("dn: %s" % search_result[n][0]) + for attr in search_result[n][1].keys(): + for i in range(len(search_result[n][1][attr])): + print("{}: {}".format(attr, search_result[n][1][attr][i])) + print + + +uri = "ldap://ldap.example.com" +base = "dc=example,dc=com" +scope = ldap.SCOPE_SUBTREE +filter = "(&(objectClass=inetOrgPerson)(mail=*@example.org))" +control_filter = "(mail=*@example.org)" + +ld = ldap.initialize(uri) + +mv = MatchedValuesControl(criticality=True, controlValue=control_filter) + +res = ld.search_ext_s(base, scope, filter, attrlist = ['mail']) +print("LDAP filter used: %s" % filter) +print("Requesting 'mail' attribute back") +print +print("No matched values control:") +print_result(res) + +res = ld.search_ext_s(base, scope, filter, attrlist = ['mail'], serverctrls = [mv]) +print("Matched values control: %s" % control_filter) +print_result(res) diff --git a/Demo/ms_ad_bind.py b/Demo/ms_ad_bind.py new file mode 100644 index 0000000..6333652 --- /dev/null +++ b/Demo/ms_ad_bind.py @@ -0,0 +1,38 @@ +# How to bind to MS AD with python-ldap and various methods + +import ldap,ldap.sasl + +ldap_uri = "ldap://dc1.example.com" +dn = "CN=Anna Blume,CN=Users,DC=addomain,DC=example,DC=com" +sAMAccountName = "ABlume" +userPrincipalName = "ablume@addomain.example.com" +password = 'testsecret' + +trace_level = 2 + +l = ldap.initialize(ldap_uri,trace_level=trace_level) + +# Normal LDAPv3 compliant simple bind +l.simple_bind_s(dn,password) + +# This is AD-specific and not LDAPv3 compliant +l.simple_bind_s(userPrincipalName,password) + +# This is AD-specific and not LDAPv3 compliant +l.simple_bind_s(userPrincipalName,password) + +# SASL bind with mech DIGEST-MD5 with sAMAccountName as SASL user name +sasl_auth = ldap.sasl.sasl( + { + ldap.sasl.CB_AUTHNAME:sAMAccountName, + ldap.sasl.CB_PASS :password, + }, + 'DIGEST-MD5' +) +l.sasl_interactive_bind_s("", sasl_auth) + +# SASL bind with mech GSSAPI +# with the help of Kerberos V TGT obtained before with command +# kinit ablume@ADDOMAIN.EXAMPLE.COM +sasl_auth = ldap.sasl.sasl({},'GSSAPI') +l.sasl_interactive_bind_s("", sasl_auth) diff --git a/Demo/options.py b/Demo/options.py new file mode 100644 index 0000000..7a8ee9d --- /dev/null +++ b/Demo/options.py @@ -0,0 +1,24 @@ +import ldap + +host="localhost:1390" + +print("API info:",ldap.get_option(ldap.OPT_API_INFO)) +print("debug level:",ldap.get_option(ldap.OPT_DEBUG_LEVEL)) +#print("Setting debug level to 255...") +#ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) +#print("debug level:",ldap.get_option(ldap.OPT_DEBUG_LEVEL)) +print("default size limit:",ldap.get_option(ldap.OPT_SIZELIMIT)) +print("Setting default size limit to 10...") +ldap.set_option(ldap.OPT_SIZELIMIT,10) +print("default size limit:",ldap.get_option(ldap.OPT_SIZELIMIT)) +print("Creating connection to",host,"...") +l=ldap.init(host) +print("size limit:",l.get_option(ldap.OPT_SIZELIMIT)) +print("Setting connection size limit to 20...") +l.set_option(ldap.OPT_SIZELIMIT,20) +print("size limit:",l.get_option(ldap.OPT_SIZELIMIT)) +#print("Setting time limit to 60 secs...") +l.set_option(ldap.OPT_TIMELIMIT,60) +#print("time limit:",l.get_option(ldap.OPT_TIMELIMIT)) +print("Binding...") +l.simple_bind_s("","") diff --git a/Demo/page_control.py b/Demo/page_control.py new file mode 100644 index 0000000..b92cbf8 --- /dev/null +++ b/Demo/page_control.py @@ -0,0 +1,72 @@ +url = "ldap://localhost:1390" +base = "dc=stroeder,dc=de" +search_flt = r'(objectClass=*)' +page_size = 10 +binddn = '' +bindpw = '' +trace_level = 0 + +import ldap,pprint + +try: + from ldap.controls.pagedresults import SimplePagedResultsControl +except ImportError: + from ldap.controls.libldap import SimplePagedResultsControl + +searchreq_attrlist=['cn','entryDN','entryUUID','mail','objectClass'] + +#ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) +ldap.set_option(ldap.OPT_REFERRALS, 0) +l = ldap.initialize(url,trace_level=trace_level) +l.protocol_version = 3 +l.simple_bind_s(binddn,bindpw) + +req_ctrl = SimplePagedResultsControl(True,size=page_size,cookie='') + +known_ldap_resp_ctrls = { + SimplePagedResultsControl.controlType:SimplePagedResultsControl, +} + +# Send search request +msgid = l.search_ext( + base, + ldap.SCOPE_SUBTREE, + search_flt, + attrlist=searchreq_attrlist, + serverctrls=[req_ctrl] +) + +pages = 0 +while True: + pages += 1 + print('-'*60) + print("Getting page %d" % (pages)) + rtype, rdata, rmsgid, serverctrls = l.result3(msgid,resp_ctrl_classes=known_ldap_resp_ctrls) + print('%d results' % len(rdata)) + print('serverctrls=',pprint.pprint(serverctrls)) + print('rdata=',pprint.pprint(rdata)) + pctrls = [ + c + for c in serverctrls + if c.controlType == SimplePagedResultsControl.controlType + ] + if pctrls: + print('pctrls[0].size',repr(pctrls[0].size)) + print('pctrls[0].cookie',repr(pctrls[0].cookie)) + if pctrls[0].cookie: + # Copy cookie from response control to request control + req_ctrl.cookie = pctrls[0].cookie + msgid = l.search_ext( + base, + ldap.SCOPE_SUBTREE, + search_flt, + attrlist=searchreq_attrlist, + serverctrls=[req_ctrl] + ) + else: + break + else: + print("Warning: Server ignores RFC 2696 control.") + break + +l.unbind_s() diff --git a/Demo/paged_search_ext_s.py b/Demo/paged_search_ext_s.py new file mode 100644 index 0000000..3a1a4ac --- /dev/null +++ b/Demo/paged_search_ext_s.py @@ -0,0 +1,107 @@ +url = "ldap://localhost:1390/" +base = "dc=stroeder,dc=de" +search_flt = r'(objectClass=*)' + +searchreq_attrlist=['cn','entryDN','entryUUID','mail','objectClass'] + +from ldap.ldapobject import ReconnectLDAPObject + +import ldap,pprint +from ldap.controls import SimplePagedResultsControl + + +class PagedResultsSearchObject: + page_size = 50 + + def paged_search_ext_s(self,base,scope,filterstr='(objectClass=*)',attrlist=None,attrsonly=0,serverctrls=None,clientctrls=None,timeout=-1,sizelimit=0): + """ + Behaves exactly like LDAPObject.search_ext_s() but internally uses the + simple paged results control to retrieve search results in chunks. + + This is non-sense for really large results sets which you would like + to process one-by-one + """ + + while True: # loop for reconnecting if necessary + + req_ctrl = SimplePagedResultsControl(True,size=self.page_size,cookie='') + + try: + + # Send first search request + msgid = self.search_ext( + base, + scope, + filterstr=filterstr, + attrlist=attrlist, + attrsonly=attrsonly, + serverctrls=(serverctrls or [])+[req_ctrl], + clientctrls=clientctrls, + timeout=timeout, + sizelimit=sizelimit + ) + + result_pages = 0 + all_results = [] + + while True: + rtype, rdata, rmsgid, rctrls = self.result3(msgid) + all_results.extend(rdata) + result_pages += 1 + # Extract the simple paged results response control + pctrls = [ + c + for c in rctrls + if c.controlType == SimplePagedResultsControl.controlType + ] + if pctrls: + if pctrls[0].cookie: + # Copy cookie from response control to request control + req_ctrl.cookie = pctrls[0].cookie + msgid = self.search_ext( + base, + scope, + filterstr=filterstr, + attrlist=attrlist, + attrsonly=attrsonly, + serverctrls=(serverctrls or [])+[req_ctrl], + clientctrls=clientctrls, + timeout=timeout, + sizelimit=sizelimit + ) + else: + break # no more pages available + + except ldap.SERVER_DOWN as e: + try: + self.reconnect(self._uri) + except AttributeError: + raise e + + else: + return result_pages,all_results + + +class MyLDAPObject(ReconnectLDAPObject,PagedResultsSearchObject): + pass + + +#ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) +ldap.set_option(ldap.OPT_REFERRALS, 0) +l = MyLDAPObject(url,trace_level=2,retry_max=100,retry_delay=2) +l.protocol_version = 3 +l.simple_bind_s("", "") +l.page_size=10 + +# Send search request +result_pages,all_results = l.paged_search_ext_s( + base, + ldap.SCOPE_SUBTREE, + search_flt, + attrlist=searchreq_attrlist, + serverctrls=None +) + +l.unbind_s() + +print('Received %d results in %d pages.' % (len(all_results),result_pages)) diff --git a/Demo/passwd_ext_op.py b/Demo/passwd_ext_op.py new file mode 100644 index 0000000..6c69548 --- /dev/null +++ b/Demo/passwd_ext_op.py @@ -0,0 +1,32 @@ +""" +Example showing the use of the password extended operation. +""" + +import sys,ldap,ldapurl,getpass + +# Set debugging level +ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) +ldapmodule_trace_level = 2 +ldapmodule_trace_file = sys.stderr + +lu = ldapurl.LDAPUrl(sys.argv[1]) + +print('Old password') +oldpw = getpass.getpass() +print('New password') +newpw = getpass.getpass() + +# Set path name of file containing all CA certificates +# needed to validate server certificates +ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,'/etc/httpd/ssl.crt/myCA-cacerts.pem') + +# Create LDAPObject instance +l = ldap.initialize(lu.initializeUrl(),trace_level=ldapmodule_trace_level,trace_file=ldapmodule_trace_file) + +l.protocol_version=ldap.VERSION3 + +l.simple_bind_s(lu.dn,oldpw) + +l.passwd(lu.dn,oldpw,newpw) + +l.unbind_s() diff --git a/Demo/pickle_ldapobject.py b/Demo/pickle_ldapobject.py new file mode 100644 index 0000000..3f7cab2 --- /dev/null +++ b/Demo/pickle_ldapobject.py @@ -0,0 +1,12 @@ +import os,ldap,pickle + +temp_file_name = os.path.join(os.environ.get('TMP','/tmp'),'pickle_ldap-%d' % (os.getpid())) + +l1 = ldap.ldapobject.ReconnectLDAPObject('ldap://localhost:1390',trace_level=1) +l1.protocol_version = 3 +l1.search_s('',ldap.SCOPE_BASE,'(objectClass=*)') + +pickle.dump(l1,open(temp_file_name,'wb')) + +l2 = pickle.load(open(temp_file_name,'rb')) +l2.search_s('',ldap.SCOPE_BASE,'(objectClass=*)') diff --git a/Demo/pyasn1/README b/Demo/pyasn1/README new file mode 100644 index 0000000..2ca95a6 --- /dev/null +++ b/Demo/pyasn1/README @@ -0,0 +1,6 @@ +The sample modules/scripts herein require modules pyasn1 and pyasn1-modules. + +https://github.com/etingof/pyasn1 + +https://pypi.org/project/pyasn1/ +https://pypi.org/project/pyasn1-modules/ diff --git a/Demo/pyasn1/dds.py b/Demo/pyasn1/dds.py new file mode 100644 index 0000000..1927060 --- /dev/null +++ b/Demo/pyasn1/dds.py @@ -0,0 +1,54 @@ +""" +Demo script for Dynamic Entries (see RFC 2589) + +This needs the following software: +Python +pyasn1 +pyasn1-modules +python-ldap 2.4+ +""" + +from ldap.extop.dds import RefreshRequest,RefreshResponse + +import sys,ldap,ldapurl,getpass + +try: + ldap_url = ldapurl.LDAPUrl(sys.argv[1]) + request_ttl = int(sys.argv[2]) +except (IndexError, ValueError): + print('Usage: dds.py ') + sys.exit(1) + +# Set debugging level +#ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) +ldapmodule_trace_level = 2 +ldapmodule_trace_file = sys.stderr + +ldap_conn = ldap.ldapobject.LDAPObject( + ldap_url.initializeUrl(), + trace_level=ldapmodule_trace_level, + trace_file=ldapmodule_trace_file +) + +if ldap_url.cred is None: + print('Password for %s:' % (repr(ldap_url.who))) + ldap_url.cred = getpass.getpass() + +try: + ldap_conn.simple_bind_s(ldap_url.who or '',ldap_url.cred or '') + +except ldap.INVALID_CREDENTIALS as e: + print('Simple bind failed:',str(e)) + sys.exit(1) + +else: + extreq = RefreshRequest(entryName=ldap_url.dn,requestTtl=request_ttl) + try: + extop_resp_obj = ldap_conn.extop_s(extreq,extop_resp_class=RefreshResponse) + except ldap.LDAPError as e: + print(str(e)) + else: + if extop_resp_obj.responseTtl!=request_ttl: + print('Different response TTL:',extop_resp_obj.responseTtl) + else: + print('Response TTL:',extop_resp_obj.responseTtl) diff --git a/Demo/pyasn1/derefcontrol.py b/Demo/pyasn1/derefcontrol.py new file mode 100644 index 0000000..9565a9e --- /dev/null +++ b/Demo/pyasn1/derefcontrol.py @@ -0,0 +1,48 @@ +#!/usr/bin/env python +""" +This sample script demonstrates the use of the dereference control +(see https://tools.ietf.org/html/draft-masarati-ldap-deref) +""" + +import pprint,ldap,ldap.modlist,ldap.resiter + +from ldap.controls.deref import DereferenceControl + +uri = "ldap://ipa.demo1.freeipa.org" + +class MyLDAPObject(ldap.ldapobject.LDAPObject,ldap.resiter.ResultProcessor): + pass + + +l = MyLDAPObject(uri,trace_level=0) +l.simple_bind_s('uid=admin,cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org','Secret123') + +dc = DereferenceControl( + True, + { + 'member':[ + 'uid', + 'description', + 'cn', + 'mail', + ], + } +) + +print('pyasn1 output of request control:') +print(dc._derefSpecs().prettyPrint()) + +msg_id = l.search_ext( + 'dc=demo1,dc=freeipa,dc=org', + ldap.SCOPE_SUBTREE, + '(objectClass=groupOfNames)', + attrlist=['cn','objectClass','member','description'], + serverctrls = [dc] +) + +for res_type,res_data,res_msgid,res_controls in l.allresults(msg_id,add_ctrls=1): + for dn,entry,deref_control in res_data: + # process dn and entry + print(dn,entry['objectClass']) + if deref_control: + pprint.pprint(deref_control[0].derefRes) diff --git a/Demo/pyasn1/noopsearch.py b/Demo/pyasn1/noopsearch.py new file mode 100644 index 0000000..a239c0e --- /dev/null +++ b/Demo/pyasn1/noopsearch.py @@ -0,0 +1,72 @@ +""" +Demo script for counting searching with OpenLDAP's no-op control + +See https://www.python-ldap.org/ for project details. +This needs the following software: +Python +pyasn1 +pyasn1-modules +python-ldap 2.4+ +""" + +import sys,ldap,ldapurl,getpass + +from ldap.controls.openldap import SearchNoOpControl + +SEARCH_TIMEOUT=30.0 + +try: + ldap_url = ldapurl.LDAPUrl(sys.argv[1]) +except IndexError: + print('Usage: noopsearch.py ') + sys.exit(1) + +# Set debugging level +#ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) +ldapmodule_trace_level = 2 +ldapmodule_trace_file = sys.stderr + +ldap_conn = ldap.ldapobject.LDAPObject( + ldap_url.initializeUrl(), + trace_level=ldapmodule_trace_level, + trace_file=ldapmodule_trace_file +) + +if ldap_url.who and ldap_url.cred is None: + print('Password for %s:' % (repr(ldap_url.who))) + ldap_url.cred = getpass.getpass() + +try: + ldap_conn.simple_bind_s(ldap_url.who or '',ldap_url.cred or '') + +except ldap.INVALID_CREDENTIALS as e: + print('Simple bind failed:',str(e)) + sys.exit(1) + +try: + msg_id = ldap_conn.search_ext( + ldap_url.dn, + ldap_url.scope, + filterstr=ldap_url.filterstr or '(objectClass=*)', + attrlist=['1.1'], + timeout=SEARCH_TIMEOUT, + serverctrls=[SearchNoOpControl(criticality=True)], + ) + _,_,_,search_response_ctrls = ldap_conn.result3(msg_id,all=1,timeout=SEARCH_TIMEOUT) +except ( + ldap.TIMEOUT, + ldap.TIMELIMIT_EXCEEDED, + ldap.SIZELIMIT_EXCEEDED, + ldap.ADMINLIMIT_EXCEEDED) as e: + ldap_conn.abandon(msg_id) + sys.exit(1) + + +noop_srch_ctrl = [ + c + for c in search_response_ctrls + if c.controlType==SearchNoOpControl.controlType +][0] + +print('Number of search results: %d' % noop_srch_ctrl.numSearchResults) +print('Number of search continuations: %d' % noop_srch_ctrl.numSearchContinuations) diff --git a/Demo/pyasn1/ppolicy.py b/Demo/pyasn1/ppolicy.py new file mode 100644 index 0000000..c143bf1 --- /dev/null +++ b/Demo/pyasn1/ppolicy.py @@ -0,0 +1,49 @@ +""" +Demo script for Password Policy Controls +(see https://tools.ietf.org/html/draft-behera-ldap-password-policy) + +This needs the following software: +Python +pyasn1 +pyasn1-modules +python-ldap 2.4+ +""" + +import sys,ldap,ldapurl,getpass + +from ldap.controls.ppolicy import PasswordPolicyError,PasswordPolicyControl + +try: + ldap_url = ldapurl.LDAPUrl(sys.argv[1]) +except (IndexError,ValueError): + print('Usage: ppolicy.py ') + sys.exit(1) + +# Set debugging level +#ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) +ldapmodule_trace_level = 2 +ldapmodule_trace_file = sys.stderr + +ldap_conn = ldap.ldapobject.LDAPObject( + ldap_url.initializeUrl(), + trace_level=ldapmodule_trace_level, + trace_file=ldapmodule_trace_file +) + +if ldap_url.cred is None: + print('Password for %s:' % (repr(ldap_url.who))) + ldap_url.cred = getpass.getpass() + +try: + msgid = ldap_conn.simple_bind(ldap_url.who,ldap_url.cred,serverctrls=[PasswordPolicyControl()]) + res_type,res_data,res_msgid,res_ctrls = ldap_conn.result3(msgid) +except ldap.INVALID_CREDENTIALS as e: + print('Simple bind failed:',str(e)) + sys.exit(1) +else: + if res_ctrls[0].controlType==PasswordPolicyControl.controlType: + ppolicy_ctrl = res_ctrls[0] + print('PasswordPolicyControl') + print('error',repr(ppolicy_ctrl.error),(ppolicy_ctrl.error!=None)*repr(PasswordPolicyError(ppolicy_ctrl.error))) + print('timeBeforeExpiration',repr(ppolicy_ctrl.timeBeforeExpiration)) + print('graceAuthNsRemaining',repr(ppolicy_ctrl.graceAuthNsRemaining)) diff --git a/Demo/pyasn1/psearch.py b/Demo/pyasn1/psearch.py new file mode 100644 index 0000000..2703a25 --- /dev/null +++ b/Demo/pyasn1/psearch.py @@ -0,0 +1,78 @@ +""" +Demo script for Persistent Search Control +(see https://tools.ietf.org/html/draft-ietf-ldapext-psearch) + +See https://www.python-ldap.org/ for project details. +This needs the following software: +Python +pyasn1 +pyasn1-modules +python-ldap 2.4+ +""" + +import sys,ldap,ldapurl,getpass + +from ldap.controls.psearch import PersistentSearchControl,EntryChangeNotificationControl,CHANGE_TYPES_STR + +try: + ldap_url = ldapurl.LDAPUrl(sys.argv[1]) +except IndexError: + print('Usage: psearch.py ') + sys.exit(1) + +# Set debugging level +#ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) +ldapmodule_trace_level = 2 +ldapmodule_trace_file = sys.stderr + +ldap_conn = ldap.ldapobject.LDAPObject( + ldap_url.initializeUrl(), + trace_level=ldapmodule_trace_level, + trace_file=ldapmodule_trace_file +) + +if ldap_url.cred is None: + print('Password for %s:' % (repr(ldap_url.who))) + ldap_url.cred = getpass.getpass() + +try: + ldap_conn.simple_bind_s(ldap_url.who,ldap_url.cred) + +except ldap.INVALID_CREDENTIALS as e: + print('Simple bind failed:',str(e)) + sys.exit(1) + +psc = PersistentSearchControl() + +msg_id = ldap_conn.search_ext( + ldap_url.dn, + ldap_url.scope, + ldap_url.filterstr, + attrlist = ldap_url.attrs or ['*','+'], + serverctrls=[psc], +) + +while True: + try: + res_type,res_data,res_msgid,_,_,_ = ldap_conn.result4( + msg_id, + all=0, + timeout=10.0, + add_ctrls=1, + add_intermediates=1, + resp_ctrl_classes={EntryChangeNotificationControl.controlType:EntryChangeNotificationControl}, + ) + except ldap.TIMEOUT: + print('Timeout waiting for results...') + else: + for dn,entry,srv_ctrls in res_data: + ecn_ctrls = [ + c + for c in srv_ctrls + if c.controlType == EntryChangeNotificationControl.controlType + ] + + if ecn_ctrls: + changeType,previousDN,changeNumber = ecn_ctrls[0].changeType,ecn_ctrls[0].previousDN,ecn_ctrls[0].changeNumber + change_type_desc = CHANGE_TYPES_STR[changeType] + print('changeType: %s (%d), changeNumber: %s, previousDN: %s' % (change_type_desc,changeType,changeNumber,repr(previousDN))) diff --git a/Demo/pyasn1/readentrycontrol.py b/Demo/pyasn1/readentrycontrol.py new file mode 100644 index 0000000..b3ea6e8 --- /dev/null +++ b/Demo/pyasn1/readentrycontrol.py @@ -0,0 +1,110 @@ +#!/usr/bin/env python +""" +This sample script demonstrates the use of the pre-read control (see RFC 4527). + +Originally contributed by Andreas Hasenack +""" + +import pprint,ldap,ldap.modlist + +from ldap.controls.readentry import PreReadControl,PostReadControl + +uri = "ldap://localhost:2071/" + +l = ldap.initialize(uri,trace_level=2) +l.simple_bind_s('uid=diradm,ou=schulung,dc=stroeder,dc=local','testsecret') + +print("""#--------------------------------------------------------------------------- +# Add new entry +#--------------------------------------------------------------------------- +""") + +new_test_dn = "uid=ablume,ou=Users,ou=schulung,dc=stroeder,dc=local" +new_test_dn2 = "uid=ablume2,ou=Users,ou=schulung,dc=stroeder,dc=local" +new_test_entry = { + 'objectClass':['account','posixAccount'], + 'uid':['ablume'], + 'cn':['Anna Blume'], + 'uidNumber':['10000'], + 'gidNumber':['10000'], + 'homeDirectory':['/home/ablume'], +} + +pr = PostReadControl(criticality=True,attrList=['entryUUID','entryCSN']) + +msg_id = l.add_ext( + new_test_dn, + ldap.modlist.addModlist(new_test_entry), + serverctrls = [pr] +) +_,_,_,resp_ctrls = l.result3(msg_id) +print("resp_ctrls[0].dn:", resp_ctrls[0].dn) +print("resp_ctrls[0].entry:", pprint.pformat(resp_ctrls[0].entry)) + +print("""#--------------------------------------------------------------------------- +# Modify entry +#--------------------------------------------------------------------------- +""") + +pr = PreReadControl(criticality=True,attrList=['uidNumber','gidNumber','entryCSN']) + +msg_id = l.modify_ext( + new_test_dn, + [(ldap.MOD_INCREMENT, "uidNumber", "1"),(ldap.MOD_INCREMENT, "gidNumber", "1")], + serverctrls = [pr] +) +_,_,_,resp_ctrls = l.result3(msg_id) +print("resp_ctrls[0].dn:",resp_ctrls[0].dn) +print("resp_ctrls[0].entry:",pprint.pformat(resp_ctrls[0].entry)) + +pr = PostReadControl(criticality=True,attrList=['uidNumber','gidNumber','entryCSN']) + +msg_id = l.modify_ext( + new_test_dn, + [(ldap.MOD_INCREMENT, "uidNumber", "1"),(ldap.MOD_INCREMENT, "gidNumber", "1")], + serverctrls = [pr] +) +_,_,_,resp_ctrls = l.result3(msg_id) +print("resp_ctrls[0].dn:",resp_ctrls[0].dn) +print("resp_ctrls[0].entry:",pprint.pformat(resp_ctrls[0].entry)) + +print("""#--------------------------------------------------------------------------- +# Rename entry +#--------------------------------------------------------------------------- +""") + +pr = PostReadControl(criticality=True,attrList=['uid']) +msg_id = l.rename( + new_test_dn, + "uid=ablume2", + delold=1, + serverctrls = [pr] +) +_,_,_,resp_ctrls = l.result3(msg_id) +print("resp_ctrls[0].dn:",resp_ctrls[0].dn) +print("resp_ctrls[0].entry:",pprint.pformat(resp_ctrls[0].entry)) + +pr = PreReadControl(criticality=True,attrList=['uid']) +msg_id = l.rename( + new_test_dn2, + "uid=ablume", + delold=1, + serverctrls = [pr] +) +_,_,_,resp_ctrls = l.result3(msg_id) +print("resp_ctrls[0].dn:",resp_ctrls[0].dn) +print("resp_ctrls[0].entry:",pprint.pformat(resp_ctrls[0].entry)) + +print("""#--------------------------------------------------------------------------- +# Delete entry +#--------------------------------------------------------------------------- +""") + +pr = PreReadControl(criticality=True,attrList=['*','+']) +msg_id = l.delete_ext( + new_test_dn, + serverctrls = [pr] +) +_,_,_,resp_ctrls = l.result3(msg_id) +print("resp_ctrls[0].dn:",resp_ctrls[0].dn) +print("resp_ctrls[0].entry:",pprint.pformat(resp_ctrls[0].entry)) diff --git a/Demo/pyasn1/sessiontrack.py b/Demo/pyasn1/sessiontrack.py new file mode 100644 index 0000000..491172c --- /dev/null +++ b/Demo/pyasn1/sessiontrack.py @@ -0,0 +1,58 @@ +#!/usr/bin/env python +""" +demo_track_ldap_session.py + +Client-side demo implementation of Session Tracking Control + +https://tools.ietf.org/html/draft-wahl-ldap-session-03 +""" + + +__version__ = '0.1' + +import sys,getpass,ldap,ldapurl + +from ldap.controls.sessiontrack import SessionTrackingControl,SESSION_TRACKING_FORMAT_OID_USERNAME + +try: + ldap_url = ldapurl.LDAPUrl(sys.argv[1]) +except (IndexError, ValueError): + print('Usage: %s ' % (sys.argv[0])) + sys.exit(1) + +# Set debugging level +#ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) +ldapmodule_trace_level = 2 +ldapmodule_trace_file = sys.stderr + +ldap_conn = ldap.ldapobject.LDAPObject( + ldap_url.initializeUrl(), + trace_level=ldapmodule_trace_level, + trace_file=ldapmodule_trace_file +) + +if ldap_url.who and ldap_url.cred is None: + print('Password for %s:' % (repr(ldap_url.who))) + ldap_url.cred = getpass.getpass() + +try: + ldap_conn.simple_bind_s(ldap_url.who or '',ldap_url.cred or '') + +except ldap.INVALID_CREDENTIALS as e: + print('Simple bind failed:',str(e)) + sys.exit(1) + +st_ctrl = SessionTrackingControl( + '192.0.2.1', + 'app.example.com', + SESSION_TRACKING_FORMAT_OID_USERNAME, + 'bloggs' +) + +ldap_conn.search_ext_s( + ldap_url.dn or '', + ldap_url.scope or ldap.SCOPE_SUBTREE, + ldap_url.filterstr or '(objectClass=*)', + ldap_url.attrs or ['*'], + serverctrls=[st_ctrl] +) diff --git a/Demo/pyasn1/sss_highest_number.py b/Demo/pyasn1/sss_highest_number.py new file mode 100644 index 0000000..020dcdb --- /dev/null +++ b/Demo/pyasn1/sss_highest_number.py @@ -0,0 +1,46 @@ +#!/usr/bin/env python +""" +This sample script demonstrates the use of the server-side-sorting control +(see RFC 2891) +""" + +import pprint,ldap + +from ldap.ldapobject import LDAPObject +from ldap.controls.sss import SSSRequestControl +from ldap.resiter import ResultProcessor + +class MyLDAPObject(LDAPObject,ResultProcessor): + pass + +uri = "ldap://ipa.demo1.freeipa.org" + +l = MyLDAPObject(uri,trace_level=0) +l.simple_bind_s('uid=admin,cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org','Secret123') + +for id_attr in ('uidNumber','gidNumber'): + # reverse sorting request control + sss_control = SSSRequestControl(ordering_rules=['-%s' % (id_attr)]) + # send search request + msg_id = l.search_ext( + 'dc=demo1,dc=freeipa,dc=org', + ldap.SCOPE_SUBTREE, + '(%s=*)' % (id_attr), + attrlist=[id_attr], + sizelimit=1, + serverctrls = [sss_control], + ) + # collect result + ldap_result = [] + try: + for res_type,res_data,res_msgid,res_controls in l.allresults(msg_id,add_ctrls=0): + ldap_result.extend(res_data) + except ldap.SIZELIMIT_EXCEEDED: + pass + # print result + print('Highest value of %s' % (id_attr)) + if ldap_result: + dn,entry = ldap_result[0] + print('->',entry[id_attr]) + else: + print('not found') diff --git a/Demo/pyasn1/syncrepl.py b/Demo/pyasn1/syncrepl.py new file mode 100644 index 0000000..f1f24e1 --- /dev/null +++ b/Demo/pyasn1/syncrepl.py @@ -0,0 +1,199 @@ +#!/usr/bin/env python +""" +This script implements a syncrepl consumer which syncs data from an OpenLDAP +server to a local (shelve) database. + +Notes: + +The bound user needs read access to the attributes entryDN and entryCSN. +""" + +# Import modules from Python standard lib +import logging +import shelve +import signal +import sys +import time + +# Import the python-ldap modules +import ldap +import ldapurl +# Import specific classes from python-ldap +from ldap.ldapobject import ReconnectLDAPObject +from ldap.syncrepl import SyncreplConsumer + +logger = logging.getLogger('syncrepl') +logger.setLevel(logging.DEBUG) +logger.addHandler(logging.StreamHandler()) + +# Global state +watcher_running = True +ldap_connection = False + + +class SyncReplClient(ReconnectLDAPObject, SyncreplConsumer): + """ + Syncrepl Consumer Client + """ + + def __init__(self, db_path, *args, **kwargs): + # Initialise the LDAP Connection first + ldap.ldapobject.ReconnectLDAPObject.__init__(self, *args, **kwargs) + # Now prepare the data store + if db_path: + self.__data = shelve.open(db_path, 'c') + else: + self.__data = {} + # We need this for later internal use + self.__presentUUIDs = {} + + def close_db(self): + # Close the data store properly to avoid corruption + self.__data.close() + + def syncrepl_get_cookie(self): + if 'cookie' in self.__data: + return self.__data['cookie'] + + def syncrepl_set_cookie(self,cookie): + self.__data['cookie'] = cookie + + def syncrepl_entry(self, dn, attributes, uuid): + logger.debug('dn=%r attributes=%r uuid=%r', dn, attributes, uuid) + # First we determine the type of change we have here + # (and store away the previous data for later if needed) + previous_attributes = {} + if uuid in self.__data: + change_type = 'modify' + previous_attributes = self.__data[uuid] + else: + change_type = 'add' + # Now we store our knowledge of the existence of this entry + # (including the DN as an attribute for convenience) + attributes['dn'] = dn + self.__data[uuid] = attributes + # Debugging + logger.debug('Detected %s of entry %r', change_type, dn) + # If we have a cookie then this is not our first time being run, + # so it must be a change + if 'ldap_cookie' in self.__data: + self.perform_application_sync(dn, attributes, previous_attributes) + + def syncrepl_delete(self,uuids): + # Make sure we know about the UUID being deleted, just in case... + uuids = [uuid for uuid in uuids if uuid in self.__data] + # Delete all the UUID values we know of + for uuid in uuids: + logger.debug('Detected deletion of entry %r', self.__data[uuid]['dn']) + del self.__data[uuid] + + def syncrepl_present(self,uuids,refreshDeletes=False): + # If we have not been given any UUID values, + # then we have recieved all the present controls... + if uuids is None: + # We only do things if refreshDeletes is false as the syncrepl + # extension will call syncrepl_delete instead when it detects a + # delete notice + if refreshDeletes is False: + deletedEntries = [ + uuid + for uuid in self.__data.keys() + if uuid not in self.__presentUUIDs and uuid != 'ldap_cookie' + ] + self.syncrepl_delete( deletedEntries ) + # Phase is now completed, reset the list + self.__presentUUIDs = {} + else: + # Note down all the UUIDs we have been sent + for uuid in uuids: + self.__presentUUIDs[uuid] = True + + def syncrepl_refreshdone(self): + logger.info('Initial synchronization is now done, persist phase begins') + + def perform_application_sync(self,dn,attributes,previous_attributes): + logger.info('Performing application sync for %r', dn) + return True + + +# Shutdown handler +def commenceShutdown(signum, stack): + # Declare the needed global variables + global watcher_running, ldap_connection + logger.warn('Shutting down!') + + # We are no longer running + watcher_running = False + + # Tear down the server connection + if ldap_connection: + ldap_connection.close_db() + ldap_connection.unbind_s() + del ldap_connection + + # Shutdown + sys.exit(0) + +# Time to actually begin execution +# Install our signal handlers +signal.signal(signal.SIGTERM, commenceShutdown) +signal.signal(signal.SIGINT, commenceShutdown) + + +try: + ldap_url = ldapurl.LDAPUrl(sys.argv[1]) + database_path = sys.argv[2] +except IndexError,e: + print ( + 'Usage:\n' + '{script_name} \n' + '{script_name} "ldap://127.0.0.1/cn=users,dc=test' + '?*' + '?sub' + '?(objectClass=*)' + '?bindname=uid=admin%2ccn=users%2cdc=test,' + 'X-BINDPW=password" db.shelve' + ).format(script_name=sys.argv[0]) + sys.exit(1) +except ValueError as e: + print('Error parsing command-line arguments:',str(e)) + sys.exit(1) + +while watcher_running: + logger.info('Connecting to %s now...', ldap_url.initializeUrl()) + # Prepare the LDAP server connection (triggers the connection as well) + ldap_connection = SyncReplClient(database_path, ldap_url.initializeUrl()) + + # Now we login to the LDAP server + try: + ldap_connection.simple_bind_s(ldap_url.who, ldap_url.cred) + except ldap.INVALID_CREDENTIALS as err: + logger.error('Login to LDAP server failed: %s', err) + sys.exit(1) + except ldap.SERVER_DOWN: + logger.warn('LDAP server is down, going to retry.') + time.sleep(5) + continue + + # Commence the syncing + logger.debug('Commencing sync process') + ldap_search = ldap_connection.syncrepl_search( + ldap_url.dn or '', + ldap_url.scope or ldap.SCOPE_SUBTREE, + mode = 'refreshAndPersist', + attrlist=ldap_url.attrs, + filterstr = ldap_url.filterstr or '(objectClass=*)' + ) + + try: + while ldap_connection.syncrepl_poll( all = 1, msgid = ldap_search): + pass + except KeyboardInterrupt: + # User asked to exit + commenceShutdown(None, None) + except Exception as err: + # Handle any exception + if watcher_running: + logger.exception('Unhandled exception, going to retry: %s', err) + logger.info('Going to retry after 5 secs') + time.sleep(5) diff --git a/Demo/reconnect.py b/Demo/reconnect.py new file mode 100644 index 0000000..af3d875 --- /dev/null +++ b/Demo/reconnect.py @@ -0,0 +1,24 @@ +import sys,time,ldap,ldap.ldapobject,ldapurl + +from ldap.ldapobject import * + +ldap_url = ldapurl.LDAPUrl(sys.argv[1]) +ldap_url.applyDefaults({ + 'who':'', + 'cred':'', + 'filterstr':'(objectClass=*)', + 'scope':ldap.SCOPE_BASE +}) + +ldap.trace_level=1 + +l = ldap.ldapobject.ReconnectLDAPObject( + ldap_url.initializeUrl(),trace_level=ldap.trace_level +) +l.protocol_version = ldap.VERSION3 + +l.simple_bind_s(ldap_url.who,ldap_url.cred) + +while 1: + l.search_s(ldap_url.dn,ldap_url.scope,ldap_url.filterstr,ldap_url.attrs) + sys.stdin.readline() diff --git a/Demo/rename.py b/Demo/rename.py new file mode 100644 index 0000000..edb78a8 --- /dev/null +++ b/Demo/rename.py @@ -0,0 +1,52 @@ +import ldap +from getpass import getpass + +# Create LDAPObject instance +l = ldap.initialize('ldap://localhost:1389',trace_level=1) + +print('Password:') +cred = getpass() + +try: + + # Set LDAP protocol version used + l.set_option(ldap.OPT_PROTOCOL_VERSION,3) + + # Try a bind to provoke failure if protocol version is not supported + l.bind_s('cn=root,dc=stroeder,dc=com',cred,ldap.AUTH_SIMPLE) + + print('Using rename_s():') + + l.rename_s( + 'uid=fred,ou=Unstructured testing tree,dc=stroeder,dc=com', + 'cn=Fred Feuerstein', + 'dc=stroeder,dc=com', + 0 + ) + + l.rename_s( + 'cn=Fred Feuerstein,dc=stroeder,dc=com', + 'uid=fred', + 'ou=Unstructured testing tree,dc=stroeder,dc=com', + 0 + ) + + m = l.rename( + 'uid=fred,ou=Unstructured testing tree,dc=stroeder,dc=com', + 'cn=Fred Feuerstein', + 'dc=stroeder,dc=com', + 0 + ) + r = l.result(m,1) + + m = l.rename( + 'cn=Fred Feuerstein,dc=stroeder,dc=com', + 'uid=fred', + 'ou=Unstructured testing tree,dc=stroeder,dc=com', + 0 + ) + r = l.result(m,1) + +finally: + + l.unbind_s() diff --git a/Demo/resiter.py b/Demo/resiter.py new file mode 100644 index 0000000..9fc14e4 --- /dev/null +++ b/Demo/resiter.py @@ -0,0 +1,21 @@ +""" +Demo for using ldap.resiter.ResultProcessor +written by Michael Stroeder + +See https://www.python-ldap.org for details. +""" + +import ldap,ldap.resiter + +class LDAPObject(ldap.ldapobject.LDAPObject,ldap.resiter.ResultProcessor): + pass + +l = LDAPObject('ldap://localhost:1390',trace_level=1) +l.protocol_version = 3 +msgid = l.search('dc=stroeder,dc=de',ldap.SCOPE_SUBTREE,'(cn=m*)') + +result_iter = l.allresults(msgid) +for result_type,result_list,result_msgid,result_serverctrls in result_iter: + print(result_type,result_list,result_msgid,result_serverctrls) + +l.unbind_s() diff --git a/Demo/sasl_bind.py b/Demo/sasl_bind.py new file mode 100644 index 0000000..8453d08 --- /dev/null +++ b/Demo/sasl_bind.py @@ -0,0 +1,84 @@ +# For documentation, see comments in Module/LDAPObject.c and the +# ldap.sasl module documentation. + +import ldap,ldap.sasl + +ldap.sasl._trace_level=0 + +ldap.set_option(ldap.OPT_DEBUG_LEVEL,0) + +for ldap_uri,sasl_mech,sasl_cb_value_dict in [ + ( + "ldap://nb2.stroeder.local:1390/", + 'CRAM-MD5', + { + ldap.sasl.CB_AUTHNAME :'fred', + ldap.sasl.CB_PASS :'secret', + } + ), + ( + "ldap://nb2.stroeder.local:1390/", + 'PLAIN', + { + ldap.sasl.CB_AUTHNAME :'fred', + ldap.sasl.CB_PASS :'secret', + } + ), + ( + "ldap://nb2.stroeder.local:1390/", + 'LOGIN', + { + ldap.sasl.CB_AUTHNAME :'fred', + ldap.sasl.CB_PASS :'secret', + } + ), + ( + "ldapi://%2Ftmp%2Fopenldap-socket/", + 'EXTERNAL', + { } + ), + ( + "ldap://nb2.stroeder.local:1390/", + 'GSSAPI', + { } + ), + ( + "ldap://nb2.stroeder.local:1390/", + 'NTLM', + { + ldap.sasl.CB_AUTHNAME :'fred', + ldap.sasl.CB_PASS :'secret', + } + ), + ( + "ldap://nb2.stroeder.local:1390/", + 'DIGEST-MD5', + { + ldap.sasl.CB_AUTHNAME :'fred', + ldap.sasl.CB_PASS :'secret', + } + ), +]: + sasl_auth = ldap.sasl.sasl(sasl_cb_value_dict,sasl_mech) + print(20*'*',sasl_auth.mech,20*'*') + # Open the LDAP connection + l = ldap.initialize(ldap_uri,trace_level=0) + # Set protocol version to LDAPv3 to enable SASL bind! + l.protocol_version = 3 + try: + l.sasl_interactive_bind_s("", sasl_auth) + except ldap.LDAPError as e: + print('Error using SASL mechanism',sasl_auth.mech,str(e)) + else: + print('Sucessfully bound using SASL mechanism:',sasl_auth.mech) + try: + print('Result of Who Am I? ext. op:',repr(l.whoami_s())) + except ldap.LDAPError as e: + print('Error using SASL mechanism',sasl_auth.mech,str(e)) + try: + print('OPT_X_SASL_USERNAME',repr(l.get_option(ldap.OPT_X_SASL_USERNAME))) + except AttributeError: + pass + + l.unbind() + del l diff --git a/Demo/schema.py b/Demo/schema.py new file mode 100644 index 0000000..bdad5e0 --- /dev/null +++ b/Demo/schema.py @@ -0,0 +1,63 @@ +import sys,ldap,ldap.schema + +schema_attrs = ldap.schema.SCHEMA_ATTRS + +ldap.set_option(ldap.OPT_DEBUG_LEVEL,0) + +ldap._trace_level = 0 + +subschemasubentry_dn,schema = ldap.schema.urlfetch(sys.argv[-1]) + +if subschemasubentry_dn is None: + print('No sub schema sub entry found!') + sys.exit(1) + +if schema.non_unique_oids: + print('*** Schema errors ***') + print('non-unique OIDs:\n','\r\n'.join(schema.non_unique_oids)) + +print('*** Schema from',repr(subschemasubentry_dn)) + +# Display schema +for attr_type,schema_class in ldap.schema.SCHEMA_CLASS_MAPPING.items(): + print('*'*20,attr_type,'*'*20) + for element_id in schema.listall(schema_class): + se_orig = schema.get_obj(schema_class,element_id) + print(attr_type,str(se_orig)) +print('*** Testing object class inetOrgPerson ***') + +drink = schema.get_obj(ldap.schema.AttributeType,'favouriteDrink') +if not drink is None: + print('*** drink ***') + print('drink.names',repr(drink.names)) + print('drink.collective',repr(drink.collective)) + +inetOrgPerson = schema.get_obj(ldap.schema.ObjectClass,'inetOrgPerson') +if not inetOrgPerson is None: + print(inetOrgPerson.must,inetOrgPerson.may) + +print('*** person,organizationalPerson,inetOrgPerson ***') +try: + print(schema.attribute_types() + ['person','organizationalPerson','inetOrgPerson'] + ) + print(schema.attribute_types() + ['person','organizationalPerson','inetOrgPerson'], + attr_type_filter = [ + ('no_user_mod',[0]), + ('usage',range(2)), + ] + ) +except KeyError as e: + print('***KeyError',str(e)) + + +schema.ldap_entry() + +print(str(schema.get_obj(ldap.schema.MatchingRule,'2.5.13.0'))) +print(str(schema.get_obj(ldap.schema.MatchingRuleUse,'2.5.13.0'))) + +print(str(schema.get_obj(ldap.schema.AttributeType,'name'))) +print(str(schema.get_inheritedobj(ldap.schema.AttributeType,'cn',['syntax','equality','substr','ordering']))) + +must_attr,may_attr = schema.attribute_types(['person','organizationalPerson','inetOrgPerson'],raise_keyerror=0) diff --git a/Demo/schema_tree.py b/Demo/schema_tree.py new file mode 100644 index 0000000..2b182e9 --- /dev/null +++ b/Demo/schema_tree.py @@ -0,0 +1,99 @@ +""" +Outputs the object class tree read from LDAPv3 schema +of a given server + +Usage: schema_oc_tree.py [--html] [LDAP URL] +""" + +import sys,getopt,ldap,ldap.schema + + +ldap.trace_level = 1 + +def PrintSchemaTree(schema,se_class,se_tree,se_oid,level): + """ASCII text output for console""" + se_obj = schema.get_obj(se_class,se_oid) + if se_obj!=None: + print('| '*(level-1)+'+---'*(level>0), + ', '.join(se_obj.names), + '(%s)' % se_obj.oid) + for sub_se_oid in se_tree[se_oid]: + print('| '*(level+1)) + PrintSchemaTree(schema,se_class,se_tree,sub_se_oid,level+1) + + +def HTMLSchemaTree(schema,se_class,se_tree,se_oid,level): + """HTML output for browser""" + se_obj = schema.get_obj(se_class,se_oid) + if se_obj!=None: + print(""" +
{} ({})
+
+ {} + """.format(', '.join(se_obj.names),se_obj.oid,se_obj.desc)) + if se_tree[se_oid]: + print('
') + for sub_se_oid in se_tree[se_oid]: + HTMLSchemaTree(schema,se_class,se_tree,sub_se_oid,level+1) + print('
') + print('
') + + +ldap.set_option(ldap.OPT_DEBUG_LEVEL,0) + +ldap._trace_level = 0 + +subschemasubentry_dn,schema = ldap.schema.urlfetch(sys.argv[-1],ldap.trace_level) + +if subschemasubentry_dn is None: + print('No sub schema sub entry found!') + sys.exit(1) + +try: + options,args=getopt.getopt(sys.argv[1:],'',['html']) +except getopt.error: + print('Error: %s\nUsage: schema_oc_tree.py [--html] [LDAP URL]') + +html_output = options and options[0][0]=='--html' + +oc_tree = schema.tree(ldap.schema.ObjectClass) +at_tree = schema.tree(ldap.schema.AttributeType) + +#for k,v in oc_tree.items(): +# print(k,'->',v) +#for k,v in at_tree.items(): +# print(k,'->',v) + +if html_output: + + print(""" + + Object class tree + + +

Object class tree

+
+""") + HTMLSchemaTree(schema,ldap.schema.ObjectClass,oc_tree,'2.5.6.0',0) + print("""
+

Attribute type tree

+
+""") + for a in schema.listall(ldap.schema.AttributeType): + if at_tree[a]: + HTMLSchemaTree(schema,ldap.schema.AttributeType,at_tree,a,0) + print + + print("""
+ + +""") + +else: + + print('*** Object class tree ***\n') + print + PrintSchemaTree(schema,ldap.schema.ObjectClass,oc_tree,'2.5.6.0',0) + + print('\n*** Attribute types tree ***\n') + PrintSchemaTree(schema,ldap.schema.AttributeType,at_tree,'_',0) diff --git a/Demo/simple.py b/Demo/simple.py new file mode 100644 index 0000000..c82659c --- /dev/null +++ b/Demo/simple.py @@ -0,0 +1,105 @@ +import sys,getpass +import ldap + +#l = ldap.open("localhost", 31001) +l = ldap.open("marta.it.uq.edu.au") + +login_dn = "cn=root,ou=CSEE,o=UQ,c=AU" +login_pw = getpass.getpass("Password for %s: " % login_dn) +l.simple_bind_s(login_dn, login_pw) + +# +# create a new sub organisation +# + +try: + dn = "ou=CSEE,o=UQ,c=AU" + print("Adding", repr(dn)) + l.add_s(dn, + [ + ("objectclass",["organizationalUnit"]), + ("ou", ["CSEE"]), + ("description", [ + "Department of Computer Science and Electrical Engineering"]), + ] + ) + +except _ldap.LDAPError: + pass + +# +# create an entry for me +# + +dn = "cn=David Leonard,ou=CSEE,o=UQ,c=AU" +print("Updating", repr(dn)) + +try: + l.delete_s(dn) +except: + pass + +l.add_s(dn, + [ + ("objectclass", ["organizationalPerson"]), + ("sn", ["Leonard"]), + ("cn", ["David Leonard"]), + ("description", ["Ph.D. student"]), + ("display-name", ["David Leonard"]), + #("commonname", ["David Leonard"]), + ("mail", ["david.leonard@csee.uq.edu.au"]), + ("othermailbox", ["d@openbsd.org"]), + ("givenname", ["David"]), + ("surname", ["Leonard"]), + ("seeAlso", ["http://www.csee.uq.edu.au/~leonard/"]), + ("url", ["http://www.csee.uq.edu.au/~leonard/"]), + #("homephone", []), + #("fax", []), + #("otherfacsimiletelephonenumber",[]), + #("officefax", []), + #("mobile", []), + #("otherpager", []), + #("officepager", []), + #("pager", []), + ("info", ["info"]), + ("title", ["Mr"]), + #("telephonenumber", []), + ("l", ["Brisbane"]), + ("st", ["Queensland"]), + ("c", ["AU"]), + ("co", ["co"]), + ("o", ["UQ"]), + ("ou", ["CSEE"]), + #("homepostaladdress", []), + #("postaladdress", []), + #("streetaddress", []), + #("street", []), + ("department", ["CSEE"]), + ("comment", ["comment"]), + #("postalcode", []), + ("physicaldeliveryofficename", ["Bldg 78, UQ, St Lucia"]), + ("preferredDeliveryMethod", ["email"]), + ("initials", ["DRL"]), + ("conferenceinformation", ["MS-conferenceinformation"]), + #("usercertificate", []), + ("labeleduri", ["labeleduri"]), + ("manager", ["cn=Jaga Indulska"]), + ("reports", ["reports"]), + ("jpegPhoto", [open("/www/leonard/leonard.jpg").read()]), + ("uid", ["leonard"]), + ("userPassword", [""]) + + ]) + +# +# search beneath the CSEE/UQ/AU tree +# + +res = l.search_s( + "ou=CSEE, o=UQ, c=AU", + _ldap.SCOPE_SUBTREE, + "objectclass=*", + ) +print(res) + +l.unbind() diff --git a/Demo/simplebrowse.py b/Demo/simplebrowse.py new file mode 100644 index 0000000..fd4563a --- /dev/null +++ b/Demo/simplebrowse.py @@ -0,0 +1,126 @@ +#!/usr/bin/env python + +# +# simple LDAP server browsing example +# + +import ldap +from traceback import print_exc + +url = "ldap://ldap.openldap.org/" +dn = "dc=openldap,dc=org" + +print("Connecting to", url) + +l = ldap.initialize(url) +l.bind_s("", "", ldap.AUTH_SIMPLE); + +lastdn = dn +dnlist = None + +while 1: + + #-- read a command + try: + cmd = raw_input(dn + "> ") + except EOFError: + print + break + + try: + + if cmd == "?": + print( "cd - change DN to ") + print( "cd - change DN to number of last 'ls'") + print( "cd - - change to previous DN") + print( "cd .. - change to one-level higher DN") + print( "cd - change to root DN") + print( "ls - list children of crrent DN") + print( ". - show attributes of current DN") + print( "/ - list descendents matching filter ") + print( "? - show this help") + + elif cmd == "ls": + print("Children of", `dn`, ":") + dnlist = [] + # + # List the children at one level down from the current dn + # We use the filter 'objectclass=*' to match everything. + # We're not interested in attributes at this stage, so + # we specify [] as the list of attribute names to retreive. + # + for name,attrs in l.search_s(dn, ldap.SCOPE_ONELEVEL, + "objectclass=*", []): + #-- shorten resulting dns for output brevity + if name.startswith(dn+", "): + shortname = "+ "+name[len(dn)+2:] + elif name.endswith(", "+dn): + shortname = name[:-len(dn)-2]+" +" + else: + shortname = name + print(" %3d. %s" % (len(dnlist), shortname)) + dnlist.append(name) + + elif cmd == "cd": + dn = "" + dnlist = None + + elif cmd.startswith("cd "): + arg = cmd[3:] + if arg == '-': + lastdn,dn = dn,lastdn + elif arg == '..': + dn = ldap.explode_dn(dn)[1:].join(",") + dn = dn.strip() + else: + try: + i = int(arg) + except: + godn = arg + else: + if dnlist is None: + print("do an ls first") + else: + godn = dnlist[i] + lastdn = dn + dn = godn + + elif cmd == ".": + # + # Retrieve all the attributes for the current dn. + # We construct a search using SCOPE_BASE (ie just the + # given DN) and again filter with "objectclass=*". + # No attributes are listed, so the default is for + # the client to receive all attributes on the DN. + # + print("Attributes of", `dn`, ":") + for name,attrs in l.search_s(dn, ldap.SCOPE_BASE, + "objectclass=*"): + print(" %-24s" % name) + for k,vals in attrs.items(): + for v in vals: + if len(v) > 200: + v = `v[:200]` + \ + ("... (%d bytes)" % len(v)) + else: + v = `v` + print(" %-12s: %s" % (k, v)) + + elif cmd.startswith("/"): + # + # Search descendent objects to match a given filter. + # We use SCOPE_SUBTREE to indicate descendents, and + # again specify an empty attribute list to indicate + # that we're not interested in them. + # + expr = cmd[1:] + print("Descendents matching filter", `expr`, ":") + for name,attrs in l.search_s(dn, ldap.SCOPE_SUBTREE, + expr, []): + print(" %24s", name) + + else: + print("unknown command - try '?' for help") + + except: + print_exc() diff --git a/Doc/.gitignore b/Doc/.gitignore new file mode 100644 index 0000000..5e13421 --- /dev/null +++ b/Doc/.gitignore @@ -0,0 +1,2 @@ +/_build/ +/.build/ diff --git a/Doc/Makefile b/Doc/Makefile new file mode 100644 index 0000000..9ce697a --- /dev/null +++ b/Doc/Makefile @@ -0,0 +1,68 @@ +# Makefile for Sphinx documentation +# + +# You can set these variables from the command line. +SPHINXOPTS = +SPHINXBUILD = sphinx-build +PAPER = + +# Internal variables. +PAPEROPT_a4 = -D latex_paper_size=a4 +PAPEROPT_letter = -D latex_paper_size=letter +ALLSPHINXOPTS = -d .build/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . + +.PHONY: help clean html web htmlhelp latex changes linkcheck + +help: + @echo "Please use \`make ' where is one of" + @echo " html to make standalone HTML files" + @echo " web to make files usable by Sphinx.web" + @echo " htmlhelp to make HTML files and a HTML help project" + @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" + @echo " changes to make an overview over all changed/added/deprecated items" + @echo " linkcheck to check all external links for integrity" + +clean: + -rm -rf .build/* + +html: + mkdir -p .build/html .build/doctrees + $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) .build/html + @echo + @echo "Build finished. The HTML pages are in .build/html." + +web: + mkdir -p .build/web .build/doctrees + $(SPHINXBUILD) -b web $(ALLSPHINXOPTS) .build/web + @echo + @echo "Build finished; now you can run" + @echo " python -m sphinx.web .build/web" + @echo "to start the server." + +htmlhelp: + mkdir -p .build/htmlhelp .build/doctrees + $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) .build/htmlhelp + @echo + @echo "Build finished; now you can run HTML Help Workshop with the" \ + ".hhp project file in .build/htmlhelp." + +latex: + mkdir -p .build/latex .build/doctrees + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) .build/latex + @echo + @echo "Build finished; the LaTeX files are in .build/latex." + @echo "Run \`make all-pdf' or \`make all-ps' in that directory to" \ + "run these through (pdf)latex." + +changes: + mkdir -p .build/changes .build/doctrees + $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) .build/changes + @echo + @echo "The overview file is in .build/changes." + +linkcheck: + mkdir -p .build/linkcheck .build/doctrees + $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) .build/linkcheck + @echo + @echo "Link check complete; look for any errors in the above output " \ + "or in .build/linkcheck/output.txt." diff --git a/Doc/bytes_mode.rst b/Doc/bytes_mode.rst new file mode 100644 index 0000000..3a984bf --- /dev/null +++ b/Doc/bytes_mode.rst @@ -0,0 +1,41 @@ +.. _text-bytes: +.. _bytes_mode: + +Bytes/text management +===================== + +The LDAP protocol states that some fields (distinguished names, relative +distinguished names, attribute names, queries) be encoded in UTF-8. +In python-ldap, these are represented as text (``str`` on Python 3). + +Attribute *values*, on the other hand, **MAY** +contain any type of data, including text. +To know what type of data is represented, python-ldap would need access to the +schema, which is not always available (nor always correct). +Thus, attribute values are *always* treated as ``bytes``. +Encoding/decoding to other formats – text, images, etc. – is left to the caller. + + +Historical note +--------------- + +Python 3 introduced a hard distinction between *text* (``str``) – sequences of +characters (formally, *Unicode codepoints*) – and ``bytes`` – sequences of +8-bit values used to encode *any* kind of data for storage or transmission. + +Python 2 had the same distinction between ``str`` (bytes) and +``unicode`` (text). +However, values could be implicitly converted between these types as needed, +e.g. when comparing or writing to disk or the network. +The implicit encoding and decoding can be a source of subtle bugs when not +designed and tested adequately. + +In python-ldap 2.x (for Python 2), bytes were used for all fields, +including those guaranteed to be text. + +From version 3.0 to 3.3, python-ldap uses text where appropriate. +On Python 2, special ``bytes_mode`` and ``bytes_strictness`` settings +influenced how text was handled. + +From version 3.3 on, only Python 3 is supported. The “bytes mode” settings +are deprecated and do nothing. diff --git a/Doc/conf.py b/Doc/conf.py new file mode 100644 index 0000000..b883736 --- /dev/null +++ b/Doc/conf.py @@ -0,0 +1,156 @@ +# +# python-ldap documentation build configuration file, created by +# sphinx-quickstart on Sat Mar 29 15:08:17 2008. +# +# This file is execfile()d with the current directory set to its containing dir. +# +# The contents of this file are pickled, so don't put values in the namespace +# that aren't pickleable (module imports are okay, they're removed automatically). +# +# All configuration values have a default value; values that are commented out +# serve to show the default value. + +import datetime +import sys +import os + +# If your extensions are in another directory, add it here. +_doc_dir = os.path.dirname(__file__) +sys.path.append(_doc_dir) +sys.path.insert(0, os.path.join(_doc_dir, '../Lib/')) +sys.path.insert(0, os.path.join(_doc_dir, '../Lib/ldap')) + +# Import fake `_ldap` module +import fake_ldap_module_for_documentation + +# Now ldap can be used normally +from ldap import __version__ + +# General configuration +# --------------------- + +# Add any Sphinx extension module names here, as strings. They can be extensions +# coming with Sphinx (named 'sphinx.ext.*') or your custom ones. +extensions = [ + 'sphinx.ext.autodoc', + 'sphinx.ext.intersphinx', + 'sphinx.ext.napoleon', +] + +try: + import sphinxcontrib.spelling +except ImportError: + pass +else: + extensions.append('sphinxcontrib.spelling') + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['.templates'] + +# The suffix of source filenames. +source_suffix = '.rst' + +# The master toctree document. +master_doc = 'index' + +# General substitutions. +project = 'python-ldap' +copyright = 'python-ldap project team' + +# The default replacements for |version| and |release|, also used in various +# other places throughout the built documents. +# +# The short X.Y version. +version = '.'.join(__version__.split('.')[:2]) +# The full version, including alpha/beta/rc tags. +release = __version__ + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +#today = '' +# Else, today_fmt is used as the format for a strftime call. +today_fmt = '%B %d, %Y' + +# List of documents that shouldn't be included in the build. +#unused_docs = [] + +# If true, '()' will be appended to :func: etc. cross-reference text. +#add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +#add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +#show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + + +# Options for HTML output +# ----------------------- + +# The style sheet to use for HTML and HTML Help pages. A file of that name +# must exist either in Sphinx' static/ path, or in one of the custom paths +# given in html_static_path. +#html_style = 'pyramid.css' + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +#html_static_path = ['/usr/lib/python2.7/site-packages/sphinx/themes/pyramid/static'] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +html_last_updated_fmt = '%b %d, %Y' + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +#html_use_smartypants = True + +# Content template for the index page. +#html_index = '' + +# Custom sidebar templates, maps document names to template names. +#html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +#html_additional_pages = {} + +# If false, no module index is generated. +html_use_modindex = True + +# If true, the reST sources are included in the HTML build as _sources/. +#html_copy_source = True + +# Output file base name for HTML help builder. +htmlhelp_basename = 'python-ldap-doc' + + +# Options for LaTeX output +# ------------------------ + +# The paper size ('letter' or 'a4'). +#latex_paper_size = 'letter' + +# The font size ('10pt', '11pt' or '12pt'). +#latex_font_size = '10pt' + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, author, document class [howto/manual]). +latex_documents = [('index', 'python-ldap.tex', 'python-ldap Documentation', + 'python-ldap project', 'manual')] + +# Additional stuff for the LaTeX preamble. +#latex_preamble = '' + +# Documents to append as an appendix to all manuals. +#latex_appendices = [] + +# If false, no module index is generated. +latex_use_modindex = True + +intersphinx_mapping = {'python': ('https://docs.python.org/3', None)} diff --git a/Doc/contributing.rst b/Doc/contributing.rst new file mode 100644 index 0000000..1fc1365 --- /dev/null +++ b/Doc/contributing.rst @@ -0,0 +1,233 @@ +.. highlight:: console + +Contributing to python-ldap +*************************** + +Thank you for your interest in python-ldap! +If you'd like to contribute (be it code, documentation, maintenance effort, +or anything else), this guide is for you. + + +.. toctree:: + :hidden: + + sample_workflow.rst + + +Communication +============= + +Always keep in mind that python-ldap is developed and maintained by volunteers. +We're happy to share our work, and to work with you to make the library better, +but (until you pay someone), there's obligation to provide assistance. + +So, keep it friendly, respectful, and supportive! + + +Mailing list +------------ + +Discussion about the use and future of python-ldap occurs in +the ``python-ldap@python.org`` mailing list. + +It's also the channel to use if documentation (including this guide) is not +clear to you. +Do try searching around before you ask on the list, though! + +You can `subscribe or unsubscribe`_ to this list or browse the `list archive`_. + +.. _subscribe or unsubscribe: https://mail.python.org/mailman/listinfo/python-ldap +.. _list archive: https://mail.python.org/pipermail/python-ldap/ + + +Issues +------ + +Please report bugs, missing features and other issues to `the bug tracker`_ +at GitHub. You will need a GitHub account for that. + +If you prefer not to open a GitHub account, you're always welcome to use the +mailing list. + + +Security Contact +---------------- + +If you found a security issue that should not be discussed publicly, +please e-mail the maintainer at ``pviktori@redhat.com``. +If required, write to coordinate a more secure channel. + +All other communication should be public. + + +Contributing code +================= + +If you're used to open-source Python development with Git, here's the gist: + +* ``git clone https://github.com/python-ldap/python-ldap`` +* Use GitHub for `the bug tracker`_ and pull requests. +* Run tests with `tox`_; ignore Python interpreters you don't have locally. + +.. _the bug tracker: https://github.com/python-ldap/python-ldap/issues +.. _tox: https://tox.readthedocs.io/en/latest/ + +Or, if you prefer to avoid closed-source services: + +* ``git clone https://pagure.io/python-ldap`` +* Send bug reports and patches to the mailing list. +* Run tests with `tox`_; ignore Python interpreters you don't have locally. +* Read the documentation directly at `Read the Docs`_. + +.. _Read the Docs: https://python-ldap.readthedocs.io/ + +If you're new to some aspect of the project, you're welcome to use (or adapt) +our :ref:`sample workflow `. + + +.. _additional tests: + +Additional tests and scripts +============================ + +We use several specialized tools for debugging and maintenance. + +Make targets +------------ + +Make targets currently use the ``python3`` executable. +Specify a different one using, for example:: + + make PYTHON=/usr/local/bin/python + +Notable targets are: + +``make autoformat`` + Automatically re-formats C and Python code to conform to Python style + guides (`PEP 7`_ and `PEP 8`_). + Note that no backups are made – please commit any other changes before + using this target. + + Requires the ``indent`` program and the ``black`` Python module. + +.. _PEP 7: https://www.python.org/dev/peps/pep-0007/ +.. _PEP 8: https://www.python.org/dev/peps/pep-0008/ + +``make lcov lcov-open`` + Generate and view test coverage for C code. + Requires LCOV_. + +``make scan-build`` + Run static analysis. Requires ``clang``. + +``make valgrind`` + Run Valgrind_ to check for memory leaks. Requires ``valgrind`` and + a Python suppression file, which you can specify as ``PYTHON_SUPP``, e.g.:: + + make valgrind PYTHON_SUPP=/your/path/to/valgrind-python.supp + + The suppression file is ``Misc/valgrind-python.supp`` in the Python + source distribution, and it's frequently packaged together with + Python development headers. + +.. _LCOV: https://github.com/linux-test-project/lcov +.. _Valgrind: http://valgrind.org/ + + +Reference leak tests +-------------------- + +Reference leak tests require a *pydebug* build of CPython and `pytest`_ with +`pytest-leaks`_ plugin. A *pydebug* build has a global reference counter, which +keeps track of all reference increments and decrements. The leak plugin runs +each test multiple times and checks if the reference count increases. + +.. _pytest: https://docs.pytest.org/en/latest/ +.. _pytest-leaks: https://pypi.org/project/pytest-leaks/ + +Download and compile the *pydebug* build:: + + $ curl -O https://www.python.org/ftp/python/3.6.3/Python-3.6.3.tar.xz + $ tar xJf Python-3.6.3.tar.xz + $ cd Python-3.6.3 + $ ./configure --with-pydebug + $ make + +Create a virtual environment with the *pydebug* build:: + + $ ./python -m venv /tmp/refleak + $ /tmp/refleak/bin/pip install pytest pytest-leaks + +Run reference leak tests:: + + $ cd path/to/python-ldap + $ /tmp/refleak/bin/pip install --upgrade . + $ /tmp/refleak/bin/pytest -v -R: + +Run ``/tmp/refleak/bin/pip install --upgrade .`` every time a file outside +of ``Tests/`` is modified. + + +.. _committer instructions: + +Instructions for core committers +================================ + +If you have the authority (and responsibility) of merging changes from others, +remember: + +* All code changes need to be reviewed by someone other than the author. + +* Tests must always pass. New features without tests shall *not* pass review. + +* Make sure commit messages don't use GitHub-specific link syntax. + Use the full URL, e.g. ``https://github.com/python-ldap/python-ldap/issues/50`` + instead of ``#20``. + + * Exception: it's fine to use the short form in the summary line of a merge + commit, if the full URL appears later. + * It's OK to use shortcuts in GitHub *discussions*, where they are not + hashed into immutable history. + +* Make a merge commit if the contribution contains several well-isolated + separate commits with good descriptions. Use *squash-and-merge* (or + *fast-forward* from a command line) for all other cases. + +* It's OK to push small changes into a pull request. If you do this, document + what you have done (so the contributor can learn for the future), and get + their :abbr:`ACK (confirmation)` before merging. + +* When squashing, do edit commit messages to add references to the pull request + and relevant discussions/issues, and to conform to Git best practices. + + * Consider making the summary line suitable for the CHANGES document, + and starting it with a prefix like ``Lib:`` or ``Tests:``. + +* Push to Pagure as well. + +If you have good reason to break the “rules”, go ahead and break them, +but mention why. + + +Instructions for release managers +================================= + +If you are tasked with releasing python-ldap, remember to: + +* Bump all instances of the version number. +* Go through all changes since last version, and add them to ``CHANGES``. +* Run :ref:`additional tests` as appropriate, fix any regressions. +* Change the release date in ``CHANGES``. +* Merge all that (using pull requests). +* Run ``python setup.py sdist``, and smoke-test the resulting package + (install in a clean virtual environment, import ``ldap``). +* Create GPG-signed Git tag: ``git tag -s python-ldap-{version}``. + Push it to GitHub and Pagure. +* Release the ``sdist`` on PyPI. +* Announce the release on the mailing list. + Mention the Git hash. +* Add the release's log from ``CHANGES`` on the `GitHub release page`_. +* Check that python-ldap.org shows the latest version; if not, adjust + things at readthedocs.org + +.. _GitHub release page: https://github.com/python-ldap/python-ldap/releases diff --git a/Doc/fake_ldap_module_for_documentation.py b/Doc/fake_ldap_module_for_documentation.py new file mode 100644 index 0000000..3080781 --- /dev/null +++ b/Doc/fake_ldap_module_for_documentation.py @@ -0,0 +1,30 @@ +""" +A module that mocks `_ldap` for the purposes of generating documentation + +This module provides placeholders for the contents of `_ldap`, making it +possible to generate documentation even _ldap is not compiled. +It should also make the documentation independent of which features are +available in the system OpenLDAP library. + +The overly long module name will show up in AttributeError messages, +hinting that this is not the actual _ldap. + +See https://www.python-ldap.org/ for details. +""" + +import sys + +# Cause `import _ldap` to import this module instead of the actual `_ldap`. +sys.modules['_ldap'] = sys.modules[__name__] + +from constants import CONSTANTS +from pkginfo import __version__ + +for constant in CONSTANTS: + globals()[constant.name] = constant + +def get_option(num): + pass + +class LDAPError: + pass diff --git a/Doc/faq.rst b/Doc/faq.rst new file mode 100644 index 0000000..2152873 --- /dev/null +++ b/Doc/faq.rst @@ -0,0 +1,185 @@ +python-ldap FAQ +=============== + +Project +------- + +**Q**: Is python-ldap yet another abandon-ware project? + + **A1**: “Jump on in.” + + **A2**: “Jump into the C ;-)” + + **A3**: see file CHANGES in source distribution + or `repository`_. + +.. _repository: https://github.com/python-ldap/python-ldap/blob/master/CHANGES + + +Usage +----- + +**Q**: Does it work with Python 3? + + **A0**: Yes, from 3.0 on. + + **A1**. For earlier versions, there's `pyldap`_, an independent fork + now merged into python-ldap. + +.. _pyldap: https://pypi.org/project/pyldap/ + + +**Q**: Does it work with Python 2.7? (1.5|2.0|2.1|2.2|2.3|2.4|2.5|2.6|2.7)? + + **A**: No. Old versions of python-ldap are still available from PyPI, though. + + +**Q**: My code imports module ``_ldap``. +That used to work, but after an upgrade it does not work anymore. Why? + + **A**: Despite some outdated programming examples, the extension module + ``_ldap`` **MUST NOT** be imported directly, unless you really know what + you're doing (e.g. for internal regression testing). + + Import ``ldap`` instead, which is a Python wrapper around ``_ldap`` + providing the full functionality. + +**Q**: My script bound to MS Active Directory but a a search operation results +in the exception :exc:`ldap.OPERATIONS_ERROR` with the diagnostic message text +*“In order to perform this operation a successful bind must be completed on the +connection.”* Alternatively, a Samba 4 AD returns the diagnostic message +*"Operation unavailable without authentication"*. What's happening here? + + **A**: When searching from the domain level, MS AD returns referrals (search continuations) + for some objects to indicate to the client where to look for these objects. + Client-chasing of referrals is a broken concept, since LDAPv3 does not specify + which credentials to use when chasing the referral. Windows clients are supposed + to simply use their Windows credentials, but this does not work in general when + chasing referrals received from and pointing to arbitrary LDAP servers. + + Therefore, per default, ``libldap`` automatically chases the referrals + internally with an *anonymous* access which fails with MS AD. + + So, the best thing to do is to switch this behaviour off:: + + l = ldap.initialize('ldap://foobar') + l.set_option(ldap.OPT_REFERRALS,0) + +**Q**: Why am I seeing a ``ldap.SUCCESS`` traceback as output? + + **A**: Most likely, you are using one of the non-synchronous calls, and probably + mean to be using a synchronous call + (see detailed explanation in :ref:`sending-ldap-requests`). + +**Q**: Can I use LDAPv2 via python-ldap? + + **A**: Yes, by explicitly setting the class attribute + :attr:`~ldap.LDAPObject.protocol_version`. + + You should not do that nowadays since + `LDAPv2 is considered historic `_ + since many years. + + + +Installing +---------- + +**Q**: Does it work with Windows 32? + + **A**: Yes. You can find links to unofficial pre-compiled packages + for Windows on the :ref:`installing` page. + + +**Q**: Can python-ldap be built against OpenLDAP 2.3 libs or older? + + **A**: No. + The needed minimal version of OpenLDAP is documented in :ref:`build prerequisites`. + Patched builds of python-ldap linked to older libs are not supported by the + python-ldap project. + + +**Q**: During build there are warning messages displayed +telling Lib/ldap.py and Lib/ldap/schema.py are not found:: + + warning: build_py: file Lib/ldap.py (for module ldap) not found + warning: build_py: file Lib/ldap/schema.py (for module ldap.schema) not found + +.. + + **A**: ``ldap`` and ``ldap.schema`` are both module packages + (directories containing various sub-modules). + The messages above are falsely produced by DistUtils. + Don't worry about it. + +.. _install-macosx: + +**Q**: What's the correct way to install on macOS? + + **A**:: + + xcode-select --install + pip install python-ldap \ + --global-option=build_ext \ + --global-option="-I$(xcrun --show-sdk-path)/usr/include/sasl" + + +**Q**: While importing module ``ldap``, some shared lib files are not found. +The error message looks similar to this:: + + ImportError: ld.so.1: /usr/local/bin/python: fatal: liblber.so.2: open failed: No such file or directory + +.. + + **A1**: You need to make sure that the path to ``liblber.so.2`` and + ``libldap.so.2`` is in your ``LD_LIBRARY_PATH`` environment variable. + + **A2**: Alternatively, if you're on Linux, you can add the path to + ``liblber.so.2`` and ``libldap.so.2`` to ``/etc/ld.so.conf`` + and invoke the command ``ldconfig`` afterwards. + + + +Historic +-------- + +**Q**: Can python-ldap 2.x be built against Netscape, Mozilla or Novell libs? + + **A**: Nope. + + +**Q**: My binary version of python-ldap was build with LDAP libs 3.3. +But the python-ldap docs say LDAP libs 2.x are needed. I'm confused! + + Short answer: + See answer above and the :ref:`installing` page for + a more recent version. + + Long answer: + E.g. some Win32 DLLs floating around for download are based on + the old Umich LDAP code which is not maintained anymore for + *many* years! Last Umich 3.3 release was 1997 if I remember correctly. + + The OpenLDAP project took over the Umich code and started releasing + OpenLDAP 1.x series mainly fixing bugs and doing some improvements + to the database backend. Still, only LDAPv2 was supported at server + and client side. (Many commercial vendors also derived their products + from the Umich code.) + + OpenLDAP 2.x is a full-fledged LDAPv3 implementation. It has + its roots in Umich code but has many more features/improvements. + + +**Q**: While importing module ``ldap``, there are undefined references reported. +The error message looks similar to this:: + + ImportError: /usr/local/lib/libldap.so.2: undefined symbol: res_query + +.. + + **A**: Especially on older Linux systems, you might have to explicitly link + against ``libresolv``. + + Tweak ``setup.cfg`` to contain this line:: + + libs = lber ldap resolv diff --git a/Doc/index.rst b/Doc/index.rst new file mode 100644 index 0000000..fcf9005 --- /dev/null +++ b/Doc/index.rst @@ -0,0 +1,83 @@ +python-ldap +=========== + + +What is python-ldap? +-------------------- + +python-ldap provides an object-oriented API to access `LDAP`_ +directory servers from `Python`_ programs. + +For LDAP operations the module wraps `OpenLDAP`_'s +client library, *libldap*. + +Additionally, the package contains modules for other LDAP-related stuff: + + * `LDIF`_ parsing and generation + * LDAP URLs + * LDAPv3 subschema + +.. _LDAP: https://en.wikipedia.org/wiki/Ldap +.. _Python: https://www.python.org/ +.. _OpenLDAP: https://www.openldap.org/ +.. _LDIF: https://en.wikipedia.org/wiki/LDIF + + +Get it! +------- + +:ref:`Installation instructions ` are available for +several platforms. + +Source code can be obtained using Git:: + + git clone https://github.com/python-ldap/python-ldap + + +Mailing list +------------ + +Discussion about the use and future of python-ldap occurs in +the ``python-ldap@python.org`` mailing list. + +You can `subscribe or unsubscribe`_ to this list or browse the `list archive`_. + +.. _subscribe or unsubscribe: https://mail.python.org/mailman/listinfo/python-ldap +.. _list archive: https://mail.python.org/pipermail/python-ldap/ + + +Documentation +------------- + +The documentation for python-ldap 3.x is hosted at `Read the Docs`_. + +You can switch between versions of the library, or download PDF or HTML +versions for offline use, using the sidebar on the right. + +Documentation for some older versions is available for download at the +`GitHub release page`_. + +.. _Read the Docs: https://python-ldap.readthedocs.io/en/latest/ +.. _GitHub release page: https://github.com/python-ldap/python-ldap/releases + + +Contents +-------- + +.. toctree:: + :maxdepth: 2 + + installing.rst + bytes_mode.rst + reference/index.rst + resources.rst + contributing.rst + faq.rst + + +Indices and tables +------------------ + +* :ref:`genindex` +* :ref:`modindex` +* :ref:`search` diff --git a/Doc/installing.rst b/Doc/installing.rst new file mode 100644 index 0000000..5677822 --- /dev/null +++ b/Doc/installing.rst @@ -0,0 +1,249 @@ +.. highlight:: console + +.. _installing: + +Installing python-ldap +###################### + + +Installing from PyPI +==================== + +The preferred point for downloading the “official” source distribution +is the `PyPI repository`_ which supports installing via `pip`_. +For example:: + + $ python -m pip install python-ldap + +.. _PyPI repository: https://pypi.org/project/python-ldap/ +.. _pip: https://pip.pypa.io/en/stable/ + +For installing from PyPI, you will need the same :ref:`build prerequisites` +as when installing from source. + +We do not currently provide pre-built packages (wheels). + + +Furthermore, python-ldap requires the modules `pyasn1`_ and `pyasn1-modules`_. +``pip`` will install these automatically. + +.. _pyasn1: https://pypi.org/project/pyasn1/ +.. _pyasn1-modules: https://pypi.org/project/pyasn1-modules/ + + +Pre-built Binaries +================== + +Because distributions seem to be all over the place, this page +tries to list all the current ones we know of. + +Note that the python-ldap team is not responsible for the binary packages +except the sources you can grab from the PyPI page. Also note that binary +packages are most times not up to date. If you experience troubles +with a binary package, it would be nice if you try to build a recent version +of python-ldap before submitting a bug report to make sure you did not +hit a problem already fixed in recent releases. + +`openSUSE Linux `_ +--------------------------------------------- + +Ships with python-ldap and there's an additional +`download repository `_ +which contains builds of latest releases +(see also `OBS package `_). + +`Debian Linux `_ +---------------------------------------- + +Have a look into the +`Debian Package Tracker `_ +to get up to date information which versions are available. + + +Windows +------- + +Unofficial packages for Windows are available on +`Christoph Gohlke's page `_. + + +`FreeBSD `_ +------------------------------------- + +The CVS repository of FreeBSD contains the package +`py-ldap `_ + +macOS +----- + +You can install directly with pip:: + + $ xcode-select --install + $ pip install python-ldap \ + --global-option=build_ext \ + --global-option="-I$(xcrun --show-sdk-path)/usr/include/sasl" + + +.. _install-source: + +Installing from Source +====================== + + +python-ldap is built and installed using the Python setuptools. +From a source repository:: + + $ python -m pip install setuptools + $ python setup.py install + +If you have more than one Python interpreter installed locally, you should +use the same one you plan to use python-ldap with. + +Further instructions can be found in :ref:`Setuptools documentation +`. + + +.. _build prerequisites: + +Build prerequisites +=================== + +The following software packages are required to be installed +on the local system when building python-ldap: + +- `Python`_ version 2.7, or 3.4 or later including its development files +- C compiler corresponding to your Python version (on Linux, it is usually ``gcc``) +- `OpenLDAP`_ client libs version 2.4.11 or later; + it is not possible and not supported to build with prior versions. +- `OpenSSL`_ (optional) +- `Cyrus SASL`_ (optional) +- Kerberos libraries, MIT or Heimdal (optional) + +.. _Python: https://www.python.org/ +.. _OpenLDAP: https://www.openldap.org/ +.. _OpenSSL: https://www.openssl.org/ +.. _Cyrus SASL: https://www.cyrusimap.org/sasl/ + + +Alpine +------ + +Packages for building:: + + # apk add build-base openldap-dev python2-dev python3-dev + +CentOS +------ + +Packages for building:: + + # yum groupinstall "Development tools" + # yum install openldap-devel python-devel + +Debian +------ + +Packages for building and testing:: + + # apt-get install build-essential python3-dev python2.7-dev \ + libldap2-dev libsasl2-dev slapd ldap-utils tox \ + lcov valgrind + +.. note:: + + On older releases ``tox`` was called ``python-tox``. + +Fedora +------ + +Packages for building and testing:: + + # dnf install "@C Development Tools and Libraries" openldap-devel \ + python2-devel python3-devel python3-tox \ + lcov clang-analyzer valgrind + +.. note:: + + ``openldap-2.4.45-2`` (Fedora 26), ``openldap-2.4.45-4`` (Fedora 27) or + newer are required. + + +``setup.cfg`` +============= + +The file ``setup.cfg`` allows to set some build and installation parameters for +reflecting the local installation of required software packages. Only section +``[_ldap]`` is described here. More information about other sections can be +found in :ref:`Setuptools documentation `. + +.. data:: library_dirs + + Specifies in which directories to search for required libraries. + +.. data:: include_dirs + + Specifies in which directories to search for include files of required libraries. + +.. data:: libs + + A space-separated list of library names to link to (see :ref:`libs-used-label`). + +.. data:: extra_compile_args + + Compiler options. + +.. data:: extra_objects + + + +.. _libs-used-label: + +Libraries used +--------------- + +.. data:: ldap + :noindex: +.. data:: ldap_r + :noindex: + + The LDAP protocol library of OpenLDAP. ``ldap_r`` is the reentrant version + and should be preferred. + +.. data:: lber + :noindex: + + The BER encoder/decoder library of OpenLDAP. + +.. data:: sasl2 + :noindex: + + The Cyrus-SASL library (optional) + +.. data:: ssl + :noindex: + + The SSL/TLS library of OpenSSL (optional) + +.. data:: crypto + :noindex: + + The basic cryptographic library of OpenSSL (optional) + +Example +------- + +The following example is for a full-featured build (including SSL and SASL support) +of python-ldap with OpenLDAP installed in a different prefix directory +(here ``/opt/openldap-2.4``) and SASL header files found in /usr/include/sasl. +Debugging symbols are preserved with compile option ``-g``. + +:: + + [_ldap] + library_dirs = /opt/openldap-2.4/lib + include_dirs = /opt/openldap-2.4/include /usr/include/sasl + + extra_compile_args = -g + extra_objects = + + libs = ldap_r lber sasl2 ssl crypto diff --git a/Doc/reference/index.rst b/Doc/reference/index.rst new file mode 100644 index 0000000..fa45b84 --- /dev/null +++ b/Doc/reference/index.rst @@ -0,0 +1,26 @@ +python-ldap Reference Documentation +=================================== + +This document describes the package python-ldap with its various modules. + +Depending on what you want to do this manual assumes basic to expert +knowledge about the Python language and the LDAP standard (LDAPv3). + + +.. toctree:: + :maxdepth: 3 + + ldap.rst + ldap-async.rst + ldap-controls.rst + ldap-dn.rst + ldap-extop.rst + ldap-filter.rst + ldap-modlist.rst + ldap-resiter.rst + ldap-schema.rst + ldap-syncrepl.rst + ldap-sasl.rst + ldif.rst + ldapurl.rst + slapdtest.rst diff --git a/Doc/reference/ldap-async.rst b/Doc/reference/ldap-async.rst new file mode 100644 index 0000000..d7a1840 --- /dev/null +++ b/Doc/reference/ldap-async.rst @@ -0,0 +1,114 @@ +******************************************************************** +:py:mod:`ldap.asyncsearch` Stream-processing of large search results +******************************************************************** + +.. py:module:: ldap.asyncsearch + :synopsis: Framework for stream-processing of large search results. + +With newer Python versions one might want to consider using +:py:mod:`ldap.resiter` instead. + + +.. versionchanged:: 3.0 + In Python 3.7 ``async`` is a reserved keyword. The module + :py:mod:`ldap.async` has been renamed to :py:mod:`ldap.asyncsearch`. The + old name :py:mod:`ldap.async` is still available for backwards + compatibility. + +.. deprecated:: 3.0 + The old name :py:mod:`ldap.async` is deprecated, but will not be removed + until Python 3.6 reaches end-of-life. + + +Classes +======= + +.. autoclass:: ldap.asyncsearch.AsyncSearchHandler + :members: + +.. autoclass:: ldap.asyncsearch.List + :members: + +.. autoclass:: ldap.asyncsearch.Dict + :members: + +.. autoclass:: ldap.asyncsearch.IndexedDict + :members: + +.. autoclass:: ldap.asyncsearch.LDIFWriter + :members: + +.. _ldap.asyncsearch-example: + +Examples +======== + +.. _ldap.asyncsearch-example.List: + +Using ldap.asyncsearch.List +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This example demonstrates how to use class ldap.asyncsearch.List for +retrieving partial search results even though the exception +:exc:`ldap.SIZELIMIT_EXCEEDED` was raised because a server side limit was hit. :: + + import sys,ldap,ldap.asyncsearch + + s = ldap.asyncsearch.List( + ldap.initialize('ldap://localhost'), + ) + + s.startSearch( + 'dc=stroeder,dc=com', + ldap.SCOPE_SUBTREE, + '(objectClass=*)', + ) + + try: + partial = s.processResults() + except ldap.SIZELIMIT_EXCEEDED: + sys.stderr.write('Warning: Server-side size limit exceeded.\n') + else: + if partial: + sys.stderr.write('Warning: Only partial results received.\n') + + sys.stdout.write( + '%d results received.\n' % ( + len(s.allResults) + ) + ) + +.. _ldap.asyncsearch-example.LDIFWriter: + +Using ldap.asyncsearch.LDIFWriter +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This example demonstrates how to use class ldap.asyncsearch.LDIFWriter +for writing search results as LDIF to stdout. :: + + import sys,ldap,ldap.asyncsearch + + s = ldap.asyncsearch.LDIFWriter( + ldap.initialize('ldap://localhost:1390'), + sys.stdout + ) + + s.startSearch( + 'dc=stroeder,dc=com', + ldap.SCOPE_SUBTREE, + '(objectClass=*)', + ) + + try: + partial = s.processResults() + except ldap.SIZELIMIT_EXCEEDED: + sys.stderr.write('Warning: Server-side size limit exceeded.\n') + else: + if partial: + sys.stderr.write('Warning: Only partial results received.\n') + + sys.stderr.write( + '%d results received.\n' % ( + s.endResultBreak-s.beginResultsDropped + ) + ) diff --git a/Doc/reference/ldap-controls.rst b/Doc/reference/ldap-controls.rst new file mode 100644 index 0000000..37d7c1b --- /dev/null +++ b/Doc/reference/ldap-controls.rst @@ -0,0 +1,224 @@ +********************************************************************* +:py:mod:`ldap.controls` High-level access to LDAPv3 extended controls +********************************************************************* + +.. py:module:: ldap.controls + :synopsis: High-level access to LDAPv3 extended controls. +.. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) + + +Variables +========= + +.. py:data:: KNOWN_RESPONSE_CONTROLS + + Dictionary mapping the OIDs of known response controls to the accompanying + :py:class:`ResponseControl` classes. This is used + by :py:func:`DecodeControlTuples` to automatically decode control values. + Calling application can also register their custom :py:class:`ResponseControl` + classes in this dictionary possibly overriding pre-registered classes. + + +Classes +======= + +This module defines the following classes: + + +.. autoclass:: ldap.controls.RequestControl + :members: + +.. autoclass:: ldap.controls.ResponseControl + :members: + +.. autoclass:: ldap.controls.LDAPControl + :members: + + +Functions +========= + +This module defines the following functions: + + +.. autofunction:: ldap.controls.RequestControlTuples + +.. autofunction:: ldap.controls.DecodeControlTuples + + +Sub-modules +=========== + +Various sub-modules implement specific LDAPv3 extended controls. The classes +therein are derived from the base-classes :py:class:`ldap.controls.RequestControl`, +:py:class:`ldap.controls.ResponseControl` or :py:class:`ldap.controls.LDAPControl`. + +Some of them require :py:mod:`pyasn1` and :py:mod:`pyasn1_modules` to be installed: + +Usually the names of the method arguments and the class attributes match +the ASN.1 identifiers used in the specification. So looking at the referenced +RFC or Internet-Draft is very helpful to understand the API. + + +:py:mod:`ldap.controls.simple` Very simple controls +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. py:module:: ldap.controls.simple + :synopsis: simple request and response controls implemented in pure Python + + +.. autoclass:: ldap.controls.simple.ValueLessRequestControl + :members: + +.. autoclass:: ldap.controls.simple.OctetStringInteger + :members: + +.. autoclass:: ldap.controls.simple.BooleanControl + :members: + +.. autoclass:: ldap.controls.simple.ManageDSAITControl + :members: + + .. seealso:: + + :rfc:`3296` - Named Subordinate References in Lightweight Directory Access Protocol (LDAP) Directories + +.. autoclass:: ldap.controls.simple.RelaxRulesControl + :members: + + .. seealso:: + + `draft-zeilenga-ldap-relax `_ + +.. autoclass:: ldap.controls.simple.ProxyAuthzControl + :members: + + .. seealso:: + + :rfc:`4370` - Lightweight Directory Access Protocol (LDAP): Proxied Authorization Control + +.. autoclass:: ldap.controls.simple.AuthorizationIdentityRequestControl + :members: + + .. seealso:: + + :rfc:`3829` - Lightweight Directory Access Protocol (LDAP): Authorization Identity Request and Response Controls + +.. autoclass:: ldap.controls.simple.AuthorizationIdentityResponseControl + :members: + + .. seealso:: + + :rfc:`3829` - Lightweight Directory Access Protocol (LDAP): Authorization Identity Request and Response Controls + +.. autoclass:: ldap.controls.simple.GetEffectiveRightsControl + :members: + + + +:py:mod:`ldap.controls.libldap` Various controls implemented in OpenLDAP libs +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + +.. py:module:: ldap.controls.libldap + :synopsis: request and response controls implemented by OpenLDAP libs + +This module wraps C functions in OpenLDAP client libs which implement various +request and response controls into Python classes. + + +.. autoclass:: ldap.controls.libldap.AssertionControl + :members: + + .. seealso:: + + :rfc:`4528` - Lightweight Directory Access Protocol (LDAP) Assertion Control + + +.. autoclass:: ldap.controls.libldap.MatchedValuesControl + :members: + + .. seealso:: + + :rfc:`3876` - Returning Matched Values with the Lightweight Directory Access Protocol version 3 (LDAPv3) + + +.. autoclass:: ldap.controls.libldap.SimplePagedResultsControl + :members: + + .. seealso:: + + :rfc:`2696` - LDAP Control Extension for Simple Paged Results Manipulation + + +:py:mod:`ldap.controls.psearch` LDAP Persistent Search +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. py:module:: ldap.controls.psearch + :synopsis: request and response controls for LDAP persistent search + +This module implements request and response controls for LDAP persistent +search. + +.. seealso:: + + `draft-ietf-ldapext-psearch `_ + + +.. autoclass:: ldap.controls.psearch.PersistentSearchControl + :members: + +.. autoclass:: ldap.controls.psearch.EntryChangeNotificationControl + :members: + + +:py:mod:`ldap.controls.sessiontrack` Session tracking control +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. py:module:: ldap.controls.sessiontrack + :synopsis: request control for session tracking + +.. seealso:: + + `draft-wahl-ldap-session `_ + + +.. autoclass:: ldap.controls.sessiontrack.SessionTrackingControl + :members: + + +:py:mod:`ldap.controls.readentry` Read entry control +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. py:module:: ldap.controls.readentry + :synopsis: read entryrequest and response controls + +.. seealso:: + + :rfc:`4527` - Lightweight Directory Access Protocol (LDAP): Read Entry Controls + +.. versionchanged:: 4.0 + The attribute values of the entry now consists of `bytes` instead of ISO8859-1 decoded `str`. + + +.. autoclass:: ldap.controls.readentry.ReadEntryControl + :members: + +.. autoclass:: ldap.controls.readentry.PreReadControl + :members: + +.. autoclass:: ldap.controls.readentry.PostReadControl + :members: + + +:py:mod:`ldap.controls.ppolicy` Password Policy Control +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. seealso:: + `draft-behera-ldap-password-policy `_ + +.. py:module:: ldap.controls.ppolicy + :synopsis: passworld policies + +.. autoclass:: ldap.controls.ppolicy.PasswordPolicyControl + :members: diff --git a/Doc/reference/ldap-dn.rst b/Doc/reference/ldap-dn.rst new file mode 100644 index 0000000..3e0bbb5 --- /dev/null +++ b/Doc/reference/ldap-dn.rst @@ -0,0 +1,109 @@ +:py:mod:`ldap.dn` LDAP Distinguished Name handling +==================================================== + +.. py:module:: ldap.dn + :synopsis: LDAP Distinguished Name handling. +.. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) + + +.. % Author of the module code; + + +.. seealso:: + + For LDAPv3 DN syntax see: + + :rfc:`4514` - Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names + +.. seealso:: + + For deprecated LDAPv2 DN syntax (obsoleted by LDAPv3) see: + + :rfc:`1779` - A String Representation of Distinguished Names + +The :mod:`ldap.dn` module defines the following functions: + + +.. function:: escape_dn_chars(s) -> string + + This function escapes characters in string *s* which are special in LDAP + distinguished names. You should use this function when building LDAP DN strings + from arbitrary input. + + +.. function:: str2dn(s [, flags=0]) -> list + + This function takes *s* and breaks it up into its component parts down to AVA + level. The optional parameter *flags* describes the DN format of s (see + :ref:`ldap-dn-flags`). Note that hex-encoded non-ASCII chars are decoded + to the raw bytes. + + Internally this function is implemented by calling OpenLDAP C function + `ldap_str2dn(3) `_. + + +.. function:: dn2str(dn) -> string + + This function takes a decomposed DN in *dn* and returns a single string. It's + the inverse to :func:`str2dn`. Special characters are escaped with the help of + function :func:`escape_dn_chars`. + + +.. function:: explode_dn(dn [, notypes=False[, flags=0]]) -> list + + This function takes *dn* and breaks it up into its component parts. Each part + is known as an RDN (Relative Distinguished Name). The optional *notypes* + parameter is used to specify that only the RDN values be returned and not + their types. The optional parameter *flags* describes the DN format of s (see + :ref:`ldap-dn-flags`). This function is emulated by function + :func:`str2dn` since the function ldap_explode_dn() in the C library is + deprecated. + + +.. function:: explode_rdn(rdn [, notypes=False[, flags=0]]) -> list + + This function takes a (multi-valued) *rdn* and breaks it up into a list of + characteristic attributes. The optional *notypes* parameter is used to specify + that only the RDN values be returned and not their types. The optional *flags* + parameter describes the DN format of s (see :ref:`ldap-dn-flags`). This + function is emulated by function :func:`str2dn` since the function + ldap_explode_rdn() in the C library is deprecated. + + +.. function:: is_dn(dn[, flags=0]) -> boolean + + This function checks whether *dn* is a valid LDAP distinguished name by + passing it to function :func:`str2dn`. + + +.. _ldap-dn-example: + +Examples +^^^^^^^^^ + +Splitting a LDAPv3 DN to AVA level. Note that both examples have the same result +but in the first example the non-ASCII chars are passed as is (byte buffer string) +whereas in the second example the hex-encoded DN representation are passed to the function. + +>>> ldap.dn.str2dn('cn=Michael Str\xc3\xb6der,dc=example,dc=com',flags=ldap.DN_FORMAT_LDAPV3) +[[('cn', 'Michael Str\xc3\xb6der', 4)], [('dc', 'example', 1)], [('dc', 'com', 1)]] +>>> ldap.dn.str2dn('cn=Michael Str\C3\B6der,dc=example,dc=com',flags=ldap.DN_FORMAT_LDAPV3) +[[('cn', 'Michael Str\xc3\xb6der', 4)], [('dc', 'example', 1)], [('dc', 'com', 1)]] + + +Splitting a LDAPv2 DN into RDN parts: + +>>> ldap.dn.explode_dn('cn=John Doe;dc=example;dc=com',flags=ldap.DN_FORMAT_LDAPV2) +['cn=John Doe', 'dc=example', 'dc=com'] + + +Splitting a multi-valued RDN: + +>>> ldap.dn.explode_rdn('cn=John Doe+mail=john.doe@example.com',flags=ldap.DN_FORMAT_LDAPV2) +['cn=John Doe', 'mail=john.doe@example.com'] + +Splitting a LDAPv3 DN with a multi-valued RDN into its AVA parts: + + +>>> ldap.dn.str2dn('cn=John Doe+mail=john.doe@example.com,dc=example,dc=com') +[[('cn', 'John Doe', 1), ('mail', 'john.doe@example.com', 1)], [('dc', 'example', 1)], [('dc', 'com', 1)]] diff --git a/Doc/reference/ldap-extop.rst b/Doc/reference/ldap-extop.rst new file mode 100644 index 0000000..8fe49f4 --- /dev/null +++ b/Doc/reference/ldap-extop.rst @@ -0,0 +1,40 @@ +******************************************************************** +:py:mod:`ldap.extop` High-level access to LDAPv3 extended operations +******************************************************************** + +.. py:module:: ldap.extop + :synopsis: High-level access to LDAPv3 extended operations. + + +Classes +======= + +This module defines the following classes: + +.. autoclass:: ldap.extop.ExtendedRequest + :members: + + +.. autoclass:: ldap.extop.ExtendedResponse + :members: + + +:py:mod:`ldap.extop.dds` Classes for Dynamic Entries extended operations +======================================================================== + +.. py:module:: ldap.extop.dds + :synopsis: Classes for Dynamic Entries extended operations + +This requires :py:mod:`pyasn1` and :py:mod:`pyasn1_modules` to be installed. + +.. seealso:: + + :rfc:`2589` - Lightweight Directory Access Protocol (v3): Extensions for Dynamic Directory Services + + +.. autoclass:: ldap.extop.dds.RefreshRequest + :members: + + +.. autoclass:: ldap.extop.dds.RefreshResponse + :members: diff --git a/Doc/reference/ldap-filter.rst b/Doc/reference/ldap-filter.rst new file mode 100644 index 0000000..b08d5e9 --- /dev/null +++ b/Doc/reference/ldap-filter.rst @@ -0,0 +1,37 @@ +:py:mod:`ldap.filter` LDAP filter handling +============================================ + +.. py:module:: ldap.filter + :synopsis: LDAP filter handling. +.. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) + + +.. % Author of the module code; + + +.. seealso:: + + :rfc:`4515` - Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters. + +The :mod:`ldap.filter` module defines the following functions: + + +.. function:: escape_filter_chars(assertion_value[, escape_mode=0]) + + This function escapes characters in *assertion_value* which are special in LDAP + filters. You should use this function when building LDAP filter strings from + arbitrary input. *escape_mode* means: If :const:`0` only special chars + mentioned in RFC 4515 are escaped. If :const:`1` all NON-ASCII chars are + escaped. If :const:`2` all chars are escaped. + + .. % -> string + + +.. function:: filter_format(filter_template, assertion_values) + + This function applies :func:`escape_filter_chars` to each of the strings in + list *assertion_values*. After that *filter_template* containing as many + :const:`%s` placeholders as count of assertion values is used to build the + whole filter string. + + .. % -> string diff --git a/Doc/reference/ldap-modlist.rst b/Doc/reference/ldap-modlist.rst new file mode 100644 index 0000000..64bf578 --- /dev/null +++ b/Doc/reference/ldap-modlist.rst @@ -0,0 +1,59 @@ +:py:mod:`ldap.modlist` Generate modify lists +============================================== + +.. py:module:: ldap.modlist + + +The :mod:`ldap.modlist` module defines the following functions: + + +.. function:: addModlist(entry [, ignore_attr_types=[]]) -> list + + This function builds a list suitable for passing it directly as argument + *modlist* to method :py:meth:`ldap.ldapobject.LDAPObject.add` or + its synchronous counterpart :py:meth:`ldap.ldapobject.LDAPObject.add_s`. + + *entry* is a dictionary like returned when receiving search results. + + *ignore_attr_types* is a list of attribute type + names which shall be ignored completely. Attributes of these types will not appear + in the result at all. + + +.. function:: modifyModlist( old_entry, new_entry [, ignore_attr_types=[] [, ignore_oldexistent=0 [, case_ignore_attr_types=None]]]) -> list + + This function builds a list suitable for passing it directly as argument + *modlist* to method :py:meth:`ldap.ldapobject.LDAPObject.modify` or + its synchronous counterpart :py:meth:`ldap.ldapobject.LDAPObject.modify_s`. + + Roughly when applying the resulting modify list to an entry + holding the data *old_entry* it will be modified in such a way that the entry + holds *new_entry* after the modify operation. It is handy in situations when it + is impossible to track user changes to an entry's data or for synchronizing + operations. + + *old_entry* and *new_entry* are dictionaries like returned when + receiving search results. + + *ignore_attr_types* is a list of attribute type + names which shall be ignored completely. These attribute types will not appear + in the result at all. + + If *ignore_oldexistent* is non-zero attribute type names which + are in *old_entry* but are not found in *new_entry* at all are not deleted. + This is handy for situations where your application sets attribute value to + an empty string for deleting an attribute. In most cases leave zero. + + If *case_ignore_attr_types* is a list of attribute type names for which + the comparison will be conducted case-insensitive. It is useful in + situations where a LDAP server normalizes values and one wants to avoid + unnecessary changes (e.g. case of attribute type names in DNs). + + .. note:: + Replacing attribute values is always done with a + :py:const:`ldap.MOD_DELETE`/:py:const:`ldap.MOD_ADD` pair instead of + :py:const:`ldap.MOD_REPLACE` to work-around potential issues with + attributes for which no EQUALITY matching rule are defined in the + server's subschema. This works correctly in most situations but + rarely fails with some LDAP servers implementing (schema) checks on + transient state entry during processing the modify operation. diff --git a/Doc/reference/ldap-resiter.rst b/Doc/reference/ldap-resiter.rst new file mode 100644 index 0000000..66ce6ca --- /dev/null +++ b/Doc/reference/ldap-resiter.rst @@ -0,0 +1,49 @@ +:py:mod:`ldap.resiter` Generator for stream-processing of large search results +============================================================================== + +.. py:module:: ldap.resiter + :synopsis: Generator for stream-processing of large search results. +.. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) + + +.. _ldap.resiter-classes: + +.. py:class:: ResultProcessor + +This is a mix-in class to be used with class :py:class:`ldap.LDAPObject` or +derived classes which has these methods: + + .. automethod:: ldap.resiter.ResultProcessor.allresults + + +.. _ldap.resiter-example: + + +Examples +-------- + +.. _ldap.resiter.ResultProcessor-example: + +Using ldap.resiter.ResultProcessor +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This example demonstrates how to use mix-in class ldap.resiter.ResultProcessor for +retrieving results formerly requested with :py:meth:`ldap.LDAPObject.search()` and +processing them in a for-loop. + +:: + + import sys,ldap,ldap.resiter + + class MyLDAPObject(ldap.ldapobject.LDAPObject,ldap.resiter.ResultProcessor): + pass + + l = MyLDAPObject('ldap://localhost') + + # Asynchronous search method + msg_id = l.search('dc=stroeder,dc=com',ldap.SCOPE_SUBTREE,'(objectClass=*)') + + for res_type,res_data,res_msgid,res_controls in l.allresults(msg_id): + for dn,entry in res_data: + # process dn and entry + print(dn,entry['objectClass']) diff --git a/Doc/reference/ldap-sasl.rst b/Doc/reference/ldap-sasl.rst new file mode 100644 index 0000000..9a8c96a --- /dev/null +++ b/Doc/reference/ldap-sasl.rst @@ -0,0 +1,84 @@ +*********************************************** +:py:mod:`ldap.sasl` SASL Authentication Methods +*********************************************** + +.. py:module:: ldap.sasl + +This module implements various authentication methods for SASL bind. + +.. seealso:: + + :rfc:`4422` - Simple Authentication and Security Layer (SASL) + :rfc:`4513` - Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms + + +Constants +========= + +.. py:data:: CB_USER + +.. py:data:: CB_AUTHNAME + +.. py:data:: CB_LANGUAGE + +.. py:data:: CB_PASS + +.. py:data:: CB_ECHOPROMPT + +.. py:data:: CB_NOECHOPROMPT + +.. py:data:: CB_GETREALM + + +Classes +======= + +.. autoclass:: ldap.sasl.sasl + :members: + + This class is used with :py:meth:`ldap.LDAPObject.sasl_interactive_bind_s()`. + + +.. autoclass:: ldap.sasl.cram_md5 + :members: + + +.. autoclass:: ldap.sasl.digest_md5 + :members: + + +.. autoclass:: ldap.sasl.gssapi + :members: + + You might consider using convenience method :py:meth:`ldap.LDAPObject.sasl_gssapi_bind_s()`. + + +.. autoclass:: ldap.sasl.external + :members: + + You might consider using convenience method :py:meth:`ldap.LDAPObject.sasl_external_bind_s()`. + + +.. _ldap.sasl-example: + +Examples for ldap.sasl +^^^^^^^^^^^^^^^^^^^^^^^^ + +This example connects to an OpenLDAP server via LDAP over IPC +(see `draft-chu-ldap-ldapi `_) +and sends a SASL external bind request. + +:: + + import ldap, ldap.sasl, urllib + + ldapi_path = '/tmp/openldap-socket' + ldap_conn = ldap.initialize( + 'ldapi://%s' % ( + urllib.quote_plus(ldapi_path) + ) + ) + # Send SASL bind request for mechanism EXTERNAL + ldap_conn.sasl_non_interactive_bind_s('EXTERNAL') + # Find out the SASL Authorization Identity + print ldap_conn.whoami_s() diff --git a/Doc/reference/ldap-schema.rst b/Doc/reference/ldap-schema.rst new file mode 100644 index 0000000..904c243 --- /dev/null +++ b/Doc/reference/ldap-schema.rst @@ -0,0 +1,84 @@ +******************************************** +:py:mod:`ldap.schema` Handling LDAPv3 schema +******************************************** + +.. py:module:: ldap.schema + +This module deals with schema information usually retrieved from +a special subschema subentry provided by the server. +It is closely modeled along the directory information model described +in the following RFC with which you should make yourself familiar +when trying to use this module: + +.. seealso:: + + :rfc:`4512` - Lightweight Directory Access Protocol (LDAP): Directory Information Models + + +:py:mod:`ldap.schema.subentry` Processing LDAPv3 subschema subentry +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. py:module:: ldap.schema.subentry + + +.. py:data:: NOT_HUMAN_READABLE_LDAP_SYNTAXES + + Dictionary where the keys are the OIDs of LDAP syntaxes known to be + not human-readable when displayed to a console without conversion + and which cannot be decoded to a :py:data:`types.UnicodeType`. + + +Functions +========= + +.. autofunction:: ldap.schema.subentry.urlfetch + +Classes +======= + +.. autoclass:: ldap.schema.subentry.SubSchema + :members: + + +:py:mod:`ldap.schema.models` Schema elements +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. py:module:: ldap.schema.models + + +.. autoclass:: ldap.schema.models.Entry + :members: + +.. autoclass:: ldap.schema.models.SchemaElement + :members: + +.. autoclass:: ldap.schema.models.AttributeType + :members: + +.. autoclass:: ldap.schema.models.ObjectClass + :members: + +.. autoclass:: ldap.schema.models.MatchingRule + :members: + +.. autoclass:: ldap.schema.models.MatchingRuleUse + :members: + +.. autoclass:: ldap.schema.models.DITContentRule + :members: + +.. autoclass:: ldap.schema.models.NameForm + :members: + +.. autoclass:: ldap.schema.models.DITStructureRule + :members: + + +.. _ldap.schema-example: + +Examples for ldap.schema +^^^^^^^^^^^^^^^^^^^^^^^^ + +:: + + import ldap.schema diff --git a/Doc/reference/ldap-syncrepl.rst b/Doc/reference/ldap-syncrepl.rst new file mode 100644 index 0000000..b3b2cf9 --- /dev/null +++ b/Doc/reference/ldap-syncrepl.rst @@ -0,0 +1,22 @@ +******************************************************************** +:py:mod:`ldap.syncrepl` Implementation of a syncrepl consumer +******************************************************************** + +.. py:module:: ldap.syncrepl + :synopsis: Implementation of a syncrepl consumer + +.. seealso:: + + :rfc:`4533` - Lightweight Directory Access Protocol (v3): Content Synchronization Operation + +This requires :py:mod:`pyasn1` and :py:mod:`pyasn1_modules` to be installed. + + +Classes +======= + +This module defines the following classes: + + +.. autoclass:: ldap.syncrepl.SyncreplConsumer + :members: diff --git a/Doc/reference/ldap.rst b/Doc/reference/ldap.rst new file mode 100644 index 0000000..16220f3 --- /dev/null +++ b/Doc/reference/ldap.rst @@ -0,0 +1,1400 @@ +******************************************** +:py:mod:`ldap` LDAP library interface module +******************************************** + +.. py:module:: ldap + :platform: Posix, Windows + :synopsis: Access to an underlying LDAP C library. +.. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) + + +This module provides access to the LDAP (Lightweight Directory Access Protocol) +C API implemented in OpenLDAP. It is similar to the C API, with +the notable differences that lists are manipulated via Python list operations +and errors appear as exceptions. + + .. seealso:: + + For more detailed information on the C interface, please see the (expired) + `draft-ietf-ldapext-ldap-c-api `_ + + +This documentation is current for the Python LDAP module, version +|release|. Source and binaries are available from +https://www.python-ldap.org/. + + +Functions +========= + +This module defines the following functions: + +.. py:function:: initialize(uri [, trace_level=0 [, trace_file=sys.stdout [, trace_stack_limit=None, [fileno=None]]]]) -> LDAPObject object + + Initializes a new connection object for accessing the given LDAP server, + and return an :class:`~ldap.ldapobject.LDAPObject` used to perform operations + on that server. + + The *uri* parameter may be a comma- or whitespace-separated list of URIs + containing only the schema, the host, and the port fields. Note that + when using multiple URIs you cannot determine to which URI your client + gets connected. + + If *fileno* parameter is given then the file descriptor will be used to + connect to an LDAP server. The *fileno* must either be a socket file + descriptor as :class:`int` or a file-like object with a *fileno()* method + that returns a socket file descriptor. The socket file descriptor must + already be connected. :class:`~ldap.ldapobject.LDAPObject` does not take + ownership of the file descriptor. It must be kept open during operations + and explicitly closed after the :class:`~ldap.ldapobject.LDAPObject` is + unbound. The internal connection type is determined from the URI, ``TCP`` + for ``ldap://`` / ``ldaps://``, ``IPC`` (``AF_UNIX``) for ``ldapi://``. + The parameter is not available on macOS when python-ldap is compiled with system + libldap, see :py:const:`INIT_FD_AVAIL`. + + Note that internally the OpenLDAP function + `ldap_initialize(3) `_ + is called which just initializes the LDAP connection struct in the C API + - nothing else. Therefore the first call to an operation method (bind, + search etc.) then really opens the connection (lazy connect). Before + that nothing is sent on the wire. The error handling in the calling + application has to correctly handle this behaviour. + + Three optional arguments are for generating debug log information: + *trace_level* specifies the amount of information being logged, + *trace_file* specifies a file-like object as target of the debug log and + *trace_stack_limit* specifies the stack limit of tracebacks in debug log. + + Possible values for *trace_level* are + :py:const:`0` for no logging, + :py:const:`1` for only logging the method calls with arguments, + :py:const:`2` for logging the method calls with arguments and the complete results and + :py:const:`9` for also logging the traceback of method calls. + + This function is a thin wrapper around instantiating + :class:`~ldap.ldapobject.LDAPObject`. + Any additional keyword arguments are passed to ``LDAPObject``. + It is also fine to instantiate a ``LDAPObject`` (or a subclass) directly. + + The function additionally takes *bytes_mode* and *bytes_strictness* keyword + arguments, which are deprecated and ignored. See :ref:`bytes_mode` for + details. + + .. seealso:: + + :rfc:`4516` - Lightweight Directory Access Protocol (LDAP): Uniform Resource Locator + + .. versionadded:: 3.3 + + The *fileno* argument was added. + + .. deprecated:: 3.4 + + *bytes_mode* and *bytes_strictness* arguments are deprecated. + + +.. py:function:: get_option(option) -> int|string + + This function returns the value of the global option specified by *option*. + + +.. py:function:: set_option(option, invalue) -> None + + This function sets the value of the global option specified by *option* to + *invalue*. + + .. note:: + + Most global settings do not affect existing :py:class:`LDAPObject` + connections. Applications should call :py:func:`set_option()` before + they establish connections with :py:func:`initialize`. + +.. versionchanged:: 3.1 + + The deprecated functions ``ldap.init()`` and ``ldap.open()`` were removed. + + +.. _ldap-constants: + +Constants +========= + +The module defines various constants. Note that some constants depend +on the build options and which underlying libs were used or even on +the version of the libs. So before using those constants the application has +to explicitly check whether they are available. + +General +------- + +.. py:data:: PORT + + The assigned TCP port number (389) that LDAP servers listen on. + +.. py:data:: SASL_AVAIL + + Integer where a non-zero value indicates that python-ldap was built with + support for SASL (Cyrus-SASL). + +.. py:data:: TLS_AVAIL + + Integer where a non-zero value indicates that python-ldap was built with + support for SSL/TLS (OpenSSL or similar libs). + +.. py:data:: INIT_FD_AVAIL + + Integer where a non-zero value indicates that python-ldap supports + :py:func:`initialize` from a file descriptor. The feature is generally + available except on macOS when python-ldap is compiled with system libldap. + + +.. _ldap-options: + +Options +------- + +.. seealso:: + + :manpage:`ldap.conf(5)` and :manpage:`ldap_get_option(3)` + + +For use with functions :py:func:`set_option` and :py:func:`get_option` and +methods :py:meth:`LDAPObject.set_option` and :py:meth:`LDAPObject.get_option` +the following option identifiers are defined as constants: + +.. py:data:: OPT_API_FEATURE_INFO + +.. py:data:: OPT_API_INFO + +.. py:data:: OPT_CLIENT_CONTROLS + +.. py:data:: OPT_DEBUG_LEVEL + + Sets the debug level within the underlying OpenLDAP C lib (libldap). + libldap sends the log messages to stderr. + +.. py:data:: OPT_DEFBASE + +.. py:data:: OPT_DEREF + + Specifies how alias dereferencing is done within the underlying LDAP C lib. + +.. py:data:: OPT_ERROR_STRING + +.. py:data:: OPT_DIAGNOSTIC_MESSAGE + +.. py:data:: OPT_HOST_NAME + +.. py:data:: OPT_MATCHED_DN + +.. py:data:: OPT_NETWORK_TIMEOUT + + .. versionchanged:: 3.0 + A timeout of ``-1`` or ``None`` resets timeout to infinity. + +.. py:data:: OPT_PROTOCOL_VERSION + + Sets the LDAP protocol version used for a connection. This is mapped to + object attribute `ldap.LDAPObject.protocol_version` + +.. py:data:: OPT_REFERRALS + + int specifying whether referrals should be automatically chased within + the underlying LDAP C lib. + +.. py:data:: OPT_REFHOPLIMIT + +.. py:data:: OPT_RESTART + +.. py:data:: OPT_SERVER_CONTROLS + +.. py:data:: OPT_SIZELIMIT + +.. py:data:: OPT_SUCCESS + +.. py:data:: OPT_TIMELIMIT + +.. py:data:: OPT_TIMEOUT + + .. versionchanged:: 3.0 + A timeout of ``-1`` or ``None`` resets timeout to infinity. + +.. py:data:: OPT_URI + +.. _ldap-sasl-options: + +SASL options +:::::::::::: + +.. py:data:: OPT_X_SASL_AUTHCID + +.. py:data:: OPT_X_SASL_AUTHZID + +.. py:data:: OPT_X_SASL_MECH + +.. py:data:: OPT_X_SASL_NOCANON + + If set to zero SASL host name canonicalization is disabled. + +.. py:data:: OPT_X_SASL_REALM + +.. py:data:: OPT_X_SASL_SECPROPS + +.. py:data:: OPT_X_SASL_SSF + +.. py:data:: OPT_X_SASL_SSF_EXTERNAL + +.. py:data:: OPT_X_SASL_SSF_MAX + +.. py:data:: OPT_X_SASL_SSF_MIN + +.. _ldap-tls-options: + +TLS options +::::::::::: + +.. warning:: + + libldap does not materialize all TLS settings immediately. You must use + :py:const:`OPT_X_TLS_NEWCTX` with value ``0`` to instruct libldap to + apply pending TLS settings and create a new internal TLS context:: + + conn = ldap.initialize("ldap://ldap.example") + conn.set_option(ldap.OPT_X_TLS_CACERTFILE, '/path/to/ca.pem') + conn.set_option(ldap.OPT_X_TLS_NEWCTX, 0) + conn.start_tls_s() + conn.simple_bind_s(dn, password) + + +.. py:data:: OPT_X_TLS_NEWCTX + + set and apply TLS settings to internal TLS context. Value ``0`` creates + a new client-side context. + +.. py:data:: OPT_X_TLS_PACKAGE + + Get TLS implementation, known values are + + * ``GnuTLS`` + * ``MozNSS`` (Mozilla NSS) + * ``OpenSSL`` + + +.. py:data:: OPT_X_TLS_CACERTDIR + + get/set path to directory with CA certs + +.. py:data:: OPT_X_TLS_CACERTFILE + + get/set path to PEM file with CA certs + +.. py:data:: OPT_X_TLS_CERTFILE + + get/set path to file with PEM encoded cert for client cert authentication, + requires :py:const:`OPT_X_TLS_KEYFILE`. + +.. py:data:: OPT_X_TLS_KEYFILE + + get/set path to file with PEM encoded key for client cert authentication, + requires :py:const:`OPT_X_TLS_CERTFILE`. + + +.. py:data:: OPT_X_TLS_CRLCHECK + + get/set certificate revocation list (CRL) check mode. CRL validation + requires :py:const:`OPT_X_TLS_CRLFILE`. + + :py:const:`OPT_X_TLS_CRL_NONE` + Don't perform CRL checks + + :py:const:`OPT_X_TLS_CRL_PEER` + Perform CRL check for peer's end entity cert. + + :py:const:`OPT_X_TLS_CRL_ALL` + Perform CRL checks for the whole cert chain + +.. py:data:: OPT_X_TLS_CRLFILE + + get/set path to CRL file + +.. py:data:: OPT_X_TLS_CRL_ALL + + value for :py:const:`OPT_X_TLS_CRLCHECK` + +.. py:data:: OPT_X_TLS_CRL_NONE + + value for :py:const:`OPT_X_TLS_CRLCHECK` + +.. py:data:: OPT_X_TLS_CRL_PEER + + value for :py:const:`OPT_X_TLS_CRLCHECK` + + +.. py:data:: OPT_X_TLS_REQUIRE_CERT + + get/set validation strategy for server cert. + + :py:const:`OPT_X_TLS_NEVER` + Don't check server cert and host name + + :py:const:`OPT_X_TLS_ALLOW` + Used internally by slapd server. + + :py:const:`OPT_X_TLS_DEMAND` + Validate peer cert chain and host name + + :py:const:`OPT_X_TLS_HARD` + Same as :py:const:`OPT_X_TLS_DEMAND` + +.. py:data:: OPT_X_TLS_ALLOW + + Value for :py:const:`OPT_X_TLS_REQUIRE_CERT` + +.. py:data:: OPT_X_TLS_DEMAND + + Value for :py:const:`OPT_X_TLS_REQUIRE_CERT` + +.. py:data:: OPT_X_TLS_HARD + + Value for :py:const:`OPT_X_TLS_REQUIRE_CERT` + +.. py:data:: OPT_X_TLS_NEVER + + Value for :py:const:`OPT_X_TLS_REQUIRE_CERT` + +.. py:data:: OPT_X_TLS_TRY + + .. deprecated:: 3.3.0 + This value is only used by slapd server internally. It will be removed + in the future. + + +.. py:data:: OPT_X_TLS_CIPHER + + get cipher suite name from TLS session + +.. py:data:: OPT_X_TLS_CIPHER_SUITE + + get/set allowed cipher suites + +.. py:data:: OPT_X_TLS_CTX + + get address of internal memory address of TLS context (**DO NOT USE**) + +.. py:data:: OPT_X_TLS_PEERCERT + + Get peer's certificate as binary ASN.1 data structure (not supported) + +.. py:data:: OPT_X_TLS_PROTOCOL_MIN + + get/set minimum protocol version (wire protocol version as int) + + * ``0x303`` for TLS 1.2 + * ``0x304`` for TLS 1.3 + +.. py:data:: OPT_X_TLS_VERSION + + Get negotiated TLS protocol version as string + +.. py:data:: OPT_X_TLS_RANDOM_FILE + + get/set path to /dev/urandom (**DO NOT USE**) + +.. py:data:: OPT_X_TLS + + .. deprecated:: 3.3.0 + The option is deprecated in OpenLDAP and should no longer be used. It + will be removed in the future. + +.. note:: + + OpenLDAP supports several TLS/SSL libraries. OpenSSL is the most common + backend. Some options may not be available when libldap uses NSS, GnuTLS, + or Apple's Secure Transport backend. + +.. _ldap-keepalive-options: + +Keepalive options +::::::::::::::::: + +.. py:data:: OPT_X_KEEPALIVE_IDLE + +.. py:data:: OPT_X_KEEPALIVE_PROBES + +.. py:data:: OPT_X_KEEPALIVE_INTERVAL + +.. _ldap-dn-flags: + +DN format flags +---------------- + +This constants are used for DN-parsing functions found in +sub-module :py:mod:`ldap.dn`. + +.. seealso:: + `ldap_str2dn(3) `_ + +.. py:data:: DN_FORMAT_LDAP + +.. py:data:: DN_FORMAT_LDAPV3 + +.. py:data:: DN_FORMAT_LDAPV2 + +.. py:data:: DN_FORMAT_DCE + +.. py:data:: DN_FORMAT_UFN + +.. py:data:: DN_FORMAT_AD_CANONICAL + +.. py:data:: DN_FORMAT_MASK + +.. py:data:: DN_PRETTY + +.. py:data:: DN_SKIP + +.. py:data:: DN_P_NOLEADTRAILSPACES + +.. py:data:: DN_P_NOSPACEAFTERRDN + +.. py:data:: DN_PEDANTIC + + + +.. _ldap-exceptions: + +Exceptions +========== + +The module defines the following exceptions: + +.. py:exception:: LDAPError + + This is the base class of all exceptions raised by the module :py:mod:`ldap`. + Unlike the C interface, errors are not returned as result codes, but + are instead turned into exceptions, raised as soon an the error condition + is detected. + + The exceptions are accompanied by a dictionary with additional information. + All fields are optional and more fields may be added in the future. + Currently, ``python-ldap`` may set the following fields: + + * ``'result'``: a numeric code of the error class. + * ``'desc'``: string giving a description of the error class, as provided + by calling OpenLDAP's ``ldap_err2string`` on the ``result``. + * ``'info'``: string containing more information that the server may + have sent. The value is server-specific: for example, the OpenLDAP server + may send different info messages than Active Directory or 389-DS. + * ``'matched'``: truncated form of the name provided or alias. + dereferenced for the lowest entry (object or alias) that was matched. + * ``'msgid'``: ID of the matching asynchronous request. + This can be used in asynchronous code where :py:meth:`result()` raises the + result of an operation as an exception. For example, this is the case for + :py:meth:`~LDAPObject.compare()`, always raises the boolean result as an + exception (:py:exc:`COMPARE_TRUE` or :py:exc:`COMPARE_FALSE`). + * ``'ctrls'``: list of :py:class:`ldap.controls.LDAPControl` instances + attached to the error. + * ``'errno'``: the C ``errno``, usually set by system calls or ``libc`` + rather than the LDAP libraries. + +.. py:exception:: ADMINLIMIT_EXCEEDED + +.. py:exception:: AFFECTS_MULTIPLE_DSAS + +.. py:exception:: ALIAS_DEREF_PROBLEM + + A problem was encountered when dereferencing an alias. + (Sets the :py:const:`matched` field.) + +.. py:exception:: ALIAS_PROBLEM + + An alias in the directory points to a nonexistent entry. + (Sets the :py:const:`matched` field.) + +.. py:exception:: ALREADY_EXISTS + + The entry already exists. E.g. the *dn* specified with :py:meth:`add()` + already exists in the DIT. + +.. py:exception:: AUTH_UNKNOWN + + The authentication method specified to :py:meth:`bind()` is not known. + +.. py:exception:: BUSY + + The DSA is busy. + +.. py:exception:: CLIENT_LOOP + +.. py:exception:: COMPARE_FALSE + + A compare operation returned false. + (This exception should only be seen asynchronous operations, because + :py:meth:`~LDAPObject.compare_s()` returns a boolean result.) + +.. py:exception:: COMPARE_TRUE + + A compare operation returned true. + (This exception should only be seen asynchronous operations, because + :py:meth:`~LDAPObject.compare_s()` returns a boolean result.) + +.. py:exception:: CONFIDENTIALITY_REQUIRED + + Indicates that the session is not protected by a protocol such + as Transport Layer Security (TLS), which provides session + confidentiality. + +.. py:exception:: CONNECT_ERROR + +.. py:exception:: CONSTRAINT_VIOLATION + + An attribute value specified or an operation started violates some + server-side constraint + (e.g., a postalAddress has too many lines or a line that is too long + or a password is expired). + +.. py:exception:: CONTROL_NOT_FOUND + +.. py:exception:: DECODING_ERROR + + An error was encountered decoding a result from the LDAP server. + +.. py:exception:: ENCODING_ERROR + + An error was encountered encoding parameters to send to the LDAP server. + +.. py:exception:: FILTER_ERROR + + An invalid filter was supplied to :py:meth:`search()` + (e.g. unbalanced parentheses). + +.. py:exception:: INAPPROPRIATE_AUTH + + Inappropriate authentication was specified (e.g. :py:const:`AUTH_SIMPLE` + was specified and the entry does not have a userPassword attribute). + +.. py:exception:: INAPPROPRIATE_MATCHING + + Filter type not supported for the specified attribute. + +.. py:exception:: INSUFFICIENT_ACCESS + + The user has insufficient access to perform the operation. + +.. py:exception:: INVALID_CREDENTIALS + + Invalid credentials were presented during :py:meth:`bind()` or + :py:meth:`simple_bind()`. + (e.g., the wrong password). + +.. py:exception:: INVALID_DN_SYNTAX + + A syntactically invalid DN was specified. (Sets the :py:const:`matched` field.) + +.. py:exception:: INVALID_SYNTAX + + An attribute value specified by the client did not comply to the + syntax defined in the server-side schema. + +.. py:exception:: IS_LEAF + + The object specified is a leaf of the directory tree. + Sets the :py:const:`matched` field of the exception dictionary value. + +.. py:exception:: LOCAL_ERROR + + Some local error occurred. This is usually due to failed memory allocation. + +.. py:exception:: LOOP_DETECT + + A loop was detected. + +.. py:exception:: MORE_RESULTS_TO_RETURN + +.. py:exception:: NAMING_VIOLATION + + A naming violation occurred. This is raised e.g. if the LDAP server + has constraints about the tree naming. + +.. py:exception:: NO_OBJECT_CLASS_MODS + + Modifying the objectClass attribute as requested is not allowed + (e.g. modifying structural object class of existing entry). + +.. py:exception:: NOT_ALLOWED_ON_NONLEAF + + The operation is not allowed on a non-leaf object. + +.. py:exception:: NOT_ALLOWED_ON_RDN + + The operation is not allowed on an RDN. + +.. py:exception:: NOT_SUPPORTED + +.. py:exception:: NO_MEMORY + +.. py:exception:: NO_RESULTS_RETURNED + +.. py:exception:: NO_SUCH_ATTRIBUTE + + The attribute type specified does not exist in the entry. + +.. py:exception:: NO_SUCH_OBJECT + + The specified object does not exist in the directory. + Sets the :py:const:`matched` field of the exception dictionary value. + +.. py:exception:: OBJECT_CLASS_VIOLATION + + An object class violation occurred when the LDAP server checked + the data sent by the client against the server-side schema + (e.g. a "must" attribute was missing in the entry data). + +.. py:exception:: OPERATIONS_ERROR + + An operations error occurred. + +.. py:exception:: OTHER + + An unclassified error occurred. + +.. py:exception:: PARAM_ERROR + + An ldap routine was called with a bad parameter. + +.. py:exception:: PARTIAL_RESULTS + + Partial results only returned. This exception is raised if + a referral is received when using LDAPv2. + (This exception should never be seen with LDAPv3.) + +.. py:exception:: PROTOCOL_ERROR + + A violation of the LDAP protocol was detected. + +.. py:exception:: RESULTS_TOO_LARGE + + The result does not fit into a UDP packet. This happens only when using + UDP-based CLDAP (connection-less LDAP) which is not supported anyway. + +.. py:exception:: SASL_BIND_IN_PROGRESS + +.. py:exception:: SERVER_DOWN + + The LDAP library can't contact the LDAP server. + +.. py:exception:: SIZELIMIT_EXCEEDED + + An LDAP size limit was exceeded. + This could be due to a ``sizelimit`` configuration on the LDAP server. + +.. py:exception:: STRONG_AUTH_NOT_SUPPORTED + + The LDAP server does not support strong authentication. + +.. py:exception:: STRONG_AUTH_REQUIRED + + Strong authentication is required for the operation. + +.. py:exception:: TIMELIMIT_EXCEEDED + + An LDAP time limit was exceeded. + +.. py:exception:: TIMEOUT + + A timelimit was exceeded while waiting for a result from the server. + +.. py:exception:: TYPE_OR_VALUE_EXISTS + + An attribute type or attribute value specified already + exists in the entry. + +.. py:exception:: UNAVAILABLE + + The DSA is unavailable. + +.. py:exception:: UNAVAILABLE_CRITICAL_EXTENSION + + Indicates that the LDAP server was unable to satisfy a request + because one or more critical extensions were not available. Either + the server does not support the control or the control is not appropriate + for the operation type. + +.. py:exception:: UNDEFINED_TYPE + + An attribute type used is not defined in the server-side schema. + +.. py:exception:: UNWILLING_TO_PERFORM + + The DSA is unwilling to perform the operation. + +.. py:exception:: USER_CANCELLED + + The operation was cancelled via the :py:meth:`abandon()` method. + +The above exceptions are raised when a result code from an underlying API +call does not indicate success. + + +.. _ldap-warnings: + +Warnings +======== + +.. py:class:: LDAPBytesWarning + + This warning is deprecated. python-ldap no longer raises it. + + It used to be raised under Python 2 when bytes/text mismatch in non-strict + bytes mode. See :ref:`bytes_mode` for details. + + .. versionadded:: 3.0.0 + + .. versionchanged:: 3.4.0 + + Deprecated. + +.. _ldap-objects: + +LDAPObject classes +================== + +.. py:class:: ldap.ldapobject.LDAPObject + + Instances of :py:class:`LDAPObject` are returned by :py:func:`initialize()`. + The connection is automatically unbound + and closed when the LDAP object is deleted. + + :py:class:`LDAPObject` is an alias of + :py:class:`~ldap.ldapobject.SimpleLDAPObject`, the default connection class. + If you wish to use a different class, instantiate it directly instead of + calling :func:`initialize()`. + + (It is also possible, but not recommended, to change the default by setting + ``ldap.ldapobject.LDAPObject`` to a different class.) + +.. autoclass:: ldap.ldapobject.SimpleLDAPObject + +.. autoclass:: ldap.ldapobject.ReconnectLDAPObject + + +.. _ldap-controls: + +Arguments for LDAPv3 controls +----------------------------- + +The :py:mod:`ldap.controls` module can be used for constructing and +decoding LDAPv3 controls. These arguments are available in the methods +with names ending in :py:const:`_ext` or :py:const:`_ext_s`: + +*serverctrls* + is a list of :py:class:`ldap.controls.LDAPControl` instances sent to the server along + with the LDAP request (see module :py:mod:`ldap.controls`). These are + controls which alter the behaviour of the server when processing the + request if the control is supported by the server. The effect of controls + might differ depending on the type of LDAP request or controls might not + be applicable with certain LDAP requests at all. + +*clientctrls* + is a list of :py:class:`ldap.controls.LDAPControl` instances passed to the + client API and alter the behaviour of the client when processing the + request. + + +.. _sending-ldap-requests: + +Sending LDAP requests +--------------------- + +Most methods on LDAP objects initiate an asynchronous request to the +LDAP server and return a message id that can be used later to retrieve +the result with :py:meth:`result()`. + +Methods with names ending in :py:const:`_s` are the synchronous form +and wait for and return with the server's result, or with +:py:const:`None` if no data is expected. + + +:class:`LDAPObject` instances have the following methods: + +.. py:method:: LDAPObject.abandon(msgid) -> None + +.. py:method:: LDAPObject.abandon_ext(msgid [, serverctrls=None [, clientctrls=None]]) -> None + + Abandons an LDAP operation in progress without waiting for a LDAP response. + The *msgid* argument should be the message ID of an outstanding LDAP + operation as returned by the asynchronous methods :py:meth:`search()`, :py:meth:`modify()`, etc. + The caller can expect that the result of an abandoned operation will not be + returned from a future call to :py:meth:`result()`. + + *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. + + +.. py:method:: LDAPObject.add(dn, modlist) -> int + +.. py:method:: LDAPObject.add_s(dn, modlist) -> None + +.. py:method:: LDAPObject.add_ext(dn, modlist [, serverctrls=None [, clientctrls=None]]) -> int + +.. py:method:: LDAPObject.add_ext_s(dn, modlist [, serverctrls=None [, clientctrls=None]]) -> tuple + + Performs an LDAP add operation. The *dn* argument is the distinguished + name (DN) of the entry to add, and *modlist* is a list of attributes to be + added. The modlist is similar the one passed to :py:meth:`modify()`, except that the + operation integer is omitted from the tuples in modlist. You might want to + look into sub-module \refmodule{ldap.modlist} for generating the modlist. + + The asynchronous methods :py:meth:`add()` and :py:meth:`add_ext()` + return the message ID of the initiated request. + + *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. + + The *dn* argument, and mod_type (second item) of *modlist* are text strings; + see :ref:`bytes_mode`. + + +.. py:method:: LDAPObject.bind(who, cred, method) -> int + +.. py:method:: LDAPObject.bind_s(who, cred, method) -> None + +.. py:method:: LDAPObject.cancel( cancelid, [, serverctrls=None [, clientctrls=None]]) -> None + + Send cancels extended operation for an LDAP operation specified by *cancelid*. + The *cancelid* should be the message id of an outstanding LDAP operation as returned + by the asynchronous methods search(), modify() etc. The caller + can expect that the result of an abandoned operation will not be + returned from a future call to :py:meth:`result()`. + In opposite to :py:meth:`abandon()` this extended operation gets an result from + the server and thus should be preferred if the server supports it. + + *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. + + :rfc:`3909` - Lightweight Directory Access Protocol (LDAP): Cancel Operation + + +.. py:method:: LDAPObject.compare(dn, attr, value) -> int + +.. py:method:: LDAPObject.compare_s(dn, attr, value) -> bool + +.. py:method:: LDAPObject.compare_ext(dn, attr, value [, serverctrls=None [, clientctrls=None]]) -> int + +.. py:method:: LDAPObject.compare_ext_s(dn, attr, value [, serverctrls=None [, clientctrls=None]]) -> bool + + Perform an LDAP comparison between the attribute named *attr* of entry *dn*, + and the value *value*. The synchronous forms returns ``True`` or ``False``. + The asynchronous forms returns the message ID of the initiated request, and + the result of the asynchronous compare can be obtained using + :py:meth:`result()`. The operation can fail with an exception, e.g. + :py:exc:`ldap.NO_SUCH_OBJECT` when *dn* does not exist or + :py:exc:`ldap.UNDEFINED_TYPE` for an invalid attribute. + + Note that the asynchronous technique yields the answer + by raising the exception objects :py:exc:`ldap.COMPARE_TRUE` or + :py:exc:`ldap.COMPARE_FALSE`. + + *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. + + The *dn* and *attr* arguments are text strings; see :ref:`bytes_mode`. + + .. note:: + + A design fault in the LDAP API prevents *value* + from containing *NULL* characters. + + +.. py:method:: LDAPObject.delete(dn) -> int + +.. py:method:: LDAPObject.delete_s(dn) -> None + +.. py:method:: LDAPObject.delete_ext(dn [, serverctrls=None [, clientctrls=None]]) -> int + +.. py:method:: LDAPObject.delete_ext_s(dn [, serverctrls=None [, clientctrls=None]]) -> tuple + + Performs an LDAP delete operation on *dn*. The asynchronous form + returns the message id of the initiated request, and the result can be obtained + from a subsequent call to :py:meth:`result()`. + + *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. + + The *dn* argument is text string; see :ref:`bytes_mode`. + + +.. py:method:: LDAPObject.extop(extreq[,serverctrls=None[,clientctrls=None]]]) -> int + +.. py:method:: LDAPObject.extop_s(extreq[,serverctrls=None[,clientctrls=None[,extop_resp_class=None]]]]) -> (respoid,respvalue) + + Performs an LDAP extended operation. The asynchronous + form returns the message id of the initiated request, and the + result can be obtained from a subsequent call to :py:meth:`extop_result()`. + + The *extreq* is an instance of class :py:class:`ldap.extop.ExtendedRequest` + containing the parameters for the extended operation request. + + *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. + + If argument *extop_resp_class* is set to a sub-class of + :py:class:`ldap.extop.ExtendedResponse` this class is used to return an + object of this class instead of a raw BER value in respvalue. + +.. py:method:: LDAPObject.extop_result(self,msgid=ldap.RES_ANY,all=1,timeout=None) -> (respoid,respvalue) + + Wrapper method around :py:meth:`result4()` just for retrieving + the result of an extended operation sent before. + + +.. py:method:: LDAPObject.modify(dn, modlist) -> int + +.. py:method:: LDAPObject.modify_s(dn, modlist) -> None + +.. py:method:: LDAPObject.modify_ext(dn, modlist [, serverctrls=None [, clientctrls=None]]) -> int + +.. py:method:: LDAPObject.modify_ext_s(dn, modlist [, serverctrls=None [, clientctrls=None]]) -> tuple + + Performs an LDAP modify operation on an entry's attributes. + The *dn* argument is the distinguished name (DN) of the entry to modify, + and *modlist* is a list of modifications to make to that entry. + + Each element in the list *modlist* should be a tuple of the form + *(mod_op,mod_type,mod_vals)*, + where *mod_op* indicates the operation (one of :py:const:`ldap.MOD_ADD`, + :py:const:`ldap.MOD_DELETE`, or :py:const:`ldap.MOD_REPLACE`), + *mod_type* is a string indicating the attribute type name, and + *mod_vals* is either a string value or a list of string values to add, + delete or replace respectively. For the delete operation, *mod_vals* + may be :py:const:`None` indicating that all attributes are to be deleted. + + *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. + + The asynchronous methods :py:meth:`modify()` and :py:meth:`modify_ext()` + return the message ID of the initiated request. + + You might want to look into sub-module :py:mod:`ldap.modlist` for + generating *modlist*. + + The *dn* argument, and mod_type (second item) of *modlist* are text strings; + see :ref:`bytes_mode`. + + +.. py:method:: LDAPObject.modrdn(dn, newrdn [, delold=1]) -> int + + +.. py:method:: LDAPObject.modrdn_s(dn, newrdn [, delold=1]) -> None + + Perform a ``modify RDN`` operation, (i.e. a renaming operation). + These routines take *dn* (the DN of the entry whose RDN is to be changed, + and *newrdn*, the new RDN to give to the entry. The optional parameter + *delold* is used to specify whether the old RDN should be kept as an + attribute of the entry or not. + The asynchronous version returns the initiated message id. + + This operation is emulated by :py:meth:`rename()` and :py:meth:`rename_s()` methods + since the modrdn2* routines in the C library are deprecated. + + The *dn* and *newrdn* arguments are text strings; see :ref:`bytes_mode`. + + +.. py:method:: LDAPObject.passwd(user, oldpw, newpw [, serverctrls=None [, clientctrls=None]]) -> int + +.. py:method:: LDAPObject.passwd_s(user, oldpw, newpw [, serverctrls=None [, clientctrls=None] [, extract_newpw=False]]]) -> (respoid, respvalue) + + Perform a ``LDAP Password Modify Extended Operation`` operation + on the entry specified by *user*. + The old password in *oldpw* is replaced with the new + password in *newpw* by a LDAP server supporting this operation. + + If *oldpw* is not :py:const:`None` it has to match the old password + of the specified *user* which is sometimes used when a user changes + his own password. + + *respoid* is always :py:const:`None`. *respvalue* is also + :py:const:`None` unless *newpw* was :py:const:`None`. This requests that + the server generate a new random password. If *extract_newpw* is + :py:const:`True`, this password is a bytes object available through + ``respvalue.genPasswd``, otherwise *respvalue* is the raw ASN.1 response + (this is deprecated and only for backwards compatibility). + + *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. + + The asynchronous version returns the initiated message id. + + The *user*, *oldpw* and *newpw* arguments are text strings; see :ref:`bytes_mode`. + + .. seealso:: + + :rfc:`3062` - LDAP Password Modify Extended Operation + :py:mod:`ldap.extop.passwd` + + + +.. py:method:: LDAPObject.rename(dn, newrdn [, newsuperior=None [, delold=1 [, serverctrls=None [, clientctrls=None]]]]) -> int + +.. py:method:: LDAPObject.rename_s(dn, newrdn [, newsuperior=None [, delold=1 [, serverctrls=None [, clientctrls=None]]]]) -> None + + Perform a ``Rename`` operation, (i.e. a renaming operation). + These routines take *dn* (the DN of the entry whose RDN is to be changed, + and *newrdn*, the new RDN to give to the entry. + The optional parameter *newsuperior* is used to specify + a new parent DN for moving an entry in the tree + (not all LDAP servers support this). + The optional parameter *delold* is used to specify + whether the old RDN should be kept as an attribute of the entry or not. + + *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. + + The *dn* and *newdn* arguments are text strings; see :ref:`bytes_mode`. + + +.. py:method:: LDAPObject.result([msgid=RES_ANY [, all=1 [, timeout=None]]]) -> 2-tuple + + This method is used to wait for and return the result of an operation + previously initiated by one of the LDAP *asynchronous* operations + (e.g. :py:meth:`search()`, :py:meth:`modify()`, etc.) + + The *msgid* parameter is the integer identifier returned by that method. + The identifier is guaranteed to be unique across an LDAP session, + and tells the :py:meth:`result()` method to request the result of that + specific operation. + + If a result is desired from any one of the in-progress operations, + *msgid* should be specified as the constant :py:const:`RES_ANY` + and the method :py:meth:`result2()` should be used instead. + + The *all* parameter only has meaning for :py:meth:`search()` responses + and is used to select whether a single entry of the search + response should be returned, or to wait for all the results + of the search before returning. + + A search response is made up of zero or more search entries + followed by a search result. If *all* is 0, search entries will + be returned one at a time as they come in, via separate calls + to :py:meth:`result()`. If all is 1, the search response will be returned + in its entirety, i.e. after all entries and the final search + result have been received. + + For *all* set to 0, result tuples + trickle in (with the same message id), and with the result types + :py:const:`RES_SEARCH_ENTRY` and :py:const:`RES_SEARCH_REFERENCE`, + until the final result which has a result type of :py:const:`RES_SEARCH_RESULT` + and a (usually) empty data field. When all is set to 1, only one result is returned, + with a result type of RES_SEARCH_RESULT, and all the result tuples + listed in the data field. + + The *timeout* parameter is a limit on the number of seconds that the + method will wait for a response from the server. + If *timeout* is negative (which is the default), + the method will wait indefinitely for a response. + The timeout can be expressed as a floating-point value, and + a value of :py:const:`0` effects a poll. + If a timeout does occur, a :py:exc:`ldap.TIMEOUT` exception is raised, + unless polling, in which case ``(None, None)`` is returned. + + The :py:meth:`result()` method returns a tuple of the form + ``(result-type, result-data)``. + The first element, ``result-type`` is a string, being one of + these module constants: + :py:const:`RES_BIND`, :py:const:`RES_SEARCH_ENTRY`, + :py:const:`RES_SEARCH_REFERENCE`, :py:const:`RES_SEARCH_RESULT`, + :py:const:`RES_MODIFY`, :py:const:`RES_ADD`, :py:const:`RES_DELETE`, + :py:const:`RES_MODRDN`, or :py:const:`RES_COMPARE`. + + If *all* is :py:const:`0`, one response at a time is returned on + each call to :py:meth:`result()`, with termination indicated by + ``result-data`` being an empty list. + + See :py:meth:`search()` for a description of the search result's + ``result-data``, otherwise the ``result-data`` is normally meaningless. + + + +.. py:method:: LDAPObject.result2([msgid=RES_ANY [, all=1 [, timeout=None]]]) -> 3-tuple + + This method behaves almost exactly like :py:meth:`result()`. But + it returns a 3-tuple also containing the message id of the + outstanding LDAP operation a particular result message belongs + to. This is especially handy if one needs to dispatch results + obtained with ``msgid=``:py:const:`RES_ANY` to several consumer + threads which invoked a particular LDAP operation. + + +.. py:method:: LDAPObject.result3([msgid=RES_ANY [, all=1 [, timeout=None]]]) -> 4-tuple + + This method behaves almost exactly like :py:meth:`result2()`. But it + returns an extra item in the tuple, the decoded server controls. + +.. py:method:: LDAPObject.result4([msgid=RES_ANY [, all=1 [, timeout=None [, add_ctrls=0 [, add_intermediates=0 [, add_extop=0 [, resp_ctrl_classes=None]]]]]]]) -> 6-tuple + + This method behaves almost exactly like :py:meth:`result3()`. But it + returns an extra items in the tuple, the decoded results of an extended response. + + The additional arguments are: + + *add_ctrls* (integer flag) specifies whether response controls are returned. + + add_intermediates (integer flag) specifies whether response controls of + intermediate search results are returned. + + *add_extop* (integer flag) specifies whether the response of an + extended operation is returned. If using extended operations you should + consider using the method :py:meth:`extop_result()` or + :py:meth:`extop_s()` instead. + + *resp_ctrl_classes* is a dictionary mapping the OID of a response controls to a + :py:class:`ldap.controls.ResponseControl` class of response controls known by the + application. So the response control value will be automatically decoded. + If :py:const:`None` the global dictionary :py:data:`ldap.controls.KNOWN_RESPONSE_CONTROLS` + is used instead. + +.. py:method:: LDAPObject.sasl_interactive_bind_s(who, auth[, serverctrls=None [, clientctrls=None [, sasl_flags=ldap.SASL_QUIET]]]) -> None + + This call is used to bind to the directory with a SASL bind request. + + *auth* is an :py:class:`ldap.sasl.sasl()` instance. + + *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. + + +.. py:method:: LDAPObject.sasl_non_interactive_bind_s(sasl_mech[, serverctrls=None [, clientctrls=None [, sasl_flags=ldap.SASL_QUIET [, authz_id='']]]]) -> None + + This call is used to bind to the directory with a SASL bind request with + non-interactive SASL mechanism defined with argument *sasl_mech* and + internally calls :py:meth:`sasl_interactive_bind_s()`. + + *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. + + +.. py:method:: LDAPObject.sasl_external_bind_s([serverctrls=None [, clientctrls=None [, sasl_flags=ldap.SASL_QUIET [, authz_id='']]]]) -> None + + This call is used to bind to the directory with a SASL bind request with + mechanism EXTERNAL and internally calls :py:meth:`sasl_non_interactive_bind_s()`. + + *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. + + +.. py:method:: LDAPObject.sasl_gssapi_bind_s([serverctrls=None [, clientctrls=None [, sasl_flags=ldap.SASL_QUIET [, authz_id='']]]]) -> None + + This call is used to bind to the directory with a SASL bind request with + mechanism GSSAPI and internally calls :py:meth:`sasl_non_interactive_bind_s()`. + + *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. + + +.. py:method:: LDAPObject.simple_bind([who=None [, cred=None [, serverctrls=None [, clientctrls=None]]]]) -> int + +.. py:method:: LDAPObject.simple_bind_s([who=None [, cred=None [, serverctrls=None [, clientctrls=None]]]]) -> None + + After an LDAP object is created, and before any other operations can be + attempted over the connection, a bind operation must be performed. + + This method attempts to bind with the LDAP server using + either simple authentication, or Kerberos (if available). + The first and most general method, :py:meth:`bind()`, + takes a third parameter, *method* which can currently solely + be :py:const:`AUTH_SIMPLE`. + + *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. + + The *who* and *cred* arguments are text strings; see :ref:`bytes_mode`. + + .. versionchanged:: 3.0 + + :meth:`~LDAPObject.simple_bind` and :meth:`~LDAPObject.simple_bind_s` + now accept ``None`` for *who* and *cred*, too. + +.. py:method:: LDAPObject.search(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, attrsonly=0]]]) ->int + +.. py:method:: LDAPObject.search_s(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, attrsonly=0]]]) ->list|None + +.. py:method:: LDAPObject.search_st(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, attrsonly=0 [, timeout=-1]]]]) -> list|None + +.. py:method:: LDAPObject.search_ext(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, attrsonly=0 [, serverctrls=None [, clientctrls=None [, timeout=-1 [, sizelimit=0]]]]]]]) -> int + +.. py:method:: LDAPObject.search_ext_s(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, attrsonly=0 [, serverctrls=None [, clientctrls=None [, timeout=-1 [, sizelimit=0]]]]]]]) -> list|None + + Perform an LDAP search operation, with *base* as the DN of the entry + at which to start the search, *scope* being one of + :py:const:`SCOPE_BASE` (to search the object itself), + :py:const:`SCOPE_ONELEVEL` (to search the object's immediate children), or + :py:const:`SCOPE_SUBTREE` (to search the object and all its descendants). + + The *filterstr* argument is a string representation of the filter to apply in + the search. + + .. seealso:: + + :rfc:`4515` - Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters. + + + Each result tuple is of the form ``(dn, attrs)``, + where *dn* is a string containing the DN (distinguished name) of the + entry, and *attrs* is a dictionary containing the attributes associated + with the entry. The keys of *attrs* are strings, and the associated + values are lists of strings. + + The DN in *dn* is automatically extracted using the underlying libldap + function :c:func:`ldap_get_dn()`, which may raise an exception if the + DN is malformed. + + If *attrsonly* is non-zero, the values of *attrs* will be meaningless + (they are not transmitted in the result). + + The retrieved attributes can be limited with the *attrlist* parameter. + If *attrlist* is :py:const:`None`, all the attributes of each entry are returned. + + *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. + + The synchronous form with timeout, :py:meth:`search_st()` or :py:meth:`search_ext_s()`, + will block for at most *timeout* seconds (or indefinitely if *timeout* + is negative). A :py:exc:`ldap.TIMEOUT` exception is raised if no result is received + within the specified time. + + The amount of search results retrieved can be limited with the + *sizelimit* parameter when using :py:meth:`search_ext()` + or :py:meth:`search_ext_s()` (client-side search limit). If non-zero + not more than *sizelimit* results are returned by the server. + + The *base* and *filterstr* arguments, and *attrlist* contents, + are text strings; see :ref:`bytes_mode`. + + .. versionchanged:: 3.0 + + ``filterstr=None`` is equivalent to ``filterstr='(objectClass=*)'``. + + +.. py:method:: LDAPObject.start_tls_s() -> None + + Negotiate TLS with server. The ``version`` attribute must have been + set to :py:const:`VERSION3` (which it is by default) before calling this method. + If TLS could not be started an exception will be raised. + + .. seealso:: + + :rfc:`2830` - Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security + + +.. py:method:: LDAPObject.unbind() -> int + +.. py:method:: LDAPObject.unbind_s() -> None + +.. py:method:: LDAPObject.unbind_ext([, serverctrls=None [, clientctrls=None]]) -> int + +.. py:method:: LDAPObject.unbind_ext_s([, serverctrls=None [, clientctrls=None]]) -> None + + This call is used to unbind from the directory, terminate the + current association, and free resources. Once called, the connection to the + LDAP server is closed and the LDAP object is marked invalid. + Further invocation of methods on the object will yield exceptions. + + *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. + + These methods are all synchronous in nature. + + +.. py:method:: LDAPObject.whoami_s() -> string + + This synchronous method implements the LDAP "Who Am I?" + extended operation. + + It is useful for finding out to find out which identity + is assumed by the LDAP server after a SASL bind. + + .. seealso:: + + :rfc:`4532` - Lightweight Directory Access Protocol (LDAP) "Who am I?" Operation + + +Connection-specific LDAP options +-------------------------------- + +.. py:method:: LDAPObject.get_option(option) -> int|string + + This method returns the value of the LDAPObject option + specified by *option*. + + +.. py:method:: LDAPObject.set_option(option, invalue) -> None + + This method sets the value of the LDAPObject option + specified by *option* to *invalue*. + + +Object attributes +----------------- + +If the underlying library provides enough information, +each LDAP object will also have the following attributes. +These attributes are mutable unless described as read-only. + +.. py:attribute:: LDAPObject.deref -> int + + Controls whether aliases are automatically dereferenced. + This must be one of :py:const:`DEREF_NEVER`, :py:const:`DEREF_SEARCHING`, + :py:const:`DEREF_FINDING` or :py:const:`DEREF_ALWAYS`. + This option is mapped to option constant :py:const:`OPT_DEREF` + and used in the underlying OpenLDAP client lib. + + +.. py:attribute:: LDAPObject.network_timeout -> int + + Limit on waiting for a network response, in seconds. + Defaults to :py:const:`NO_LIMIT`. + This option is mapped to option constant :py:const:`OPT_NETWORK_TIMEOUT` + and used in the underlying OpenLDAP client lib. + + .. versionchanged:: 3.0.0 + A timeout of ``-1`` or ``None`` resets timeout to infinity. + +.. py:attribute:: LDAPObject.protocol_version -> int + + Version of LDAP in use (either :py:const:`VERSION2` for LDAPv2 + or :py:const:`VERSION3` for LDAPv3). + This option is mapped to option constant :py:const:`OPT_PROTOCOL_VERSION` + and used in the underlying OpenLDAP client lib. + + .. note:: + + It is highly recommended to set the protocol version after establishing + a LDAP connection with :py:func:`ldap.initialize()` and before submitting + the first request. + + +.. py:attribute:: LDAPObject.sizelimit -> int + + Limit on size of message to receive from server. + Defaults to :py:const:`NO_LIMIT`. + This option is mapped to option constant :py:const:`OPT_SIZELIMIT` + and used in the underlying OpenLDAP client lib. Its use is deprecated + in favour of *sizelimit* parameter when using :py:meth:`search_ext()`. + + +.. py:attribute:: LDAPObject.timelimit -> int + + Limit on waiting for any response, in seconds. + Defaults to :py:const:`NO_LIMIT`. + This option is mapped to option constant :py:const:`OPT_TIMELIMIT` + and used in the underlying OpenLDAP client lib. Its use is deprecated + in favour of using :py:attr:`timeout`. + + +.. py:attribute:: LDAPObject.timeout -> int + + Limit on waiting for any response, in seconds. + Defaults to :py:const:`NO_LIMIT`. + This option is used in the wrapper module. + + +.. _ldap-example: + +Example +======= + +The following example demonstrates how to open a connection to an +LDAP server using the :py:mod:`ldap` module and invoke a synchronous +subtree search. + +>>> import ldap +>>> l = ldap.initialize('ldap://localhost:1390') +>>> l.search_s('ou=Testing,dc=stroeder,dc=de',ldap.SCOPE_SUBTREE,'(cn=fred*)',['cn','mail']) +[('cn=Fred Feuerstein,ou=Testing,dc=stroeder,dc=de', {'cn': ['Fred Feuerstein']})] +>>> r = l.search_s('ou=Testing,dc=stroeder,dc=de',ldap.SCOPE_SUBTREE,'(objectClass=*)',['cn','mail']) +>>> for dn,entry in r: +>>> print('Processing',repr(dn)) +>>> handle_ldap_entry(entry) diff --git a/Doc/reference/ldapurl.rst b/Doc/reference/ldapurl.rst new file mode 100644 index 0000000..eb2106b --- /dev/null +++ b/Doc/reference/ldapurl.rst @@ -0,0 +1,130 @@ +################################### +:py:mod:`ldapurl` LDAP URL handling +################################### + +.. py:module:: ldapurl + :synopsis: Parses and generates LDAP URLs +.. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) + + +This module parses and generates LDAP URLs. It is implemented in pure Python +and does not rely on any non-standard modules. Therefore it can be used stand- +alone without the rest of the python-ldap package. + +.. seealso:: + + :rfc:`4516` - The LDAP URL Format + + +Constants +========= + +The :mod:`ldapurl` module exports the following constants: + +.. py:data:: SEARCH_SCOPE + + This dictionary maps a search scope string identifier to the corresponding + integer value used with search operations in :mod:`ldap`. + + +.. py:data:: SEARCH_SCOPE_STR + + This dictionary is the inverse to :const:`SEARCH_SCOPE`. It maps a search scope + integer value to the corresponding string identifier used in a LDAP URL string + representation. + + +.. py:data:: LDAP_SCOPE_BASE + + +.. py:data:: LDAP_SCOPE_ONELEVEL + + +.. py:data:: LDAP_SCOPE_SUBTREE + + +Functions +========= + +.. autofunction:: ldapurl.isLDAPUrl + + +.. autofunction:: ldapurl.ldapUrlEscape + + +Classes +======= + +.. _ldapurl-ldapurl: + +LDAP URLs +^^^^^^^^^ + +A :py:class:`LDAPUrl` object represents a complete LDAP URL. + +.. autoclass:: ldapurl.LDAPUrl + :members: + + .. versionchanged:: 3.4.0 + + The urlscheme is now case insensitive and always converted to lower + case. ``LDAP://localhost`` is equivalent to ``ldap://localhost``. + + +LDAP URL extensions +^^^^^^^^^^^^^^^^^^^ + +A :py:class:`LDAPUrlExtension` object represents a single LDAP URL extension +whereas :py:class:`LDAPUrlExtensions` represents a list of LDAP URL extensions. + + +.. _ldapurl-ldapurlextension: + +.. autoclass:: ldapurl.LDAPUrlExtension + :members: + +.. _ldapurl-ldapurlextensions: + +.. autoclass:: ldapurl.LDAPUrlExtensions + :members: + + +.. _ldapurl-example: + +Example +^^^^^^^ + +Important security advice: +For security reasons you should not specify passwords in LDAP URLs +unless you really know what you are doing. + +The following example demonstrates how to parse a LDAP URL +with :mod:`ldapurl` module. + + +>>> import ldapurl +>>> ldap_url = ldapurl.LDAPUrl('ldap://localhost:1389/dc=stroeder,dc=com?cn,mail???bindname=cn=Michael%2cdc=stroeder%2cdc=com,X-BINDPW=secret') +>>> # Using the parsed LDAP URL by reading the class attributes +>>> ldap_url.dn +'dc=stroeder,dc=com' +>>> ldap_url.hostport +'localhost:1389' +>>> ldap_url.attrs +['cn','mail'] +>>> ldap_url.filterstr +'(objectclass=*)' +>>> ldap_url.who +'cn=Michael,dc=stroeder,dc=com' +>>> ldap_url.cred +'secret' +>>> ldap_url.scope +0 + + +The following example demonstrates how to generate a LDAP URL +with \module{ldapurl} module. + +>>> import ldapurl +>>> ldap_url = ldapurl.LDAPUrl(hostport='localhost:1389',dn='dc=stroeder,dc=com',attrs=['cn','mail'],who='cn=Michael,dc=stroeder,dc=com',cred='secret') +>>> ldap_url.unparse() +'ldap://localhost:1389/dc=stroeder,dc=com?cn,mail?base?(objectclass=*)?bindname=cn=Michael%2Cdc=stroeder%2Cdc=com,X-BINDPW=secret' diff --git a/Doc/reference/ldif.rst b/Doc/reference/ldif.rst new file mode 100644 index 0000000..87dcb70 --- /dev/null +++ b/Doc/reference/ldif.rst @@ -0,0 +1,96 @@ +##################################### +:mod:`ldif` LDIF parser and generator +##################################### + +.. py:module:: ldif + :synopsis: Parses and generates LDIF files +.. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) + + +This module parses and generates LDAP data in the format LDIF. It is +implemented in pure Python and does not rely on any non-standard modules. +Therefore it can be used stand-alone without the rest of the python-ldap +package. + +.. seealso:: + + :rfc:`2849` - The LDAP Data Interchange Format (LDIF) - Technical Specification + + +Functions +^^^^^^^^^ + +.. autofunction:: ldif.CreateLDIF + + .. deprecated:: 3.0 + + ``ldif.CreateLDIF()`` is deprecated. It will be removed in version 3.1. + Use :meth:`ldif.LDIFWriter.unparse` with a file or ``io.StringIO`` + instead. + +.. autofunction:: ldif.ParseLDIF + + .. deprecated:: 3.0 + + ``ldif.ParseLDIF()`` is deprecated. It will be removed in version 3.1. + Use the ``all_records`` attribute of the returned value of + ``ldif.LDIFRecordList.parse()`` instead. + + +Classes +^^^^^^^ + +.. autoclass:: ldif.LDIFWriter + :members: + +.. autoclass:: ldif.LDIFParser + :members: + +.. autoclass:: LDIFRecordList + :members: + +.. autoclass:: LDIFCopy + :members: + + +.. _ldif-example: + +Example +^^^^^^^ + +The following example demonstrates how to write LDIF output +of an LDAP entry with :mod:`ldif` module. + +>>> import sys, ldif +>>> entry={'objectClass': [b'top', b'person'], 'cn': [b'Michael Stroeder'], 'sn': [b'Stroeder']} +>>> dn='cn=Michael Stroeder,ou=Test' +>>> ldif_writer=ldif.LDIFWriter(sys.stdout) +>>> ldif_writer.unparse(dn, entry) +dn: cn=Michael Stroeder,ou=Test +cn: Michael Stroeder +objectClass: top +objectClass: person +sn: Stroeder + + +The following example demonstrates how to parse an LDIF file +with :mod:`ldif` module, skip some entries and write the result to stdout. :: + + import sys + from ldif import LDIFParser,LDIFWriter + + SKIP_DN = ["uid=foo,ou=People,dc=example,dc=com", + "uid=bar,ou=People,dc=example,dc=com"] + + class MyLDIF(LDIFParser): + def __init__(self,input,output): + LDIFParser.__init__(self,input) + self.writer = LDIFWriter(output) + + def handle(self,dn,entry): + if dn in SKIP_DN: + return + self.writer.unparse(dn,entry) + + parser = MyLDIF(open("input.ldif", 'rb'), sys.stdout) + parser.parse() diff --git a/Doc/reference/slapdtest.rst b/Doc/reference/slapdtest.rst new file mode 100644 index 0000000..7517e66 --- /dev/null +++ b/Doc/reference/slapdtest.rst @@ -0,0 +1,32 @@ +################################################################### +:mod:`slapdtest` Spawning test instances of OpenLDAP's slapd server +################################################################### + +.. py:module:: slapdtest + :synopsis: Spawning test instances of OpenLDAP's slapd server +.. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) + + +The module is used for testing python-ldap itself but can be used for +automatically testing any OpenLDAP-based configuration setup. + +This module is pure Python and does not rely on any non-standard modules. +Therefore it can be used stand-alone without the rest of the python-ldap +package. + +Test fixtures for the popular `pytest` framework are developed in an external project, `pytest-ldap`_. + +Functions +^^^^^^^^^ + + +Classes +^^^^^^^ + +.. autoclass:: slapdtest.SlapdObject + :members: + +.. autoclass:: slapdtest.SlapdTestCase + :members: + +.. _pytest-ldap: https://pypi.org/project/pytest-ldap/ diff --git a/Doc/requirements.txt b/Doc/requirements.txt new file mode 100644 index 0000000..7102362 --- /dev/null +++ b/Doc/requirements.txt @@ -0,0 +1,2 @@ +pyasn1 +pyasn1_modules diff --git a/Doc/resources.rst b/Doc/resources.rst new file mode 100644 index 0000000..56cb1a1 --- /dev/null +++ b/Doc/resources.rst @@ -0,0 +1,55 @@ +Third-party documentation +========================= + +The following documents referenced are not written by python-ldap project +members. Therefore some information might be outdated or links might be broken. + + +*Python LDAP Applications* articles by Matt Butcher +--------------------------------------------------- + +* `Part 1 - Installing and Configuring the Python-LDAP Library and Binding to an LDAP Directory `_ + + This also covers SASL. + +* `Part 2 - LDAP Operations `_ +* `Part 3 - More LDAP Operations and the LDAP URL Library `_ +* `Part 4 - LDAP Schema `_ + + Gee, someone waded through the badly documented mysteries of module + :mod:`ldap.schema`. + + +`LDAP Programming in Python `_ +------------------------------------------------------------------------- + +Another article for getting started with python-ldap. + + + +`RFC 1823 `_ +------------------------------------------------- + +The LDAP Application Program Interface, mainly for LDAPv2. + + + +`LDAPEXT draft `_ +---------------------------------------------------------------------------- + +The Internet draft of the discontinued IETF working group LDAPEXT is of +interest here since the OpenLDAP 2 libs implement this (expired) draft. + + +`OpenLDAP `_ +--------------------------------------- + +It's worth to have a look at the +`manual pages `_ and the +`Developer's FAQ `_. + + +`VSLDAP `_ +---------------------------------------------------------------------------------------- + +VSLDAP Interoperability Test Suite. diff --git a/Doc/sample_workflow.rst b/Doc/sample_workflow.rst new file mode 100644 index 0000000..60d60ca --- /dev/null +++ b/Doc/sample_workflow.rst @@ -0,0 +1,81 @@ +.. _sample workflow: + +Sample workflow for python-ldap development +------------------------------------------- + +This document will guide you through the process of contributing a change +to python-ldap. + +We assume that, as a user of python-ldap, you're not new to software +development in general, so these instructions are terse. +If you need additional detail, please do ask on the mailing list. + +.. note:: + + The following instructions are for Linux. + If you can translate them to another system, please contribute your + translation! + + +Install `Git`_, `tox`_ and the :ref:`build prerequisites`. + +.. _tox: https://tox.readthedocs.io/en/latest/ + +Clone the repository:: + + $ git clone https://github.com/python-ldap/python-ldap + $ cd python-ldap + +Create a :mod:`virtual environment ` to ensure you in-development +python-ldap won't affect the rest of your system:: + + $ python3 -m venv __venv__ + +.. _git: https://git-scm.com/ +.. _virtualenv: https://virtualenv.pypa.io/en/stable/ + +Activate the virtual environment:: + + $ source __venv__/bin/activate + +Install python-ldap to it in `editable mode`_:: + + (__venv__)$ python -m pip install -e . + +This way, importing a Python module from python-ldap will directly +use the code from your source tree. +If you change C code, you will still need to recompile +(using the ``pip install`` command again). + +.. _editable mode: https://pip.pypa.io/en/stable/reference/pip_install/#editable-installs + +Change the code as desired. + + +To run tests, install and run `tox`_:: + + (__venv__)$ python -m pip install tox + (__venv__)$ tox --skip-missing-interpreters + +This will run tests on all supported versions of Python that you have +installed, skipping the ones you don't. +To run a subset of test environments, run for example:: + + (__venv__)$ tox -e py27,py36 + +In addition to ``pyXY`` environments, we have extra environments +for checking things independent of the Python version: + +* ``doc`` checks syntax and spelling of the documentation +* ``coverage-report`` generates a test coverage report for Python code. + It must be used last, e.g. ``tox -e py27,py36,coverage-report``. +* ``py2-nosasltls`` and ``py3-nosasltls`` check functionality without + SASL and TLS bindings compiled in. + + +When your change is ready, commit to Git, and submit a pull request on GitHub. +You can take a look at the :ref:`committer instructions` to see what we are looking +for in a pull request. + +If you don't want to open a GitHub account, please send patches as attachments +to the python-ldap mailing list. diff --git a/Doc/spelling_wordlist.txt b/Doc/spelling_wordlist.txt new file mode 100644 index 0000000..c24ab48 --- /dev/null +++ b/Doc/spelling_wordlist.txt @@ -0,0 +1,164 @@ +args +async +asyncsearch +attr +attrlist +attrList +attrs +attrsonly +attrsOnly +attrtype +authzId +automagically +backend +behaviour +BER +bindname +boolean +booleanValue +Bytestrings +cancelled +canonicalization +cb +cfg +changeNumber +changesOnly +changeType +changeTypes +cidict +clientctrls +conf +controlType +controlValue +committers +CPython +criticality +cryptographic +Cyrus +defresult +dereferenced +dereferencing +desc +dev +directoryOperation +distinguished +distributedOperation +dit +dn +DN +dSAOperation +encodedControlValue +encodedResponseValue +extype +exvalue +favour +filterstr +filterStr +formatOID +func +GPG +Heimdal +hostport +hrefTarget +hrefText +ignoreResultsNumber +integerValue +Interoperability +isn +Keepalive +Kerberos +keyerror +knownLDAPControls +kwarg +ldap +ldapadd +ldapControls +ldapControlTuples +ldapdelete +ldapi +LDAPObject +ldaps +ldapurl +ldapwhoami +ldif +LDIFWriter +libldap +libs +Libs +macOS +modlist +modrdn +msgid +multi +nameoroid +nots +Novell +objectClass +oc +oid +oids +OpenLDAP +Pagure +postalAddress +pre +previousDN +processResultsCount +Proxied +py +pytest +rdn +readthedocs +reentrant +refmodule +refreshAndPersist +refreshDeletes +refreshOnly +requestName +requestValue +resiter +respvalue +ResultProcessor +returnECs +ruleid +rundir +sasl +searchRoot +searchScope +sed +serverctrls +sessionSourceIp +sessionSourceName +sessionTrackingIdentifier +slapadd +sizelimit +slapd +startup +stderr +stdout +str +Subclasses +subentry +subschema +substr +subtree +syncrepl +syntaxes +timelimit +tracebacks +tuple +tuples +UDP +Umich +unparsing +unsigend +urandom +uri +urlPrefix +urlscheme +userApplications +userPassword +usr +uuids +Valgrind +whitespace +workflow diff --git a/INSTALL b/INSTALL new file mode 100644 index 0000000..b9b13d2 --- /dev/null +++ b/INSTALL @@ -0,0 +1,9 @@ +Quick build instructions: + + edit setup.cfg (see Build/ for platform-specific examples) + python setup.py build + python setup.py install + +Detailed instructions are in Doc/installing.rst, or online at: + + https://python-ldap.readthedocs.io/en/latest/installing.html diff --git a/LICENCE b/LICENCE new file mode 100644 index 0000000..1338962 --- /dev/null +++ b/LICENCE @@ -0,0 +1,11 @@ + +The python-ldap package is distributed under Python-style license. + +Standard disclaimer: + This software is made available by the author(s) to the public for free + and "as is". All users of this free software are solely and entirely + responsible for their own choice and use of this software for their + own purposes. By using this software, each user agrees that the + author(s) shall not be liable for damages of any kind in relation to + its use or performance. The author(s) do not warrant that this software + is fit for any purpose. diff --git a/Lib/ldap/__init__.py b/Lib/ldap/__init__.py new file mode 100644 index 0000000..b179707 --- /dev/null +++ b/Lib/ldap/__init__.py @@ -0,0 +1,111 @@ +""" +ldap - base module + +See https://www.python-ldap.org/ for details. +""" + +# This is also the overall release version number + +from ldap.pkginfo import __version__, __author__, __license__ + +import os +import sys + +if __debug__: + # Tracing is only supported in debugging mode + import atexit + import traceback + _trace_level = int(os.environ.get("PYTHON_LDAP_TRACE_LEVEL", 0)) + _trace_file = os.environ.get("PYTHON_LDAP_TRACE_FILE") + if _trace_file is None: + _trace_file = sys.stderr + else: + _trace_file = open(_trace_file, 'a') + atexit.register(_trace_file.close) + _trace_stack_limit = None +else: + # Any use of the _trace attributes should be guarded by `if __debug__`, + # so they should not be needed here. + # But, providing different API for debug mode is unnecessarily fragile. + _trace_level = 0 + _trace_file = sys.stderr + _trace_stack_limit = None + +import _ldap +assert _ldap.__version__==__version__, \ + ImportError(f'ldap {__version__} and _ldap {_ldap.__version__} version mismatch!') +from _ldap import * +# call into libldap to initialize it right now +LIBLDAP_API_INFO = _ldap.get_option(_ldap.OPT_API_INFO) + +OPT_NAMES_DICT = {} +for k,v in vars(_ldap).items(): + if k.startswith('OPT_'): + OPT_NAMES_DICT[v]=k + +class DummyLock: + """Define dummy class with methods compatible to threading.Lock""" + def __init__(self): + pass + def acquire(self): + pass + def release(self): + pass + +try: + # Check if Python installation was build with thread support + import threading +except ImportError: + LDAPLockBaseClass = DummyLock +else: + LDAPLockBaseClass = threading.Lock + + +class LDAPLock: + """ + Mainly a wrapper class to log all locking events. + Note that this cumbersome approach with _lock attribute was taken + since threading.Lock is not suitable for sub-classing. + """ + _min_trace_level = 3 + + def __init__(self,lock_class=None,desc=''): + """ + lock_class + Class compatible to threading.Lock + desc + Description shown in debug log messages + """ + self._desc = desc + self._lock = (lock_class or LDAPLockBaseClass)() + + def acquire(self): + if __debug__: + global _trace_level + if _trace_level>=self._min_trace_level: + _trace_file.write('***{}.acquire() {} {}\n'.format(self.__class__.__name__,repr(self),self._desc)) + return self._lock.acquire() + + def release(self): + if __debug__: + global _trace_level + if _trace_level>=self._min_trace_level: + _trace_file.write('***{}.release() {} {}\n'.format(self.__class__.__name__,repr(self),self._desc)) + return self._lock.release() + + +# Create module-wide lock for serializing all calls into underlying LDAP lib +_ldap_module_lock = LDAPLock(desc='Module wide') + +from ldap.functions import initialize,get_option,set_option,escape_str,strf_secs,strp_secs + +from ldap.ldapobject import NO_UNIQUE_ENTRY, LDAPBytesWarning + +from ldap.dn import explode_dn,explode_rdn,str2dn,dn2str +del str2dn +del dn2str + +# More constants + +# For compatibility of 2.3 and 2.4 OpenLDAP API +OPT_DIAGNOSTIC_MESSAGE = OPT_ERROR_STRING diff --git a/Lib/ldap/async.py b/Lib/ldap/async.py new file mode 100644 index 0000000..1d4505b --- /dev/null +++ b/Lib/ldap/async.py @@ -0,0 +1,15 @@ +""" +ldap.asyncsearch - handle async LDAP search operations + +See https://www.python-ldap.org/ for details. +""" +import warnings + +from ldap.asyncsearch import * +from ldap.asyncsearch import __version__ + +warnings.warn( + "'ldap.async module' is deprecated, import 'ldap.asyncsearch' instead.", + DeprecationWarning, + stacklevel=2 +) diff --git a/Lib/ldap/asyncsearch.py b/Lib/ldap/asyncsearch.py new file mode 100644 index 0000000..6c6929d --- /dev/null +++ b/Lib/ldap/asyncsearch.py @@ -0,0 +1,284 @@ +""" +ldap.asyncsearch - handle async LDAP search operations + +See https://www.python-ldap.org/ for details. +""" + +import ldap + +from ldap import __version__ + +import ldif + +SEARCH_RESULT_TYPES = { + ldap.RES_SEARCH_ENTRY, + ldap.RES_SEARCH_RESULT, + ldap.RES_SEARCH_REFERENCE, +} + +ENTRY_RESULT_TYPES = { + ldap.RES_SEARCH_ENTRY, + ldap.RES_SEARCH_RESULT, +} + + +class WrongResultType(Exception): + + def __init__(self,receivedResultType,expectedResultTypes): + self.receivedResultType = receivedResultType + self.expectedResultTypes = expectedResultTypes + Exception.__init__(self) + + def __str__(self): + return 'Received wrong result type {} (expected one of {}).'.format( + self.receivedResultType, + ', '.join(self.expectedResultTypes), + ) + + +class AsyncSearchHandler: + """ + Class for stream-processing LDAP search results + + Arguments: + + l + LDAPObject instance + """ + + def __init__(self,l): + self._l = l + self._msgId = None + self._afterFirstResult = 1 + + def startSearch( + self, + searchRoot, + searchScope, + filterStr, + attrList=None, + attrsOnly=0, + timeout=-1, + sizelimit=0, + serverctrls=None, + clientctrls=None + ): + """ + searchRoot + See parameter base of method LDAPObject.search() + searchScope + See parameter scope of method LDAPObject.search() + filterStr + See parameter filter of method LDAPObject.search() + attrList=None + See parameter attrlist of method LDAPObject.search() + attrsOnly + See parameter attrsonly of method LDAPObject.search() + timeout + Maximum time the server shall use for search operation + sizelimit + Maximum number of entries a server should return + (request client-side limit) + serverctrls + list of server-side LDAP controls + clientctrls + list of client-side LDAP controls + """ + self._msgId = self._l.search_ext( + searchRoot,searchScope,filterStr, + attrList,attrsOnly,serverctrls,clientctrls,timeout,sizelimit + ) + self._afterFirstResult = 1 + return # startSearch() + + def preProcessing(self): + """ + Do anything you want after starting search but + before receiving and processing results + """ + + def afterFirstResult(self): + """ + Do anything you want right after successfully receiving but before + processing first result + """ + + def postProcessing(self): + """ + Do anything you want after receiving and processing all results + """ + + def processResults(self,ignoreResultsNumber=0,processResultsCount=0,timeout=-1): + """ + ignoreResultsNumber + Don't process the first ignoreResultsNumber results. + processResultsCount + If non-zero this parameters indicates the number of results + processed is limited to processResultsCount. + timeout + See parameter timeout of ldap.LDAPObject.result() + """ + self.preProcessing() + result_counter = 0 + end_result_counter = ignoreResultsNumber+processResultsCount + go_ahead = 1 + partial = 0 + self.beginResultsDropped = 0 + self.endResultBreak = result_counter + try: + result_type,result_list = None,None + while go_ahead: + while result_type is None and not result_list: + result_type,result_list,result_msgid,result_serverctrls = self._l.result3(self._msgId,0,timeout) + if self._afterFirstResult: + self.afterFirstResult() + self._afterFirstResult = 0 + if not result_list: + break + if result_type not in SEARCH_RESULT_TYPES: + raise WrongResultType(result_type,SEARCH_RESULT_TYPES) + # Loop over list of search results + for result_item in result_list: + if result_counter might cause + # backward compatibility problems + TLSInt('OPT_X_TLS_CRLCHECK', optional=True), + + TLSInt('OPT_X_TLS_CRLFILE', optional=True), + + TLSInt('OPT_X_TLS_CRL_NONE'), + TLSInt('OPT_X_TLS_CRL_PEER'), + TLSInt('OPT_X_TLS_CRL_ALL'), + TLSInt('OPT_X_TLS_NEWCTX', optional=True), + TLSInt('OPT_X_TLS_PROTOCOL_MIN', optional=True), + TLSInt('OPT_X_TLS_PACKAGE', optional=True), + + Int('OPT_X_SASL_MECH'), + Int('OPT_X_SASL_REALM'), + Int('OPT_X_SASL_AUTHCID'), + Int('OPT_X_SASL_AUTHZID'), + Int('OPT_X_SASL_SSF'), + Int('OPT_X_SASL_SSF_EXTERNAL'), + Int('OPT_X_SASL_SECPROPS'), + Int('OPT_X_SASL_SSF_MIN'), + Int('OPT_X_SASL_SSF_MAX'), + Int('OPT_X_SASL_NOCANON', optional=True), + Int('OPT_X_SASL_USERNAME', optional=True), + Int('OPT_CONNECT_ASYNC', optional=True), + Int('OPT_X_KEEPALIVE_IDLE', optional=True), + Int('OPT_X_KEEPALIVE_PROBES', optional=True), + Int('OPT_X_KEEPALIVE_INTERVAL', optional=True), + + Int('DN_FORMAT_LDAP'), + Int('DN_FORMAT_LDAPV3'), + Int('DN_FORMAT_LDAPV2'), + Int('DN_FORMAT_DCE'), + Int('DN_FORMAT_UFN'), + Int('DN_FORMAT_AD_CANONICAL'), + # Int('DN_FORMAT_LBER'), # for testing only + Int('DN_FORMAT_MASK'), + Int('DN_PRETTY'), + Int('DN_SKIP'), + Int('DN_P_NOLEADTRAILSPACES'), + Int('DN_P_NOSPACEAFTERRDN'), + Int('DN_PEDANTIC'), + + Int('AVA_NULL'), + Int('AVA_STRING'), + Int('AVA_BINARY'), + Int('AVA_NONPRINTABLE'), + + Int('OPT_SUCCESS'), + + # XXX - these should be errors + Int('URL_ERR_BADSCOPE'), + Int('URL_ERR_MEM'), + # Int('LIBLDAP_R'), + + Feature('LIBLDAP_R', 'HAVE_LIBLDAP_R'), + Feature('SASL_AVAIL', 'HAVE_SASL'), + Feature('TLS_AVAIL', 'HAVE_TLS'), + Feature('INIT_FD_AVAIL', 'HAVE_LDAP_INIT_FD'), + + Str("CONTROL_MANAGEDSAIT"), + Str("CONTROL_PROXY_AUTHZ"), + Str("CONTROL_SUBENTRIES"), + Str("CONTROL_VALUESRETURNFILTER"), + Str("CONTROL_ASSERT"), + Str("CONTROL_PRE_READ"), + Str("CONTROL_POST_READ"), + Str("CONTROL_SORTREQUEST"), + Str("CONTROL_SORTRESPONSE"), + Str("CONTROL_PAGEDRESULTS"), + Str("CONTROL_SYNC"), + Str("CONTROL_SYNC_STATE"), + Str("CONTROL_SYNC_DONE"), + Str("SYNC_INFO"), + Str("CONTROL_PASSWORDPOLICYREQUEST"), + Str("CONTROL_PASSWORDPOLICYRESPONSE"), + Str("CONTROL_RELAX"), +) + + +def print_header(): # pragma: no cover + """Print the C header file to standard output""" + + print('/*') + print(' * Generated with:') + print(' * python Lib/ldap/constants.py > Modules/constants_generated.h') + print(' *') + print(' * Please do any modifications there, then re-generate this file') + print(' */') + print('') + + current_requirements = [] + + def pop_requirement(): + popped = current_requirements.pop() + print('#endif') + print() + + for definition in CONSTANTS: + while not set(current_requirements).issubset(definition.requirements): + pop_requirement() + + for requirement in definition.requirements: + if requirement not in current_requirements: + current_requirements.append(requirement) + print() + print(f'#if {requirement}') + + print(definition.c_template.format(self=definition)) + + while current_requirements: + pop_requirement() + + +if __name__ == '__main__': + print_header() diff --git a/Lib/ldap/controls/__init__.py b/Lib/ldap/controls/__init__.py new file mode 100644 index 0000000..7355716 --- /dev/null +++ b/Lib/ldap/controls/__init__.py @@ -0,0 +1,157 @@ +""" +controls.py - support classes for LDAP controls + +See https://www.python-ldap.org/ for details. + +Description: +The ldap.controls module provides LDAPControl classes. +Each class provides support for a certain control. +""" + +from ldap.pkginfo import __version__ + +import _ldap +assert _ldap.__version__==__version__, \ + ImportError(f'ldap {__version__} and _ldap {_ldap.__version__} version mismatch!') + +import ldap + +from pyasn1.error import PyAsn1Error + + +__all__ = [ + 'KNOWN_RESPONSE_CONTROLS', + # Classes + 'AssertionControl', + 'BooleanControl', + 'LDAPControl', + 'ManageDSAITControl', + 'MatchedValuesControl', + 'RelaxRulesControl', + 'RequestControl', + 'ResponseControl', + 'SimplePagedResultsControl', + 'ValueLessRequestControl', + # Functions + 'RequestControlTuples', + 'DecodeControlTuples', +] + +# response control OID to class registry +KNOWN_RESPONSE_CONTROLS = {} + + +class RequestControl: + """ + Base class for all request controls + + controlType + OID as string of the LDAPv3 extended request control + criticality + sets the criticality of the control (boolean) + encodedControlValue + control value of the LDAPv3 extended request control + (here it is the BER-encoded ASN.1 control value) + """ + + def __init__(self,controlType=None,criticality=False,encodedControlValue=None): + self.controlType = controlType + self.criticality = criticality + self.encodedControlValue = encodedControlValue + + def encodeControlValue(self): + """ + sets class attribute encodedControlValue to the BER-encoded ASN.1 + control value composed by class attributes set before + """ + return self.encodedControlValue + + +class ResponseControl: + """ + Base class for all response controls + + controlType + OID as string of the LDAPv3 extended response control + criticality + sets the criticality of the received control (boolean) + """ + + def __init__(self,controlType=None,criticality=False): + self.controlType = controlType + self.criticality = criticality + + def decodeControlValue(self,encodedControlValue): + """ + decodes the BER-encoded ASN.1 control value and sets the appropriate + class attributes + """ + self.encodedControlValue = encodedControlValue + + +class LDAPControl(RequestControl,ResponseControl): + """ + Base class for combined request/response controls mainly + for backward-compatibility to python-ldap 2.3.x + """ + + def __init__(self,controlType=None,criticality=False,controlValue=None,encodedControlValue=None): + self.controlType = controlType + self.criticality = criticality + self.controlValue = controlValue + self.encodedControlValue = encodedControlValue + + +def RequestControlTuples(ldapControls): + """ + Return list of readily encoded 3-tuples which can be directly + passed to C module _ldap + + ldapControls + sequence-type of RequestControl objects + """ + if ldapControls is None: + return None + else: + result = [ + (c.controlType,c.criticality,c.encodeControlValue()) + for c in ldapControls + ] + return result + + +def DecodeControlTuples(ldapControlTuples,knownLDAPControls=None): + """ + Returns list of readily decoded ResponseControl objects + + ldapControlTuples + Sequence-type of 3-tuples returned by _ldap.result4() containing + the encoded ASN.1 control values of response controls. + knownLDAPControls + Dictionary mapping extended control's OID to ResponseControl class + of response controls known by the application. If None + ldap.controls.KNOWN_RESPONSE_CONTROLS is used here. + """ + knownLDAPControls = knownLDAPControls or KNOWN_RESPONSE_CONTROLS + result = [] + for controlType,criticality,encodedControlValue in ldapControlTuples or []: + try: + control = knownLDAPControls[controlType]() + except KeyError: + if criticality: + raise ldap.UNAVAILABLE_CRITICAL_EXTENSION('Received unexpected critical response control with controlType %s' % (repr(controlType))) + else: + control.controlType,control.criticality = controlType,criticality + try: + control.decodeControlValue(encodedControlValue) + except PyAsn1Error: + if criticality: + raise + else: + result.append(control) + return result + + +# Import the standard sub-modules +from ldap.controls.simple import * +from ldap.controls.libldap import * diff --git a/Lib/ldap/controls/deref.py b/Lib/ldap/controls/deref.py new file mode 100644 index 0000000..e5b2a7e --- /dev/null +++ b/Lib/ldap/controls/deref.py @@ -0,0 +1,118 @@ +""" +ldap.controls.deref - classes for +(see https://tools.ietf.org/html/draft-masarati-ldap-deref) + +See https://www.python-ldap.org/ for project details. +""" + +__all__ = [ + 'DEREF_CONTROL_OID', + 'DereferenceControl', +] + +import ldap.controls +from ldap.controls import LDAPControl,KNOWN_RESPONSE_CONTROLS + +import pyasn1_modules.rfc2251 +from pyasn1.type import namedtype,univ,tag +from pyasn1.codec.ber import encoder,decoder +from pyasn1_modules.rfc2251 import LDAPDN,AttributeDescription,AttributeDescriptionList,AttributeValue + + +DEREF_CONTROL_OID = '1.3.6.1.4.1.4203.666.5.16' + + +# Request types +#--------------------------------------------------------------------------- + +# For compatibility with ASN.1 declaration in I-D +AttributeList = AttributeDescriptionList + +class DerefSpec(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType( + 'derefAttr', + AttributeDescription() + ), + namedtype.NamedType( + 'attributes', + AttributeList() + ), + ) + +class DerefSpecs(univ.SequenceOf): + componentType = DerefSpec() + +# Response types +#--------------------------------------------------------------------------- + + +class AttributeValues(univ.SetOf): + componentType = AttributeValue() + + +class PartialAttribute(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('type', AttributeDescription()), + namedtype.NamedType('vals', AttributeValues()), + ) + + +class PartialAttributeList(univ.SequenceOf): + componentType = PartialAttribute() + tagSet = univ.Sequence.tagSet.tagImplicitly( + tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,0) + ) + + +class DerefRes(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('derefAttr', AttributeDescription()), + namedtype.NamedType('derefVal', LDAPDN()), + namedtype.OptionalNamedType('attrVals', PartialAttributeList()), + ) + + +class DerefResultControlValue(univ.SequenceOf): + componentType = DerefRes() + + +class DereferenceControl(LDAPControl): + controlType = DEREF_CONTROL_OID + + def __init__(self,criticality=False,derefSpecs=None): + LDAPControl.__init__(self,self.controlType,criticality) + self.derefSpecs = derefSpecs or {} + + def _derefSpecs(self): + deref_specs = DerefSpecs() + i = 0 + for deref_attr,deref_attribute_names in self.derefSpecs.items(): + deref_spec = DerefSpec() + deref_attributes = AttributeList() + for j in range(len(deref_attribute_names)): + deref_attributes.setComponentByPosition(j,deref_attribute_names[j]) + deref_spec.setComponentByName('derefAttr',AttributeDescription(deref_attr)) + deref_spec.setComponentByName('attributes',deref_attributes) + deref_specs.setComponentByPosition(i,deref_spec) + i += 1 + return deref_specs + + def encodeControlValue(self): + return encoder.encode(self._derefSpecs()) + + def decodeControlValue(self,encodedControlValue): + decodedValue,_ = decoder.decode(encodedControlValue,asn1Spec=DerefResultControlValue()) + self.derefRes = {} + for deref_res in decodedValue: + deref_attr,deref_val,deref_vals = deref_res[0],deref_res[1],deref_res[2] + partial_attrs_dict = { + str(tv[0]): [str(v) for v in tv[1]] + for tv in deref_vals or [] + } + try: + self.derefRes[str(deref_attr)].append((str(deref_val),partial_attrs_dict)) + except KeyError: + self.derefRes[str(deref_attr)] = [(str(deref_val),partial_attrs_dict)] + +KNOWN_RESPONSE_CONTROLS[DereferenceControl.controlType] = DereferenceControl diff --git a/Lib/ldap/controls/libldap.py b/Lib/ldap/controls/libldap.py new file mode 100644 index 0000000..9a10237 --- /dev/null +++ b/Lib/ldap/controls/libldap.py @@ -0,0 +1,81 @@ +""" +controls.libldap - LDAP controls wrapper classes with en-/decoding done +by OpenLDAP functions + +See https://www.python-ldap.org/ for details. +""" + +from ldap.pkginfo import __version__ + +import _ldap +assert _ldap.__version__==__version__, \ + ImportError(f'ldap {__version__} and _ldap {_ldap.__version__} version mismatch!') + +import ldap + +from ldap.controls import RequestControl,LDAPControl,KNOWN_RESPONSE_CONTROLS + + +class AssertionControl(RequestControl): + """ + LDAP Assertion control, as defined in RFC 4528 + + filterstr + LDAP filter string specifying which assertions have to match + so that the server processes the operation + """ + + controlType = ldap.CONTROL_ASSERT + def __init__(self,criticality=True,filterstr='(objectClass=*)'): + self.criticality = criticality + self.filterstr = filterstr + + def encodeControlValue(self): + return _ldap.encode_assertion_control(self.filterstr) + +KNOWN_RESPONSE_CONTROLS[ldap.CONTROL_ASSERT] = AssertionControl + + +class MatchedValuesControl(RequestControl): + """ + LDAP Matched Values control, as defined in RFC 3876 + + filterstr + LDAP filter string specifying which attribute values + should be returned + """ + + controlType = ldap.CONTROL_VALUESRETURNFILTER + + def __init__(self,criticality=False,filterstr='(objectClass=*)'): + self.criticality = criticality + self.filterstr = filterstr + + def encodeControlValue(self): + return _ldap.encode_valuesreturnfilter_control(self.filterstr) + +KNOWN_RESPONSE_CONTROLS[ldap.CONTROL_VALUESRETURNFILTER] = MatchedValuesControl + + +class SimplePagedResultsControl(LDAPControl): + """ + LDAP Control Extension for Simple Paged Results Manipulation + + size + Page size requested (number of entries to be returned) + cookie + Cookie string received with last page + """ + controlType = ldap.CONTROL_PAGEDRESULTS + + def __init__(self,criticality=False,size=None,cookie=None): + self.criticality = criticality + self.size,self.cookie = size,cookie + + def encodeControlValue(self): + return _ldap.encode_page_control(self.size,self.cookie) + + def decodeControlValue(self,encodedControlValue): + self.size,self.cookie = _ldap.decode_page_control(encodedControlValue) + +KNOWN_RESPONSE_CONTROLS[ldap.CONTROL_PAGEDRESULTS] = SimplePagedResultsControl diff --git a/Lib/ldap/controls/openldap.py b/Lib/ldap/controls/openldap.py new file mode 100644 index 0000000..24040ed --- /dev/null +++ b/Lib/ldap/controls/openldap.py @@ -0,0 +1,81 @@ +""" +ldap.controls.openldap - classes for OpenLDAP-specific controls + +See https://www.python-ldap.org/ for project details. +""" + +import ldap.controls +from ldap.controls import ValueLessRequestControl,ResponseControl + +from pyasn1.type import univ +from pyasn1.codec.ber import decoder + + +__all__ = [ + 'SearchNoOpControl', + 'SearchNoOpMixIn', +] + + +class SearchNoOpControl(ValueLessRequestControl,ResponseControl): + """ + No-op control attached to search operations implementing sort of a + count operation + + see https://www.openldap.org/its/index.cgi?findid=6598 + """ + controlType = '1.3.6.1.4.1.4203.666.5.18' + + def __init__(self,criticality=False): + self.criticality = criticality + + class SearchNoOpControlValue(univ.Sequence): + pass + + def decodeControlValue(self,encodedControlValue): + decodedValue,_ = decoder.decode(encodedControlValue,asn1Spec=self.SearchNoOpControlValue()) + self.resultCode = int(decodedValue[0]) + self.numSearchResults = int(decodedValue[1]) + self.numSearchContinuations = int(decodedValue[2]) + + +ldap.controls.KNOWN_RESPONSE_CONTROLS[SearchNoOpControl.controlType] = SearchNoOpControl + + +class SearchNoOpMixIn: + """ + Mix-in class to be used with class LDAPObject and friends. + + It adds a convenience method noop_search_st() to LDAPObject + for easily using the no-op search control. + """ + + def noop_search_st(self,base,scope=ldap.SCOPE_SUBTREE,filterstr='(objectClass=*)',timeout=-1): + try: + msg_id = self.search_ext( + base, + scope, + filterstr=filterstr, + attrlist=['1.1'], + timeout=timeout, + serverctrls=[SearchNoOpControl(criticality=True)], + ) + _,_,_,search_response_ctrls = self.result3(msg_id,all=1,timeout=timeout) + except ( + ldap.TIMEOUT, + ldap.TIMELIMIT_EXCEEDED, + ldap.SIZELIMIT_EXCEEDED, + ldap.ADMINLIMIT_EXCEEDED + ) as e: + self.abandon(msg_id) + raise e + else: + noop_srch_ctrl = [ + c + for c in search_response_ctrls + if c.controlType==SearchNoOpControl.controlType + ] + if noop_srch_ctrl: + return noop_srch_ctrl[0].numSearchResults,noop_srch_ctrl[0].numSearchContinuations + else: + return (None,None) diff --git a/Lib/ldap/controls/pagedresults.py b/Lib/ldap/controls/pagedresults.py new file mode 100644 index 0000000..12ca573 --- /dev/null +++ b/Lib/ldap/controls/pagedresults.py @@ -0,0 +1,49 @@ +""" +ldap.controls.paged - classes for Simple Paged control +(see RFC 2696) + +See https://www.python-ldap.org/ for project details. +""" + +__all__ = [ + 'SimplePagedResultsControl' +] + +# Imports from python-ldap 2.4+ +import ldap.controls +from ldap.controls import RequestControl,ResponseControl,KNOWN_RESPONSE_CONTROLS + +# Imports from pyasn1 +from pyasn1.type import tag,namedtype,univ,constraint +from pyasn1.codec.ber import encoder,decoder +from pyasn1_modules.rfc2251 import LDAPString + + +class PagedResultsControlValue(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('size',univ.Integer()), + namedtype.NamedType('cookie',LDAPString()), + ) + + +class SimplePagedResultsControl(RequestControl,ResponseControl): + controlType = '1.2.840.113556.1.4.319' + + def __init__(self,criticality=False,size=10,cookie=''): + self.criticality = criticality + self.size = size + self.cookie = cookie or '' + + def encodeControlValue(self): + pc = PagedResultsControlValue() + pc.setComponentByName('size',univ.Integer(self.size)) + pc.setComponentByName('cookie',LDAPString(self.cookie)) + return encoder.encode(pc) + + def decodeControlValue(self,encodedControlValue): + decodedValue,_ = decoder.decode(encodedControlValue,asn1Spec=PagedResultsControlValue()) + self.size = int(decodedValue.getComponentByName('size')) + self.cookie = bytes(decodedValue.getComponentByName('cookie')) + + +KNOWN_RESPONSE_CONTROLS[SimplePagedResultsControl.controlType] = SimplePagedResultsControl diff --git a/Lib/ldap/controls/ppolicy.py b/Lib/ldap/controls/ppolicy.py new file mode 100644 index 0000000..da7586f --- /dev/null +++ b/Lib/ldap/controls/ppolicy.py @@ -0,0 +1,104 @@ +""" +ldap.controls.ppolicy - classes for Password Policy controls +(see https://tools.ietf.org/html/draft-behera-ldap-password-policy) + +See https://www.python-ldap.org/ for project details. +""" + +__all__ = [ + 'PasswordPolicyControl' +] + +# Imports from python-ldap 2.4+ +from ldap.controls import ( + ResponseControl, ValueLessRequestControl, KNOWN_RESPONSE_CONTROLS +) + +# Imports from pyasn1 +from pyasn1.type import tag,namedtype,namedval,univ,constraint +from pyasn1.codec.der import decoder + + +class PasswordPolicyWarning(univ.Choice): + componentType = namedtype.NamedTypes( + namedtype.NamedType('timeBeforeExpiration',univ.Integer().subtype( + implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,0) + )), + namedtype.NamedType('graceAuthNsRemaining',univ.Integer().subtype( + implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,1) + )), + ) + + +class PasswordPolicyError(univ.Enumerated): + namedValues = namedval.NamedValues( + ('passwordExpired',0), + ('accountLocked',1), + ('changeAfterReset',2), + ('passwordModNotAllowed',3), + ('mustSupplyOldPassword',4), + ('insufficientPasswordQuality',5), + ('passwordTooShort',6), + ('passwordTooYoung',7), + ('passwordInHistory',8) + ) + subtypeSpec = univ.Enumerated.subtypeSpec + constraint.SingleValueConstraint(0,1,2,3,4,5,6,7,8) + + +class PasswordPolicyResponseValue(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType( + 'warning', + PasswordPolicyWarning().subtype( + implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,0) + ), + ), + namedtype.OptionalNamedType( + 'error',PasswordPolicyError().subtype( + implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,1) + ) + ), + ) + + +class PasswordPolicyControl(ValueLessRequestControl,ResponseControl): + """ + Indicates the errors and warnings about the password policy. + + Attributes + ---------- + + timeBeforeExpiration : int + The time before the password expires. + + graceAuthNsRemaining : int + The number of grace authentications remaining. + + error: int + The password and authentication errors. + """ + controlType = '1.3.6.1.4.1.42.2.27.8.5.1' + + def __init__(self,criticality=False): + self.criticality = criticality + self.timeBeforeExpiration = None + self.graceAuthNsRemaining = None + self.error = None + + def decodeControlValue(self,encodedControlValue): + ppolicyValue,_ = decoder.decode(encodedControlValue,asn1Spec=PasswordPolicyResponseValue()) + warning = ppolicyValue.getComponentByName('warning') + if warning.hasValue(): + if 'timeBeforeExpiration' in warning: + self.timeBeforeExpiration = int( + warning.getComponentByName('timeBeforeExpiration')) + if 'graceAuthNsRemaining' in warning: + self.graceAuthNsRemaining = int( + warning.getComponentByName('graceAuthNsRemaining')) + + error = ppolicyValue.getComponentByName('error') + if error.hasValue(): + self.error = int(error) + + +KNOWN_RESPONSE_CONTROLS[PasswordPolicyControl.controlType] = PasswordPolicyControl diff --git a/Lib/ldap/controls/psearch.py b/Lib/ldap/controls/psearch.py new file mode 100644 index 0000000..32900c8 --- /dev/null +++ b/Lib/ldap/controls/psearch.py @@ -0,0 +1,129 @@ +""" +ldap.controls.psearch - classes for Persistent Search Control +(see https://tools.ietf.org/html/draft-ietf-ldapext-psearch) + +See https://www.python-ldap.org/ for project details. +""" + +__all__ = [ + 'PersistentSearchControl', + 'EntryChangeNotificationControl', + 'CHANGE_TYPES_INT', + 'CHANGE_TYPES_STR', +] + +# Imports from python-ldap 2.4+ +import ldap.controls +from ldap.controls import RequestControl,ResponseControl,KNOWN_RESPONSE_CONTROLS + +# Imports from pyasn1 +from pyasn1.type import namedtype,namedval,univ,constraint +from pyasn1.codec.ber import encoder,decoder +from pyasn1_modules.rfc2251 import LDAPDN + +#--------------------------------------------------------------------------- +# Constants and classes for Persistent Search Control +#--------------------------------------------------------------------------- + +CHANGE_TYPES_INT = { + 'add':1, + 'delete':2, + 'modify':4, + 'modDN':8, +} +CHANGE_TYPES_STR = {v: k for k,v in CHANGE_TYPES_INT.items()} + + +class PersistentSearchControl(RequestControl): + """ + Implements the request control for persistent search. + + changeTypes + List of strings specifying the types of changes returned by the server. + Setting to None requests all changes. + changesOnly + Boolean which indicates whether only changes are returned by the server. + returnECs + Boolean which indicates whether the server should return an + Entry Change Notification response control + """ + + class PersistentSearchControlValue(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('changeTypes',univ.Integer()), + namedtype.NamedType('changesOnly',univ.Boolean()), + namedtype.NamedType('returnECs',univ.Boolean()), + ) + + controlType = "2.16.840.1.113730.3.4.3" + + def __init__(self,criticality=True,changeTypes=None,changesOnly=False,returnECs=True): + self.criticality,self.changesOnly,self.returnECs = \ + criticality,changesOnly,returnECs + self.changeTypes = changeTypes or CHANGE_TYPES_INT.values() + + def encodeControlValue(self): + if not type(self.changeTypes)==type(0): + # Assume a sequence type of integers to be OR-ed + changeTypes_int = 0 + for ct in self.changeTypes: + changeTypes_int = changeTypes_int|CHANGE_TYPES_INT.get(ct,ct) + self.changeTypes = changeTypes_int + p = self.PersistentSearchControlValue() + p.setComponentByName('changeTypes',univ.Integer(self.changeTypes)) + p.setComponentByName('changesOnly',univ.Boolean(self.changesOnly)) + p.setComponentByName('returnECs',univ.Boolean(self.returnECs)) + return encoder.encode(p) + + +class ChangeType(univ.Enumerated): + namedValues = namedval.NamedValues( + ('add',1), + ('delete',2), + ('modify',4), + ('modDN',8), + ) + subtypeSpec = univ.Enumerated.subtypeSpec + constraint.SingleValueConstraint(1,2,4,8) + + +class EntryChangeNotificationValue(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('changeType',ChangeType()), + namedtype.OptionalNamedType('previousDN', LDAPDN()), + namedtype.OptionalNamedType('changeNumber',univ.Integer()), + ) + + +class EntryChangeNotificationControl(ResponseControl): + """ + Implements the response control for persistent search. + + Class attributes with values extracted from the response control: + + changeType + String indicating the type of change causing this result to be + returned by the server + previousDN + Old DN of the entry in case of a modrdn change + changeNumber + A change serial number returned by the server (optional). + """ + + controlType = "2.16.840.1.113730.3.4.7" + + def decodeControlValue(self,encodedControlValue): + ecncValue,_ = decoder.decode(encodedControlValue,asn1Spec=EntryChangeNotificationValue()) + self.changeType = int(ecncValue.getComponentByName('changeType')) + previousDN = ecncValue.getComponentByName('previousDN') + if previousDN.hasValue(): + self.previousDN = str(previousDN) + else: + self.previousDN = None + changeNumber = ecncValue.getComponentByName('changeNumber') + if changeNumber.hasValue(): + self.changeNumber = int(changeNumber) + else: + self.changeNumber = None + return (self.changeType,self.previousDN,self.changeNumber) + +KNOWN_RESPONSE_CONTROLS[EntryChangeNotificationControl.controlType] = EntryChangeNotificationControl diff --git a/Lib/ldap/controls/pwdpolicy.py b/Lib/ldap/controls/pwdpolicy.py new file mode 100644 index 0000000..54f1a70 --- /dev/null +++ b/Lib/ldap/controls/pwdpolicy.py @@ -0,0 +1,39 @@ +""" +ldap.controls.pwdpolicy - classes for Password Policy controls +(see https://tools.ietf.org/html/draft-vchu-ldap-pwd-policy) + +See https://www.python-ldap.org/ for project details. +""" + +__all__ = [ + 'PasswordExpiringControl', + 'PasswordExpiredControl', +] + +# Imports from python-ldap 2.4+ +import ldap.controls +from ldap.controls import RequestControl,ResponseControl,ValueLessRequestControl,KNOWN_RESPONSE_CONTROLS + + +class PasswordExpiringControl(ResponseControl): + """ + Indicates time in seconds when password will expire + """ + controlType = '2.16.840.1.113730.3.4.5' + + def decodeControlValue(self,encodedControlValue): + self.gracePeriod = int(encodedControlValue) + +KNOWN_RESPONSE_CONTROLS[PasswordExpiringControl.controlType] = PasswordExpiringControl + + +class PasswordExpiredControl(ResponseControl): + """ + Indicates that password is expired + """ + controlType = '2.16.840.1.113730.3.4.4' + + def decodeControlValue(self,encodedControlValue): + self.passwordExpired = encodedControlValue=='0' + +KNOWN_RESPONSE_CONTROLS[PasswordExpiredControl.controlType] = PasswordExpiredControl diff --git a/Lib/ldap/controls/readentry.py b/Lib/ldap/controls/readentry.py new file mode 100644 index 0000000..7b2a7e8 --- /dev/null +++ b/Lib/ldap/controls/readentry.py @@ -0,0 +1,87 @@ +""" +ldap.controls.readentry - classes for the Read Entry controls +(see RFC 4527) + +See https://www.python-ldap.org/ for project details. +""" + +import ldap + +from pyasn1.codec.ber import encoder,decoder +from ldap.controls import LDAPControl,KNOWN_RESPONSE_CONTROLS + +from pyasn1_modules.rfc2251 import AttributeDescriptionList,SearchResultEntry + + +class ReadEntryControl(LDAPControl): + """ + Base class for read entry control described in RFC 4527 + + attrList + list of attribute type names requested + + Class attributes with values extracted from the response control: + + dn + string holding the distinguished name of the LDAP entry + entry + dictionary holding the LDAP entry + """ + + def __init__(self,criticality=False,attrList=None): + self.criticality,self.attrList,self.entry = criticality,attrList or [],None + + def encodeControlValue(self): + attributeSelection = AttributeDescriptionList() + for i in range(len(self.attrList)): + attributeSelection.setComponentByPosition(i,self.attrList[i]) + return encoder.encode(attributeSelection) + + def decodeControlValue(self,encodedControlValue): + decodedEntry,_ = decoder.decode(encodedControlValue,asn1Spec=SearchResultEntry()) + self.dn = str(decodedEntry[0]) + self.entry = {} + for attr in decodedEntry[1]: + self.entry[str(attr[0])] = [ bytes(attr_value) for attr_value in attr[1] ] + + +class PreReadControl(ReadEntryControl): + """ + Class for pre-read control described in RFC 4527 + + attrList + list of attribute type names requested + + Class attributes with values extracted from the response control: + + dn + string holding the distinguished name of the LDAP entry + before the operation was done by the server + entry + dictionary holding the LDAP entry + before the operation was done by the server + """ + controlType = ldap.CONTROL_PRE_READ + +KNOWN_RESPONSE_CONTROLS[PreReadControl.controlType] = PreReadControl + + +class PostReadControl(ReadEntryControl): + """ + Class for post-read control described in RFC 4527 + + attrList + list of attribute type names requested + + Class attributes with values extracted from the response control: + + dn + string holding the distinguished name of the LDAP entry + after the operation was done by the server + entry + dictionary holding the LDAP entry + after the operation was done by the server + """ + controlType = ldap.CONTROL_POST_READ + +KNOWN_RESPONSE_CONTROLS[PostReadControl.controlType] = PostReadControl diff --git a/Lib/ldap/controls/sessiontrack.py b/Lib/ldap/controls/sessiontrack.py new file mode 100644 index 0000000..a1fb8b3 --- /dev/null +++ b/Lib/ldap/controls/sessiontrack.py @@ -0,0 +1,61 @@ +""" +ldap.controls.sessiontrack - class for session tracking control +(see draft-wahl-ldap-session) + +See https://www.python-ldap.org/ for project details. +""" + +from ldap.controls import RequestControl + +from pyasn1.type import namedtype,univ +from pyasn1.codec.ber import encoder +from pyasn1_modules.rfc2251 import LDAPString,LDAPOID + + +# OID constants +SESSION_TRACKING_CONTROL_OID = "1.3.6.1.4.1.21008.108.63.1" +SESSION_TRACKING_FORMAT_OID_RADIUS_ACCT_SESSION_ID = SESSION_TRACKING_CONTROL_OID+".1" +SESSION_TRACKING_FORMAT_OID_RADIUS_ACCT_MULTI_SESSION_ID = SESSION_TRACKING_CONTROL_OID+".2" +SESSION_TRACKING_FORMAT_OID_USERNAME = SESSION_TRACKING_CONTROL_OID+".3" + + +class SessionTrackingControl(RequestControl): + """ + Class for Session Tracking Control + + Because criticality MUST be false for this control it cannot be set + from the application. + + sessionSourceIp + IP address of the request source as string + sessionSourceName + Name of the request source as string + formatOID + OID as string specifying the format + sessionTrackingIdentifier + String containing a specific tracking ID + """ + + class SessionIdentifierControlValue(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('sessionSourceIp',LDAPString()), + namedtype.NamedType('sessionSourceName',LDAPString()), + namedtype.NamedType('formatOID',LDAPOID()), + namedtype.NamedType('sessionTrackingIdentifier',LDAPString()), + ) + + controlType = SESSION_TRACKING_CONTROL_OID + + def __init__(self,sessionSourceIp,sessionSourceName,formatOID,sessionTrackingIdentifier): + # criticality MUST be false for this control + self.criticality = False + self.sessionSourceIp,self.sessionSourceName,self.formatOID,self.sessionTrackingIdentifier = \ + sessionSourceIp,sessionSourceName,formatOID,sessionTrackingIdentifier + + def encodeControlValue(self): + s = self.SessionIdentifierControlValue() + s.setComponentByName('sessionSourceIp',LDAPString(self.sessionSourceIp)) + s.setComponentByName('sessionSourceName',LDAPString(self.sessionSourceName)) + s.setComponentByName('formatOID',LDAPOID(self.formatOID)) + s.setComponentByName('sessionTrackingIdentifier',LDAPString(self.sessionTrackingIdentifier)) + return encoder.encode(s) diff --git a/Lib/ldap/controls/simple.py b/Lib/ldap/controls/simple.py new file mode 100644 index 0000000..05f6760 --- /dev/null +++ b/Lib/ldap/controls/simple.py @@ -0,0 +1,144 @@ +""" +ldap.controls.simple - classes for some very simple LDAP controls + +See https://www.python-ldap.org/ for details. +""" + +import struct,ldap +from ldap.controls import RequestControl,ResponseControl,LDAPControl,KNOWN_RESPONSE_CONTROLS + + +class ValueLessRequestControl(RequestControl): + """ + Base class for controls without a controlValue. + The presence of the control in a LDAPv3 request changes the server's + behaviour when processing the request simply based on the controlType. + + controlType + OID of the request control + criticality + criticality request control + """ + + def __init__(self,controlType=None,criticality=False): + self.controlType = controlType + self.criticality = criticality + + def encodeControlValue(self): + return None + + +class OctetStringInteger(LDAPControl): + """ + Base class with controlValue being unsigend integer values + + integerValue + Integer to be sent as OctetString + """ + + def __init__(self,controlType=None,criticality=False,integerValue=None): + self.controlType = controlType + self.criticality = criticality + self.integerValue = integerValue + + def encodeControlValue(self): + return struct.pack('!Q',self.integerValue) + + def decodeControlValue(self,encodedControlValue): + self.integerValue = struct.unpack('!Q',encodedControlValue)[0] + + +class BooleanControl(LDAPControl): + """ + Base class for simple request controls with boolean control value. + + Constructor argument and class attribute: + + booleanValue + Boolean (True/False or 1/0) which is the boolean controlValue. + """ + boolean2ber = { 1:'\x01\x01\xFF', 0:'\x01\x01\x00' } + ber2boolean = { '\x01\x01\xFF':1, '\x01\x01\x00':0 } + + def __init__(self,controlType=None,criticality=False,booleanValue=False): + self.controlType = controlType + self.criticality = criticality + self.booleanValue = booleanValue + + def encodeControlValue(self): + return self.boolean2ber[int(self.booleanValue)] + + def decodeControlValue(self,encodedControlValue): + self.booleanValue = self.ber2boolean[encodedControlValue] + + +class ManageDSAITControl(ValueLessRequestControl): + """ + Manage DSA IT Control + """ + + def __init__(self,criticality=False): + ValueLessRequestControl.__init__(self,ldap.CONTROL_MANAGEDSAIT,criticality=False) + +KNOWN_RESPONSE_CONTROLS[ldap.CONTROL_MANAGEDSAIT] = ManageDSAITControl + + +class RelaxRulesControl(ValueLessRequestControl): + """ + Relax Rules Control + """ + + def __init__(self,criticality=False): + ValueLessRequestControl.__init__(self,ldap.CONTROL_RELAX,criticality=False) + +KNOWN_RESPONSE_CONTROLS[ldap.CONTROL_RELAX] = RelaxRulesControl + + +class ProxyAuthzControl(RequestControl): + """ + Proxy Authorization Control + + authzId + string containing the authorization ID indicating the identity + on behalf which the server should process the request + """ + + def __init__(self,criticality,authzId): + RequestControl.__init__(self,ldap.CONTROL_PROXY_AUTHZ,criticality,authzId) + + +class AuthorizationIdentityRequestControl(ValueLessRequestControl): + """ + Authorization Identity Request and Response Controls + """ + controlType = '2.16.840.1.113730.3.4.16' + + def __init__(self,criticality): + ValueLessRequestControl.__init__(self,self.controlType,criticality) + + +class AuthorizationIdentityResponseControl(ResponseControl): + """ + Authorization Identity Request and Response Controls + + Class attributes: + + authzId + decoded authorization identity + """ + controlType = '2.16.840.1.113730.3.4.15' + + def decodeControlValue(self,encodedControlValue): + self.authzId = encodedControlValue + + +KNOWN_RESPONSE_CONTROLS[AuthorizationIdentityResponseControl.controlType] = AuthorizationIdentityResponseControl + + +class GetEffectiveRightsControl(RequestControl): + """ + Get Effective Rights Control + """ + + def __init__(self,criticality,authzId=None): + RequestControl.__init__(self,'1.3.6.1.4.1.42.2.27.9.5.2',criticality,authzId) diff --git a/Lib/ldap/controls/sss.py b/Lib/ldap/controls/sss.py new file mode 100644 index 0000000..e6ee368 --- /dev/null +++ b/Lib/ldap/controls/sss.py @@ -0,0 +1,134 @@ +""" +ldap.controls.sss - classes for Server Side Sorting +(see RFC 2891) + +See https://www.python-ldap.org/ for project details. +""" + +__all__ = [ + 'SSSRequestControl', + 'SSSResponseControl', +] + + +import sys + +import ldap +from ldap.ldapobject import LDAPObject +from ldap.controls import (RequestControl, ResponseControl, + KNOWN_RESPONSE_CONTROLS, DecodeControlTuples) + +from pyasn1.type import univ, namedtype, tag, namedval, constraint +from pyasn1.codec.ber import encoder, decoder + + +# SortKeyList ::= SEQUENCE OF SEQUENCE { +# attributeType AttributeDescription, +# orderingRule [0] MatchingRuleId OPTIONAL, +# reverseOrder [1] BOOLEAN DEFAULT FALSE } + + +class SortKeyType(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('attributeType', univ.OctetString()), + namedtype.OptionalNamedType('orderingRule', + univ.OctetString().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0) + ) + ), + namedtype.DefaultedNamedType('reverseOrder', univ.Boolean(False).subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))) + + +class SortKeyListType(univ.SequenceOf): + componentType = SortKeyType() + + +class SSSRequestControl(RequestControl): + '''Order result server side + + >>> s = SSSRequestControl(ordering_rules=['-cn']) + ''' + controlType = '1.2.840.113556.1.4.473' + + def __init__( + self, + criticality=False, + ordering_rules=None, + ): + RequestControl.__init__(self,self.controlType,criticality) + self.ordering_rules = ordering_rules + if isinstance(ordering_rules, str): + ordering_rules = [ordering_rules] + for rule in ordering_rules: + rule = rule.split(':') + assert len(rule) < 3, 'syntax for ordering rule: [-][:ordering-rule]' + + def asn1(self): + p = SortKeyListType() + for i, rule in enumerate(self.ordering_rules): + q = SortKeyType() + reverse_order = rule.startswith('-') + if reverse_order: + rule = rule[1:] + if ':' in rule: + attribute_type, ordering_rule = rule.split(':') + else: + attribute_type, ordering_rule = rule, None + q.setComponentByName('attributeType', attribute_type) + if ordering_rule: + q.setComponentByName('orderingRule', ordering_rule) + if reverse_order: + q.setComponentByName('reverseOrder', 1) + p.setComponentByPosition(i, q) + return p + + def encodeControlValue(self): + return encoder.encode(self.asn1()) + + +class SortResultType(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('sortResult', univ.Enumerated().subtype( + namedValues=namedval.NamedValues( + ('success', 0), + ('operationsError', 1), + ('timeLimitExceeded', 3), + ('strongAuthRequired', 8), + ('adminLimitExceeded', 11), + ('noSuchAttribute', 16), + ('inappropriateMatching', 18), + ('insufficientAccessRights', 50), + ('busy', 51), + ('unwillingToPerform', 53), + ('other', 80)), + subtypeSpec=univ.Enumerated.subtypeSpec + constraint.SingleValueConstraint( + 0, 1, 3, 8, 11, 16, 18, 50, 51, 53, 80))), + namedtype.OptionalNamedType('attributeType', + univ.OctetString().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0) + ) + )) + + +class SSSResponseControl(ResponseControl): + controlType = '1.2.840.113556.1.4.474' + + def __init__(self,criticality=False): + ResponseControl.__init__(self,self.controlType,criticality) + + def decodeControlValue(self, encoded): + p, rest = decoder.decode(encoded, asn1Spec=SortResultType()) + assert not rest, 'all data could not be decoded' + sort_result = p.getComponentByName('sortResult') + self.sortResult = int(sort_result) + attribute_type = p.getComponentByName('attributeType') + if attribute_type.hasValue(): + self.attributeType = attribute_type + else: + self.attributeType = None + # backward compatibility class attributes + self.result = self.sortResult + self.attribute_type_error = self.attributeType + +KNOWN_RESPONSE_CONTROLS[SSSResponseControl.controlType] = SSSResponseControl diff --git a/Lib/ldap/controls/vlv.py b/Lib/ldap/controls/vlv.py new file mode 100644 index 0000000..5fc7ce8 --- /dev/null +++ b/Lib/ldap/controls/vlv.py @@ -0,0 +1,142 @@ +""" +ldap.controls.vlv - classes for Virtual List View +(see draft-ietf-ldapext-ldapv3-vlv) + +See https://www.python-ldap.org/ for project details. +""" + +__all__ = [ + 'VLVRequestControl', + 'VLVResponseControl', +] + +import ldap +from ldap.ldapobject import LDAPObject +from ldap.controls import (RequestControl, ResponseControl, + KNOWN_RESPONSE_CONTROLS, DecodeControlTuples) + +from pyasn1.type import univ, namedtype, tag, namedval, constraint +from pyasn1.codec.ber import encoder, decoder + + +class ByOffsetType(univ.Sequence): + tagSet = univ.Sequence.tagSet.tagImplicitly( + tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)) + componentType = namedtype.NamedTypes( + namedtype.NamedType('offset', univ.Integer()), + namedtype.NamedType('contentCount', univ.Integer())) + + +class TargetType(univ.Choice): + componentType = namedtype.NamedTypes( + namedtype.NamedType('byOffset', ByOffsetType()), + namedtype.NamedType('greaterThanOrEqual', univ.OctetString().subtype( + implicitTag=tag.Tag(tag.tagClassContext, + tag.tagFormatSimple, 1)))) + + +class VirtualListViewRequestType(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('beforeCount', univ.Integer()), + namedtype.NamedType('afterCount', univ.Integer()), + namedtype.NamedType('target', TargetType()), + namedtype.OptionalNamedType('contextID', univ.OctetString())) + + +class VLVRequestControl(RequestControl): + controlType = '2.16.840.1.113730.3.4.9' + + def __init__( + self, + criticality=False, + before_count=0, + after_count=0, + offset=None, + content_count=None, + greater_than_or_equal=None, + context_id=None, + ): + RequestControl.__init__(self,self.controlType,criticality) + assert (offset is not None and content_count is not None) or \ + greater_than_or_equal, \ + ValueError( + 'offset and content_count must be set together or greater_than_or_equal must be used' + ) + self.before_count = before_count + self.after_count = after_count + self.offset = offset + self.content_count = content_count + self.greater_than_or_equal = greater_than_or_equal + self.context_id = context_id + + def encodeControlValue(self): + p = VirtualListViewRequestType() + p.setComponentByName('beforeCount', self.before_count) + p.setComponentByName('afterCount', self.after_count) + if self.offset is not None and self.content_count is not None: + by_offset = ByOffsetType() + by_offset.setComponentByName('offset', self.offset) + by_offset.setComponentByName('contentCount', self.content_count) + target = TargetType() + target.setComponentByName('byOffset', by_offset) + elif self.greater_than_or_equal: + target = TargetType() + target.setComponentByName('greaterThanOrEqual', + self.greater_than_or_equal) + else: + raise NotImplementedError + p.setComponentByName('target', target) + return encoder.encode(p) + +KNOWN_RESPONSE_CONTROLS[VLVRequestControl.controlType] = VLVRequestControl + + +class VirtualListViewResultType(univ.Enumerated): + namedValues = namedval.NamedValues( + ('success', 0), + ('operationsError', 1), + ('protocolError', 3), + ('unwillingToPerform', 53), + ('insufficientAccessRights', 50), + ('adminLimitExceeded', 11), + ('innapropriateMatching', 18), + ('sortControlMissing', 60), + ('offsetRangeError', 61), + ('other', 80), + ) + + +class VirtualListViewResponseType(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('targetPosition', univ.Integer()), + namedtype.NamedType('contentCount', univ.Integer()), + namedtype.NamedType('virtualListViewResult', + VirtualListViewResultType()), + namedtype.OptionalNamedType('contextID', univ.OctetString())) + + +class VLVResponseControl(ResponseControl): + controlType = '2.16.840.1.113730.3.4.10' + + def __init__(self,criticality=False): + ResponseControl.__init__(self,self.controlType,criticality) + + def decodeControlValue(self,encoded): + p, rest = decoder.decode(encoded, asn1Spec=VirtualListViewResponseType()) + assert not rest, 'all data could not be decoded' + self.targetPosition = int(p.getComponentByName('targetPosition')) + self.contentCount = int(p.getComponentByName('contentCount')) + virtual_list_view_result = p.getComponentByName('virtualListViewResult') + self.virtualListViewResult = int(virtual_list_view_result) + context_id = p.getComponentByName('contextID') + if context_id.hasValue(): + self.contextID = str(context_id) + else: + self.contextID = None + # backward compatibility class attributes + self.target_position = self.targetPosition + self.content_count = self.contentCount + self.result = self.virtualListViewResult + self.context_id = self.contextID + +KNOWN_RESPONSE_CONTROLS[VLVResponseControl.controlType] = VLVResponseControl diff --git a/Lib/ldap/dn.py b/Lib/ldap/dn.py new file mode 100644 index 0000000..a9d9684 --- /dev/null +++ b/Lib/ldap/dn.py @@ -0,0 +1,118 @@ +""" +dn.py - misc stuff for handling distinguished names (see RFC 4514) + +See https://www.python-ldap.org/ for details. +""" +from ldap.pkginfo import __version__ + +import _ldap +assert _ldap.__version__==__version__, \ + ImportError(f'ldap {__version__} and _ldap {_ldap.__version__} version mismatch!') + +import ldap.functions + + +def escape_dn_chars(s): + """ + Escape all DN special characters found in s + with a back-slash (see RFC 4514, section 2.4) + """ + if s: + s = s.replace('\\','\\\\') + s = s.replace(',' ,'\\,') + s = s.replace('+' ,'\\+') + s = s.replace('"' ,'\\"') + s = s.replace('<' ,'\\<') + s = s.replace('>' ,'\\>') + s = s.replace(';' ,'\\;') + s = s.replace('=' ,'\\=') + s = s.replace('\000' ,'\\\000') + if s[-1]==' ': + s = ''.join((s[:-1],'\\ ')) + if s[0]=='#' or s[0]==' ': + s = ''.join(('\\',s)) + return s + + +def str2dn(dn,flags=0): + """ + This function takes a DN as string as parameter and returns + a decomposed DN. It's the inverse to dn2str(). + + flags describes the format of the dn + + See also the OpenLDAP man-page ldap_str2dn(3) + """ + if not dn: + return [] + return ldap.functions._ldap_function_call(None,_ldap.str2dn,dn,flags) + + +def dn2str(dn): + """ + This function takes a decomposed DN as parameter and returns + a single string. It's the inverse to str2dn() but will always + return a DN in LDAPv3 format compliant to RFC 4514. + """ + return ','.join([ + '+'.join([ + '='.join((atype,escape_dn_chars(avalue or ''))) + for atype,avalue,dummy in rdn]) + for rdn in dn + ]) + +def explode_dn(dn, notypes=False, flags=0): + """ + explode_dn(dn [, notypes=False [, flags=0]]) -> list + + This function takes a DN and breaks it up into its component parts. + The notypes parameter is used to specify that only the component's + attribute values be returned and not the attribute types. + """ + if not dn: + return [] + dn_decomp = str2dn(dn,flags) + rdn_list = [] + for rdn in dn_decomp: + if notypes: + rdn_list.append('+'.join([ + escape_dn_chars(avalue or '') + for atype,avalue,dummy in rdn + ])) + else: + rdn_list.append('+'.join([ + '='.join((atype,escape_dn_chars(avalue or ''))) + for atype,avalue,dummy in rdn + ])) + return rdn_list + + +def explode_rdn(rdn, notypes=False, flags=0): + """ + explode_rdn(rdn [, notypes=0 [, flags=0]]) -> list + + This function takes a RDN and breaks it up into its component parts + if it is a multi-valued RDN. + The notypes parameter is used to specify that only the component's + attribute values be returned and not the attribute types. + """ + if not rdn: + return [] + rdn_decomp = str2dn(rdn,flags)[0] + if notypes: + return [avalue or '' for atype,avalue,dummy in rdn_decomp] + else: + return ['='.join((atype,escape_dn_chars(avalue or ''))) for atype,avalue,dummy in rdn_decomp] + + +def is_dn(s,flags=0): + """ + Returns True if `s' can be parsed by ldap.dn.str2dn() as a + distinguished host_name (DN), otherwise False is returned. + """ + try: + str2dn(s,flags) + except Exception: + return False + else: + return True diff --git a/Lib/ldap/extop/__init__.py b/Lib/ldap/extop/__init__.py new file mode 100644 index 0000000..dc9aea2 --- /dev/null +++ b/Lib/ldap/extop/__init__.py @@ -0,0 +1,68 @@ +""" +controls.py - support classes for LDAPv3 extended operations + +See https://www.python-ldap.org/ for details. + +Description: +The ldap.extop module provides base classes for LDAPv3 extended operations. +Each class provides support for a certain extended operation request and +response. +""" + +from ldap import __version__ + + +class ExtendedRequest: + """ + Generic base class for a LDAPv3 extended operation request + + requestName + OID as string of the LDAPv3 extended operation request + requestValue + value of the LDAPv3 extended operation request + (here it is the BER-encoded ASN.1 request value) + """ + + def __init__(self,requestName,requestValue): + self.requestName = requestName + self.requestValue = requestValue + + def __repr__(self): + return f'{self.__class__.__name__}({self.requestName},{self.requestValue})' + + def encodedRequestValue(self): + """ + returns the BER-encoded ASN.1 request value composed by class attributes + set before + """ + return self.requestValue + + +class ExtendedResponse: + """ + Generic base class for a LDAPv3 extended operation response + + requestName + OID as string of the LDAPv3 extended operation response + encodedResponseValue + BER-encoded ASN.1 value of the LDAPv3 extended operation response + """ + + def __init__(self,responseName,encodedResponseValue): + self.responseName = responseName + self.responseValue = self.decodeResponseValue(encodedResponseValue) + + def __repr__(self): + return f'{self.__class__.__name__}({self.responseName},{self.responseValue})' + + def decodeResponseValue(self,value): + """ + decodes the BER-encoded ASN.1 extended operation response value and + sets the appropriate class attributes + """ + return value + + +# Import sub-modules +from ldap.extop.dds import * +from ldap.extop.passwd import PasswordModifyResponse diff --git a/Lib/ldap/extop/dds.py b/Lib/ldap/extop/dds.py new file mode 100644 index 0000000..7fab081 --- /dev/null +++ b/Lib/ldap/extop/dds.py @@ -0,0 +1,74 @@ +""" +ldap.extop.dds - Classes for Dynamic Entries extended operations +(see RFC 2589) + +See https://www.python-ldap.org/ for details. +""" + +from ldap.extop import ExtendedRequest,ExtendedResponse + +# Imports from pyasn1 +from pyasn1.type import namedtype,univ,tag +from pyasn1.codec.der import encoder,decoder +from pyasn1_modules.rfc2251 import LDAPDN + + +class RefreshRequest(ExtendedRequest): + + requestName = '1.3.6.1.4.1.1466.101.119.1' + defaultRequestTtl = 86400 + + class RefreshRequestValue(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType( + 'entryName', + LDAPDN().subtype( + implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,0) + ) + ), + namedtype.NamedType( + 'requestTtl', + univ.Integer().subtype( + implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,1) + ) + ), + ) + + def __init__(self,requestName=None,entryName=None,requestTtl=None): + self.entryName = entryName + self.requestTtl = requestTtl or self.defaultRequestTtl + + def encodedRequestValue(self): + p = self.RefreshRequestValue() + p.setComponentByName( + 'entryName', + LDAPDN(self.entryName).subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple,0) + ) + ) + p.setComponentByName( + 'requestTtl', + univ.Integer(self.requestTtl).subtype( + implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,1) + ) + ) + return encoder.encode(p) + + +class RefreshResponse(ExtendedResponse): + responseName = '1.3.6.1.4.1.1466.101.119.1' + + class RefreshResponseValue(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType( + 'responseTtl', + univ.Integer().subtype( + implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,1) + ) + ) + ) + + def decodeResponseValue(self,value): + respValue,_ = decoder.decode(value,asn1Spec=self.RefreshResponseValue()) + self.responseTtl = int(respValue.getComponentByName('responseTtl')) + return self.responseTtl diff --git a/Lib/ldap/extop/passwd.py b/Lib/ldap/extop/passwd.py new file mode 100644 index 0000000..13e9f25 --- /dev/null +++ b/Lib/ldap/extop/passwd.py @@ -0,0 +1,32 @@ +""" +ldap.extop.passwd - Classes for Password Modify extended operation +(see RFC 3062) + +See https://www.python-ldap.org/ for details. +""" + +from ldap.extop import ExtendedResponse + +# Imports from pyasn1 +from pyasn1.type import namedtype, univ, tag +from pyasn1.codec.der import decoder + + +class PasswordModifyResponse(ExtendedResponse): + responseName = None + + class PasswordModifyResponseValue(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType( + 'genPasswd', + univ.OctetString().subtype( + implicitTag=tag.Tag(tag.tagClassContext, + tag.tagFormatSimple, 0) + ) + ) + ) + + def decodeResponseValue(self, value): + respValue, _ = decoder.decode(value, asn1Spec=self.PasswordModifyResponseValue()) + self.genPasswd = bytes(respValue.getComponentByName('genPasswd')) + return self.genPasswd diff --git a/Lib/ldap/filter.py b/Lib/ldap/filter.py new file mode 100644 index 0000000..782737a --- /dev/null +++ b/Lib/ldap/filter.py @@ -0,0 +1,89 @@ +""" +filters.py - misc stuff for handling LDAP filter strings (see RFC2254) + +See https://www.python-ldap.org/ for details. + +Compatibility: +- Tested with Python 2.0+ +""" + +from ldap import __version__ + +from ldap.functions import strf_secs + +import time + + +def escape_filter_chars(assertion_value,escape_mode=0): + """ + Replace all special characters found in assertion_value + by quoted notation. + + escape_mode + If 0 only special chars mentioned in RFC 4515 are escaped. + If 1 all NON-ASCII chars are escaped. + If 2 all chars are escaped. + """ + if escape_mode: + r = [] + if escape_mode==1: + for c in assertion_value: + if c < '0' or c > 'z' or c in "\\*()": + c = "\\%02x" % ord(c) + r.append(c) + elif escape_mode==2: + for c in assertion_value: + r.append("\\%02x" % ord(c)) + else: + raise ValueError('escape_mode must be 0, 1 or 2.') + s = ''.join(r) + else: + s = assertion_value.replace('\\', r'\5c') + s = s.replace(r'*', r'\2a') + s = s.replace(r'(', r'\28') + s = s.replace(r')', r'\29') + s = s.replace('\x00', r'\00') + return s + + +def filter_format(filter_template,assertion_values): + """ + filter_template + String containing %s as placeholder for assertion values. + assertion_values + List or tuple of assertion values. Length must match + count of %s in filter_template. + """ + return filter_template % tuple(escape_filter_chars(v) for v in assertion_values) + + +def time_span_filter( + filterstr='', + from_timestamp=0, + until_timestamp=None, + delta_attr='modifyTimestamp', + ): + """ + If last_run_timestr is non-zero filterstr will be extended + """ + if until_timestamp is None: + until_timestamp = time.time() + if from_timestamp < 0: + from_timestamp = until_timestamp + from_timestamp + if from_timestamp > until_timestamp: + raise ValueError('from_timestamp {!r} must not be greater than until_timestamp {!r}'.format( + from_timestamp, until_timestamp + )) + return ( + '(&' + '{filterstr}' + '({delta_attr}>={from_timestr})' + '(!({delta_attr}>={until_timestr}))' + ')' + ).format( + filterstr=filterstr, + delta_attr=delta_attr, + from_timestr=strf_secs(from_timestamp), + until_timestr=strf_secs(until_timestamp), + ) + # end of time_span_filter() diff --git a/Lib/ldap/functions.py b/Lib/ldap/functions.py new file mode 100644 index 0000000..8658db4 --- /dev/null +++ b/Lib/ldap/functions.py @@ -0,0 +1,134 @@ +""" +functions.py - wraps functions of module _ldap + +See https://www.python-ldap.org/ for details. +""" + +from ldap import __version__ + +__all__ = [ + 'open','initialize','init', + 'explode_dn','explode_rdn', + 'get_option','set_option', + 'escape_str', + 'strf_secs','strp_secs', +] + +import sys,pprint,time,_ldap,ldap +from calendar import timegm + +from ldap import LDAPError + +from ldap.dn import explode_dn,explode_rdn + +from ldap.ldapobject import LDAPObject + +if __debug__: + # Tracing is only supported in debugging mode + import traceback + + +def _ldap_function_call(lock,func,*args,**kwargs): + """ + Wrapper function which locks and logs calls to function + + lock + Instance of threading.Lock or compatible + func + Function to call with arguments passed in via *args and **kwargs + """ + if lock: + lock.acquire() + if __debug__: + if ldap._trace_level>=1: + ldap._trace_file.write('*** {}.{} {}\n'.format( + '_ldap',func.__name__, + pprint.pformat((args,kwargs)) + )) + if ldap._trace_level>=9: + traceback.print_stack(limit=ldap._trace_stack_limit,file=ldap._trace_file) + try: + try: + result = func(*args,**kwargs) + finally: + if lock: + lock.release() + except LDAPError as e: + if __debug__ and ldap._trace_level>=2: + ldap._trace_file.write('=> LDAPError: %s\n' % (str(e))) + raise + if __debug__ and ldap._trace_level>=2: + ldap._trace_file.write('=> result:\n%s\n' % (pprint.pformat(result))) + return result + + +def initialize( + uri, trace_level=0, trace_file=sys.stdout, trace_stack_limit=None, + bytes_mode=None, fileno=None, **kwargs +): + """ + Return LDAPObject instance by opening LDAP connection to + LDAP host specified by LDAP URL + + Parameters: + uri + LDAP URL containing at least connection scheme and hostport, + e.g. ldap://localhost:389 + trace_level + If non-zero a trace output of LDAP calls is generated. + trace_file + File object where to write the trace output to. + Default is to use stdout. + bytes_mode + Whether to enable :ref:`bytes_mode` for backwards compatibility under Py2. + fileno + If not None the socket file descriptor is used to connect to an + LDAP server. + + Additional keyword arguments (such as ``bytes_strictness``) are + passed to ``LDAPObject``. + """ + return LDAPObject( + uri, trace_level, trace_file, trace_stack_limit, bytes_mode, + fileno=fileno, **kwargs + ) + + +def get_option(option): + """ + get_option(name) -> value + + Get the value of an LDAP global option. + """ + return _ldap_function_call(None,_ldap.get_option,option) + + +def set_option(option,invalue): + """ + set_option(name, value) + + Set the value of an LDAP global option. + """ + return _ldap_function_call(None,_ldap.set_option,option,invalue) + + +def escape_str(escape_func,s,*args): + """ + Applies escape_func() to all items of `args' and returns a string based + on format string `s'. + """ + return s % tuple(escape_func(v) for v in args) + + +def strf_secs(secs): + """ + Convert seconds since epoch to a string compliant to LDAP syntax GeneralizedTime + """ + return time.strftime('%Y%m%d%H%M%SZ', time.gmtime(secs)) + + +def strp_secs(dt_str): + """ + Convert LDAP syntax GeneralizedTime to seconds since epoch + """ + return timegm(time.strptime(dt_str, '%Y%m%d%H%M%SZ')) diff --git a/Lib/ldap/ldapobject.py b/Lib/ldap/ldapobject.py new file mode 100644 index 0000000..40091ad --- /dev/null +++ b/Lib/ldap/ldapobject.py @@ -0,0 +1,1038 @@ +""" +ldapobject.py - wraps class _ldap.LDAPObject + +See https://www.python-ldap.org/ for details. +""" +from os import strerror + +from ldap.pkginfo import __version__, __author__, __license__ + +__all__ = [ + 'LDAPObject', + 'SimpleLDAPObject', + 'ReconnectLDAPObject', + 'LDAPBytesWarning' +] + + +if __debug__: + # Tracing is only supported in debugging mode + import traceback + +import sys,time,pprint,_ldap,ldap,ldap.sasl,ldap.functions +import warnings + +from ldap.schema import SCHEMA_ATTRS +from ldap.controls import LDAPControl,DecodeControlTuples,RequestControlTuples +from ldap.extop import ExtendedRequest,ExtendedResponse,PasswordModifyResponse + +from ldap import LDAPError + + +class LDAPBytesWarning(BytesWarning): + """Python 2 bytes mode warning""" + + def __init__(self, *args, **kwargs): + warnings.warn( + "LDAPBytesWarning is deprecated and will be removed in the future", + DeprecationWarning, + ) + super().__init__(*args, **kwargs) + + +class NO_UNIQUE_ENTRY(ldap.NO_SUCH_OBJECT): + """ + Exception raised if a LDAP search returned more than entry entry + although assumed to return a unique single search result. + """ + + +class SimpleLDAPObject: + """ + This basic class wraps all methods of the underlying C API object. + + The arguments are same as for the :func:`~ldap.initialize()` function. + """ + + CLASSATTR_OPTION_MAPPING = { + "protocol_version": ldap.OPT_PROTOCOL_VERSION, + "deref": ldap.OPT_DEREF, + "referrals": ldap.OPT_REFERRALS, + "timelimit": ldap.OPT_TIMELIMIT, + "sizelimit": ldap.OPT_SIZELIMIT, + "network_timeout": ldap.OPT_NETWORK_TIMEOUT, + "error_number":ldap.OPT_ERROR_NUMBER, + "error_string":ldap.OPT_ERROR_STRING, + "matched_dn":ldap.OPT_MATCHED_DN, + } + + def __init__( + self,uri, + trace_level=0,trace_file=None,trace_stack_limit=5,bytes_mode=None, + bytes_strictness=None, fileno=None + ): + self._trace_level = trace_level or ldap._trace_level + self._trace_file = trace_file or ldap._trace_file + self._trace_stack_limit = trace_stack_limit + self._uri = uri + self._ldap_object_lock = self._ldap_lock('opcall') + if fileno is not None: + if not hasattr(_ldap, "initialize_fd"): + raise ValueError("libldap does not support initialize_fd") + if hasattr(fileno, "fileno"): + fileno = fileno.fileno() + self._l = ldap.functions._ldap_function_call( + ldap._ldap_module_lock, _ldap.initialize_fd, fileno, uri + ) + else: + self._l = ldap.functions._ldap_function_call(ldap._ldap_module_lock,_ldap.initialize,uri) + self.timeout = -1 + self.protocol_version = ldap.VERSION3 + + if bytes_mode: + raise ValueError("bytes_mode is *not* supported under Python 3.") + + @property + def bytes_mode(self): + return False + + @property + def bytes_strictness(self): + return 'error' + + def _ldap_lock(self,desc=''): + if ldap.LIBLDAP_R: + return ldap.LDAPLock(desc='%s within %s' %(desc,repr(self))) + else: + return ldap._ldap_module_lock + + def _ldap_call(self,func,*args,**kwargs): + """ + Wrapper method mainly for serializing calls into OpenLDAP libs + and trace logs + """ + self._ldap_object_lock.acquire() + if __debug__: + if self._trace_level>=1: + self._trace_file.write('*** {} {} - {}\n{}\n'.format( + repr(self), + self._uri, + '.'.join((self.__class__.__name__,func.__name__)), + pprint.pformat((args,kwargs)) + )) + if self._trace_level>=9: + traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file) + diagnostic_message_success = None + try: + try: + result = func(*args,**kwargs) + if __debug__ and self._trace_level>=2: + if func.__name__!="unbind_ext": + diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE) + finally: + self._ldap_object_lock.release() + except LDAPError as e: + try: + if 'info' not in e.args[0] and 'errno' in e.args[0]: + e.args[0]['info'] = strerror(e.args[0]['errno']) + except IndexError: + pass + if __debug__ and self._trace_level>=2: + self._trace_file.write('=> LDAPError - {}: {}\n'.format(e.__class__.__name__,str(e))) + raise + else: + if __debug__ and self._trace_level>=2: + if not diagnostic_message_success is None: + self._trace_file.write('=> diagnosticMessage: %s\n' % (repr(diagnostic_message_success))) + self._trace_file.write('=> result:\n%s\n' % (pprint.pformat(result))) + return result + + def __setattr__(self,name,value): + if name in self.CLASSATTR_OPTION_MAPPING: + self.set_option(self.CLASSATTR_OPTION_MAPPING[name],value) + else: + self.__dict__[name] = value + + def __getattr__(self,name): + if name in self.CLASSATTR_OPTION_MAPPING: + return self.get_option(self.CLASSATTR_OPTION_MAPPING[name]) + elif name in self.__dict__: + return self.__dict__[name] + else: + raise AttributeError('{} has no attribute {}'.format( + self.__class__.__name__,repr(name) + )) + + def fileno(self): + """ + Returns file description of LDAP connection. + + Just a convenience wrapper for LDAPObject.get_option(ldap.OPT_DESC) + """ + return self.get_option(ldap.OPT_DESC) + + def abandon_ext(self,msgid,serverctrls=None,clientctrls=None): + """ + abandon_ext(msgid[,serverctrls=None[,clientctrls=None]]) -> None + abandon(msgid) -> None + Abandons or cancels an LDAP operation in progress. The msgid should + be the message id of an outstanding LDAP operation as returned + by the asynchronous methods search(), modify() etc. The caller + can expect that the result of an abandoned operation will not be + returned from a future call to result(). + """ + return self._ldap_call(self._l.abandon_ext,msgid,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + + def abandon(self,msgid): + return self.abandon_ext(msgid,None,None) + + def cancel(self,cancelid,serverctrls=None,clientctrls=None): + """ + cancel(cancelid[,serverctrls=None[,clientctrls=None]]) -> int + Send cancels extended operation for an LDAP operation specified by cancelid. + The cancelid should be the message id of an outstanding LDAP operation as returned + by the asynchronous methods search(), modify() etc. The caller + can expect that the result of an abandoned operation will not be + returned from a future call to result(). + In opposite to abandon() this extended operation gets an result from + the server and thus should be preferred if the server supports it. + """ + return self._ldap_call(self._l.cancel,cancelid,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + + def cancel_s(self,cancelid,serverctrls=None,clientctrls=None): + msgid = self.cancel(cancelid,serverctrls,clientctrls) + try: + res = self.result(msgid,all=1,timeout=self.timeout) + except (ldap.CANCELLED,ldap.SUCCESS): + res = None + return res + + def add_ext(self,dn,modlist,serverctrls=None,clientctrls=None): + """ + add_ext(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> int + This function adds a new entry with a distinguished name + specified by dn which means it must not already exist. + The parameter modlist is similar to the one passed to modify(), + except that no operation integer need be included in the tuples. + """ + return self._ldap_call(self._l.add_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + + def add_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None): + msgid = self.add_ext(dn,modlist,serverctrls,clientctrls) + resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) + return resp_type, resp_data, resp_msgid, resp_ctrls + + def add(self,dn,modlist): + """ + add(dn, modlist) -> int + This function adds a new entry with a distinguished name + specified by dn which means it must not already exist. + The parameter modlist is similar to the one passed to modify(), + except that no operation integer need be included in the tuples. + """ + return self.add_ext(dn,modlist,None,None) + + def add_s(self,dn,modlist): + return self.add_ext_s(dn,modlist,None,None) + + def simple_bind(self,who=None,cred=None,serverctrls=None,clientctrls=None): + """ + simple_bind([who='' [,cred='']]) -> int + """ + return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + + def simple_bind_s(self,who=None,cred=None,serverctrls=None,clientctrls=None): + """ + simple_bind_s([who='' [,cred='']]) -> 4-tuple + """ + msgid = self.simple_bind(who,cred,serverctrls,clientctrls) + resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) + return resp_type, resp_data, resp_msgid, resp_ctrls + + def bind(self,who,cred,method=ldap.AUTH_SIMPLE): + """ + bind(who, cred, method) -> int + """ + assert method==ldap.AUTH_SIMPLE,'Only simple bind supported in LDAPObject.bind()' + return self.simple_bind(who,cred) + + def bind_s(self,who,cred,method=ldap.AUTH_SIMPLE): + """ + bind_s(who, cred, method) -> None + """ + msgid = self.bind(who,cred,method) + return self.result(msgid,all=1,timeout=self.timeout) + + def sasl_interactive_bind_s(self,who,auth,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET): + """ + sasl_interactive_bind_s(who, auth [,serverctrls=None[,clientctrls=None[,sasl_flags=ldap.SASL_QUIET]]]) -> None + """ + return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags) + + def sasl_non_interactive_bind_s(self,sasl_mech,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET,authz_id=''): + """ + Send a SASL bind request using a non-interactive SASL method (e.g. GSSAPI, EXTERNAL) + """ + auth = ldap.sasl.sasl( + {ldap.sasl.CB_USER:authz_id}, + sasl_mech + ) + self.sasl_interactive_bind_s('',auth,serverctrls,clientctrls,sasl_flags) + + def sasl_external_bind_s(self,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET,authz_id=''): + """ + Send SASL bind request using SASL mech EXTERNAL + """ + self.sasl_non_interactive_bind_s('EXTERNAL',serverctrls,clientctrls,sasl_flags,authz_id) + + def sasl_gssapi_bind_s(self,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET,authz_id=''): + """ + Send SASL bind request using SASL mech GSSAPI + """ + self.sasl_non_interactive_bind_s('GSSAPI',serverctrls,clientctrls,sasl_flags,authz_id) + + def sasl_bind_s(self,dn,mechanism,cred,serverctrls=None,clientctrls=None): + """ + sasl_bind_s(dn, mechanism, cred [,serverctrls=None[,clientctrls=None]]) -> int|str + """ + return self._ldap_call(self._l.sasl_bind_s,dn,mechanism,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + + def compare_ext(self,dn,attr,value,serverctrls=None,clientctrls=None): + """ + compare_ext(dn, attr, value [,serverctrls=None[,clientctrls=None]]) -> int + compare_ext_s(dn, attr, value [,serverctrls=None[,clientctrls=None]]) -> bool + compare(dn, attr, value) -> int + compare_s(dn, attr, value) -> bool + Perform an LDAP comparison between the attribute named attr of entry + dn, and the value value. The synchronous form returns True or False. + The asynchronous form returns the message id of the initiates request, + and the result of the asynchronous compare can be obtained using + result(). + + Note that this latter technique yields the answer by raising + the exception objects COMPARE_TRUE or COMPARE_FALSE. + + A design bug in the library prevents value from containing + nul characters. + """ + return self._ldap_call(self._l.compare_ext,dn,attr,value,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + + def compare_ext_s(self,dn,attr,value,serverctrls=None,clientctrls=None): + msgid = self.compare_ext(dn,attr,value,serverctrls,clientctrls) + try: + ldap_res = self.result3(msgid,all=1,timeout=self.timeout) + except ldap.COMPARE_TRUE: + return True + except ldap.COMPARE_FALSE: + return False + raise ldap.PROTOCOL_ERROR( + f'Compare operation returned wrong result: {ldap_res!r}' + ) + + def compare(self,dn,attr,value): + return self.compare_ext(dn,attr,value,None,None) + + def compare_s(self,dn,attr,value): + return self.compare_ext_s(dn,attr,value,None,None) + + def delete_ext(self,dn,serverctrls=None,clientctrls=None): + """ + delete(dn) -> int + delete_s(dn) -> None + delete_ext(dn[,serverctrls=None[,clientctrls=None]]) -> int + delete_ext_s(dn[,serverctrls=None[,clientctrls=None]]) -> tuple + Performs an LDAP delete operation on dn. The asynchronous + form returns the message id of the initiated request, and the + result can be obtained from a subsequent call to result(). + """ + return self._ldap_call(self._l.delete_ext,dn,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + + def delete_ext_s(self,dn,serverctrls=None,clientctrls=None): + msgid = self.delete_ext(dn,serverctrls,clientctrls) + resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) + return resp_type, resp_data, resp_msgid, resp_ctrls + + def delete(self,dn): + return self.delete_ext(dn,None,None) + + def delete_s(self,dn): + return self.delete_ext_s(dn,None,None) + + def extop(self,extreq,serverctrls=None,clientctrls=None): + """ + extop(extreq[,serverctrls=None[,clientctrls=None]]]) -> int + extop_s(extreq[,serverctrls=None[,clientctrls=None[,extop_resp_class=None]]]]) -> + (respoid,respvalue) + Performs an LDAP extended operation. The asynchronous + form returns the message id of the initiated request, and the + result can be obtained from a subsequent call to extop_result(). + The extreq is an instance of class ldap.extop.ExtendedRequest. + + If argument extop_resp_class is set to a sub-class of + ldap.extop.ExtendedResponse this class is used to return an + object of this class instead of a raw BER value in respvalue. + """ + return self._ldap_call(self._l.extop,extreq.requestName,extreq.encodedRequestValue(),RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + + def extop_result(self,msgid=ldap.RES_ANY,all=1,timeout=None): + resulttype,msg,msgid,respctrls,respoid,respvalue = self.result4(msgid,all=1,timeout=self.timeout,add_ctrls=1,add_intermediates=1,add_extop=1) + return (respoid,respvalue) + + def extop_s(self,extreq,serverctrls=None,clientctrls=None,extop_resp_class=None): + msgid = self.extop(extreq,serverctrls,clientctrls) + res = self.extop_result(msgid,all=1,timeout=self.timeout) + if extop_resp_class: + respoid,respvalue = res + if extop_resp_class.responseName!=respoid: + raise ldap.PROTOCOL_ERROR(f"Wrong OID in extended response! Expected {extop_resp_class.responseName}, got {respoid}") + return extop_resp_class(extop_resp_class.responseName,respvalue) + else: + return res + + def modify_ext(self,dn,modlist,serverctrls=None,clientctrls=None): + """ + modify_ext(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> int + """ + return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + + def modify_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None): + msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls) + resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) + return resp_type, resp_data, resp_msgid, resp_ctrls + + def modify(self,dn,modlist): + """ + modify(dn, modlist) -> int + modify_s(dn, modlist) -> None + modify_ext(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> int + modify_ext_s(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> tuple + Performs an LDAP modify operation on an entry's attributes. + dn is the DN of the entry to modify, and modlist is the list + of modifications to make to the entry. + + Each element of the list modlist should be a tuple of the form + (mod_op,mod_type,mod_vals), where mod_op is the operation (one of + MOD_ADD, MOD_DELETE, MOD_INCREMENT or MOD_REPLACE), mod_type is a + string indicating the attribute type name, and mod_vals is either a + string value or a list of string values to add, delete, increment by or + replace respectively. For the delete operation, mod_vals may be None + indicating that all attributes are to be deleted. + + The asynchronous modify() returns the message id of the + initiated request. + """ + return self.modify_ext(dn,modlist,None,None) + + def modify_s(self,dn,modlist): + return self.modify_ext_s(dn,modlist,None,None) + + def modrdn(self,dn,newrdn,delold=1): + """ + modrdn(dn, newrdn [,delold=1]) -> int + modrdn_s(dn, newrdn [,delold=1]) -> None + Perform a modify RDN operation. These routines take dn, the + DN of the entry whose RDN is to be changed, and newrdn, the + new RDN to give to the entry. The optional parameter delold + is used to specify whether the old RDN should be kept as + an attribute of the entry or not. The asynchronous version + returns the initiated message id. + + This operation is emulated by rename() and rename_s() methods + since the modrdn2* routines in the C library are deprecated. + """ + return self.rename(dn,newrdn,None,delold) + + def modrdn_s(self,dn,newrdn,delold=1): + return self.rename_s(dn,newrdn,None,delold) + + def passwd(self,user,oldpw,newpw,serverctrls=None,clientctrls=None): + return self._ldap_call(self._l.passwd,user,oldpw,newpw,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + + def passwd_s(self, user, oldpw, newpw, serverctrls=None, clientctrls=None, extract_newpw=False): + msgid = self.passwd(user, oldpw, newpw, serverctrls, clientctrls) + respoid, respvalue = self.extop_result(msgid, all=1, timeout=self.timeout) + + if respoid != PasswordModifyResponse.responseName: + raise ldap.PROTOCOL_ERROR("Unexpected OID %s in extended response!" % respoid) + if extract_newpw and respvalue: + respvalue = PasswordModifyResponse(PasswordModifyResponse.responseName, respvalue) + + return respoid, respvalue + + def rename(self,dn,newrdn,newsuperior=None,delold=1,serverctrls=None,clientctrls=None): + """ + rename(dn, newrdn [, newsuperior=None [,delold=1][,serverctrls=None[,clientctrls=None]]]) -> int + rename_s(dn, newrdn [, newsuperior=None] [,delold=1][,serverctrls=None[,clientctrls=None]]) -> None + Perform a rename entry operation. These routines take dn, the + DN of the entry whose RDN is to be changed, newrdn, the + new RDN, and newsuperior, the new parent DN, to give to the entry. + If newsuperior is None then only the RDN is modified. + The optional parameter delold is used to specify whether the + old RDN should be kept as an attribute of the entry or not. + The asynchronous version returns the initiated message id. + + This actually corresponds to the rename* routines in the + LDAP-EXT C API library. + """ + return self._ldap_call(self._l.rename,dn,newrdn,newsuperior,delold,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + + def rename_s(self,dn,newrdn,newsuperior=None,delold=1,serverctrls=None,clientctrls=None): + msgid = self.rename(dn,newrdn,newsuperior,delold,serverctrls,clientctrls) + resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) + return resp_type, resp_data, resp_msgid, resp_ctrls + + def result(self,msgid=ldap.RES_ANY,all=1,timeout=None): + """ + result([msgid=RES_ANY [,all=1 [,timeout=None]]]) -> (result_type, result_data) + + This method is used to wait for and return the result of an + operation previously initiated by one of the LDAP asynchronous + operation routines (e.g. search(), modify(), etc.) They all + returned an invocation identifier (a message id) upon successful + initiation of their operation. This id is guaranteed to be + unique across an LDAP session, and can be used to request the + result of a specific operation via the msgid parameter of the + result() method. + + If the result of a specific operation is required, msgid should + be set to the invocation message id returned when the operation + was initiated; otherwise RES_ANY should be supplied. + + The all parameter only has meaning for search() responses + and is used to select whether a single entry of the search + response should be returned, or to wait for all the results + of the search before returning. + + A search response is made up of zero or more search entries + followed by a search result. If all is 0, search entries will + be returned one at a time as they come in, via separate calls + to result(). If all is 1, the search response will be returned + in its entirety, i.e. after all entries and the final search + result have been received. + + For all set to 0, result tuples + trickle in (with the same message id), and with the result type + RES_SEARCH_ENTRY, until the final result which has a result + type of RES_SEARCH_RESULT and a (usually) empty data field. + When all is set to 1, only one result is returned, with a + result type of RES_SEARCH_RESULT, and all the result tuples + listed in the data field. + + The method returns a tuple of the form (result_type, + result_data). The result_type is one of the constants RES_*. + + See search() for a description of the search result's + result_data, otherwise the result_data is normally meaningless. + + The result() method will block for timeout seconds, or + indefinitely if timeout is negative. A timeout of 0 will effect + a poll. The timeout can be expressed as a floating-point value. + If timeout is None the default in self.timeout is used. + + If a timeout occurs, a TIMEOUT exception is raised, unless + polling (timeout = 0), in which case (None, None) is returned. + """ + resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout) + return resp_type, resp_data + + def result2(self,msgid=ldap.RES_ANY,all=1,timeout=None): + resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout) + return resp_type, resp_data, resp_msgid + + def result3(self,msgid=ldap.RES_ANY,all=1,timeout=None,resp_ctrl_classes=None): + resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4( + msgid,all,timeout, + add_ctrls=0,add_intermediates=0,add_extop=0, + resp_ctrl_classes=resp_ctrl_classes + ) + return resp_type, resp_data, resp_msgid, decoded_resp_ctrls + + def result4(self,msgid=ldap.RES_ANY,all=1,timeout=None,add_ctrls=0,add_intermediates=0,add_extop=0,resp_ctrl_classes=None): + if timeout is None: + timeout = self.timeout + ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) + if ldap_result is None: + resp_type, resp_data, resp_msgid, resp_ctrls, resp_name, resp_value = (None,None,None,None,None,None) + else: + if len(ldap_result)==4: + resp_type, resp_data, resp_msgid, resp_ctrls = ldap_result + resp_name, resp_value = None,None + else: + resp_type, resp_data, resp_msgid, resp_ctrls, resp_name, resp_value = ldap_result + if add_ctrls: + resp_data = [ (t,r,DecodeControlTuples(c,resp_ctrl_classes)) for t,r,c in resp_data ] + decoded_resp_ctrls = DecodeControlTuples(resp_ctrls,resp_ctrl_classes) + return resp_type, resp_data, resp_msgid, decoded_resp_ctrls, resp_name, resp_value + + def search_ext(self,base,scope,filterstr=None,attrlist=None,attrsonly=0,serverctrls=None,clientctrls=None,timeout=-1,sizelimit=0): + """ + search(base, scope [,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0]]]) -> int + search_s(base, scope [,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0]]]) + search_st(base, scope [,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0 [,timeout=-1]]]]) + search_ext(base,scope,[,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0 [,serverctrls=None [,clientctrls=None [,timeout=-1 [,sizelimit=0]]]]]]]) + search_ext_s(base,scope,[,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0 [,serverctrls=None [,clientctrls=None [,timeout=-1 [,sizelimit=0]]]]]]]) + + Perform an LDAP search operation, with base as the DN of + the entry at which to start the search, scope being one of + SCOPE_BASE (to search the object itself), SCOPE_ONELEVEL + (to search the object's immediate children), or SCOPE_SUBTREE + (to search the object and all its descendants). + + filter is a string representation of the filter to + apply in the search (see RFC 4515). + + Each result tuple is of the form (dn,entry), where dn is a + string containing the DN (distinguished name) of the entry, and + entry is a dictionary containing the attributes. + Attributes types are used as string dictionary keys and attribute + values are stored in a list as dictionary value. + + The DN in dn is extracted using the underlying ldap_get_dn(), + which may raise an exception of the DN is malformed. + + If attrsonly is non-zero, the values of attrs will be + meaningless (they are not transmitted in the result). + + The retrieved attributes can be limited with the attrlist + parameter. If attrlist is None, all the attributes of each + entry are returned. + + serverctrls=None + + clientctrls=None + + The synchronous form with timeout, search_st() or search_ext_s(), + will block for at most timeout seconds (or indefinitely if + timeout is negative). A TIMEOUT exception is raised if no result is + received within the time. + + The amount of search results retrieved can be limited with the + sizelimit parameter if non-zero. + """ + if filterstr is None: + filterstr = '(objectClass=*)' + return self._ldap_call( + self._l.search_ext, + base,scope,filterstr, + attrlist,attrsonly, + RequestControlTuples(serverctrls), + RequestControlTuples(clientctrls), + timeout,sizelimit, + ) + + def search_ext_s(self,base,scope,filterstr=None,attrlist=None,attrsonly=0,serverctrls=None,clientctrls=None,timeout=-1,sizelimit=0): + msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit) + return self.result(msgid,all=1,timeout=timeout)[1] + + def search(self,base,scope,filterstr=None,attrlist=None,attrsonly=0): + return self.search_ext(base,scope,filterstr,attrlist,attrsonly,None,None) + + def search_s(self,base,scope,filterstr=None,attrlist=None,attrsonly=0): + return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout) + + def search_st(self,base,scope,filterstr=None,attrlist=None,attrsonly=0,timeout=-1): + return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout) + + def start_tls_s(self): + """ + start_tls_s() -> None + Negotiate TLS with server. The `version' attribute must have been + set to VERSION3 before calling start_tls_s. + If TLS could not be started an exception will be raised. + """ + return self._ldap_call(self._l.start_tls_s) + + def unbind_ext(self,serverctrls=None,clientctrls=None): + """ + unbind() -> int + unbind_s() -> None + unbind_ext() -> int + unbind_ext_s() -> None + This call is used to unbind from the directory, terminate + the current association, and free resources. Once called, the + connection to the LDAP server is closed and the LDAP object + is invalid. Further invocation of methods on the object will + yield an exception. + + The unbind and unbind_s methods are identical, and are + synchronous in nature + """ + res = self._ldap_call(self._l.unbind_ext,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) + try: + del self._l + except AttributeError: + pass + return res + + def unbind_ext_s(self,serverctrls=None,clientctrls=None): + msgid = self.unbind_ext(serverctrls,clientctrls) + if msgid!=None: + result = self.result3(msgid,all=1,timeout=self.timeout) + else: + result = None + if __debug__ and self._trace_level>=1: + try: + self._trace_file.flush() + except AttributeError: + pass + return result + + def unbind(self): + return self.unbind_ext(None,None) + + def unbind_s(self): + return self.unbind_ext_s(None,None) + + def whoami_s(self,serverctrls=None,clientctrls=None): + return self._ldap_call(self._l.whoami_s,serverctrls,clientctrls) + + def get_option(self,option): + result = self._ldap_call(self._l.get_option,option) + if option==ldap.OPT_SERVER_CONTROLS or option==ldap.OPT_CLIENT_CONTROLS: + result = DecodeControlTuples(result) + return result + + def set_option(self,option,invalue): + if option==ldap.OPT_SERVER_CONTROLS or option==ldap.OPT_CLIENT_CONTROLS: + invalue = RequestControlTuples(invalue) + return self._ldap_call(self._l.set_option,option,invalue) + + def search_subschemasubentry_s(self,dn=None): + """ + Returns the distinguished name of the sub schema sub entry + for a part of a DIT specified by dn. + + None as result indicates that the DN of the sub schema sub entry could + not be determined. + + Returns: None or text/bytes depending on bytes_mode. + """ + empty_dn = '' + attrname = 'subschemaSubentry' + if dn is None: + dn = empty_dn + try: + r = self.search_s( + dn,ldap.SCOPE_BASE,None,[attrname] + ) + except (ldap.NO_SUCH_OBJECT,ldap.NO_SUCH_ATTRIBUTE,ldap.INSUFFICIENT_ACCESS): + r = [] + except ldap.UNDEFINED_TYPE: + return None + try: + if r: + e = ldap.cidict.cidict(r[0][1]) + search_subschemasubentry_dn = e.get(attrname,[None])[0] + if search_subschemasubentry_dn is None: + if dn: + # Try to find sub schema sub entry in root DSE + return self.search_subschemasubentry_s(dn=empty_dn) + else: + # If dn was already root DSE we can return here + return None + else: + if search_subschemasubentry_dn is not None: + return search_subschemasubentry_dn.decode('utf-8') + except IndexError: + return None + + def read_s(self,dn,filterstr=None,attrlist=None,serverctrls=None,clientctrls=None,timeout=-1): + """ + Reads and returns a single entry specified by `dn'. + + Other attributes just like those passed to `search_ext_s()' + """ + r = self.search_ext_s( + dn, + ldap.SCOPE_BASE, + filterstr, + attrlist=attrlist, + serverctrls=serverctrls, + clientctrls=clientctrls, + timeout=timeout, + ) + if r: + return r[0][1] + else: + return None + + def read_subschemasubentry_s(self,subschemasubentry_dn,attrs=None): + """ + Returns the sub schema sub entry's data + """ + filterstr = '(objectClass=subschema)' + if attrs is None: + attrs = SCHEMA_ATTRS + try: + subschemasubentry = self.read_s( + subschemasubentry_dn, + filterstr=filterstr, + attrlist=attrs + ) + except ldap.NO_SUCH_OBJECT: + return None + else: + return subschemasubentry + + def find_unique_entry(self,base,scope=ldap.SCOPE_SUBTREE,filterstr=None,attrlist=None,attrsonly=0,serverctrls=None,clientctrls=None,timeout=-1): + """ + Returns a unique entry, raises exception if not unique + """ + r = self.search_ext_s( + base, + scope, + filterstr, + attrlist=attrlist, + attrsonly=attrsonly, + serverctrls=serverctrls, + clientctrls=clientctrls, + timeout=timeout, + sizelimit=2, + ) + if len(r)!=1: + raise NO_UNIQUE_ENTRY('No or non-unique search result for %s' % (repr(filterstr))) + return r[0] + + def read_rootdse_s(self, filterstr=None, attrlist=None): + """ + convenience wrapper around read_s() for reading rootDSE + """ + base = '' + attrlist = attrlist or ['*', '+'] + ldap_rootdse = self.read_s( + base, + filterstr=filterstr, + attrlist=attrlist, + ) + return ldap_rootdse # read_rootdse_s() + + def get_naming_contexts(self): + """ + returns all attribute values of namingContexts in rootDSE + if namingContexts is not present (not readable) then empty list is returned + """ + name = 'namingContexts' + return self.read_rootdse_s( + attrlist=[name] + ).get(name, []) + + +class ReconnectLDAPObject(SimpleLDAPObject): + """ + :py:class:`SimpleLDAPObject` subclass whose synchronous request methods + automatically reconnect and re-try in case of server failure + (:exc:`ldap.SERVER_DOWN`). + + The first arguments are same as for the :py:func:`~ldap.initialize()` + function. + For automatic reconnects it has additional arguments: + + * retry_max: specifies the number of reconnect attempts before + re-raising the :py:exc:`ldap.SERVER_DOWN` exception. + + * retry_delay: specifies the time in seconds between reconnect attempts. + + This class also implements the pickle protocol. + """ + + __transient_attrs__ = { + '_l', + '_ldap_object_lock', + '_trace_file', + '_reconnect_lock', + '_last_bind', + } + + def __init__( + self,uri, + trace_level=0,trace_file=None,trace_stack_limit=5,bytes_mode=None, + bytes_strictness=None, retry_max=1, retry_delay=60.0, fileno=None + ): + """ + Parameters like SimpleLDAPObject.__init__() with these + additional arguments: + + retry_max + Maximum count of reconnect trials + retry_delay + Time span to wait between two reconnect trials + """ + self._uri = uri + self._options = [] + self._last_bind = None + SimpleLDAPObject.__init__(self, uri, trace_level, trace_file, + trace_stack_limit, bytes_mode, + bytes_strictness=bytes_strictness, + fileno=fileno) + self._reconnect_lock = ldap.LDAPLock(desc='reconnect lock within %s' % (repr(self))) + self._retry_max = retry_max + self._retry_delay = retry_delay + self._start_tls = 0 + self._reconnects_done = 0 + + def __getstate__(self): + """return data representation for pickled object""" + state = { + k: v + for k,v in self.__dict__.items() + if k not in self.__transient_attrs__ + } + state['_last_bind'] = self._last_bind[0].__name__, self._last_bind[1], self._last_bind[2] + return state + + def __setstate__(self,d): + """set up the object from pickled data""" + hardfail = d.get('bytes_mode_hardfail') + if hardfail: + d.setdefault('bytes_strictness', 'error') + else: + d.setdefault('bytes_strictness', 'warn') + self.__dict__.update(d) + self._last_bind = getattr(SimpleLDAPObject, self._last_bind[0]), self._last_bind[1], self._last_bind[2] + self._ldap_object_lock = self._ldap_lock() + self._reconnect_lock = ldap.LDAPLock(desc='reconnect lock within %s' % (repr(self))) + # XXX cannot pickle file, use default trace file + self._trace_file = ldap._trace_file + self.reconnect(self._uri) + + def _store_last_bind(self,method,*args,**kwargs): + self._last_bind = (method,args,kwargs) + + def _apply_last_bind(self): + if self._last_bind!=None: + func,args,kwargs = self._last_bind + func(self,*args,**kwargs) + else: + # Send explicit anon simple bind request to provoke ldap.SERVER_DOWN in method reconnect() + SimpleLDAPObject.simple_bind_s(self, None, None) + + def _restore_options(self): + """Restore all recorded options""" + for k,v in self._options: + SimpleLDAPObject.set_option(self,k,v) + + def passwd_s(self,*args,**kwargs): + return self._apply_method_s(SimpleLDAPObject.passwd_s,*args,**kwargs) + + def reconnect(self,uri,retry_max=1,retry_delay=60.0): + # Drop and clean up old connection completely + # Reconnect + self._reconnect_lock.acquire() + try: + reconnect_counter = retry_max + while reconnect_counter: + counter_text = '%d. (of %d)' % (retry_max-reconnect_counter+1,retry_max) + if __debug__ and self._trace_level>=1: + self._trace_file.write('*** Trying {} reconnect to {}...\n'.format( + counter_text,uri + )) + try: + try: + # Do the connect + self._l = ldap.functions._ldap_function_call(ldap._ldap_module_lock,_ldap.initialize,uri) + self._restore_options() + # StartTLS extended operation in case this was called before + if self._start_tls: + SimpleLDAPObject.start_tls_s(self) + # Repeat last simple or SASL bind + self._apply_last_bind() + except ldap.LDAPError: + SimpleLDAPObject.unbind_s(self) + raise + except (ldap.SERVER_DOWN,ldap.TIMEOUT): + if __debug__ and self._trace_level>=1: + self._trace_file.write('*** {} reconnect to {} failed\n'.format( + counter_text,uri + )) + reconnect_counter = reconnect_counter-1 + if not reconnect_counter: + raise + if __debug__ and self._trace_level>=1: + self._trace_file.write('=> delay %s...\n' % (retry_delay)) + time.sleep(retry_delay) + else: + if __debug__ and self._trace_level>=1: + self._trace_file.write('*** {} reconnect to {} successful => repeat last operation\n'.format( + counter_text,uri + )) + self._reconnects_done = self._reconnects_done + 1 + break + finally: + self._reconnect_lock.release() + return # reconnect() + + def _apply_method_s(self,func,*args,**kwargs): + if not hasattr(self,'_l'): + self.reconnect(self._uri,retry_max=self._retry_max,retry_delay=self._retry_delay) + try: + return func(self,*args,**kwargs) + except ldap.SERVER_DOWN: + SimpleLDAPObject.unbind_s(self) + # Try to reconnect + self.reconnect(self._uri,retry_max=self._retry_max,retry_delay=self._retry_delay) + # Re-try last operation + return func(self,*args,**kwargs) + + def set_option(self,option,invalue): + self._options.append((option,invalue)) + return SimpleLDAPObject.set_option(self,option,invalue) + + def bind_s(self,*args,**kwargs): + res = self._apply_method_s(SimpleLDAPObject.bind_s,*args,**kwargs) + self._store_last_bind(SimpleLDAPObject.bind_s,*args,**kwargs) + return res + + def simple_bind_s(self,*args,**kwargs): + res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs) + self._store_last_bind(SimpleLDAPObject.simple_bind_s,*args,**kwargs) + return res + + def start_tls_s(self,*args,**kwargs): + res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs) + self._start_tls = 1 + return res + + def sasl_interactive_bind_s(self,*args,**kwargs): + """ + sasl_interactive_bind_s(who, auth) -> None + """ + res = self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs) + self._store_last_bind(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs) + return res + + def sasl_bind_s(self,*args,**kwargs): + res = self._apply_method_s(SimpleLDAPObject.sasl_bind_s,*args,**kwargs) + self._store_last_bind(SimpleLDAPObject.sasl_bind_s,*args,**kwargs) + return res + + def add_ext_s(self,*args,**kwargs): + return self._apply_method_s(SimpleLDAPObject.add_ext_s,*args,**kwargs) + + def cancel_s(self,*args,**kwargs): + return self._apply_method_s(SimpleLDAPObject.cancel_s,*args,**kwargs) + + def compare_ext_s(self,*args,**kwargs): + return self._apply_method_s(SimpleLDAPObject.compare_ext_s,*args,**kwargs) + + def delete_ext_s(self,*args,**kwargs): + return self._apply_method_s(SimpleLDAPObject.delete_ext_s,*args,**kwargs) + + def extop_s(self,*args,**kwargs): + return self._apply_method_s(SimpleLDAPObject.extop_s,*args,**kwargs) + + def modify_ext_s(self,*args,**kwargs): + return self._apply_method_s(SimpleLDAPObject.modify_ext_s,*args,**kwargs) + + def rename_s(self,*args,**kwargs): + return self._apply_method_s(SimpleLDAPObject.rename_s,*args,**kwargs) + + def search_ext_s(self,*args,**kwargs): + return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs) + + def whoami_s(self,*args,**kwargs): + return self._apply_method_s(SimpleLDAPObject.whoami_s,*args,**kwargs) + + +# The class called LDAPObject will be used as default for +# ldap.open() and ldap.initialize() +LDAPObject = SimpleLDAPObject diff --git a/Lib/ldap/logger.py b/Lib/ldap/logger.py new file mode 100644 index 0000000..ae66bd0 --- /dev/null +++ b/Lib/ldap/logger.py @@ -0,0 +1,18 @@ +""" +Helper class for using logging as trace file object +""" + +import logging + +class logging_file_class: + + def __init__(self, logging_level): + self._logging_level = logging_level + + def write(self, msg): + logging.log(self._logging_level, msg[:-1]) + + def flush(self): + return + +logging_file_obj = logging_file_class(logging.DEBUG) diff --git a/Lib/ldap/modlist.py b/Lib/ldap/modlist.py new file mode 100644 index 0000000..bf4e481 --- /dev/null +++ b/Lib/ldap/modlist.py @@ -0,0 +1,97 @@ +""" +ldap.modlist - create add/modify modlist's + +See https://www.python-ldap.org/ for details. +""" + +from ldap import __version__ + +import ldap + + +def addModlist(entry,ignore_attr_types=None): + """Build modify list for call of method LDAPObject.add()""" + ignore_attr_types = {v.lower() for v in ignore_attr_types or []} + modlist = [] + for attrtype, value in entry.items(): + if attrtype.lower() in ignore_attr_types: + # This attribute type is ignored + continue + # Eliminate empty attr value strings in list + attrvaluelist = [item for item in value if item is not None] + if attrvaluelist: + modlist.append((attrtype, value)) + return modlist # addModlist() + + +def modifyModlist( + old_entry,new_entry,ignore_attr_types=None,ignore_oldexistent=0,case_ignore_attr_types=None +): + """ + Build differential modify list for calling LDAPObject.modify()/modify_s() + + old_entry + Dictionary holding the old entry + new_entry + Dictionary holding what the new entry should be + ignore_attr_types + List of attribute type names to be ignored completely + ignore_oldexistent + If non-zero attribute type names which are in old_entry + but are not found in new_entry at all are not deleted. + This is handy for situations where your application + sets attribute value to '' for deleting an attribute. + In most cases leave zero. + case_ignore_attr_types + List of attribute type names for which comparison will be made + case-insensitive + """ + ignore_attr_types = {v.lower() for v in ignore_attr_types or []} + case_ignore_attr_types = {v.lower() for v in case_ignore_attr_types or []} + modlist = [] + attrtype_lower_map = {} + for a in old_entry: + attrtype_lower_map[a.lower()]=a + for attrtype, value in new_entry.items(): + attrtype_lower = attrtype.lower() + if attrtype_lower in ignore_attr_types: + # This attribute type is ignored + continue + # Filter away null-strings + new_value = [item for item in value if item is not None] + if attrtype_lower in attrtype_lower_map: + old_value = old_entry.get(attrtype_lower_map[attrtype_lower],[]) + old_value = [item for item in old_value if item is not None] + del attrtype_lower_map[attrtype_lower] + else: + old_value = [] + if not old_value and new_value: + # Add a new attribute to entry + modlist.append((ldap.MOD_ADD,attrtype,new_value)) + elif old_value and new_value: + # Replace existing attribute + replace_attr_value = len(old_value)!=len(new_value) + if not replace_attr_value: + if attrtype_lower in case_ignore_attr_types: + old_value_set = {v.lower() for v in old_value} + new_value_set = {v.lower() for v in new_value} + else: + old_value_set = set(old_value) + new_value_set = set(new_value) + replace_attr_value = new_value_set != old_value_set + if replace_attr_value: + modlist.append((ldap.MOD_DELETE,attrtype,None)) + modlist.append((ldap.MOD_ADD,attrtype,new_value)) + elif old_value and not new_value: + # Completely delete an existing attribute + modlist.append((ldap.MOD_DELETE,attrtype,None)) + if not ignore_oldexistent: + # Remove all attributes of old_entry which are not present + # in new_entry at all + for a, val in attrtype_lower_map.items(): + if a in ignore_attr_types: + # This attribute type is ignored + continue + attrtype = val + modlist.append((ldap.MOD_DELETE,attrtype,None)) + return modlist # modifyModlist() diff --git a/Lib/ldap/pkginfo.py b/Lib/ldap/pkginfo.py new file mode 100644 index 0000000..2d88dc0 --- /dev/null +++ b/Lib/ldap/pkginfo.py @@ -0,0 +1,6 @@ +""" +meta attributes for packaging which does not import any dependencies +""" +__version__ = '3.3.0' +__author__ = 'python-ldap project' +__license__ = 'Python style' diff --git a/Lib/ldap/resiter.py b/Lib/ldap/resiter.py new file mode 100644 index 0000000..dc912eb --- /dev/null +++ b/Lib/ldap/resiter.py @@ -0,0 +1,41 @@ +""" +ldap.resiter - processing LDAP results with iterators + +See https://www.python-ldap.org/ for details. +""" + +from ldap.pkginfo import __version__, __author__, __license__ + + +class ResultProcessor: + """ + Mix-in class used with ldap.ldapopbject.LDAPObject or derived classes. + """ + + def allresults(self, msgid, timeout=-1, add_ctrls=0): + """ + Generator function which returns an iterator for processing all LDAP operation + results of the given msgid like retrieved with LDAPObject.result3() -> 4-tuple + """ + result_type, result_list, result_msgid, result_serverctrls, _, _ = \ + self.result4( + msgid, + 0, + timeout, + add_ctrls=add_ctrls + ) + while result_type and result_list: + yield ( + result_type, + result_list, + result_msgid, + result_serverctrls + ) + result_type, result_list, result_msgid, result_serverctrls, _, _ = \ + self.result4( + msgid, + 0, + timeout, + add_ctrls=add_ctrls + ) + return # allresults() diff --git a/Lib/ldap/sasl.py b/Lib/ldap/sasl.py new file mode 100644 index 0000000..cc0a2ea --- /dev/null +++ b/Lib/ldap/sasl.py @@ -0,0 +1,134 @@ +""" +sasl.py - support for SASL mechanism + +See https://www.python-ldap.org/ for details. + +Description: +The ldap.sasl module provides SASL authentication classes. +Each class provides support for one SASL mechanism. This is done by +implementing a callback() - method, which will be called by the +LDAPObject's sasl_bind_s() method +Implementing support for new sasl mechanism is very easy --- see +the examples of digest_md5 and gssapi. +""" + +from ldap import __version__ + +if __debug__: + # Tracing is only supported in debugging mode + from ldap import _trace_level, _trace_file + + +# These are the SASL callback id's , as defined in sasl.h +CB_USER = 0x4001 +CB_AUTHNAME = 0x4002 +CB_LANGUAGE = 0x4003 +CB_PASS = 0x4004 +CB_ECHOPROMPT = 0x4005 +CB_NOECHOPROMPT = 0x4006 +CB_GETREALM = 0x4008 + + +class sasl: + """ + This class handles SASL interactions for authentication. + If an instance of this class is passed to ldap's sasl_bind_s() + method, the library will call its callback() method. For + specific SASL authentication mechanisms, this method can be + overridden + """ + + def __init__(self, cb_value_dict, mech): + """ + The (generic) base class takes a cb_value_dictionary of + question-answer pairs. Questions are specified by the respective + SASL callback id's. The mech argument is a string that specifies + the SASL mechaninsm to be uesd. + """ + self.cb_value_dict = cb_value_dict or {} + if not isinstance(mech, bytes): + mech = mech.encode('utf-8') + self.mech = mech + + def callback(self, cb_id, challenge, prompt, defresult): + """ + The callback method will be called by the sasl_bind_s() + method several times. Each time it will provide the id, which + tells us what kind of information is requested (the CB_* + constants above). The challenge might be a short (English) text + or some binary string, from which the return value is calculated. + The prompt argument is always a human-readable description string; + The defresult is a default value provided by the sasl library + + Currently, we do not use the challenge and prompt information, and + return only information which is stored in the self.cb_value_dict + cb_value_dictionary. Note that the current callback interface is not very + useful for writing generic sasl GUIs, which would need to know all + the questions to ask, before the answers are returned to the sasl + lib (in contrast to one question at a time). + + Unicode strings are always converted to bytes. + """ + + # The following print command might be useful for debugging + # new sasl mechanisms. So it is left here + cb_result = self.cb_value_dict.get(cb_id, defresult) or '' + if __debug__: + if _trace_level >= 1: + _trace_file.write("*** id=%d, challenge=%s, prompt=%s, defresult=%s\n-> %s\n" % ( + cb_id, + challenge, + prompt, + repr(defresult), + repr(self.cb_value_dict.get(cb_result)) + )) + if not isinstance(cb_result, bytes): + cb_result = cb_result.encode('utf-8') + return cb_result + + +class cram_md5(sasl): + """ + This class handles SASL CRAM-MD5 authentication. + """ + + def __init__(self, authc_id, password, authz_id=""): + auth_dict = { + CB_AUTHNAME: authc_id, + CB_PASS: password, + CB_USER: authz_id, + } + sasl.__init__(self, auth_dict, "CRAM-MD5") + + +class digest_md5(sasl): + """ + This class handles SASL DIGEST-MD5 authentication. + """ + + def __init__(self, authc_id, password, authz_id=""): + auth_dict = { + CB_AUTHNAME: authc_id, + CB_PASS: password, + CB_USER: authz_id, + } + sasl.__init__(self, auth_dict, "DIGEST-MD5") + + +class gssapi(sasl): + """ + This class handles SASL GSSAPI (i.e. Kerberos V) authentication. + """ + + def __init__(self, authz_id=""): + sasl.__init__(self, {CB_USER: authz_id}, "GSSAPI") + + +class external(sasl): + """ + This class handles SASL EXTERNAL authentication + (i.e. X.509 client certificate) + """ + + def __init__(self, authz_id=""): + sasl.__init__(self, {CB_USER: authz_id}, "EXTERNAL") diff --git a/Lib/ldap/schema/__init__.py b/Lib/ldap/schema/__init__.py new file mode 100644 index 0000000..2349ae2 --- /dev/null +++ b/Lib/ldap/schema/__init__.py @@ -0,0 +1,10 @@ +""" +ldap.schema - LDAPv3 schema handling + +See https://www.python-ldap.org/ for details. +""" + +from ldap import __version__ + +from ldap.schema.subentry import SubSchema,SCHEMA_ATTRS,SCHEMA_CLASS_MAPPING,SCHEMA_ATTR_MAPPING,urlfetch +from ldap.schema.models import * diff --git a/Lib/ldap/schema/models.py b/Lib/ldap/schema/models.py new file mode 100644 index 0000000..d73420c --- /dev/null +++ b/Lib/ldap/schema/models.py @@ -0,0 +1,720 @@ +""" +schema.py - support for subSchemaSubEntry information + +See https://www.python-ldap.org/ for details. +""" + +import sys + +import ldap.cidict +from collections import UserDict as IterableUserDict + +from ldap.schema.tokenizer import split_tokens,extract_tokens + +NOT_HUMAN_READABLE_LDAP_SYNTAXES = { + '1.3.6.1.4.1.1466.115.121.1.4', # Audio + '1.3.6.1.4.1.1466.115.121.1.5', # Binary + '1.3.6.1.4.1.1466.115.121.1.8', # Certificate + '1.3.6.1.4.1.1466.115.121.1.9', # Certificate List + '1.3.6.1.4.1.1466.115.121.1.10', # Certificate Pair + '1.3.6.1.4.1.1466.115.121.1.23', # G3 FAX + '1.3.6.1.4.1.1466.115.121.1.28', # JPEG + '1.3.6.1.4.1.1466.115.121.1.40', # Octet String + '1.3.6.1.4.1.1466.115.121.1.49', # Supported Algorithm +} + + +class SchemaElement: + """ + Base class for all schema element classes. Not used directly! + + Arguments: + + schema_element_str + String which contains the schema element description to be parsed. + (Bytestrings are decoded using UTF-8) + + Class attributes: + + schema_attribute + LDAP attribute type containing a certain schema element description + token_defaults + Dictionary internally used by the schema element parser + containing the defaults for certain schema description key-words + """ + token_defaults = { + 'DESC':(None,), + } + + def __init__(self,schema_element_str=None): + if isinstance(schema_element_str, bytes): + schema_element_str = schema_element_str.decode('utf-8') + if schema_element_str: + l = split_tokens(schema_element_str) + self.set_id(l[1]) + d = extract_tokens(l,self.token_defaults) + self._set_attrs(l,d) + + def _set_attrs(self,l,d): + self.desc = d['DESC'][0] + return + + def set_id(self,element_id): + self.oid = element_id + + def get_id(self): + return self.oid + + def key_attr(self,key,value,quoted=0): + assert value is None or type(value)==str,TypeError("value has to be of str, was %r" % value) + if value: + if quoted: + return " {} '{}'".format(key,value.replace("'","\\'")) + else: + return f" {key} {value}" + else: + return "" + + def key_list(self,key,values,sep=' ',quoted=0): + assert type(values)==tuple,TypeError("values has to be a tuple, was %r" % values) + if not values: + return '' + if quoted: + quoted_values = [ "'%s'" % value.replace("'","\\'") for value in values ] + else: + quoted_values = values + if len(values)==1: + return ' {} {}'.format(key,quoted_values[0]) + else: + return ' {} ( {} )'.format(key,sep.join(quoted_values)) + + def __str__(self): + result = [str(self.oid)] + result.append(self.key_attr('DESC',self.desc,quoted=1)) + return '( %s )' % ''.join(result) + + +class ObjectClass(SchemaElement): + """ + Arguments: + + schema_element_str + String containing an ObjectClassDescription + + Class attributes: + + oid + OID assigned to the object class + names + All NAMEs of the object class (tuple of strings) + desc + Description text (DESC) of the object class (string, or None if missing) + obsolete + Integer flag (0 or 1) indicating whether the object class is marked + as OBSOLETE in the schema + must + NAMEs or OIDs of all attributes an entry of the object class must have + (tuple of strings) + may + NAMEs or OIDs of additional attributes an entry of the object class may + have (tuple of strings) + kind + Kind of an object class: + 0 = STRUCTURAL, + 1 = ABSTRACT, + 2 = AUXILIARY + sup + NAMEs or OIDs of object classes this object class is derived from + (tuple of strings) + x_origin + Value of the X-ORIGIN extension flag (tuple of strings) + + Although it's not official, X-ORIGIN is used in several LDAP server + implementations to indicate the source of the associated schema + element + """ + schema_attribute = 'objectClasses' + token_defaults = { + 'NAME':(()), + 'DESC':(None,), + 'OBSOLETE':None, + 'SUP':(()), + 'STRUCTURAL':None, + 'AUXILIARY':None, + 'ABSTRACT':None, + 'MUST':(()), + 'MAY':(), + 'X-ORIGIN':() + } + + def _set_attrs(self,l,d): + self.obsolete = d['OBSOLETE']!=None + self.names = d['NAME'] + self.desc = d['DESC'][0] + self.must = d['MUST'] + self.may = d['MAY'] + self.x_origin = d['X-ORIGIN'] + # Default is STRUCTURAL, see RFC2552 or draft-ietf-ldapbis-syntaxes + self.kind = 0 + if d['ABSTRACT']!=None: + self.kind = 1 + elif d['AUXILIARY']!=None: + self.kind = 2 + if self.kind==0 and not d['SUP'] and self.oid!='2.5.6.0': + # STRUCTURAL object classes are sub-classes of 'top' by default + self.sup = ('top',) + else: + self.sup = d['SUP'] + return + + def __str__(self): + result = [str(self.oid)] + result.append(self.key_list('NAME',self.names,quoted=1)) + result.append(self.key_attr('DESC',self.desc,quoted=1)) + result.append(self.key_list('SUP',self.sup,sep=' $ ')) + result.append({0:'',1:' OBSOLETE'}[self.obsolete]) + result.append({0:' STRUCTURAL',1:' ABSTRACT',2:' AUXILIARY'}[self.kind]) + result.append(self.key_list('MUST',self.must,sep=' $ ')) + result.append(self.key_list('MAY',self.may,sep=' $ ')) + result.append(self.key_list('X-ORIGIN',self.x_origin,quoted=1)) + return '( %s )' % ''.join(result) + + +AttributeUsage = ldap.cidict.cidict({ + 'userApplication':0, # work-around for non-compliant schema + 'userApplications':0, + 'directoryOperation':1, + 'distributedOperation':2, + 'dSAOperation':3, +}) + + +class AttributeType(SchemaElement): + """ + Arguments: + + schema_element_str + String containing an AttributeTypeDescription + + Class attributes: + + oid + OID assigned to the attribute type (string) + names + All NAMEs of the attribute type (tuple of strings) + desc + Description text (DESC) of the attribute type (string, or None if missing) + obsolete + Integer flag (0 or 1) indicating whether the attribute type is marked + as OBSOLETE in the schema + single_value + Integer flag (0 or 1) indicating whether the attribute must + have only one value + syntax + OID of the LDAP syntax assigned to the attribute type + no_user_mod + Integer flag (0 or 1) indicating whether the attribute is modifiable + by a client application + equality + NAME or OID of the matching rule used for checking whether attribute values + are equal (string, or None if missing) + substr + NAME or OID of the matching rule used for checking whether an attribute + value contains another value (string, or None if missing) + ordering + NAME or OID of the matching rule used for checking whether attribute values + are lesser-equal than (string, or None if missing) + usage + USAGE of an attribute type: + 0 = userApplications + 1 = directoryOperation, + 2 = distributedOperation, + 3 = dSAOperation + sup + NAMEs or OIDs of attribute types this attribute type is derived from + (tuple of strings) + x_origin + Value of the X-ORIGIN extension flag (tuple of strings). + + Although it's not official, X-ORIGIN is used in several LDAP server + implementations to indicate the source of the associated schema + element + """ + schema_attribute = 'attributeTypes' + token_defaults = { + 'NAME':(()), + 'DESC':(None,), + 'OBSOLETE':None, + 'SUP':(()), + 'EQUALITY':(None,), + 'ORDERING':(None,), + 'SUBSTR':(None,), + 'SYNTAX':(None,), + 'SINGLE-VALUE':None, + 'COLLECTIVE':None, + 'NO-USER-MODIFICATION':None, + 'USAGE':('userApplications',), + 'X-ORIGIN':(), + 'X-ORDERED':(None,), + } + + def _set_attrs(self,l,d): + self.names = d['NAME'] + self.desc = d['DESC'][0] + self.obsolete = d['OBSOLETE']!=None + self.sup = d['SUP'] + self.equality = d['EQUALITY'][0] + self.ordering = d['ORDERING'][0] + self.substr = d['SUBSTR'][0] + self.x_origin = d['X-ORIGIN'] + self.x_ordered = d['X-ORDERED'][0] + try: + syntax = d['SYNTAX'][0] + except IndexError: + self.syntax = None + self.syntax_len = None + else: + if syntax is None: + self.syntax = None + self.syntax_len = None + else: + try: + self.syntax,syntax_len = d['SYNTAX'][0].split("{") + except ValueError: + self.syntax = d['SYNTAX'][0] + self.syntax_len = None + for i in l: + if i.startswith("{") and i.endswith("}"): + self.syntax_len = int(i[1:-1]) + else: + self.syntax_len = int(syntax_len[:-1]) + self.single_value = d['SINGLE-VALUE']!=None + self.collective = d['COLLECTIVE']!=None + self.no_user_mod = d['NO-USER-MODIFICATION']!=None + self.usage = AttributeUsage.get(d['USAGE'][0],0) + return + + def __str__(self): + result = [str(self.oid)] + result.append(self.key_list('NAME',self.names,quoted=1)) + result.append(self.key_attr('DESC',self.desc,quoted=1)) + result.append(self.key_list('SUP',self.sup,sep=' $ ')) + result.append({0:'',1:' OBSOLETE'}[self.obsolete]) + result.append(self.key_attr('EQUALITY',self.equality)) + result.append(self.key_attr('ORDERING',self.ordering)) + result.append(self.key_attr('SUBSTR',self.substr)) + result.append(self.key_attr('SYNTAX',self.syntax)) + if self.syntax_len!=None: + result.append(('{%d}' % (self.syntax_len))*(self.syntax_len>0)) + result.append({0:'',1:' SINGLE-VALUE'}[self.single_value]) + result.append({0:'',1:' COLLECTIVE'}[self.collective]) + result.append({0:'',1:' NO-USER-MODIFICATION'}[self.no_user_mod]) + result.append( + { + 0:"", + 1:" USAGE directoryOperation", + 2:" USAGE distributedOperation", + 3:" USAGE dSAOperation", + }[self.usage] + ) + result.append(self.key_list('X-ORIGIN',self.x_origin,quoted=1)) + result.append(self.key_attr('X-ORDERED',self.x_ordered,quoted=1)) + return '( %s )' % ''.join(result) + + +class LDAPSyntax(SchemaElement): + """ + SyntaxDescription + + oid + OID assigned to the LDAP syntax + desc + Description text (DESC) of the LDAP syntax (string, or None if missing) + not_human_readable + Integer flag (0 or 1) indicating whether the attribute type is marked + as not human-readable (X-NOT-HUMAN-READABLE) + """ + schema_attribute = 'ldapSyntaxes' + token_defaults = { + 'DESC':(None,), + 'X-NOT-HUMAN-READABLE':(None,), + 'X-BINARY-TRANSFER-REQUIRED':(None,), + 'X-SUBST':(None,), + } + + def _set_attrs(self,l,d): + self.desc = d['DESC'][0] + self.x_subst = d['X-SUBST'][0] + self.not_human_readable = \ + self.oid in NOT_HUMAN_READABLE_LDAP_SYNTAXES or \ + d['X-NOT-HUMAN-READABLE'][0]=='TRUE' + self.x_binary_transfer_required = d['X-BINARY-TRANSFER-REQUIRED'][0]=='TRUE' + return + + def __str__(self): + result = [str(self.oid)] + result.append(self.key_attr('DESC',self.desc,quoted=1)) + result.append(self.key_attr('X-SUBST',self.x_subst,quoted=1)) + result.append( + {0:'',1:" X-NOT-HUMAN-READABLE 'TRUE'"}[self.not_human_readable] + ) + return '( %s )' % ''.join(result) + + +class MatchingRule(SchemaElement): + """ + Arguments: + + schema_element_str + String containing an MatchingRuleDescription + + Class attributes: + + oid + OID assigned to the matching rule + names + All NAMEs of the matching rule (tuple of strings) + desc + Description text (DESC) of the matching rule + obsolete + Integer flag (0 or 1) indicating whether the matching rule is marked + as OBSOLETE in the schema + syntax + OID of the LDAP syntax this matching rule is usable with + (string, or None if missing) + """ + schema_attribute = 'matchingRules' + token_defaults = { + 'NAME':(()), + 'DESC':(None,), + 'OBSOLETE':None, + 'SYNTAX':(None,), + } + + def _set_attrs(self,l,d): + self.names = d['NAME'] + self.desc = d['DESC'][0] + self.obsolete = d['OBSOLETE']!=None + self.syntax = d['SYNTAX'][0] + return + + def __str__(self): + result = [str(self.oid)] + result.append(self.key_list('NAME',self.names,quoted=1)) + result.append(self.key_attr('DESC',self.desc,quoted=1)) + result.append({0:'',1:' OBSOLETE'}[self.obsolete]) + result.append(self.key_attr('SYNTAX',self.syntax)) + return '( %s )' % ''.join(result) + + +class MatchingRuleUse(SchemaElement): + """ + Arguments: + + schema_element_str + String containing an MatchingRuleUseDescription + + Class attributes: + + oid + OID of the accompanying matching rule + names + All NAMEs of the matching rule (tuple of strings) + desc + Description text (DESC) of the matching rule (string, or None if missing) + obsolete + Integer flag (0 or 1) indicating whether the matching rule is marked + as OBSOLETE in the schema + applies + NAMEs or OIDs of attribute types for which this matching rule is used + (tuple of strings) + """ + schema_attribute = 'matchingRuleUse' + token_defaults = { + 'NAME':(()), + 'DESC':(None,), + 'OBSOLETE':None, + 'APPLIES':(()), + } + + def _set_attrs(self,l,d): + self.names = d['NAME'] + self.desc = d['DESC'][0] + self.obsolete = d['OBSOLETE']!=None + self.applies = d['APPLIES'] + return + + def __str__(self): + result = [str(self.oid)] + result.append(self.key_list('NAME',self.names,quoted=1)) + result.append(self.key_attr('DESC',self.desc,quoted=1)) + result.append({0:'',1:' OBSOLETE'}[self.obsolete]) + result.append(self.key_list('APPLIES',self.applies,sep=' $ ')) + return '( %s )' % ''.join(result) + + +class DITContentRule(SchemaElement): + """ + Arguments: + + schema_element_str + String containing an DITContentRuleDescription + + Class attributes: + + oid + OID of the accompanying structural object class + names + All NAMEs of the DIT content rule (tuple of strings) + desc + Description text (DESC) of the DIT content rule + (string, or None if missing) + obsolete + Integer flag (0 or 1) indicating whether the DIT content rule is marked + as OBSOLETE in the schema + aux + NAMEs or OIDs of all auxiliary object classes usable in an entry of the + object class (tuple of strings) + must + NAMEs or OIDs of all attributes an entry of the object class must + have, which may extend the list of required attributes of the object + classes of an entry. + (tuple of strings) + may + NAMEs or OIDs of additional attributes an entry of the object class may + have. which may extend the list of optional attributes of the object + classes of an entry. + (tuple of strings) + nots + NAMEs or OIDs of attributes which may not be present in an entry of the + object class. (tuple of strings) + """ + schema_attribute = 'dITContentRules' + token_defaults = { + 'NAME':(()), + 'DESC':(None,), + 'OBSOLETE':None, + 'AUX':(()), + 'MUST':(()), + 'MAY':(()), + 'NOT':(()), + } + + def _set_attrs(self,l,d): + self.names = d['NAME'] + self.desc = d['DESC'][0] + self.obsolete = d['OBSOLETE']!=None + self.aux = d['AUX'] + self.must = d['MUST'] + self.may = d['MAY'] + self.nots = d['NOT'] + return + + def __str__(self): + result = [str(self.oid)] + result.append(self.key_list('NAME',self.names,quoted=1)) + result.append(self.key_attr('DESC',self.desc,quoted=1)) + result.append({0:'',1:' OBSOLETE'}[self.obsolete]) + result.append(self.key_list('AUX',self.aux,sep=' $ ')) + result.append(self.key_list('MUST',self.must,sep=' $ ')) + result.append(self.key_list('MAY',self.may,sep=' $ ')) + result.append(self.key_list('NOT',self.nots,sep=' $ ')) + return '( %s )' % ''.join(result) + + +class DITStructureRule(SchemaElement): + """ + Arguments: + + schema_element_str + String containing an DITStructureRuleDescription + + Class attributes: + + ruleid + rule ID of the DIT structure rule (only locally unique) + names + All NAMEs of the DIT structure rule (tuple of strings) + desc + Description text (DESC) of the DIT structure rule + (string, or None if missing) + obsolete + Integer flag (0 or 1) indicating whether the DIT content rule is marked + as OBSOLETE in the schema + form + NAMEs or OIDs of associated name forms (tuple of strings) + sup + NAMEs or OIDs of allowed structural object classes + of superior entries in the DIT (tuple of strings) + """ + schema_attribute = 'dITStructureRules' + + token_defaults = { + 'NAME':(()), + 'DESC':(None,), + 'OBSOLETE':None, + 'FORM':(None,), + 'SUP':(()), + } + + def set_id(self,element_id): + self.ruleid = element_id + + def get_id(self): + return self.ruleid + + def _set_attrs(self,l,d): + self.names = d['NAME'] + self.desc = d['DESC'][0] + self.obsolete = d['OBSOLETE']!=None + self.form = d['FORM'][0] + self.sup = d['SUP'] + return + + def __str__(self): + result = [str(self.ruleid)] + result.append(self.key_list('NAME',self.names,quoted=1)) + result.append(self.key_attr('DESC',self.desc,quoted=1)) + result.append({0:'',1:' OBSOLETE'}[self.obsolete]) + result.append(self.key_attr('FORM',self.form,quoted=0)) + result.append(self.key_list('SUP',self.sup,sep=' $ ')) + return '( %s )' % ''.join(result) + + +class NameForm(SchemaElement): + """ + Arguments: + + schema_element_str + String containing an NameFormDescription + + Class attributes: + + oid + OID of the name form + names + All NAMEs of the name form (tuple of strings) + desc + Description text (DESC) of the name form (string, or None if missing) + obsolete + Integer flag (0 or 1) indicating whether the name form is marked + as OBSOLETE in the schema + form + NAMEs or OIDs of associated name forms (tuple of strings) + oc + NAME or OID of structural object classes this name form + is usable with (string) + must + NAMEs or OIDs of all attributes an RDN must contain (tuple of strings) + may + NAMEs or OIDs of additional attributes an RDN may contain + (tuple of strings) + """ + schema_attribute = 'nameForms' + token_defaults = { + 'NAME':(()), + 'DESC':(None,), + 'OBSOLETE':None, + 'OC':(None,), + 'MUST':(()), + 'MAY':(()), + } + + def _set_attrs(self,l,d): + self.names = d['NAME'] + self.desc = d['DESC'][0] + self.obsolete = d['OBSOLETE']!=None + self.oc = d['OC'][0] + self.must = d['MUST'] + self.may = d['MAY'] + return + + def __str__(self): + result = [str(self.oid)] + result.append(self.key_list('NAME',self.names,quoted=1)) + result.append(self.key_attr('DESC',self.desc,quoted=1)) + result.append({0:'',1:' OBSOLETE'}[self.obsolete]) + result.append(self.key_attr('OC',self.oc)) + result.append(self.key_list('MUST',self.must,sep=' $ ')) + result.append(self.key_list('MAY',self.may,sep=' $ ')) + return '( %s )' % ''.join(result) + + +class Entry(IterableUserDict): + """ + Schema-aware implementation of an LDAP entry class. + + Mainly it holds the attributes in a string-keyed dictionary with + the OID as key. + """ + + def __init__(self,schema,dn,entry): + self._keytuple2attrtype = {} + self._attrtype2keytuple = {} + self._s = schema + self.dn = dn + IterableUserDict.IterableUserDict.__init__(self,{}) + self.update(entry) + + def _at2key(self,nameoroid): + """ + Return tuple of OID and all sub-types of attribute type specified + in nameoroid. + """ + try: + # Mapping already in cache + return self._attrtype2keytuple[nameoroid] + except KeyError: + # Mapping has to be constructed + oid = self._s.getoid(ldap.schema.AttributeType,nameoroid) + l = nameoroid.lower().split(';') + l[0] = oid + t = tuple(l) + self._attrtype2keytuple[nameoroid] = t + return t + + def update(self,dict): + for key, value in dict.values(): + self[key] = value + + def __contains__(self,nameoroid): + return self._at2key(nameoroid) in self.data + + def __getitem__(self,nameoroid): + return self.data[self._at2key(nameoroid)] + + def __setitem__(self,nameoroid,attr_values): + k = self._at2key(nameoroid) + self._keytuple2attrtype[k] = nameoroid + self.data[k] = attr_values + + def __delitem__(self,nameoroid): + k = self._at2key(nameoroid) + del self.data[k] + del self._attrtype2keytuple[nameoroid] + del self._keytuple2attrtype[k] + + def has_key(self,nameoroid): + k = self._at2key(nameoroid) + return k in self.data + + def keys(self): + return self._keytuple2attrtype.values() + + def items(self): + return [ + (k,self[k]) + for k in self.keys() + ] + + def attribute_types( + self,attr_type_filter=None,raise_keyerror=1 + ): + """ + Convenience wrapper around SubSchema.attribute_types() which + passes object classes of this particular entry as argument to + SubSchema.attribute_types() + """ + return self._s.attribute_types( + self.get('objectClass',[]),attr_type_filter,raise_keyerror + ) diff --git a/Lib/ldap/schema/subentry.py b/Lib/ldap/schema/subentry.py new file mode 100644 index 0000000..b83d819 --- /dev/null +++ b/Lib/ldap/schema/subentry.py @@ -0,0 +1,497 @@ +""" +ldap.schema.subentry - subschema subentry handling + +See https://www.python-ldap.org/ for details. +""" + +import copy +from urllib.request import urlopen + +import ldap.cidict,ldap.schema +from ldap.schema.models import * + +import ldapurl +import ldif + + +SCHEMA_CLASS_MAPPING = ldap.cidict.cidict() +SCHEMA_ATTR_MAPPING = {} + +for o in list(vars().values()): + if hasattr(o,'schema_attribute'): + SCHEMA_CLASS_MAPPING[o.schema_attribute] = o + SCHEMA_ATTR_MAPPING[o] = o.schema_attribute + +SCHEMA_ATTRS = list(SCHEMA_CLASS_MAPPING) + + +class SubschemaError(ValueError): + pass + + +class OIDNotUnique(SubschemaError): + + def __init__(self,desc): + self.desc = desc + + def __str__(self): + return 'OID not unique for %s' % (self.desc) + + +class NameNotUnique(SubschemaError): + + def __init__(self,desc): + self.desc = desc + + def __str__(self): + return 'NAME not unique for %s' % (self.desc) + + +class SubSchema: + """ + Arguments: + + sub_schema_sub_entry + Dictionary usually returned by LDAP search or the LDIF parser + containing the sub schema sub entry + + check_uniqueness + Defines whether uniqueness of OIDs and NAME is checked. + + 0 + no check + 1 + check but add schema description with work-around + 2 + check and raise exception if non-unique OID or NAME is found + + Class attributes: + + sed + Dictionary holding the subschema information as pre-parsed + SchemaElement objects (do not access directly!) + name2oid + Dictionary holding the mapping from NAMEs to OIDs + (do not access directly!) + non_unique_oids + List of OIDs used at least twice in the subschema + non_unique_names + List of NAMEs used at least twice in the subschema for the same schema element + """ + + def __init__(self,sub_schema_sub_entry,check_uniqueness=1): + + # Initialize all dictionaries + self.name2oid = {} + self.sed = {} + self.non_unique_oids = {} + self.non_unique_names = {} + for c in SCHEMA_CLASS_MAPPING.values(): + self.name2oid[c] = ldap.cidict.cidict() + self.sed[c] = {} + self.non_unique_names[c] = ldap.cidict.cidict() + + # Transform entry dict to case-insensitive dict + e = ldap.cidict.cidict(sub_schema_sub_entry) + + # Build the schema registry in dictionaries + for attr_type in SCHEMA_ATTRS: + + for attr_value in filter(None,e.get(attr_type,[])): + + se_class = SCHEMA_CLASS_MAPPING[attr_type] + se_instance = se_class(attr_value) + se_id = se_instance.get_id() + + if check_uniqueness and se_id in self.sed[se_class]: + self.non_unique_oids[se_id] = None + if check_uniqueness==1: + # Add to subschema by adding suffix to ID + suffix_counter = 1 + new_se_id = se_id + while new_se_id in self.sed[se_class]: + new_se_id = ';'.join((se_id,str(suffix_counter))) + suffix_counter += 1 + else: + se_id = new_se_id + elif check_uniqueness>=2: + raise OIDNotUnique(attr_value) + + # Store the schema element instance in the central registry + self.sed[se_class][se_id] = se_instance + + if hasattr(se_instance,'names'): + for name in ldap.cidict.cidict({}.fromkeys(se_instance.names)): + if check_uniqueness and name in self.name2oid[se_class]: + self.non_unique_names[se_class][se_id] = None + raise NameNotUnique(attr_value) + else: + self.name2oid[se_class][name] = se_id + + # Turn dict into list maybe more handy for applications + self.non_unique_oids = list(self.non_unique_oids) + + return # subSchema.__init__() + + + def ldap_entry(self): + """ + Returns a dictionary containing the sub schema sub entry + """ + # Initialize the dictionary with empty lists + entry = {} + # Collect the schema elements and store them in + # entry's attributes + for se_class, elements in self.sed.items(): + for se in elements.values(): + se_str = str(se) + try: + entry[SCHEMA_ATTR_MAPPING[se_class]].append(se_str) + except KeyError: + entry[SCHEMA_ATTR_MAPPING[se_class]] = [ se_str ] + return entry + + def listall(self,schema_element_class,schema_element_filters=None): + """ + Returns a list of OIDs of all available schema + elements of a given schema element class. + """ + avail_se = self.sed[schema_element_class] + if schema_element_filters: + result = [] + for se_key, se in avail_se.items(): + for fk,fv in schema_element_filters: + try: + if getattr(se,fk) in fv: + result.append(se_key) + except AttributeError: + pass + else: + result = list(avail_se) + return result + + + def tree(self,schema_element_class,schema_element_filters=None): + """ + Returns a ldap.cidict.cidict dictionary representing the + tree structure of the schema elements. + """ + assert schema_element_class in [ObjectClass,AttributeType] + avail_se = self.listall(schema_element_class,schema_element_filters) + top_node = '_' + tree = ldap.cidict.cidict({top_node:[]}) + # 1. Pass: Register all nodes + for se in avail_se: + tree[se] = [] + # 2. Pass: Register all sup references + for se_oid in avail_se: + se_obj = self.get_obj(schema_element_class,se_oid,None) + if se_obj.__class__!=schema_element_class: + # Ignore schema elements not matching schema_element_class. + # This helps with falsely assigned OIDs. + continue + assert se_obj.__class__==schema_element_class, \ + "Schema element referenced by {} must be of class {} but was {}".format( + se_oid,schema_element_class.__name__,se_obj.__class__ + ) + for s in se_obj.sup or ('_',): + sup_oid = self.getoid(schema_element_class,s) + try: + tree[sup_oid].append(se_oid) + except: + pass + return tree + + + def getoid(self,se_class,nameoroid,raise_keyerror=0): + """ + Get an OID by name or OID + """ + nameoroid_stripped = nameoroid.split(';')[0].strip() + if nameoroid_stripped in self.sed[se_class]: + # name_or_oid is already a registered OID + return nameoroid_stripped + else: + try: + result_oid = self.name2oid[se_class][nameoroid_stripped] + except KeyError: + if raise_keyerror: + raise KeyError('No registered {}-OID for nameoroid {}'.format(se_class.__name__,repr(nameoroid_stripped))) + else: + result_oid = nameoroid_stripped + return result_oid + + + def get_inheritedattr(self,se_class,nameoroid,name): + """ + Get a possibly inherited attribute specified by name + of a schema element specified by nameoroid. + Returns None if class attribute is not set at all. + + Raises KeyError if no schema element is found by nameoroid. + """ + se = self.sed[se_class][self.getoid(se_class,nameoroid)] + try: + result = getattr(se,name) + except AttributeError: + result = None + if result is None and se.sup: + result = self.get_inheritedattr(se_class,se.sup[0],name) + return result + + + def get_obj(self,se_class,nameoroid,default=None,raise_keyerror=0): + """ + Get a schema element by name or OID + """ + se_oid = self.getoid(se_class,nameoroid) + try: + se_obj = self.sed[se_class][se_oid] + except KeyError: + if raise_keyerror: + raise KeyError('No ldap.schema.{} instance with nameoroid {} and se_oid {}'.format( + se_class.__name__,repr(nameoroid),repr(se_oid)) + ) + else: + se_obj = default + return se_obj + + + def get_inheritedobj(self,se_class,nameoroid,inherited=None): + """ + Get a schema element by name or OID with all class attributes + set including inherited class attributes + """ + inherited = inherited or [] + se = copy.copy(self.sed[se_class].get(self.getoid(se_class,nameoroid))) + if se and hasattr(se,'sup'): + for class_attr_name in inherited: + setattr(se,class_attr_name,self.get_inheritedattr(se_class,nameoroid,class_attr_name)) + return se + + + def get_syntax(self,nameoroid): + """ + Get the syntax of an attribute type specified by name or OID + """ + at_oid = self.getoid(AttributeType,nameoroid) + try: + at_obj = self.get_inheritedobj(AttributeType,at_oid) + except KeyError: + return None + else: + return at_obj.syntax + + + def get_structural_oc(self,oc_list): + """ + Returns OID of structural object class in oc_list + if any is present. Returns None else. + """ + # Get tree of all STRUCTURAL object classes + oc_tree = self.tree(ObjectClass,[('kind',[0])]) + # Filter all STRUCTURAL object classes + struct_ocs = {} + for oc_nameoroid in oc_list: + oc_se = self.get_obj(ObjectClass,oc_nameoroid,None) + if oc_se and oc_se.kind==0: + struct_ocs[oc_se.oid] = None + result = None + # Build a copy of the oid list, to be cleaned as we go. + struct_oc_list = list(struct_ocs) + while struct_oc_list: + oid = struct_oc_list.pop() + for child_oid in oc_tree[oid]: + if self.getoid(ObjectClass,child_oid) in struct_ocs: + break + else: + result = oid + return result + + + def get_applicable_aux_classes(self,nameoroid): + """ + Return a list of the applicable AUXILIARY object classes + for a STRUCTURAL object class specified by 'nameoroid' + if the object class is governed by a DIT content rule. + If there's no DIT content rule all available AUXILIARY + object classes are returned. + """ + content_rule = self.get_obj(DITContentRule,nameoroid) + if content_rule: + # Return AUXILIARY object classes from DITContentRule instance + return content_rule.aux + else: + # list all AUXILIARY object classes + return self.listall(ObjectClass,[('kind',[2])]) + + def attribute_types( + self,object_class_list,attr_type_filter=None,raise_keyerror=1,ignore_dit_content_rule=0 + ): + """ + Returns a 2-tuple of all must and may attributes including + all inherited attributes of superior object classes + by walking up classes along the SUP attribute. + + The attributes are stored in a ldap.cidict.cidict dictionary. + + object_class_list + list of strings specifying object class names or OIDs + attr_type_filter + list of 2-tuples containing lists of class attributes + which has to be matched + raise_keyerror + All KeyError exceptions for non-existent schema elements + are ignored + ignore_dit_content_rule + A DIT content rule governing the structural object class + is ignored + """ + AttributeType = ldap.schema.AttributeType + ObjectClass = ldap.schema.ObjectClass + + # Map object_class_list to object_class_oids (list of OIDs) + object_class_oids = [ + self.getoid(ObjectClass,o) + for o in object_class_list + ] + # Initialize + oid_cache = {} + + r_must,r_may = ldap.cidict.cidict(),ldap.cidict.cidict() + if '1.3.6.1.4.1.1466.101.120.111' in object_class_oids: + # Object class 'extensibleObject' MAY carry every attribute type + for at_obj in self.sed[AttributeType].values(): + r_may[at_obj.oid] = at_obj + + # Loop over OIDs of all given object classes + while object_class_oids: + object_class_oid = object_class_oids.pop(0) + # Check whether the objectClass with this OID + # has already been processed + if object_class_oid in oid_cache: + continue + # Cache this OID as already being processed + oid_cache[object_class_oid] = None + try: + object_class = self.sed[ObjectClass][object_class_oid] + except KeyError: + if raise_keyerror: + raise + # Ignore this object class + continue + assert isinstance(object_class,ObjectClass) + assert hasattr(object_class,'must'),ValueError(object_class_oid) + assert hasattr(object_class,'may'),ValueError(object_class_oid) + for a in object_class.must: + se_oid = self.getoid(AttributeType,a,raise_keyerror=raise_keyerror) + r_must[se_oid] = self.get_obj(AttributeType,se_oid,raise_keyerror=raise_keyerror) + for a in object_class.may: + se_oid = self.getoid(AttributeType,a,raise_keyerror=raise_keyerror) + r_may[se_oid] = self.get_obj(AttributeType,se_oid,raise_keyerror=raise_keyerror) + + object_class_oids.extend([ + self.getoid(ObjectClass,o) + for o in object_class.sup + ]) + + # Process DIT content rules + if not ignore_dit_content_rule: + structural_oc = self.get_structural_oc(object_class_list) + if structural_oc: + # Process applicable DIT content rule + try: + dit_content_rule = self.get_obj(DITContentRule,structural_oc,raise_keyerror=1) + except KeyError: + # Not DIT content rule found for structural objectclass + pass + else: + for a in dit_content_rule.must: + se_oid = self.getoid(AttributeType,a,raise_keyerror=raise_keyerror) + r_must[se_oid] = self.get_obj(AttributeType,se_oid,raise_keyerror=raise_keyerror) + for a in dit_content_rule.may: + se_oid = self.getoid(AttributeType,a,raise_keyerror=raise_keyerror) + r_may[se_oid] = self.get_obj(AttributeType,se_oid,raise_keyerror=raise_keyerror) + for a in dit_content_rule.nots: + a_oid = self.getoid(AttributeType,a,raise_keyerror=raise_keyerror) + try: + del r_may[a_oid] + except KeyError: + pass + + # Remove all mandantory attribute types from + # optional attribute type list + for a in list(r_may): + if a in r_must: + del r_may[a] + + # Apply attr_type_filter to results + if attr_type_filter: + for l in [r_must,r_may]: + for a in list(l): + for afk,afv in attr_type_filter: + try: + schema_attr_type = self.sed[AttributeType][a] + except KeyError: + if raise_keyerror: + raise KeyError('No attribute type found in sub schema by name %s' % (a)) + # If there's no schema element for this attribute type + # but still KeyError is to be ignored we filter it away + del l[a] + break + else: + if not getattr(schema_attr_type,afk) in afv: + del l[a] + break + + return r_must,r_may # attribute_types() + + +def urlfetch(uri,trace_level=0): + """ + Fetches a parsed schema entry by uri. + + If uri is a LDAP URL the LDAP server is queried directly. + Otherwise uri is assumed to point to a LDIF file which + is loaded with urllib. + """ + uri = uri.strip() + if uri.startswith(('ldap:', 'ldaps:', 'ldapi:')): + ldap_url = ldapurl.LDAPUrl(uri) + + l=ldap.initialize(ldap_url.initializeUrl(),trace_level) + l.protocol_version = ldap.VERSION3 + l.simple_bind_s(ldap_url.who or '', ldap_url.cred or '') + subschemasubentry_dn = l.search_subschemasubentry_s(ldap_url.dn) + if subschemasubentry_dn is None: + s_temp = None + else: + if ldap_url.attrs is None: + schema_attrs = SCHEMA_ATTRS + else: + schema_attrs = ldap_url.attrs + s_temp = l.read_subschemasubentry_s( + subschemasubentry_dn,attrs=schema_attrs + ) + l.unbind_s() + del l + else: + ldif_file = urlopen(uri) + ldif_parser = ldif.LDIFRecordList(ldif_file,max_entries=1) + ldif_parser.parse() + subschemasubentry_dn,s_temp = ldif_parser.all_records[0] + # Work-around for mixed-cased attribute names + subschemasubentry_entry = ldap.cidict.cidict() + s_temp = s_temp or {} + for at,av in s_temp.items(): + if at in SCHEMA_CLASS_MAPPING: + try: + subschemasubentry_entry[at].extend(av) + except KeyError: + subschemasubentry_entry[at] = av + # Finally parse the schema + if subschemasubentry_dn!=None: + parsed_sub_schema = ldap.schema.SubSchema(subschemasubentry_entry) + else: + parsed_sub_schema = None + return subschemasubentry_dn, parsed_sub_schema diff --git a/Lib/ldap/schema/tokenizer.py b/Lib/ldap/schema/tokenizer.py new file mode 100644 index 0000000..69823f2 --- /dev/null +++ b/Lib/ldap/schema/tokenizer.py @@ -0,0 +1,84 @@ +""" +ldap.schema.tokenizer - Low-level parsing functions for schema element strings + +See https://www.python-ldap.org/ for details. +""" + +import re + +TOKENS_FINDALL = re.compile( + r"(\()" # opening parenthesis + r"|" # or + r"(\))" # closing parenthesis + r"|" # or + r"([^'$()\s]+)" # string of length >= 1 without '$() or whitespace + r"|" # or + r"('(?:[^'\\]|\\\\|\\.)*?'(?!\w))" + # any string or empty string surrounded by unescaped + # single quotes except if right quote is succeeded by + # alphanumeric char + r"|" # or + r"([^\s]+?)", # residue, all non-whitespace strings +).findall + +UNESCAPE_PATTERN = re.compile(r"\\(.)") + + +def split_tokens(s): + """ + Returns list of syntax elements with quotes and spaces stripped. + """ + parts = [] + parens = 0 + for opar, cpar, unquoted, quoted, residue in TOKENS_FINDALL(s): + if unquoted: + parts.append(unquoted) + elif quoted: + parts.append(UNESCAPE_PATTERN.sub(r'\1', quoted[1:-1])) + elif opar: + parens += 1 + parts.append(opar) + elif cpar: + parens -= 1 + parts.append(cpar) + elif residue == '$': + if not parens: + raise ValueError("'$' outside parenthesis in %r" % (s)) + else: + raise ValueError(residue, s) + if parens: + raise ValueError("Unbalanced parenthesis in %r" % (s)) + return parts + +def extract_tokens(l,known_tokens): + """ + Returns dictionary of known tokens with all values + """ + assert l[0].strip()=="(" and l[-1].strip()==")",ValueError(l) + result = {} + result.update(known_tokens) + i = 0 + l_len = len(l) + while i0),self.extype) + else: + return '{}{}={}'.format( + '!'*(self.critical>0), + self.extype,quote(self.exvalue or '') + ) + + def __str__(self): + return self.unparse() + + def __repr__(self): + return '<{}.{} instance at {}: {}>'.format( + self.__class__.__module__, + self.__class__.__name__, + hex(id(self)), + self.__dict__ + ) + + def __eq__(self,other): + return \ + (self.critical==other.critical) and \ + (self.extype==other.extype) and \ + (self.exvalue==other.exvalue) + + def __ne__(self,other): + return not self.__eq__(other) + + +class LDAPUrlExtensions(MutableMapping): + """ + Models a collection of LDAP URL extensions as + a mapping type + """ + __slots__ = ('_data', ) + + def __init__(self, default=None): + self._data = {} + if default is not None: + self.update(default) + + def __setitem__(self, name, value): + """Store an extension + + name + string + value + LDAPUrlExtension instance, whose extype nust match `name` + """ + if not isinstance(value, LDAPUrlExtension): + raise TypeError("value must be LDAPUrlExtension, not " + + type(value).__name__) + if name != value.extype: + raise ValueError( + "key {!r} does not match extension type {!r}".format( + name, value.extype)) + self._data[name] = value + + def __getitem__(self, name): + return self._data[name] + + def __delitem__(self, name): + del self._data[name] + + def __iter__(self): + return iter(self._data) + + def __len__(self): + return len(self._data) + + def __str__(self): + return ','.join(str(v) for v in self.values()) + + def __repr__(self): + return '<{}.{} instance at {}: {}>'.format( + self.__class__.__module__, + self.__class__.__name__, + hex(id(self)), + self._data + ) + + def __eq__(self,other): + if not isinstance(other, self.__class__): + return NotImplemented + return self._data == other._data + + def parse(self,extListStr): + for extension_str in extListStr.strip().split(','): + if extension_str: + e = LDAPUrlExtension(extension_str) + self[e.extype] = e + + def unparse(self): + return ','.join(v.unparse() for v in self.values()) + + +class LDAPUrl: + """ + Class for parsing and unparsing LDAP URLs + as described in RFC 4516. + + Usable class attributes: + urlscheme + URL scheme (either ldap, ldaps or ldapi) + hostport + LDAP host (default '') + dn + String holding distinguished name (default '') + attrs + list of attribute types (default None) + scope + integer search scope for ldap-module + filterstr + String representation of LDAP Search Filters + (see RFC 4515) + extensions + Dictionary used as extensions store + who + Maps automagically to bindname LDAP URL extension + cred + Maps automagically to X-BINDPW LDAP URL extension + """ + + attr2extype = {'who':'bindname','cred':'X-BINDPW'} + + def __init__( + self, + ldapUrl=None, + urlscheme='ldap', + hostport='',dn='',attrs=None,scope=None,filterstr=None, + extensions=None, + who=None,cred=None + ): + self.urlscheme=urlscheme.lower() + self.hostport=hostport + self.dn=dn + self.attrs=attrs + self.scope=scope + self.filterstr=filterstr + self.extensions=(extensions or LDAPUrlExtensions({})) + if ldapUrl!=None: + self._parse(ldapUrl) + if who!=None: + self.who = who + if cred!=None: + self.cred = cred + + def __eq__(self,other): + return \ + self.urlscheme==other.urlscheme and \ + self.hostport==other.hostport and \ + self.dn==other.dn and \ + self.attrs==other.attrs and \ + self.scope==other.scope and \ + self.filterstr==other.filterstr and \ + self.extensions==other.extensions + + def __ne__(self,other): + return not self.__eq__(other) + + def _parse(self,ldap_url): + """ + parse a LDAP URL and set the class attributes + urlscheme,host,dn,attrs,scope,filterstr,extensions + """ + if not isLDAPUrl(ldap_url): + raise ValueError('Value %s for ldap_url does not seem to be a LDAP URL.' % (repr(ldap_url))) + scheme,rest = ldap_url.split('://',1) + self.urlscheme = scheme.lower() + slash_pos = rest.find('/') + qemark_pos = rest.find('?') + if (slash_pos==-1) and (qemark_pos==-1): + # No / and ? found at all + self.hostport = unquote(rest) + self.dn = '' + return + else: + if slash_pos!=-1 and (qemark_pos==-1 or (slash_posqemark_pos)): + # Question mark separates hostport from rest, DN is assumed to be empty + self.hostport = unquote(rest[:qemark_pos]) + # Do not eat question mark + rest = rest[qemark_pos:] + else: + raise ValueError('Something completely weird happened!') + paramlist=rest.split('?',4) + paramlist_len = len(paramlist) + if paramlist_len>=1: + self.dn = unquote(paramlist[0]).strip() + if (paramlist_len>=2) and (paramlist[1]): + self.attrs = unquote(paramlist[1].strip()).split(',') + if paramlist_len>=3: + scope = paramlist[2].strip() + try: + self.scope = SEARCH_SCOPE[scope] + except KeyError: + raise ValueError('Invalid search scope %s' % (repr(scope))) + if paramlist_len>=4: + filterstr = paramlist[3].strip() + if not filterstr: + self.filterstr = None + else: + self.filterstr = unquote(filterstr) + if paramlist_len>=5: + if paramlist[4]: + self.extensions = LDAPUrlExtensions() + self.extensions.parse(paramlist[4]) + else: + self.extensions = None + return + + def applyDefaults(self,defaults): + """ + Apply defaults to all class attributes which are None. + + defaults + Dictionary containing a mapping from class attributes + to default values + """ + for k, value in defaults.items(): + if getattr(self,k) is None: + setattr(self, k, value) + + def initializeUrl(self): + """ + Returns LDAP URL suitable to be passed to ldap.initialize() + """ + if self.urlscheme=='ldapi': + # hostport part might contain slashes when ldapi:// is used + hostport = ldapUrlEscape(self.hostport) + else: + hostport = self.hostport + return f'{self.urlscheme}://{hostport}' + + def unparse(self): + """ + Returns LDAP URL depending on class attributes set. + """ + if self.attrs is None: + attrs_str = '' + else: + attrs_str = ','.join(self.attrs) + scope_str = SEARCH_SCOPE_STR[self.scope] + if self.filterstr is None: + filterstr = '' + else: + filterstr = ldapUrlEscape(self.filterstr) + dn = ldapUrlEscape(self.dn) + if self.urlscheme=='ldapi': + # hostport part might contain slashes when ldapi:// is used + hostport = ldapUrlEscape(self.hostport) + else: + hostport = self.hostport + ldap_url = '{}://{}/{}?{}?{}?{}'.format( + self.urlscheme, + hostport,dn,attrs_str,scope_str,filterstr + ) + if self.extensions: + ldap_url = ldap_url+'?'+self.extensions.unparse() + return ldap_url + + def htmlHREF(self,urlPrefix='',hrefText=None,hrefTarget=None): + """ + Returns a string with HTML link for this LDAP URL. + + urlPrefix + Prefix before LDAP URL (e.g. for addressing another web-based client) + hrefText + link text/description + hrefTarget + string added as link target attribute + """ + if not isinstance(urlPrefix, str): + raise TypeError("urlPrefix must be str, not " + + type(urlPrefix).__name__) + if hrefText is None: + hrefText = self.unparse() + if not isinstance(hrefText, str): + raise TypeError("hrefText must be str, not " + + type(hrefText).__name__) + if hrefTarget is None: + target = '' + else: + if not isinstance(hrefTarget, str): + raise TypeError("hrefTarget must be str, not " + + type(hrefTarget).__name__) + target = ' target="%s"' % hrefTarget + return '{}'.format( + target, urlPrefix, self.unparse(), hrefText + ) + + def __str__(self): + return self.unparse() + + def __repr__(self): + return '<{}.{} instance at {}: {}>'.format( + self.__class__.__module__, + self.__class__.__name__, + hex(id(self)), + self.__dict__ + ) + + def __getattr__(self,name): + if name in self.attr2extype: + extype = self.attr2extype[name] + if self.extensions and \ + extype in self.extensions and \ + not self.extensions[extype].exvalue is None: + result = unquote(self.extensions[extype].exvalue) + else: + return None + else: + raise AttributeError('{} has no attribute {}'.format( + self.__class__.__name__,name + )) + return result # __getattr__() + + def __setattr__(self,name,value): + if name in self.attr2extype: + extype = self.attr2extype[name] + if value is None: + # A value of None means that extension is deleted + delattr(self,name) + elif value!=None: + # Add appropriate extension + self.extensions[extype] = LDAPUrlExtension( + extype=extype,exvalue=unquote(value) + ) + else: + self.__dict__[name] = value + + def __delattr__(self,name): + if name in self.attr2extype: + extype = self.attr2extype[name] + if self.extensions: + try: + del self.extensions[extype] + except KeyError: + pass + else: + del self.__dict__[name] diff --git a/Lib/ldif.py b/Lib/ldif.py new file mode 100644 index 0000000..0afebd8 --- /dev/null +++ b/Lib/ldif.py @@ -0,0 +1,650 @@ +""" +ldif - generate and parse LDIF data (see RFC 2849) + +See https://www.python-ldap.org/ for details. +""" +__version__ = '3.3.0' + +__all__ = [ + # constants + 'ldif_pattern', + # functions + 'CreateLDIF','ParseLDIF', + # classes + 'LDIFWriter', + 'LDIFParser', + 'LDIFRecordList', + 'LDIFCopy', +] + +import re +from base64 import b64encode, b64decode +from io import StringIO +import warnings + +from urllib.parse import urlparse +from urllib.request import urlopen + +attrtype_pattern = r'[\w;.-]+(;[\w_-]+)*' +attrvalue_pattern = r'(([^,]|\\,)+|".*?")' +attrtypeandvalue_pattern = attrtype_pattern + r'[ ]*=[ ]*' + attrvalue_pattern +rdn_pattern = attrtypeandvalue_pattern + r'([ ]*\+[ ]*' + attrtypeandvalue_pattern + r')*[ ]*' +dn_pattern = rdn_pattern + r'([ ]*,[ ]*' + rdn_pattern + r')*[ ]*' +dn_regex = re.compile('^%s$' % dn_pattern) + +ldif_pattern = '^((dn(:|::) %(dn_pattern)s)|(%(attrtype_pattern)s(:|::) .*)$)+' % vars() + +MOD_OP_INTEGER = { + 'add':0, # ldap.MOD_ADD + 'delete':1, # ldap.MOD_DELETE + 'replace':2, # ldap.MOD_REPLACE + 'increment':3, # ldap.MOD_INCREMENT +} + +MOD_OP_STR = { + 0:'add',1:'delete',2:'replace',3:'increment' +} + +CHANGE_TYPES = ['add','delete','modify','modrdn'] +valid_changetype_dict = {} +for c in CHANGE_TYPES: + valid_changetype_dict[c]=None + + +def is_dn(s): + """ + returns 1 if s is a LDAP DN + """ + if s=='': + return 1 + rm = dn_regex.match(s) + return rm!=None and rm.group(0)==s + + +SAFE_STRING_PATTERN = b'(^(\000|\n|\r| |:|<)|[\000\n\r\200-\377]+|[ ]+$)' +safe_string_re = re.compile(SAFE_STRING_PATTERN) + +def list_dict(l): + """ + return a dictionary with all items of l being the keys of the dictionary + """ + return {i: None for i in l} + + +class LDIFWriter: + """ + Write LDIF entry or change records to file object + Copy LDIF input to a file output object containing all data retrieved + via URLs + """ + + def __init__(self,output_file,base64_attrs=None,cols=76,line_sep='\n'): + """ + output_file + file object for output; should be opened in *text* mode + base64_attrs + list of attribute types to be base64-encoded in any case + cols + Specifies how many columns a line may have before it's + folded into many lines. + line_sep + String used as line separator + """ + self._output_file = output_file + self._base64_attrs = list_dict([a.lower() for a in (base64_attrs or [])]) + self._cols = cols + self._last_line_sep = line_sep + self.records_written = 0 + + def _unfold_lines(self,line): + """ + Write string line as one or more folded lines + """ + # Check maximum line length + line_len = len(line) + if line_len<=self._cols: + self._output_file.write(line) + self._output_file.write(self._last_line_sep) + else: + # Fold line + pos = self._cols + self._output_file.write(line[0:min(line_len,self._cols)]) + self._output_file.write(self._last_line_sep) + while pos= deadline: + break + time.sleep(0.2) + else: + return + raise RuntimeError("slapd did not start properly") + + def start(self): + """ + Starts the slapd server process running, and waits for it to come up. + """ + + if self._proc is None: + # prepare directory structure + atexit.register(self.stop) + self._cleanup_rundir() + self.setup_rundir() + self._write_config() + self._test_config() + self._start_slapd() + self._log.debug( + 'slapd with pid=%d listening on %s and %s', + self._proc.pid, self.ldap_uri, self.ldapi_uri + ) + + def stop(self): + """ + Stops the slapd server, and waits for it to terminate and cleans up + """ + if self._proc is not None: + self._log.debug('stopping slapd with pid %d', self._proc.pid) + self._proc.terminate() + self.wait() + self._cleanup_rundir() + atexit.unregister(self.stop) + + def restart(self): + """ + Restarts the slapd server with same data + """ + self._proc.terminate() + self.wait() + self._start_slapd() + + def wait(self): + """Waits for the slapd process to terminate by itself.""" + if self._proc: + self._proc.wait() + self._stopped() + + def _stopped(self): + """Called when the slapd server is known to have terminated""" + if self._proc is not None: + self._log.info('slapd[%d] terminated', self._proc.pid) + self._proc = None + + def _cli_auth_args(self): + if self.cli_sasl_external: + authc_args = [ + '-Y', 'EXTERNAL', + ] + if not self._log.isEnabledFor(logging.DEBUG): + authc_args.append('-Q') + else: + authc_args = [ + '-x', + '-D', self.root_dn, + '-w', self.root_pw, + ] + return authc_args + + # no cover to avoid spurious coverage changes + def _cli_popen(self, ldapcommand, extra_args=None, ldap_uri=None, + stdin_data=None): # pragma: no cover + if ldap_uri is None: + ldap_uri = self.default_ldap_uri + + if ldapcommand.split("/")[-1].startswith("ldap"): + args = [ldapcommand, '-H', ldap_uri] + self._cli_auth_args() + else: + args = [ldapcommand, '-F', self._slapd_conf] + + args += (extra_args or []) + + self._log.debug('Run command: %r', ' '.join(args)) + proc = subprocess.Popen( + args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, + stderr=subprocess.PIPE + ) + self._log.debug('stdin_data=%r', stdin_data) + stdout_data, stderr_data = proc.communicate(stdin_data) + if stdout_data is not None: + self._log.debug('stdout_data=%r', stdout_data) + if stderr_data is not None: + self._log.debug('stderr_data=%r', stderr_data) + if proc.wait() != 0: + raise RuntimeError( + '{!r} process failed:\n{!r}\n{!r}'.format( + args, stdout_data, stderr_data + ) + ) + return stdout_data, stderr_data + + def ldapwhoami(self, extra_args=None): + """ + Runs ldapwhoami on this slapd instance + """ + self._cli_popen(self.PATH_LDAPWHOAMI, extra_args=extra_args) + + def ldapadd(self, ldif, extra_args=None): + """ + Runs ldapadd on this slapd instance, passing it the ldif content + """ + self._cli_popen(self.PATH_LDAPADD, extra_args=extra_args, + stdin_data=ldif.encode('utf-8')) + + def ldapmodify(self, ldif, extra_args=None): + """ + Runs ldapadd on this slapd instance, passing it the ldif content + """ + self._cli_popen(self.PATH_LDAPMODIFY, extra_args=extra_args, + stdin_data=ldif.encode('utf-8')) + + def ldapdelete(self, dn, recursive=False, extra_args=None): + """ + Runs ldapdelete on this slapd instance, deleting 'dn' + """ + if extra_args is None: + extra_args = [] + if recursive: + extra_args.append('-r') + extra_args.append(dn) + self._cli_popen(self.PATH_LDAPDELETE, extra_args=extra_args) + + def slapadd(self, ldif, extra_args=None): + """ + Runs slapadd on this slapd instance, passing it the ldif content + """ + self._cli_popen( + self.PATH_SLAPADD, + stdin_data=ldif.encode("utf-8") if ldif else None, + extra_args=extra_args, + ) + + def __enter__(self): + self.start() + return self + + def __exit__(self, exc_type, exc_value, traceback): + self.stop() + + +class SlapdTestCase(unittest.TestCase): + """ + test class which also clones or initializes a running slapd + """ + + server_class = SlapdObject + server = None + ldap_object_class = None + + def _open_ldap_conn(self, who=None, cred=None, **kwargs): + """ + return a LDAPObject instance after simple bind + """ + ldap_conn = self.ldap_object_class(self.server.ldap_uri, **kwargs) + ldap_conn.protocol_version = 3 + #ldap_conn.set_option(ldap.OPT_REFERRALS, 0) + ldap_conn.simple_bind_s(who or self.server.root_dn, cred or self.server.root_pw) + return ldap_conn + + @classmethod + def setUpClass(cls): + cls.server = cls.server_class() + cls.server.start() + + @classmethod + def tearDownClass(cls): + cls.server.stop() diff --git a/Lib/slapdtest/certs/README b/Lib/slapdtest/certs/README new file mode 100644 index 0000000..4be616a --- /dev/null +++ b/Lib/slapdtest/certs/README @@ -0,0 +1,24 @@ +python-ldap test certificates +============================= + +Certificates and keys +--------------------- + +* ``ca.pem``: internal root CA certificate +* ``server.pem``: TLS server certificate for slapd, signed by root CA. The + server cert is valid for DNS Name ``localhost`` and IPs ``127.0.0.1`` and + ``:1``. +* ``server.key``: private key for ``server.pem``, no password protection +* ``client.pem``: certificate for TLS client cert authentication, signed by + root CA. +* ``client.key``: private key for ``client.pem``, no password protection + +Configuration and scripts +------------------------- + +* ``ca.conf`` contains the CA definition as well as extensions for the + client and server certificates. +* ``client.conf`` and ``server.conf`` hold the subject and base configuration + for server and client certs. +* ``gencerts.sh`` creates new CA, client and server certificates. +* ``gennssdb.sh`` can be used to create a NSSDB for all certs and keys. diff --git a/Lib/slapdtest/certs/ca.conf b/Lib/slapdtest/certs/ca.conf new file mode 100644 index 0000000..d1d89e1 --- /dev/null +++ b/Lib/slapdtest/certs/ca.conf @@ -0,0 +1,77 @@ +# Written by Christian Heimes + +[default] +ca = "ca" +tmpdir = $ENV::CATMPDIR +outdir = $ENV::CAOUTDIR +name_opt = multiline,-esc_msb,utf8 + +[req] +default_bits = 2048 +encrypt_key = no +default_md = sha256 +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = ca_dn + +[ca_dn] +countryName = "DE" +organizationName = "python-ldap" +organizationalUnitName = "slapd-test" +commonName = "Python LDAP Test CA" + +[ca] +default_ca = python_ldap_ca + +[python_ldap_ca] +certificate = $outdir/$ca.pem +private_key = $outdir/$ca.key +new_certs_dir = $tmpdir +serial = $tmpdir/$ca.crt.srl +crlnumber = $tmpdir/$ca.crl.srl +database = $tmpdir/$ca.db +unique_subject = no +default_days = 365200 +default_md = sha256 +policy = match_pol +email_in_dn = no +preserve = no +name_opt = $name_opt +cert_opt = ca_default +copy_extensions = none +default_crl_days = 365100 + +[match_pol] +countryName = match +stateOrProvinceName = optional +localityName = optional +organizationName = match +organizationalUnitName = match +commonName = supplied + +[ca_ext] +basicConstraints = critical,CA:true +keyUsage = critical,keyCertSign,cRLSign +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always + +[server_san] +DNS.1 = localhost +IP.1 = 127.0.0.1 +IP.2 = ::1 + +[server_ext] +basicConstraints = critical,CA:false +keyUsage = critical,digitalSignature,keyEncipherment +extendedKeyUsage = critical,serverAuth +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +subjectAltName = @server_san + +[client_ext] +basicConstraints = critical,CA:false +keyUsage = critical,digitalSignature +extendedKeyUsage = critical,clientAuth +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always diff --git a/Lib/slapdtest/certs/ca.pem b/Lib/slapdtest/certs/ca.pem new file mode 100644 index 0000000..b52ffaf --- /dev/null +++ b/Lib/slapdtest/certs/ca.pem @@ -0,0 +1,80 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=DE, O=python-ldap, OU=slapd-test, CN=Python LDAP Test CA + Validity + Not Before: Apr 12 18:52:38 2019 GMT + Not After : Oct 17 18:52:38 2994 GMT + Subject: C=DE, O=python-ldap, OU=slapd-test, CN=Python LDAP Test CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d7:30:73:20:44:7d:83:d4:c7:01:b8:ab:1e:7c: + 91:f4:38:ac:9c:41:43:64:0c:31:99:48:70:22:7d: + ae:1b:47:e7:2a:28:4d:f7:46:4e:b4:ba:ae:c0:9d: + d5:1f:4b:7a:79:2f:b9:dc:68:7f:79:84:88:50:51: + 3b:7d:dc:d5:57:17:66:45:c0:2c:20:13:f7:99:d6: + 9d:e2:12:7c:41:76:82:51:19:2c:b6:ff:46:cb:04: + 56:38:22:2a:c3:7a:b5:71:51:49:4e:62:68:a0:99: + 6f:de:f3:a2:0f:a2:aa:1b:72:a5:87:bc:42:5a:a7: + 22:8d:33:b4:88:a8:dc:5d:72:ca:dd:a0:9a:4e:db: + 7d:8b:10:de:c5:41:e9:e9:8d:fa:6c:dd:94:6e:b1: + 31:c2:6d:a1:69:6c:7a:3a:b2:76:65:c9:e5:95:38: + 62:40:81:c6:29:26:26:d1:d1:c1:f4:5e:fa:24:ef: + 13:da:24:13:6f:f5:5c:ba:b1:31:8f:30:94:71:7b: + c6:e5:da:b9:b5:64:39:39:09:c2:4a:80:64:58:1d: + 99:f5:65:3c:a7:26:08:95:26:35:7b:fa:e7:20:08: + ff:72:df:9b:8f:9f:da:8b:c3:a7:8b:fc:8c:c0:a5: + 31:87:1d:4c:14:f6:cf:90:5e:2e:6e:a6:db:27:08: + eb:df + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + BD:78:D5:4A:F1:90:96:C5:E8:EC:66:49:23:47:03:5F:26:73:86:B2 + X509v3 Authority Key Identifier: + keyid:BD:78:D5:4A:F1:90:96:C5:E8:EC:66:49:23:47:03:5F:26:73:86:B2 + + Signature Algorithm: sha256WithRSAEncryption + 06:20:1f:eb:42:6a:42:62:b1:ee:69:c8:cd:47:a6:2e:69:95: + 59:dc:49:09:69:40:93:25:a1:ec:6d:3a:dd:dc:e5:74:ab:33: + 9d:8f:cc:e3:bb:7a:3f:5b:51:58:74:f7:bd:6c:7c:3c:b6:5a: + 05:50:a8:8c:c3:fb:5b:75:2a:c2:6c:06:93:4c:a9:93:71:1c: + 51:e5:be:a1:24:93:e2:79:ca:ea:08:86:90:b9:70:e7:7a:40: + bf:f4:d6:71:f4:4d:c0:0f:e0:31:a0:23:46:77:30:72:a9:62: + 8a:2a:12:c4:dd:3d:86:ae:f7:6b:33:80:26:58:49:53:ff:cd: + 8a:c6:f6:11:2c:b3:ff:a5:8e:1c:f8:22:e2:1b:8e:04:33:fb: + 0d:da:31:86:12:9f:d1:03:86:9c:6a:78:5e:3c:5e:8a:52:aa: + 68:1f:ff:f9:17:75:b0:da:f2:99:3c:80:3c:96:2a:33:07:54: + 59:84:e7:92:34:0f:99:76:e3:d6:4d:4d:9c:fb:21:35:f9:cb: + a5:30:80:8b:9d:61:90:d3:d4:59:3a:2f:f2:f6:20:13:7e:26: + dc:50:b0:49:3e:19:fe:eb:7d:cf:b9:1a:5d:5c:3a:76:30:d9: + 0e:d7:df:de:ce:a9:c4:21:df:63:b9:d0:64:86:0b:28:9a:2e: + ab:51:73:e4 +-----BEGIN CERTIFICATE----- +MIIDjDCCAnSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJERTEU +MBIGA1UECgwLcHl0aG9uLWxkYXAxEzARBgNVBAsMCnNsYXBkLXRlc3QxHDAaBgNV +BAMME1B5dGhvbiBMREFQIFRlc3QgQ0EwIBcNMTkwNDEyMTg1MjM4WhgPMjk5NDEw +MTcxODUyMzhaMFYxCzAJBgNVBAYTAkRFMRQwEgYDVQQKDAtweXRob24tbGRhcDET +MBEGA1UECwwKc2xhcGQtdGVzdDEcMBoGA1UEAwwTUHl0aG9uIExEQVAgVGVzdCBD +QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANcwcyBEfYPUxwG4qx58 +kfQ4rJxBQ2QMMZlIcCJ9rhtH5yooTfdGTrS6rsCd1R9Lenkvudxof3mEiFBRO33c +1VcXZkXALCAT95nWneISfEF2glEZLLb/RssEVjgiKsN6tXFRSU5iaKCZb97zog+i +qhtypYe8QlqnIo0ztIio3F1yyt2gmk7bfYsQ3sVB6emN+mzdlG6xMcJtoWlsejqy +dmXJ5ZU4YkCBxikmJtHRwfRe+iTvE9okE2/1XLqxMY8wlHF7xuXaubVkOTkJwkqA +ZFgdmfVlPKcmCJUmNXv65yAI/3Lfm4+f2ovDp4v8jMClMYcdTBT2z5BeLm6m2ycI +698CAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD +VR0OBBYEFL141UrxkJbF6OxmSSNHA18mc4ayMB8GA1UdIwQYMBaAFL141UrxkJbF +6OxmSSNHA18mc4ayMA0GCSqGSIb3DQEBCwUAA4IBAQAGIB/rQmpCYrHuacjNR6Yu +aZVZ3EkJaUCTJaHsbTrd3OV0qzOdj8zju3o/W1FYdPe9bHw8tloFUKiMw/tbdSrC +bAaTTKmTcRxR5b6hJJPiecrqCIaQuXDnekC/9NZx9E3AD+AxoCNGdzByqWKKKhLE +3T2GrvdrM4AmWElT/82KxvYRLLP/pY4c+CLiG44EM/sN2jGGEp/RA4acanhePF6K +UqpoH//5F3Ww2vKZPIA8liozB1RZhOeSNA+ZduPWTU2c+yE1+culMICLnWGQ09RZ +Oi/y9iATfibcULBJPhn+633PuRpdXDp2MNkO19/ezqnEId9judBkhgsomi6rUXPk +-----END CERTIFICATE----- diff --git a/Lib/slapdtest/certs/client.conf b/Lib/slapdtest/certs/client.conf new file mode 100644 index 0000000..774dc3a --- /dev/null +++ b/Lib/slapdtest/certs/client.conf @@ -0,0 +1,16 @@ +# Written by Christian Heimes + +[req] +default_bits = 2048 +encrypt_key = no +default_md = sha256 +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = client_dn + +[client_dn] +countryName = "DE" +organizationName = "python-ldap" +organizationalUnitName = "slapd-test" +commonName = "client" diff --git a/Lib/slapdtest/certs/client.key b/Lib/slapdtest/certs/client.key new file mode 100644 index 0000000..7213c0b --- /dev/null +++ b/Lib/slapdtest/certs/client.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDjt5O6nRrnAWPm +T0JvRLBHMclll92IWF/O4GEdcJ5fbBxP3BxK0Dv+6aRcR7b2o0f6fk/bgNepXfv/ +MXDQcFlESbfmUNGshFmZr0sjPrYPD1R06TZs+/7RsMXnx1c79mFGEQ4wqzDOBHKQ +xeDhNJk+BcE0QABsqF8AA2XC2/dK14QCljKLC84k1zTFTnh8duN2eAalaPQFFOoj +4AnonUnswJ45zIx5V2BdG+oqO5dwo/cEukKgAEL8T2IJ9Cqlmh2sPbMqYC8cODq6 +YcugMznxrfHV5LNThfkvwMe26+vv68r65zalPDy0M+cUMTMyBVY4TL3fejrloY2t +YMhPJIclAgMBAAECggEAPXdd/u9NRbGQX6hhTFuEIZOEw1F80MLaCaNzU1kExskN +01icom0W5LX4UZhiAK0OTsUtlRhwHh1qWfXkd777uX0UkKycDC8laGByra7Nwb7n +ky8oK77Rh5RptyiNmXflxd3wsJ5k7BczPXTMQL3L53vyLMJh2vKPwhcorrJlS+Pi +JjINMaR4IrDlpMYlrn9NTjsGr+mj/pdmKfU/KVXeKzFcwKTjUnDJNSbGDIC0AxaJ +dGU0yIX9MPW+p5szcA9o22UWW4LsEFY4YABeCqbm9/UQt3jWVMjCy4AOgr/9HWSR +DvXI/Xtdl3CTCr8+qDnhBaUI27z+UelZfTBFKUb8AQKBgQD6SmtrTBgEfb6tuxJw +AAHRuUcWGjatZ7X+meHRC9B7UPxUrKl9tU5NC7Gz6YMt+vr4bNMwykI6Ndj+4tSJ +KqsAC86v19CH4usMBLZ68MeTRvtQGiPah71syYrxf0uvYOx/KzUUBX240Ls+lEbE +W33psMoNAezUPpJwKx7CMjcBgQKBgQDo6VaT59bKRc3DXJvqFjd7TPIex+ny6JK+ +8oOwyyFFBwkzfymoOxN4lxSrE6yf7uTemRRn+RIH3UGDottIDqzhjvtcV5uODeIN +8WzxTbl759qIxt+z7aF7SkwJLJAAZS3qqCXKtMBo7ln4xKaoRLT2RohqD1YXGrg8 +wmYcUZoPpQKBgQCm2QVSuZ8pH0oFNjfMQbT0wbYJnd/lKMXBu4M1f9Ky4gHT0GYM +Ttirs6f6byfrduvmv2TpmWscsti80SktZywnE7fssMlqTHKzyFB9FBV2sFLHyyUr +gGFeK9xbsKgbeVkuTPdNKXvtv/eSd/XU38jIB/opQadGtY+ZBqWyfxb8AQKBgBLc +SlmBzZ/llSr7xdhn4ihG69hYQfacpL13r/hSCqinUDRuWLY5ynLacR8FYdY1pyzr +Yn6k6bPfU93QA0fLgG5ngK1SntMbBrIwWa0UqS+Cb+zhhd3xIUF1m8CmbibKCrTU +1vKaPnaAzqJZclFv9uN2hLdp9IO8cyzgZRpn9TzNAoGAUfZF1983qknfBgD8Lgm3 +zzKYtc8q2Ukatfo4VCp66CEprbLcBq5mKx6JiBoMGqU8SI5XVG0F0aHH2n8gImcu +bO0vtEldDc1ylZ/H7xhHFWlMzmTlsbHdHVtetFfKLTpjq6duvgLA12lJNHNVu3OU +Z1bRWDeZIP70+jdYrmSoVi8= +-----END PRIVATE KEY----- diff --git a/Lib/slapdtest/certs/client.pem b/Lib/slapdtest/certs/client.pem new file mode 100644 index 0000000..ca2989c --- /dev/null +++ b/Lib/slapdtest/certs/client.pem @@ -0,0 +1,83 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=DE, O=python-ldap, OU=slapd-test, CN=Python LDAP Test CA + Validity + Not Before: Apr 12 18:52:38 2019 GMT + Not After : Mar 1 18:52:38 3019 GMT + Subject: C=DE, O=python-ldap, OU=slapd-test, CN=client + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e3:b7:93:ba:9d:1a:e7:01:63:e6:4f:42:6f:44: + b0:47:31:c9:65:97:dd:88:58:5f:ce:e0:61:1d:70: + 9e:5f:6c:1c:4f:dc:1c:4a:d0:3b:fe:e9:a4:5c:47: + b6:f6:a3:47:fa:7e:4f:db:80:d7:a9:5d:fb:ff:31: + 70:d0:70:59:44:49:b7:e6:50:d1:ac:84:59:99:af: + 4b:23:3e:b6:0f:0f:54:74:e9:36:6c:fb:fe:d1:b0: + c5:e7:c7:57:3b:f6:61:46:11:0e:30:ab:30:ce:04: + 72:90:c5:e0:e1:34:99:3e:05:c1:34:40:00:6c:a8: + 5f:00:03:65:c2:db:f7:4a:d7:84:02:96:32:8b:0b: + ce:24:d7:34:c5:4e:78:7c:76:e3:76:78:06:a5:68: + f4:05:14:ea:23:e0:09:e8:9d:49:ec:c0:9e:39:cc: + 8c:79:57:60:5d:1b:ea:2a:3b:97:70:a3:f7:04:ba: + 42:a0:00:42:fc:4f:62:09:f4:2a:a5:9a:1d:ac:3d: + b3:2a:60:2f:1c:38:3a:ba:61:cb:a0:33:39:f1:ad: + f1:d5:e4:b3:53:85:f9:2f:c0:c7:b6:eb:eb:ef:eb: + ca:fa:e7:36:a5:3c:3c:b4:33:e7:14:31:33:32:05: + 56:38:4c:bd:df:7a:3a:e5:a1:8d:ad:60:c8:4f:24: + 87:25 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Key Usage: critical + Digital Signature + X509v3 Extended Key Usage: critical + TLS Web Client Authentication + X509v3 Subject Key Identifier: + 4F:E7:35:C7:C8:C1:01:C3:7C:53:86:B9:BF:AE:8B:D6:45:A2:78:20 + X509v3 Authority Key Identifier: + keyid:BD:78:D5:4A:F1:90:96:C5:E8:EC:66:49:23:47:03:5F:26:73:86:B2 + + Signature Algorithm: sha256WithRSAEncryption + 1c:90:5f:cf:18:48:95:4d:9d:d3:8e:6d:d1:69:19:1e:7b:3f: + 1f:48:7c:c8:0d:2f:c4:53:0f:89:23:f4:be:ea:b4:7a:c6:dd: + cc:18:0f:e7:34:ea:2c:d4:07:0d:65:78:e8:20:40:3f:36:ef: + 2c:00:31:69:e6:20:48:65:be:57:03:0e:69:ff:b9:83:59:99: + 7d:4d:86:98:14:5b:8e:39:25:3a:a8:6d:51:dc:45:a5:0f:cd: + f3:7a:fd:55:af:5f:55:75:20:03:f5:4a:75:6a:79:2f:76:84: + f6:4e:3d:1d:59:45:9a:b1:6a:57:6f:16:76:76:f8:df:6e:96: + d5:25:27:34:4b:21:d8:c9:9a:36:55:45:a0:43:16:43:68:93: + 37:af:81:89:06:d1:56:1b:9e:0f:62:40:ad:3c:4c:f5:ef:6c: + a2:a4:7f:f2:fa:78:9c:0d:c0:19:f1:10:e8:d8:cf:03:67:3c: + 2d:4d:f3:5d:67:5c:41:a7:4f:d6:c5:0e:ff:2c:04:dd:23:bb: + 85:44:8e:25:ac:15:a3:82:fa:a4:4f:fa:1d:87:f0:58:dc:ae: + 53:05:b9:81:e8:cb:e5:0c:ac:a5:74:68:03:f9:22:a0:45:b6: + 62:58:e0:98:d9:8c:54:a4:22:03:7a:37:12:eb:7d:b1:ad:45: + 60:8e:7a:df +-----BEGIN CERTIFICATE----- +MIIDlDCCAnygAwIBAgIBAzANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJERTEU +MBIGA1UECgwLcHl0aG9uLWxkYXAxEzARBgNVBAsMCnNsYXBkLXRlc3QxHDAaBgNV +BAMME1B5dGhvbiBMREFQIFRlc3QgQ0EwIBcNMTkwNDEyMTg1MjM4WhgPMzAxOTAz +MDExODUyMzhaMEkxCzAJBgNVBAYTAkRFMRQwEgYDVQQKDAtweXRob24tbGRhcDET +MBEGA1UECwwKc2xhcGQtdGVzdDEPMA0GA1UEAwwGY2xpZW50MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA47eTup0a5wFj5k9Cb0SwRzHJZZfdiFhfzuBh +HXCeX2wcT9wcStA7/umkXEe29qNH+n5P24DXqV37/zFw0HBZREm35lDRrIRZma9L +Iz62Dw9UdOk2bPv+0bDF58dXO/ZhRhEOMKswzgRykMXg4TSZPgXBNEAAbKhfAANl +wtv3SteEApYyiwvOJNc0xU54fHbjdngGpWj0BRTqI+AJ6J1J7MCeOcyMeVdgXRvq +KjuXcKP3BLpCoABC/E9iCfQqpZodrD2zKmAvHDg6umHLoDM58a3x1eSzU4X5L8DH +tuvr7+vK+uc2pTw8tDPnFDEzMgVWOEy933o65aGNrWDITySHJQIDAQABo3gwdjAM +BgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEF +BQcDAjAdBgNVHQ4EFgQUT+c1x8jBAcN8U4a5v66L1kWieCAwHwYDVR0jBBgwFoAU +vXjVSvGQlsXo7GZJI0cDXyZzhrIwDQYJKoZIhvcNAQELBQADggEBAByQX88YSJVN +ndOObdFpGR57Px9IfMgNL8RTD4kj9L7qtHrG3cwYD+c06izUBw1leOggQD827ywA +MWnmIEhlvlcDDmn/uYNZmX1NhpgUW445JTqobVHcRaUPzfN6/VWvX1V1IAP1SnVq +eS92hPZOPR1ZRZqxaldvFnZ2+N9ultUlJzRLIdjJmjZVRaBDFkNokzevgYkG0VYb +ng9iQK08TPXvbKKkf/L6eJwNwBnxEOjYzwNnPC1N811nXEGnT9bFDv8sBN0ju4VE +jiWsFaOC+qRP+h2H8FjcrlMFuYHoy+UMrKV0aAP5IqBFtmJY4JjZjFSkIgN6NxLr +fbGtRWCOet8= +-----END CERTIFICATE----- diff --git a/Lib/slapdtest/certs/gencerts.sh b/Lib/slapdtest/certs/gencerts.sh new file mode 100755 index 0000000..8a99db5 --- /dev/null +++ b/Lib/slapdtest/certs/gencerts.sh @@ -0,0 +1,68 @@ +#!/bin/sh +# Written by Christian Heimes +set -e + +export CAOUTDIR=. +export CATMPDIR=tmp + +rm -rf $CATMPDIR +rm -rf ca.pem ca.key server.pem server.key client.pem client.key +rm -rf cert9.db key4.db pkcs11.tx + +mkdir -p $CAOUTDIR +mkdir -p $CATMPDIR + +touch $CATMPDIR/ca.db +touch $CATMPDIR/ca.db.attr +echo '01' > $CATMPDIR/ca.crt.srl +echo '01' > $CATMPDIR/ca.crl.srl + +# root CA +openssl req -new \ + -config ca.conf \ + -out $CATMPDIR/ca.csr \ + -keyout $CAOUTDIR/ca.key \ + -batch + +openssl ca -selfsign \ + -config ca.conf \ + -in $CATMPDIR/ca.csr \ + -out $CAOUTDIR/ca.pem \ + -extensions ca_ext \ + -days 356300 \ + -batch + +# server cert +openssl req -new \ + -config server.conf \ + -out $CATMPDIR/server.csr \ + -keyout $CAOUTDIR/server.key \ + -batch + +openssl ca \ + -config ca.conf \ + -in $CATMPDIR/server.csr \ + -out $CAOUTDIR/server.pem \ + -policy match_pol \ + -extensions server_ext \ + -batch + +# client cert +openssl req -new \ + -config client.conf \ + -out $CATMPDIR/client.csr \ + -keyout $CAOUTDIR/client.key \ + -batch + +openssl ca \ + -config ca.conf \ + -in $CATMPDIR/client.csr \ + -out $CAOUTDIR/client.pem \ + -policy match_pol \ + -extensions client_ext \ + -batch + +# cleanup +rm -rf $CATMPDIR ca.key + +echo DONE diff --git a/Lib/slapdtest/certs/gennssdb.sh b/Lib/slapdtest/certs/gennssdb.sh new file mode 100755 index 0000000..aeeb333 --- /dev/null +++ b/Lib/slapdtest/certs/gennssdb.sh @@ -0,0 +1,28 @@ +#!/bin/sh +# Written by Christian Heimes +set -e + +CATMPDIR=tmp +PASSFILE=${CATMPDIR}/passwd.txt +NSSDB=sql:${CAOUTDIR} + +mkdir -p $CATMPDIR + +# Create PKCS#12 files for NSSDB import +echo "dummy" > $PASSFILE +openssl pkcs12 -name "servercert" -in server.pem -inkey server.key \ + -caname "testca" -CAfile ca.pem \ + -password "file:${PASSFILE}" -export -out server.p12 +openssl pkcs12 -name "clientcert" -in client.pem -inkey client.key \ + -caname "testca" -CAfile ca.pem \ + -password "file:${PASSFILE}" -export -out client.p12 + +# Create NSS DB +certutil -d $NSSDB -N --empty-password +certutil -d $NSSDB -A -n "testca" -t CT,, -a -i ca.pem +pk12util -d $NSSDB -i server.p12 -w ${PASSFILE} +pk12util -d $NSSDB -i client.p12 -w ${PASSFILE} +certutil -d $NSSDB -L + +# cleanup +rm -rf $CATMPDIR server.p12 client.p12 \ No newline at end of file diff --git a/Lib/slapdtest/certs/server.conf b/Lib/slapdtest/certs/server.conf new file mode 100644 index 0000000..94f4427 --- /dev/null +++ b/Lib/slapdtest/certs/server.conf @@ -0,0 +1,16 @@ +# Written by Christian Heimes + +[req] +default_bits = 2048 +encrypt_key = no +default_md = sha256 +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = server_dn + +[server_dn] +countryName = "DE" +organizationName = "python-ldap" +organizationalUnitName = "slapd-test" +commonName = "server cert for localhost" diff --git a/Lib/slapdtest/certs/server.key b/Lib/slapdtest/certs/server.key new file mode 100644 index 0000000..a891670 --- /dev/null +++ b/Lib/slapdtest/certs/server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCsBk0ml3ERFJyg +I6ujIJYERVU4doTZZd4r4z/LOef0hyiYiIQAc9wetaoZpM+bl4Eherxy9SBaCBwR +zefbaYQz2f2hdEDb+sISOiTke1eiF2ugYNlS55Wk1KnCnORE9bjcSNLPsscoUSzE +2bnBSoUwdiVK18YOCZR6GTeC8eA3ekvlR+9g+FBOgQ9+StXPDdq+iIAGXZREJIua +munErtTOw85De4YFCnzGw3UeCITDD4wFmI2IWphRFwWPsSDwUJfATA8S+7Rm4vwr +Qj726gUDlicTzPXKhJjXjj6XL7xXHfpQwMPkBCrxesKceHMJ+mrRsuuqHciuixRi +g94mILElAgMBAAECggEADG5oJOHMye8zYl8xiBhSvvxDrFDkSNGTvJgvhAArQwCB +boRvBZlZzt5R7Ih8eEH6kvDLrYMJU3hCjwbSOojlhNm7+m7sQPleDPMmt1wyeQQ4 +Qt681cDmj4LOwcGUvWcEdObOVTQWMFOtaIxTYCSCe34OM9pj9Z+7mxc3a78O9PND +Ib/CwcTA1OyoupzkKirqkdLXwK3x2aT/1TMaPX94taHB51cxXc7AglL9QnuCkuaG +krqrexy3rGimzsP3OwQGEUjWKcZVSSPT8/k1pPE9hRgOqBy05BfkAzlebdvc3GO5 +AbZk0NX2sfVHl4dTEXs/hTBCTQ3XmaltumQ9MdL+AQKBgQDg2I5QxBA2UHb8vCtK +f31kfG6YQc4MkoslrrMrtJjZqDYaLZPS1ARPSfYRqcc+7GDreuLmw39f8ZECd+2W +BYUqzZv9g13R9DY99g0/sINnZGsESwfIdLNNlHvVx2UrD5ybCj4vLhuPsVV7XlWs +cpl+rcuBVpqy8UIXifQ/Z3xLvwKBgQDD3CLjuC0mcTO2sIWqEHqVkc8CY2NJA2Qh +C78fwpaCqJUUdWnS69QbRGWgkFJL+oO8lQVQ1bXhZLHyQmy7Z5d5olCH6AW4GRnf +hBAnKJ+QTm9B6QVWzjUuHuOeCukfiTQbha14pOS9ar3X2QFWjDnzCRrnAxJmoY3H +BJATLHhMGwKBgQDSxAy7xt4Pm+O9y8Gk5tcq771X+i9k96V54EZRzMuPFDAK3/h2 +o4marZD9Q7Hi2P+NHTc+67klvbKZpsPOYkRPOEdmH9M9cPe7oz8OGa9DpwzuDEsy +a7p8GZjvbyb1c3/wkWxzG3x4eNnReD9FFHOwHMfr6LvAy4iRuh57pM0NzwKBgDY3 +1DixnV4M7EHgb7/6O9T3vhRtKujlVWyIcen61etpe4tkTV0kB11c+70M9pstyBYG +MqiD4It6coAbvznJnXcAZcaZhivGVxE237nXVwR9kfLu7JlxD+uqhVwUrSAbvR75 +TGIfU2rUB6We3u30d349wQK+KPPcOQEk1DValBqNAoGBAKfXOXgFBkIVW79fOkup +aIZXdEmU3Up61Oo0KDbxsg4l73NnnvuEnNMBTx3nT3KCVIAcQL9MNpLX/Z0HjOn1 +aiWVtTNq2OFL0V0HueBhbkFiWp551jTS7LjndCYHpUB/B8/wXP0kxHUm8HrQrRvK +DhV3zcxsXts1INidXjzzOkPi +-----END PRIVATE KEY----- diff --git a/Lib/slapdtest/certs/server.pem b/Lib/slapdtest/certs/server.pem new file mode 100644 index 0000000..25ba06c --- /dev/null +++ b/Lib/slapdtest/certs/server.pem @@ -0,0 +1,86 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=DE, O=python-ldap, OU=slapd-test, CN=Python LDAP Test CA + Validity + Not Before: Apr 12 18:52:38 2019 GMT + Not After : Mar 1 18:52:38 3019 GMT + Subject: C=DE, O=python-ldap, OU=slapd-test, CN=server cert for localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ac:06:4d:26:97:71:11:14:9c:a0:23:ab:a3:20: + 96:04:45:55:38:76:84:d9:65:de:2b:e3:3f:cb:39: + e7:f4:87:28:98:88:84:00:73:dc:1e:b5:aa:19:a4: + cf:9b:97:81:21:7a:bc:72:f5:20:5a:08:1c:11:cd: + e7:db:69:84:33:d9:fd:a1:74:40:db:fa:c2:12:3a: + 24:e4:7b:57:a2:17:6b:a0:60:d9:52:e7:95:a4:d4: + a9:c2:9c:e4:44:f5:b8:dc:48:d2:cf:b2:c7:28:51: + 2c:c4:d9:b9:c1:4a:85:30:76:25:4a:d7:c6:0e:09: + 94:7a:19:37:82:f1:e0:37:7a:4b:e5:47:ef:60:f8: + 50:4e:81:0f:7e:4a:d5:cf:0d:da:be:88:80:06:5d: + 94:44:24:8b:9a:9a:e9:c4:ae:d4:ce:c3:ce:43:7b: + 86:05:0a:7c:c6:c3:75:1e:08:84:c3:0f:8c:05:98: + 8d:88:5a:98:51:17:05:8f:b1:20:f0:50:97:c0:4c: + 0f:12:fb:b4:66:e2:fc:2b:42:3e:f6:ea:05:03:96: + 27:13:cc:f5:ca:84:98:d7:8e:3e:97:2f:bc:57:1d: + fa:50:c0:c3:e4:04:2a:f1:7a:c2:9c:78:73:09:fa: + 6a:d1:b2:eb:aa:1d:c8:ae:8b:14:62:83:de:26:20: + b1:25 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: critical + TLS Web Server Authentication + X509v3 Subject Key Identifier: + 08:D1:86:1B:82:0A:4F:71:31:E4:F5:31:23:CC:67:3B:FA:84:3B:A0 + X509v3 Authority Key Identifier: + keyid:BD:78:D5:4A:F1:90:96:C5:E8:EC:66:49:23:47:03:5F:26:73:86:B2 + + X509v3 Subject Alternative Name: + DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1 + Signature Algorithm: sha256WithRSAEncryption + 88:60:af:be:11:c4:aa:dc:9b:f1:e7:14:da:20:aa:6f:2f:06: + ae:38:b2:7c:ac:90:81:22:51:7e:cb:26:15:6e:fe:67:98:c1: + 0d:dc:aa:39:98:2b:d2:cc:3c:ff:1a:92:2f:56:0a:a9:6e:d8: + 9a:3d:c5:4d:6f:cc:91:2e:e3:4e:bf:22:ab:cb:92:1a:a0:8f: + 43:cd:82:bc:48:55:c4:95:cf:10:6b:6a:31:19:92:7d:e0:06: + 05:6f:0b:33:e7:2a:37:42:f9:ec:1b:29:99:e1:58:0c:01:a7: + c3:8b:58:71:21:9f:61:8c:a7:fb:b6:7e:32:8b:a9:4e:c7:1f: + f6:46:e8:dd:ac:a6:4c:53:f8:4d:93:e4:ec:73:ab:0b:be:98: + c5:78:c4:92:c0:4c:78:47:52:2f:93:07:67:20:a4:5a:7f:59: + 7e:4f:48:53:20:0d:37:bb:06:f8:44:42:64:b4:94:15:43:d1: + 4c:51:f3:97:1d:2d:cd:db:b9:bb:1a:69:10:89:7d:ae:1d:0d: + 94:78:45:29:cd:c4:42:67:67:96:05:bf:da:aa:23:65:7b:04: + ff:b7:ac:9d:ee:0b:e7:0f:c1:c5:0b:48:fe:0f:d6:3f:d8:b4: + 77:12:bb:f5:91:4f:43:e6:01:3f:a4:c0:ea:8c:c6:68:99:8e: + 49:e8:c4:8b +-----BEGIN CERTIFICATE----- +MIID1zCCAr+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJERTEU +MBIGA1UECgwLcHl0aG9uLWxkYXAxEzARBgNVBAsMCnNsYXBkLXRlc3QxHDAaBgNV +BAMME1B5dGhvbiBMREFQIFRlc3QgQ0EwIBcNMTkwNDEyMTg1MjM4WhgPMzAxOTAz +MDExODUyMzhaMFwxCzAJBgNVBAYTAkRFMRQwEgYDVQQKDAtweXRob24tbGRhcDET +MBEGA1UECwwKc2xhcGQtdGVzdDEiMCAGA1UEAwwZc2VydmVyIGNlcnQgZm9yIGxv +Y2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKwGTSaXcREU +nKAjq6MglgRFVTh2hNll3ivjP8s55/SHKJiIhABz3B61qhmkz5uXgSF6vHL1IFoI +HBHN59tphDPZ/aF0QNv6whI6JOR7V6IXa6Bg2VLnlaTUqcKc5ET1uNxI0s+yxyhR +LMTZucFKhTB2JUrXxg4JlHoZN4Lx4Dd6S+VH72D4UE6BD35K1c8N2r6IgAZdlEQk +i5qa6cSu1M7DzkN7hgUKfMbDdR4IhMMPjAWYjYhamFEXBY+xIPBQl8BMDxL7tGbi +/CtCPvbqBQOWJxPM9cqEmNeOPpcvvFcd+lDAw+QEKvF6wpx4cwn6atGy66odyK6L +FGKD3iYgsSUCAwEAAaOBpzCBpDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF +oDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUCNGGG4IKT3Ex5PUx +I8xnO/qEO6AwHwYDVR0jBBgwFoAUvXjVSvGQlsXo7GZJI0cDXyZzhrIwLAYDVR0R +BCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAAAAAAAAAAAAAAAAABMA0GCSqGSIb3 +DQEBCwUAA4IBAQCIYK++EcSq3Jvx5xTaIKpvLwauOLJ8rJCBIlF+yyYVbv5nmMEN +3Ko5mCvSzDz/GpIvVgqpbtiaPcVNb8yRLuNOvyKry5IaoI9DzYK8SFXElc8Qa2ox +GZJ94AYFbwsz5yo3QvnsGymZ4VgMAafDi1hxIZ9hjKf7tn4yi6lOxx/2RujdrKZM +U/hNk+Tsc6sLvpjFeMSSwEx4R1IvkwdnIKRaf1l+T0hTIA03uwb4REJktJQVQ9FM +UfOXHS3N27m7GmkQiX2uHQ2UeEUpzcRCZ2eWBb/aqiNlewT/t6yd7gvnD8HFC0j+ +D9Y/2LR3Erv1kU9D5gE/pMDqjMZomY5J6MSL +-----END CERTIFICATE----- diff --git a/MANIFEST.in b/MANIFEST.in new file mode 100644 index 0000000..687d2b0 --- /dev/null +++ b/MANIFEST.in @@ -0,0 +1,10 @@ +include MANIFEST.in Makefile CHANGES INSTALL LICENCE README TODO +include tox.ini .coveragerc +include Modules/*.c Modules/*.h +recursive-include Build *.cfg* +recursive-include Lib *.py +recursive-include Demo *.py +recursive-include Tests *.py *.ldif +recursive-include Lib/slapdtest *.pem *.key *.conf *.sh README +recursive-include Doc *.rst *.py spelling_wordlist.txt Makefile +prune Doc/.build diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..f7360a6 --- /dev/null +++ b/Makefile @@ -0,0 +1,99 @@ +PYTHON=python3 +LCOV_INFO=build/lcov.info +LCOV_REPORT=build/lcov_report +LCOV_REPORT_OPTIONS=--show-details -no-branch-coverage \ + --title "python-ldap LCOV report" +SCAN_REPORT=build/scan_report +PYTHON_SUPP=/usr/share/doc/python3-devel/valgrind-python.supp + + +.NOTPARALLEL: + +.PHONY: all +all: + +Modules/constants_generated.h: Lib/ldap/constants.py + $(PYTHON) $^ > $@ + indent Modules/constants_generated.h + rm -f Modules/constants_generated.h~ + +.PHONY: clean +clean: + rm -rf build dist *.egg-info .tox MANIFEST + rm -f .coverage .coverage.* + find . \( -name '*.py[co]' -or -name '*.so*' -or -name '*.dylib' \) \ + -delete + find . -depth -name __pycache__ -exec rm -rf {} \; + +build: + mkdir -p build + +# LCOV report (measuring test coverage for C code) +.PHONY: lcov-clean lcov-coverage lcov-report lcov-open lcov +lcov-clean: + rm -rf $(LCOV_INFO) $(LCOV_REPORT) + if [ -d build ]; then find build -name '*.gc??' -delete; fi + +lcov-coverage: + WITH_GCOV=1 tox -e py27,py36 + +$(LCOV_INFO): build + lcov --capture --directory build --output-file $(LCOV_INFO) + +$(LCOV_REPORT): $(LCOV_INFO) + genhtml --output-directory $(LCOV_REPORT) \ + $(LCOV_REPORT_OPTIONS) $(LCOV_INFO) + +lcov-report: $(LCOV_REPORT) + +lcov-open: $(LCOV_REPORT) + xdg-open $(LCOV_REPORT)/index.html + +lcov: lcov-clean + $(MAKE) lcov-coverage + $(MAKE) lcov-report + +# clang-analyzer for static C code analysis +.PHONY: scan-build +scan-build: + scan-build -o $(SCAN_REPORT) --html-title="python-ldap scan report" \ + -analyze-headers --view \ + $(PYTHON) setup.py clean --all build + +# valgrind memory checker +.PHONY: valgrind +$(PYTHON_SUPP): + @ >&2 echo "valgrind-python.supp not found" + @ >&2 echo "install Python development files and run:" + @ >&2 echo " $(MAKE) valgrind PYTHON_SUPP=/your/path/to/valgrind-python.supp" + exit 1; + +valgrind: build $(PYTHON_SUPP) + valgrind \ + --leak-check=full \ + --track-fds=yes \ + --suppressions=$(PYTHON_SUPP) \ + --suppressions=Misc/python-ldap.supp \ + --gen-suppressions=all \ + --log-file=build/valgrind.log \ + $(PYTHON) setup.py test + + @grep -A7 "blocks are definitely lost" build/valgrind.log; \ + if [ $$? == 0 ]; then \ + echo "Found definitive leak, see build/valgrind.log"; \ + exit 1; \ + fi + +# Code autoformatter +.PHONY: autoformat indent black black-check +autoformat: indent black + +indent: + indent Modules/*.c Modules/*.h + rm -f Modules/*.c~ Modules/*.h~ + +black: + $(PYTHON) -m black $(CURDIR) + +black-check: + $(PYTHON) -m black $(CURDIR) --check diff --git a/Misc/python-ldap.supp b/Misc/python-ldap.supp new file mode 100644 index 0000000..b9954a9 --- /dev/null +++ b/Misc/python-ldap.supp @@ -0,0 +1,52 @@ +# Valgrind suppression file for Python 3.6. + +{ + Ignore libldap memory leak, https://github.com/python-ldap/python-ldap/issues/82 + Memcheck:Leak + match-leak-kinds: definite + fun:malloc + fun:ber_memalloc_x + fun:ber_flatten + fun:ldap_cancel + fun:l_ldap_cancel + ... +} + +{ + Known leak in SASL interaction, https://github.com/python-ldap/python-ldap/issues/81 + Memcheck:Leak + match-leak-kinds: definite + fun:malloc + fun:strdup + fun:interaction + fun:py_ldap_sasl_interaction + fun:ldap_int_sasl_bind + fun:ldap_sasl_interactive_bind + fun:ldap_sasl_interactive_bind_s + fun:l_ldap_sasl_interactive_bind_s + ... +} + +{ + NSS backend leaks one string during first initialization + Memcheck:Leak + match-leak-kinds: definite + fun:malloc + fun:PL_strdup + ... + fun:ldap_set_option + ... +} + +{ + Ignore possible leaks in exception initialization + Memcheck:Leak + match-leak-kinds: possible + fun:malloc + fun:PyObject_Malloc + ... + fun:PyErr_NewException + fun:LDAPinit_constants + fun:init_ldap_module + ... +} diff --git a/Modules/LDAPObject.c b/Modules/LDAPObject.c new file mode 100644 index 0000000..da18d57 --- /dev/null +++ b/Modules/LDAPObject.c @@ -0,0 +1,1574 @@ +/* See https://www.python-ldap.org/ for details. */ + +#include "common.h" +#include "patchlevel.h" + +#include +#include +#include "constants.h" +#include "LDAPObject.h" +#include "ldapcontrol.h" +#include "message.h" +#include "berval.h" +#include "options.h" + +#ifdef HAVE_SASL +#include +#endif + +static void free_attrs(char ***); + +/* constructor */ + +LDAPObject * +newLDAPObject(LDAP *l) +{ + LDAPObject *self = (LDAPObject *)PyObject_NEW(LDAPObject, &LDAP_Type); + + if (self == NULL) + return NULL; + self->ldap = l; + self->_save = NULL; + self->valid = 1; + return self; +} + +/* destructor */ + +static void +dealloc(LDAPObject *self) +{ + if (self->ldap) { + if (self->valid) { + LDAP_BEGIN_ALLOW_THREADS(self); + ldap_unbind_ext(self->ldap, NULL, NULL); + LDAP_END_ALLOW_THREADS(self); + self->valid = 0; + } + self->ldap = NULL; + } + PyObject_DEL(self); +} + +/*------------------------------------------------------------ + * utility functions + */ + +/* + * check to see if the LDAPObject is valid, + * ie has been opened, and not closed. An exception is set if not valid. + */ + +static int +not_valid(LDAPObject *l) +{ + if (l->valid) { + return 0; + } + else { + PyErr_SetString(LDAPexception_class, "LDAP connection invalid"); + return 1; + } +} + +/* free a LDAPMod (complete or partially) allocated in Tuple_to_LDAPMod() */ + +static void +LDAPMod_DEL(LDAPMod *lm) +{ + Py_ssize_t i; + + if (lm->mod_type) + PyMem_DEL(lm->mod_type); + if (lm->mod_bvalues) { + for (i = 0; lm->mod_bvalues[i]; i++) { + PyMem_DEL(lm->mod_bvalues[i]); + } + PyMem_DEL(lm->mod_bvalues); + } + PyMem_DEL(lm); +} + +/* + * convert a tuple of the form (int,str,[str,...]) + * or (str, [str,...]) if no_op is true, into an LDAPMod structure. + * See ldap_modify(3) for details. + * + * NOTE: the resulting LDAPMod structure has pointers directly into + * the Python string storage, so LDAPMod structures MUST have a + * shorter lifetime than the tuple passed in. + */ + +/* XXX - there is no way to pass complex-structured BER objects in here! */ + +static LDAPMod * +Tuple_to_LDAPMod(PyObject *tup, int no_op) +{ + int op; + char *type; + PyObject *list, *item; + LDAPMod *lm = NULL; + Py_ssize_t i, len, nstrs; + + if (!PyTuple_Check(tup)) { + LDAPerror_TypeError("Tuple_to_LDAPMod(): expected a tuple", tup); + return NULL; + } + + if (no_op) { + if (!PyArg_ParseTuple(tup, "sO:Tuple_to_LDAPMod", &type, &list)) + return NULL; + op = 0; + } + else { + if (!PyArg_ParseTuple(tup, "isO:Tuple_to_LDAPMod", &op, &type, &list)) + return NULL; + } + + lm = PyMem_NEW(LDAPMod, 1); + + if (lm == NULL) + goto nomem; + + lm->mod_op = op | LDAP_MOD_BVALUES; + lm->mod_bvalues = NULL; + + len = strlen(type); + lm->mod_type = PyMem_NEW(char, len + 1); + + if (lm->mod_type == NULL) + goto nomem; + memcpy(lm->mod_type, type, len + 1); + + if (list == Py_None) { + /* None indicates a NULL mod_bvals */ + } + else if (PyBytes_Check(list)) { + /* Single string is a singleton list */ + lm->mod_bvalues = PyMem_NEW(struct berval *, 2); + + if (lm->mod_bvalues == NULL) + goto nomem; + lm->mod_bvalues[0] = PyMem_NEW(struct berval, 1); + + if (lm->mod_bvalues[0] == NULL) + goto nomem; + lm->mod_bvalues[1] = NULL; + lm->mod_bvalues[0]->bv_len = PyBytes_Size(list); + lm->mod_bvalues[0]->bv_val = PyBytes_AsString(list); + } + else if (PySequence_Check(list)) { + nstrs = PySequence_Length(list); + lm->mod_bvalues = PyMem_NEW(struct berval *, nstrs + 1); + + if (lm->mod_bvalues == NULL) + goto nomem; + for (i = 0; i < nstrs; i++) { + lm->mod_bvalues[i] = PyMem_NEW(struct berval, 1); + + if (lm->mod_bvalues[i] == NULL) + goto nomem; + lm->mod_bvalues[i + 1] = NULL; + item = PySequence_GetItem(list, i); + if (item == NULL) + goto error; + if (!PyBytes_Check(item)) { + LDAPerror_TypeError + ("Tuple_to_LDAPMod(): expected a byte string in the list", + item); + goto error; + } + lm->mod_bvalues[i]->bv_len = PyBytes_Size(item); + lm->mod_bvalues[i]->bv_val = PyBytes_AsString(item); + Py_DECREF(item); + } + if (nstrs == 0) + lm->mod_bvalues[0] = NULL; + } + + return lm; + + nomem: + PyErr_NoMemory(); + error: + if (lm) + LDAPMod_DEL(lm); + + return NULL; +} + +/* free the structure allocated in List_to_LDAPMods() */ + +static void +LDAPMods_DEL(LDAPMod **lms) +{ + LDAPMod **lmp; + + for (lmp = lms; *lmp; lmp++) + LDAPMod_DEL(*lmp); + PyMem_DEL(lms); +} + +/* + * convert a list of tuples into a LDAPMod*[] array structure + * NOTE: list of tuples must live longer than the LDAPMods + */ + +static LDAPMod ** +List_to_LDAPMods(PyObject *list, int no_op) +{ + + Py_ssize_t i, len; + LDAPMod **lms; + PyObject *item; + + if (!PySequence_Check(list)) { + LDAPerror_TypeError("List_to_LDAPMods(): expected list of tuples", + list); + return NULL; + } + + len = PySequence_Length(list); + + if (len < 0) { + LDAPerror_TypeError("List_to_LDAPMods(): expected list of tuples", + list); + return NULL; + } + + lms = PyMem_NEW(LDAPMod *, len + 1); + + if (lms == NULL) + goto nomem; + + for (i = 0; i < len; i++) { + lms[i] = NULL; + item = PySequence_GetItem(list, i); + if (item == NULL) + goto error; + lms[i] = Tuple_to_LDAPMod(item, no_op); + Py_DECREF(item); + if (lms[i] == NULL) + goto error; + } + lms[len] = NULL; + return lms; + + nomem: + PyErr_NoMemory(); + error: + if (lms) + LDAPMods_DEL(lms); + return NULL; +} + +/* + * convert a python list of strings into an attr list (char*[]). + * returns 1 if successful, 0 if not (with exception set) + */ + +int +attrs_from_List(PyObject *attrlist, char ***attrsp) +{ + + char **attrs = NULL; + PyObject *seq = NULL; + + if (attrlist == Py_None) { + /* None means a NULL attrlist */ +#if PY_MAJOR_VERSION == 2 + } + else if (PyBytes_Check(attrlist)) { +#else + } + else if (PyUnicode_Check(attrlist)) { +#endif + /* caught by John Benninghoff */ + LDAPerror_TypeError + ("attrs_from_List(): expected *list* of strings, not a string", + attrlist); + goto error; + } + else { + PyObject *item = NULL; + Py_ssize_t i, len, strlen; + +#if PY_MAJOR_VERSION >= 3 + const char *str; +#else + char *str; +#endif + + seq = PySequence_Fast(attrlist, "expected list of strings or None"); + if (seq == NULL) + goto error; + + len = PySequence_Length(attrlist); + + attrs = PyMem_NEW(char *, len + 1); + + if (attrs == NULL) + goto nomem; + + for (i = 0; i < len; i++) { + attrs[i] = NULL; + item = PySequence_Fast_GET_ITEM(seq, i); + if (item == NULL) + goto error; +#if PY_MAJOR_VERSION == 2 + /* Encoded in Python to UTF-8 */ + if (!PyBytes_Check(item)) { + LDAPerror_TypeError + ("attrs_from_List(): expected bytes in list", item); + goto error; + } + if (PyBytes_AsStringAndSize(item, &str, &strlen) == -1) { + goto error; + } +#else + if (!PyUnicode_Check(item)) { + LDAPerror_TypeError + ("attrs_from_List(): expected string in list", item); + goto error; + } + str = PyUnicode_AsUTF8AndSize(item, &strlen); +#endif + /* Make a copy. PyBytes_AsString* / PyUnicode_AsUTF8* return + * internal values that must be treated like const char. Python + * 3.7 actually returns a const char. + */ + attrs[i] = (char *)PyMem_NEW(char, strlen + 1); + + if (attrs[i] == NULL) + goto nomem; + memcpy(attrs[i], str, strlen + 1); + } + attrs[len] = NULL; + Py_DECREF(seq); + } + + *attrsp = attrs; + return 1; + + nomem: + PyErr_NoMemory(); + error: + Py_XDECREF(seq); + free_attrs(&attrs); + return 0; +} + +/* free memory allocated from above routine */ + +static void +free_attrs(char ***attrsp) +{ + char **attrs = *attrsp; + char **p; + + if (attrs == NULL) + return; + + *attrsp = NULL; + for (p = attrs; *p != NULL; p++) { + PyMem_DEL(*p); + } + PyMem_DEL(attrs); +} + +/*------------------------------------------------------------ + * methods + */ + +/* ldap_unbind_ext */ + +static PyObject * +l_ldap_unbind_ext(LDAPObject *self, PyObject *args) +{ + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl **server_ldcs = NULL; + LDAPControl **client_ldcs = NULL; + + int ldaperror; + + if (!PyArg_ParseTuple(args, "|OO:unbind_ext", &serverctrls, &clientctrls)) + return NULL; + if (not_valid(self)) + return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { + LDAPControl_List_DEL(server_ldcs); + return NULL; + } + } + + LDAP_BEGIN_ALLOW_THREADS(self); + ldaperror = ldap_unbind_ext(self->ldap, server_ldcs, client_ldcs); + LDAP_END_ALLOW_THREADS(self); + + LDAPControl_List_DEL(server_ldcs); + LDAPControl_List_DEL(client_ldcs); + + if (ldaperror != LDAP_SUCCESS) + return LDAPerror(self->ldap); + + self->valid = 0; + Py_INCREF(Py_None); + return Py_None; +} + +/* ldap_abandon_ext */ + +static PyObject * +l_ldap_abandon_ext(LDAPObject *self, PyObject *args) +{ + int msgid; + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl **server_ldcs = NULL; + LDAPControl **client_ldcs = NULL; + + int ldaperror; + + if (!PyArg_ParseTuple + (args, "i|OO:abandon_ext", &msgid, &serverctrls, &clientctrls)) + return NULL; + if (not_valid(self)) + return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { + LDAPControl_List_DEL(server_ldcs); + return NULL; + } + } + + LDAP_BEGIN_ALLOW_THREADS(self); + ldaperror = ldap_abandon_ext(self->ldap, msgid, server_ldcs, client_ldcs); + LDAP_END_ALLOW_THREADS(self); + + LDAPControl_List_DEL(server_ldcs); + LDAPControl_List_DEL(client_ldcs); + + if (ldaperror != LDAP_SUCCESS) + return LDAPerror(self->ldap); + + Py_INCREF(Py_None); + return Py_None; +} + +/* ldap_add_ext */ + +static PyObject * +l_ldap_add_ext(LDAPObject *self, PyObject *args) +{ + char *dn; + PyObject *modlist; + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl **server_ldcs = NULL; + LDAPControl **client_ldcs = NULL; + + int msgid; + int ldaperror; + LDAPMod **mods; + + if (!PyArg_ParseTuple + (args, "sO|OO:add_ext", &dn, &modlist, &serverctrls, &clientctrls)) + return NULL; + if (not_valid(self)) + return NULL; + + mods = List_to_LDAPMods(modlist, 1); + if (mods == NULL) + return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) { + LDAPMods_DEL(mods); + return NULL; + } + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { + LDAPMods_DEL(mods); + LDAPControl_List_DEL(server_ldcs); + return NULL; + } + } + + LDAP_BEGIN_ALLOW_THREADS(self); + ldaperror = + ldap_add_ext(self->ldap, dn, mods, server_ldcs, client_ldcs, &msgid); + LDAP_END_ALLOW_THREADS(self); + LDAPMods_DEL(mods); + LDAPControl_List_DEL(server_ldcs); + LDAPControl_List_DEL(client_ldcs); + + if (ldaperror != LDAP_SUCCESS) + return LDAPerror(self->ldap); + + return PyInt_FromLong(msgid); +} + +/* ldap_simple_bind */ + +static PyObject * +l_ldap_simple_bind(LDAPObject *self, PyObject *args) +{ + char *who; + int msgid; + int ldaperror; + Py_ssize_t cred_len; + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl **server_ldcs = NULL; + LDAPControl **client_ldcs = NULL; + struct berval cred; + + if (!PyArg_ParseTuple + (args, "zz#|OO:simple_bind", &who, &cred.bv_val, &cred_len, + &serverctrls, &clientctrls)) + return NULL; + cred.bv_len = (ber_len_t) cred_len; + + if (not_valid(self)) + return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { + LDAPControl_List_DEL(server_ldcs); + return NULL; + } + } + + LDAP_BEGIN_ALLOW_THREADS(self); + ldaperror = + ldap_sasl_bind(self->ldap, who, LDAP_SASL_SIMPLE, &cred, server_ldcs, + client_ldcs, &msgid); + LDAP_END_ALLOW_THREADS(self); + + LDAPControl_List_DEL(server_ldcs); + LDAPControl_List_DEL(client_ldcs); + + if (ldaperror != LDAP_SUCCESS) + return LDAPerror(self->ldap); + + return PyInt_FromLong(msgid); +} + +#ifdef HAVE_SASL +/* The following functions implement SASL binds. A new method + sasl_interactive_bind_s(bind_dn, sasl_mechanism) has been introduced. + + * The bind_dn argument will be passed to the c library; however, + normally it is not needed and should be an empty string. + + * The sasl_mechanism argument is an instance of a class that + implements a callback interface. For convenience, it should be + derived from the sasl class (which lives in the ldap.sasl module). + See the module documentation for more information. + + Check your /usr/lib/sasl/ directory for locally installed SASL + auth modules ("mechanisms"), or try + + ldapsearch -b "" -s base -LLL -x supportedSASLMechanisms + + (perhaps with an additional -h and -p argument for ldap host and + port). The latter will show you which SASL mechanisms are known + to the LDAP server. If you do not want to set up Kerberos, you + can still use SASL binds. Your authentication data should then be + stored in /etc/sasldb (see saslpasswd(8)). If the LDAP server + does not find the sasldb, it wont allow for DIGEST-MD5 and + CRAM-MD5. One important thing to get started with sasldb: you + should first add a dummy user (saslpasswd -c dummy), and this + will give you some strange error messages. Then delete the dummy + user (saslpasswd -d dummy), and now you can start adding users to + your sasldb (again, use the -c switch). Strange, eh? + + * The sasl_mechanism object must implement a method, which will be + called by the sasl lib several times. The prototype of the + callback looks like this: callback(id, challenge, prompt, + defresult) has to return a string (or maybe None). The id + argument specifies, which information should be passed back to + the SASL lib (see SASL_CB_xxx in sasl.h) +*/ +static int +interaction(unsigned flags, sasl_interact_t *interact, PyObject *SASLObject) +{ +/* const char *dflt = interact->defresult; */ + PyObject *result; + char *c_result; + + result = PyObject_CallMethod(SASLObject, "callback", "isss", interact->id, /* see sasl.h */ + interact->challenge, + interact->prompt, interact->defresult); + + if (result == NULL) + /*searching for a better error code */ + return LDAP_OPERATIONS_ERROR; + c_result = PyBytes_AsString(result); /*xxx Error checking?? */ + + /* according to the sasl docs, we should malloc() the returned + string only for calls where interact->id == SASL_CB_PASS, so we + probably leak a few bytes per ldap bind. However, if I restrict + the strdup() to this case, I get segfaults. Should probably be + fixed sometimes. + */ + interact->result = strdup(c_result); + if (interact->result == NULL) + return LDAP_OPERATIONS_ERROR; + interact->len = strlen(c_result); + /* We _should_ overwrite the python string buffer for security + reasons, however we may not (api/stringObjects.html). Any ideas? + */ + + Py_DECREF(result); /*not needed any longer */ + result = NULL; + + return LDAP_SUCCESS; +} + +/* + This function will be called by ldap_sasl_interactive_bind(). The + "*in" is an array of sasl_interact_t's (see sasl.h for a + reference). The last interact in the array has an interact->id of + SASL_CB_LIST_END. + +*/ + +int +py_ldap_sasl_interaction(LDAP *ld, unsigned flags, void *defaults, void *in) +{ + /* These are just typecasts */ + sasl_interact_t *interact = (sasl_interact_t *)in; + PyObject *SASLObject = (PyObject *)defaults; + + /* Loop over the array of sasl_interact_t structs */ + while (interact->id != SASL_CB_LIST_END) { + int rc = 0; + + rc = interaction(flags, interact, SASLObject); + if (rc) + return rc; + interact++; + } + return LDAP_SUCCESS; +} + +static PyObject * +l_ldap_sasl_bind_s(LDAPObject *self, PyObject *args) +{ + const char *dn; + const char *mechanism; + struct berval cred; + Py_ssize_t cred_len; + + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl **server_ldcs = NULL; + LDAPControl **client_ldcs = NULL; + + struct berval *servercred; + int ldaperror; + + if (!PyArg_ParseTuple + (args, "zzz#OO:sasl_bind_s", &dn, &mechanism, &cred.bv_val, &cred_len, + &serverctrls, &clientctrls)) + return NULL; + + if (not_valid(self)) + return NULL; + + cred.bv_len = cred_len; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { + LDAPControl_List_DEL(server_ldcs); + return NULL; + } + } + + LDAP_BEGIN_ALLOW_THREADS(self); + ldaperror = ldap_sasl_bind_s(self->ldap, + dn, + mechanism, + cred.bv_val ? &cred : NULL, + (LDAPControl **)server_ldcs, + (LDAPControl **)client_ldcs, &servercred); + LDAP_END_ALLOW_THREADS(self); + + LDAPControl_List_DEL(server_ldcs); + LDAPControl_List_DEL(client_ldcs); + + if (ldaperror == LDAP_SASL_BIND_IN_PROGRESS) { + if (servercred && servercred->bv_val && *servercred->bv_val) + return PyBytes_FromStringAndSize(servercred->bv_val, + servercred->bv_len); + } + else if (ldaperror != LDAP_SUCCESS) + return LDAPerror(self->ldap); + return PyInt_FromLong(ldaperror); +} + +static PyObject * +l_ldap_sasl_interactive_bind_s(LDAPObject *self, PyObject *args) +{ + char *c_mechanism; + char *who; + + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl **server_ldcs = NULL; + LDAPControl **client_ldcs = NULL; + + PyObject *SASLObject = NULL; + PyObject *mechanism = NULL; + int msgid; + + static unsigned sasl_flags = LDAP_SASL_QUIET; + + /* + * In Python 2.3+, a "I" format argument indicates that we're either converting + * the Python object into a long or an unsigned int. In versions prior to that, + * it will always convert to a long. Since the sasl_flags variable is an + * unsigned int, we need to use the "I" flag if we're running Python 2.3+ and a + * "i" otherwise. + */ +#if (PY_MAJOR_VERSION == 2) && (PY_MINOR_VERSION < 3) + if (!PyArg_ParseTuple + (args, "sOOOi:sasl_interactive_bind_s", &who, &SASLObject, + &serverctrls, &clientctrls, &sasl_flags)) +#else + if (!PyArg_ParseTuple + (args, "sOOOI:sasl_interactive_bind_s", &who, &SASLObject, + &serverctrls, &clientctrls, &sasl_flags)) +#endif + return NULL; + + if (not_valid(self)) + return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { + LDAPControl_List_DEL(server_ldcs); + return NULL; + } + } + + /* now we extract the sasl mechanism from the SASL Object */ + mechanism = PyObject_GetAttrString(SASLObject, "mech"); + if (mechanism == NULL) + return NULL; + c_mechanism = PyBytes_AsString(mechanism); + Py_DECREF(mechanism); + mechanism = NULL; + + /* Don't know if it is the "intended use" of the defaults + parameter of ldap_sasl_interactive_bind_s when we pass the + Python object SASLObject, but passing it through some + static variable would destroy thread safety, IMHO. + */ + msgid = ldap_sasl_interactive_bind_s(self->ldap, + who, + c_mechanism, + (LDAPControl **)server_ldcs, + (LDAPControl **)client_ldcs, + sasl_flags, + py_ldap_sasl_interaction, SASLObject); + + LDAPControl_List_DEL(server_ldcs); + LDAPControl_List_DEL(client_ldcs); + + if (msgid != LDAP_SUCCESS) + return LDAPerror(self->ldap); + return PyInt_FromLong(msgid); +} +#endif + +#ifdef LDAP_API_FEATURE_CANCEL + +/* ldap_cancel */ + +static PyObject * +l_ldap_cancel(LDAPObject *self, PyObject *args) +{ + int msgid; + int cancelid; + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl **server_ldcs = NULL; + LDAPControl **client_ldcs = NULL; + + int ldaperror; + + if (!PyArg_ParseTuple + (args, "i|OO:cancel", &cancelid, &serverctrls, &clientctrls)) + return NULL; + if (not_valid(self)) + return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { + LDAPControl_List_DEL(server_ldcs); + return NULL; + } + } + + LDAP_BEGIN_ALLOW_THREADS(self); + ldaperror = + ldap_cancel(self->ldap, cancelid, server_ldcs, client_ldcs, &msgid); + LDAP_END_ALLOW_THREADS(self); + + LDAPControl_List_DEL(server_ldcs); + LDAPControl_List_DEL(client_ldcs); + + if (ldaperror != LDAP_SUCCESS) + return LDAPerror(self->ldap); + + return PyInt_FromLong(msgid); +} + +#endif + +/* ldap_compare_ext */ + +static PyObject * +l_ldap_compare_ext(LDAPObject *self, PyObject *args) +{ + char *dn, *attr; + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl **server_ldcs = NULL; + LDAPControl **client_ldcs = NULL; + + int msgid; + int ldaperror; + Py_ssize_t value_len; + struct berval value; + + if (!PyArg_ParseTuple + (args, "sss#|OO:compare_ext", &dn, &attr, &value.bv_val, &value_len, + &serverctrls, &clientctrls)) + return NULL; + value.bv_len = (ber_len_t) value_len; + + if (not_valid(self)) + return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { + LDAPControl_List_DEL(server_ldcs); + return NULL; + } + } + + LDAP_BEGIN_ALLOW_THREADS(self); + ldaperror = + ldap_compare_ext(self->ldap, dn, attr, &value, server_ldcs, + client_ldcs, &msgid); + LDAP_END_ALLOW_THREADS(self); + + LDAPControl_List_DEL(server_ldcs); + LDAPControl_List_DEL(client_ldcs); + + if (ldaperror != LDAP_SUCCESS) + return LDAPerror(self->ldap); + + return PyInt_FromLong(msgid); +} + +/* ldap_delete_ext */ + +static PyObject * +l_ldap_delete_ext(LDAPObject *self, PyObject *args) +{ + char *dn; + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl **server_ldcs = NULL; + LDAPControl **client_ldcs = NULL; + + int msgid; + int ldaperror; + + if (!PyArg_ParseTuple + (args, "s|OO:delete_ext", &dn, &serverctrls, &clientctrls)) + return NULL; + if (not_valid(self)) + return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { + LDAPControl_List_DEL(server_ldcs); + return NULL; + } + } + + LDAP_BEGIN_ALLOW_THREADS(self); + ldaperror = + ldap_delete_ext(self->ldap, dn, server_ldcs, client_ldcs, &msgid); + LDAP_END_ALLOW_THREADS(self); + + LDAPControl_List_DEL(server_ldcs); + LDAPControl_List_DEL(client_ldcs); + + if (ldaperror != LDAP_SUCCESS) + return LDAPerror(self->ldap); + + return PyInt_FromLong(msgid); +} + +/* ldap_modify_ext */ + +static PyObject * +l_ldap_modify_ext(LDAPObject *self, PyObject *args) +{ + char *dn; + PyObject *modlist; + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl **server_ldcs = NULL; + LDAPControl **client_ldcs = NULL; + + int msgid; + int ldaperror; + LDAPMod **mods; + + if (!PyArg_ParseTuple + (args, "sO|OO:modify_ext", &dn, &modlist, &serverctrls, &clientctrls)) + return NULL; + if (not_valid(self)) + return NULL; + + mods = List_to_LDAPMods(modlist, 0); + if (mods == NULL) + return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) { + LDAPMods_DEL(mods); + return NULL; + } + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { + LDAPMods_DEL(mods); + LDAPControl_List_DEL(server_ldcs); + return NULL; + } + } + + LDAP_BEGIN_ALLOW_THREADS(self); + ldaperror = + ldap_modify_ext(self->ldap, dn, mods, server_ldcs, client_ldcs, + &msgid); + LDAP_END_ALLOW_THREADS(self); + + LDAPMods_DEL(mods); + LDAPControl_List_DEL(server_ldcs); + LDAPControl_List_DEL(client_ldcs); + + if (ldaperror != LDAP_SUCCESS) + return LDAPerror(self->ldap); + + return PyInt_FromLong(msgid); +} + +/* ldap_rename */ + +static PyObject * +l_ldap_rename(LDAPObject *self, PyObject *args) +{ + char *dn, *newrdn; + char *newSuperior = NULL; + int delold = 1; + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl **server_ldcs = NULL; + LDAPControl **client_ldcs = NULL; + + int msgid; + int ldaperror; + + if (!PyArg_ParseTuple + (args, "ss|ziOO:rename", &dn, &newrdn, &newSuperior, &delold, + &serverctrls, &clientctrls)) + return NULL; + if (not_valid(self)) + return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { + LDAPControl_List_DEL(server_ldcs); + return NULL; + } + } + + LDAP_BEGIN_ALLOW_THREADS(self); + ldaperror = + ldap_rename(self->ldap, dn, newrdn, newSuperior, delold, server_ldcs, + client_ldcs, &msgid); + LDAP_END_ALLOW_THREADS(self); + + LDAPControl_List_DEL(server_ldcs); + LDAPControl_List_DEL(client_ldcs); + + if (ldaperror != LDAP_SUCCESS) + return LDAPerror(self->ldap); + + return PyInt_FromLong(msgid); +} + +/* ldap_result4 */ + +static PyObject * +l_ldap_result4(LDAPObject *self, PyObject *args) +{ + int msgid = LDAP_RES_ANY; + int all = 1; + double timeout = -1.0; + int add_ctrls = 0; + int add_intermediates = 0; + int add_extop = 0; + struct timeval tv; + struct timeval *tvp; + int res_type; + LDAPMessage *msg = NULL; + PyObject *retval, *pmsg, *pyctrls = 0; + int res_msgid = 0; + char *retoid = 0; + PyObject *valuestr = NULL; + int result = LDAP_SUCCESS; + LDAPControl **serverctrls = 0; + + if (!PyArg_ParseTuple + (args, "|iidiii:result4", &msgid, &all, &timeout, &add_ctrls, + &add_intermediates, &add_extop)) + return NULL; + if (not_valid(self)) + return NULL; + + if (timeout >= 0) { + tvp = &tv; + set_timeval_from_double(tvp, timeout); + } + else { + tvp = NULL; + } + + LDAP_BEGIN_ALLOW_THREADS(self); + res_type = ldap_result(self->ldap, msgid, all, tvp, &msg); + LDAP_END_ALLOW_THREADS(self); + + if (res_type < 0) /* LDAP or system error */ + return LDAPerror(self->ldap); + + if (res_type == 0) { + /* Polls return (None, None, None, None); timeouts raise an exception */ + if (timeout == 0) { + if (add_extop) { + return Py_BuildValue("(OOOOOO)", Py_None, Py_None, Py_None, + Py_None, Py_None, Py_None); + } + else { + return Py_BuildValue("(OOOO)", Py_None, Py_None, Py_None, + Py_None); + } + } + else + return LDAPerr(LDAP_TIMEOUT); + } + + if (msg) + res_msgid = ldap_msgid(msg); + + if (res_type == LDAP_RES_SEARCH_ENTRY) { + /* LDAPmessage_to_python will parse entries and read the controls for each entry */ + } + else if (res_type == LDAP_RES_SEARCH_REFERENCE) { + /* LDAPmessage_to_python will parse refs and read the controls for each res */ + } + else if (res_type == LDAP_RES_INTERMEDIATE) { + /* LDAPmessage_to_python will parse intermediates and controls */ + } + else { + int rc; + + if (res_type == LDAP_RES_EXTENDED) { + struct berval *retdata = 0; + + LDAP_BEGIN_ALLOW_THREADS(self); + rc = ldap_parse_extended_result(self->ldap, msg, &retoid, &retdata, + 0); + LDAP_END_ALLOW_THREADS(self); + /* handle error rc!=0 here? */ + if (rc == LDAP_SUCCESS) { + valuestr = LDAPberval_to_object(retdata); + } + ber_bvfree(retdata); + } + + LDAP_BEGIN_ALLOW_THREADS(self); + rc = ldap_parse_result(self->ldap, msg, &result, NULL, NULL, NULL, + &serverctrls, 0); + LDAP_END_ALLOW_THREADS(self); + } + + if (result != LDAP_SUCCESS) { /* result error */ + ldap_controls_free(serverctrls); + Py_XDECREF(valuestr); + return LDAPraise_for_message(self->ldap, msg); + } + + if (!(pyctrls = LDAPControls_to_List(serverctrls))) { + int err = LDAP_NO_MEMORY; + + LDAP_BEGIN_ALLOW_THREADS(self); + ldap_set_option(self->ldap, LDAP_OPT_ERROR_NUMBER, &err); + LDAP_END_ALLOW_THREADS(self); + ldap_controls_free(serverctrls); + ldap_msgfree(msg); + Py_XDECREF(valuestr); + return LDAPerror(self->ldap); + } + ldap_controls_free(serverctrls); + + pmsg = + LDAPmessage_to_python(self->ldap, msg, add_ctrls, add_intermediates); + + if (pmsg == NULL) { + retval = NULL; + } + else { + /* s handles NULL, but O does not */ + if (add_extop) { + retval = Py_BuildValue("(iOiOsO)", res_type, pmsg, res_msgid, + pyctrls, retoid, + valuestr ? valuestr : Py_None); + } + else { + retval = + Py_BuildValue("(iOiO)", res_type, pmsg, res_msgid, pyctrls); + } + + if (pmsg != Py_None) { + Py_DECREF(pmsg); + } + } + Py_XDECREF(valuestr); + Py_XDECREF(pyctrls); + return retval; +} + +/* ldap_search_ext */ + +static PyObject * +l_ldap_search_ext(LDAPObject *self, PyObject *args) +{ + char *base; + int scope; + char *filter; + PyObject *attrlist = Py_None; + char **attrs; + int attrsonly = 0; + + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl **server_ldcs = NULL; + LDAPControl **client_ldcs = NULL; + + double timeout = -1.0; + struct timeval tv; + struct timeval *tvp; + + int sizelimit = 0; + + int msgid; + int ldaperror; + + if (!PyArg_ParseTuple(args, "sis|OiOOdi:search_ext", + &base, &scope, &filter, &attrlist, &attrsonly, + &serverctrls, &clientctrls, &timeout, &sizelimit)) + return NULL; + if (not_valid(self)) + return NULL; + + if (!attrs_from_List(attrlist, &attrs)) + return NULL; + + if (timeout >= 0) { + tvp = &tv; + set_timeval_from_double(tvp, timeout); + } + else { + tvp = NULL; + } + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) { + free_attrs(&attrs); + return NULL; + } + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { + free_attrs(&attrs); + LDAPControl_List_DEL(server_ldcs); + return NULL; + } + } + + LDAP_BEGIN_ALLOW_THREADS(self); + ldaperror = + ldap_search_ext(self->ldap, base, scope, filter, attrs, attrsonly, + server_ldcs, client_ldcs, tvp, sizelimit, &msgid); + LDAP_END_ALLOW_THREADS(self); + + free_attrs(&attrs); + LDAPControl_List_DEL(server_ldcs); + LDAPControl_List_DEL(client_ldcs); + + if (ldaperror != LDAP_SUCCESS) + return LDAPerror(self->ldap); + + return PyInt_FromLong(msgid); +} + +/* ldap_whoami_s (available since OpenLDAP 2.1.13) */ + +static PyObject * +l_ldap_whoami_s(LDAPObject *self, PyObject *args) +{ + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl **server_ldcs = NULL; + LDAPControl **client_ldcs = NULL; + + struct berval *bvalue = NULL; + + PyObject *result; + + int ldaperror; + + if (!PyArg_ParseTuple(args, "|OO:whoami_s", &serverctrls, &clientctrls)) + return NULL; + if (not_valid(self)) + return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { + LDAPControl_List_DEL(server_ldcs); + return NULL; + } + } + + LDAP_BEGIN_ALLOW_THREADS(self); + ldaperror = ldap_whoami_s(self->ldap, &bvalue, server_ldcs, client_ldcs); + LDAP_END_ALLOW_THREADS(self); + + LDAPControl_List_DEL(server_ldcs); + LDAPControl_List_DEL(client_ldcs); + + if (ldaperror != LDAP_SUCCESS) { + ber_bvfree(bvalue); + return LDAPerror(self->ldap); + } + + result = LDAPberval_to_unicode_object(bvalue); + ber_bvfree(bvalue); + + return result; +} + +#ifdef HAVE_TLS +/* ldap_start_tls_s */ + +static PyObject * +l_ldap_start_tls_s(LDAPObject *self, PyObject *args) +{ + int ldaperror; + + if (!PyArg_ParseTuple(args, ":start_tls_s")) + return NULL; + if (not_valid(self)) + return NULL; + + LDAP_BEGIN_ALLOW_THREADS(self); + ldaperror = ldap_start_tls_s(self->ldap, NULL, NULL); + LDAP_END_ALLOW_THREADS(self); + if (ldaperror != LDAP_SUCCESS) { + ldap_set_option(self->ldap, LDAP_OPT_ERROR_NUMBER, &ldaperror); + return LDAPerror(self->ldap); + } + + Py_INCREF(Py_None); + return Py_None; +} + +#endif + +/* ldap_set_option */ + +static PyObject * +l_ldap_set_option(LDAPObject *self, PyObject *args) +{ + PyObject *value; + int option; + + if (!PyArg_ParseTuple(args, "iO:set_option", &option, &value)) + return NULL; + if (not_valid(self)) + return NULL; + if (!LDAP_set_option(self, option, value)) + return NULL; + Py_INCREF(Py_None); + return Py_None; +} + +/* ldap_get_option */ + +static PyObject * +l_ldap_get_option(LDAPObject *self, PyObject *args) +{ + int option; + + if (!PyArg_ParseTuple(args, "i:get_option", &option)) + return NULL; + if (not_valid(self)) + return NULL; + return LDAP_get_option(self, option); +} + +/* ldap_passwd */ + +static PyObject * +l_ldap_passwd(LDAPObject *self, PyObject *args) +{ + struct berval user; + Py_ssize_t user_len; + struct berval oldpw; + Py_ssize_t oldpw_len; + struct berval newpw; + Py_ssize_t newpw_len; + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl **server_ldcs = NULL; + LDAPControl **client_ldcs = NULL; + + int msgid; + int ldaperror; + + if (!PyArg_ParseTuple + (args, "z#z#z#|OO:passwd", &user.bv_val, &user_len, &oldpw.bv_val, + &oldpw_len, &newpw.bv_val, &newpw_len, &serverctrls, &clientctrls)) + return NULL; + + user.bv_len = (ber_len_t) user_len; + oldpw.bv_len = (ber_len_t) oldpw_len; + newpw.bv_len = (ber_len_t) newpw_len; + + if (not_valid(self)) + return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { + LDAPControl_List_DEL(server_ldcs); + return NULL; + } + } + + LDAP_BEGIN_ALLOW_THREADS(self); + ldaperror = ldap_passwd(self->ldap, + user.bv_val != NULL ? &user : NULL, + oldpw.bv_val != NULL ? &oldpw : NULL, + newpw.bv_val != NULL ? &newpw : NULL, + server_ldcs, client_ldcs, &msgid); + LDAP_END_ALLOW_THREADS(self); + + LDAPControl_List_DEL(server_ldcs); + LDAPControl_List_DEL(client_ldcs); + + if (ldaperror != LDAP_SUCCESS) + return LDAPerror(self->ldap); + + return PyInt_FromLong(msgid); +} + +/* ldap_extended_operation */ + +static PyObject * +l_ldap_extended_operation(LDAPObject *self, PyObject *args) +{ + char *reqoid = NULL; + struct berval reqvalue = { 0, NULL }; + PyObject *serverctrls = Py_None; + PyObject *clientctrls = Py_None; + LDAPControl **server_ldcs = NULL; + LDAPControl **client_ldcs = NULL; + + int msgid; + int ldaperror; + + if (!PyArg_ParseTuple + (args, "sz#|OO:extended_operation", &reqoid, &reqvalue.bv_val, + &reqvalue.bv_len, &serverctrls, &clientctrls)) + return NULL; + + if (not_valid(self)) + return NULL; + + if (!PyNone_Check(serverctrls)) { + if (!LDAPControls_from_object(serverctrls, &server_ldcs)) + return NULL; + } + + if (!PyNone_Check(clientctrls)) { + if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { + LDAPControl_List_DEL(server_ldcs); + return NULL; + } + } + + LDAP_BEGIN_ALLOW_THREADS(self); + ldaperror = ldap_extended_operation(self->ldap, reqoid, + reqvalue.bv_val != + NULL ? &reqvalue : NULL, server_ldcs, + client_ldcs, &msgid); + LDAP_END_ALLOW_THREADS(self); + + LDAPControl_List_DEL(server_ldcs); + LDAPControl_List_DEL(client_ldcs); + + if (ldaperror != LDAP_SUCCESS) + return LDAPerror(self->ldap); + + return PyInt_FromLong(msgid); +} + +/* methods */ + +static PyMethodDef methods[] = { + {"unbind_ext", (PyCFunction)l_ldap_unbind_ext, METH_VARARGS}, + {"abandon_ext", (PyCFunction)l_ldap_abandon_ext, METH_VARARGS}, + {"add_ext", (PyCFunction)l_ldap_add_ext, METH_VARARGS}, + {"simple_bind", (PyCFunction)l_ldap_simple_bind, METH_VARARGS}, +#ifdef HAVE_SASL + {"sasl_interactive_bind_s", (PyCFunction)l_ldap_sasl_interactive_bind_s, + METH_VARARGS}, + {"sasl_bind_s", (PyCFunction)l_ldap_sasl_bind_s, METH_VARARGS}, +#endif + {"compare_ext", (PyCFunction)l_ldap_compare_ext, METH_VARARGS}, + {"delete_ext", (PyCFunction)l_ldap_delete_ext, METH_VARARGS}, + {"modify_ext", (PyCFunction)l_ldap_modify_ext, METH_VARARGS}, + {"rename", (PyCFunction)l_ldap_rename, METH_VARARGS}, + {"result4", (PyCFunction)l_ldap_result4, METH_VARARGS}, + {"search_ext", (PyCFunction)l_ldap_search_ext, METH_VARARGS}, +#ifdef HAVE_TLS + {"start_tls_s", (PyCFunction)l_ldap_start_tls_s, METH_VARARGS}, +#endif + {"whoami_s", (PyCFunction)l_ldap_whoami_s, METH_VARARGS}, + {"passwd", (PyCFunction)l_ldap_passwd, METH_VARARGS}, + {"set_option", (PyCFunction)l_ldap_set_option, METH_VARARGS}, + {"get_option", (PyCFunction)l_ldap_get_option, METH_VARARGS}, +#ifdef LDAP_API_FEATURE_CANCEL + {"cancel", (PyCFunction)l_ldap_cancel, METH_VARARGS}, +#endif + {"extop", (PyCFunction)l_ldap_extended_operation, METH_VARARGS}, + {NULL, NULL} +}; + +/* type entry */ + +PyTypeObject LDAP_Type = { + PyVarObject_HEAD_INIT(NULL, 0) + "LDAP", /*tp_name */ + sizeof(LDAPObject), /*tp_basicsize */ + 0, /*tp_itemsize */ + /* methods */ + (destructor) dealloc, /*tp_dealloc */ + 0, /*tp_print */ + 0, /*tp_getattr */ + 0, /*tp_setattr */ + 0, /*tp_compare */ + 0, /*tp_repr */ + 0, /*tp_as_number */ + 0, /*tp_as_sequence */ + 0, /*tp_as_mapping */ + 0, /*tp_hash */ + 0, /*tp_call */ + 0, /*tp_str */ + 0, /*tp_getattro */ + 0, /*tp_setattro */ + 0, /*tp_as_buffer */ + 0, /*tp_flags */ + 0, /*tp_doc */ + 0, /*tp_traverse */ + 0, /*tp_clear */ + 0, /*tp_richcompare */ + 0, /*tp_weaklistoffset */ + 0, /*tp_iter */ + 0, /*tp_iternext */ + methods, /*tp_methods */ + 0, /*tp_members */ + 0, /*tp_getset */ +}; diff --git a/Modules/LDAPObject.h b/Modules/LDAPObject.h new file mode 100644 index 0000000..4af0b38 --- /dev/null +++ b/Modules/LDAPObject.h @@ -0,0 +1,38 @@ +/* See https://www.python-ldap.org/ for details. */ + +#ifndef __h_LDAPObject +#define __h_LDAPObject + +#include "common.h" + +typedef struct { + PyObject_HEAD LDAP *ldap; + PyThreadState *_save; /* for thread saving on referrals */ + int valid; +} LDAPObject; + +extern PyTypeObject LDAP_Type; + +#define LDAPObject_Check(v) (Py_TYPE(v) == &LDAP_Type) + +extern LDAPObject *newLDAPObject(LDAP *); + +/* macros to allow thread saving in the context of an LDAP connection */ + +#define LDAP_BEGIN_ALLOW_THREADS( l ) \ + { \ + LDAPObject *lo = (l); \ + if (lo->_save != NULL) \ + Py_FatalError( "saving thread twice?" ); \ + lo->_save = PyEval_SaveThread(); \ + } + +#define LDAP_END_ALLOW_THREADS( l ) \ + { \ + LDAPObject *lo = (l); \ + PyThreadState *_save = lo->_save; \ + lo->_save = NULL; \ + PyEval_RestoreThread( _save ); \ + } + +#endif /* __h_LDAPObject */ diff --git a/Modules/berval.c b/Modules/berval.c new file mode 100644 index 0000000..7435ee0 --- /dev/null +++ b/Modules/berval.c @@ -0,0 +1,51 @@ +/* See https://www.python-ldap.org/ for details. */ + +#include "common.h" +#include "berval.h" + +/* + * Copies out the data from a berval, and returns it as a new Python object, + * Returns None if the berval pointer is NULL. + * + * Note that this function is not the exact inverse of LDAPberval_from_object + * with regards to the NULL/None conversion. + * + * Returns a new Python object on success, or NULL on failure. + */ +PyObject * +LDAPberval_to_object(const struct berval *bv) +{ + PyObject *ret = NULL; + + if (!bv) { + ret = Py_None; + Py_INCREF(ret); + } + else { + ret = PyBytes_FromStringAndSize(bv->bv_val, bv->bv_len); + } + + return ret; +} + +/* + * Same as LDAPberval_to_object, but returns a Unicode PyObject. + * Use when the value is known to be text (for instance a distinguishedName). + * + * Returns a new Python object on success, or NULL on failure. + */ +PyObject * +LDAPberval_to_unicode_object(const struct berval *bv) +{ + PyObject *ret = NULL; + + if (!bv) { + ret = Py_None; + Py_INCREF(ret); + } + else { + ret = PyUnicode_FromStringAndSize(bv->bv_val, bv->bv_len); + } + + return ret; +} diff --git a/Modules/berval.h b/Modules/berval.h new file mode 100644 index 0000000..9c42724 --- /dev/null +++ b/Modules/berval.h @@ -0,0 +1,11 @@ +/* See https://www.python-ldap.org/ for details. */ + +#ifndef __h_berval +#define __h_berval + +#include "common.h" + +PyObject *LDAPberval_to_object(const struct berval *bv); +PyObject *LDAPberval_to_unicode_object(const struct berval *bv); + +#endif /* __h_berval_ */ diff --git a/Modules/common.c b/Modules/common.c new file mode 100644 index 0000000..9d7001c --- /dev/null +++ b/Modules/common.c @@ -0,0 +1,33 @@ +/* Miscellaneous common routines + * See https://www.python-ldap.org/ for details. */ + +#include "common.h" + +/* dynamically add the methods into the module dictionary d */ + +void +LDAPadd_methods(PyObject *d, PyMethodDef *methods) +{ + PyMethodDef *meth; + + for (meth = methods; meth->ml_meth; meth++) { + PyObject *f = PyCFunction_New(meth, NULL); + + PyDict_SetItemString(d, meth->ml_name, f); + Py_DECREF(f); + } +} + +/* Raise TypeError with custom message and object */ +PyObject * +LDAPerror_TypeError(const char *msg, PyObject *obj) +{ + PyObject *args = Py_BuildValue("sO", msg, obj); + + if (args == NULL) { + return NULL; + } + PyErr_SetObject(PyExc_TypeError, args); + Py_DECREF(args); + return NULL; +} diff --git a/Modules/common.h b/Modules/common.h new file mode 100644 index 0000000..886024f --- /dev/null +++ b/Modules/common.h @@ -0,0 +1,68 @@ +/* common utility macros + * See https://www.python-ldap.org/ for details. */ + +#ifndef __h_common +#define __h_common + +#define PY_SSIZE_T_CLEAN + +#include "Python.h" + +#if defined(HAVE_CONFIG_H) +#include "config.h" +#endif + +#include +#include +#include + +#if LDAP_API_VERSION < 2040 +#error Current python-ldap requires OpenLDAP 2.4.x +#endif + +#if LDAP_VENDOR_VERSION >= 20448 + /* openldap.h with ldap_init_fd() was introduced in 2.4.48 + * see https://bugs.openldap.org/show_bug.cgi?id=8671 + */ +#define HAVE_LDAP_INIT_FD 1 +#include +#elif (defined(__APPLE__) && (LDAP_VENDOR_VERSION == 20428)) +/* macOS system libldap 2.4.28 does not have ldap_init_fd symbol */ +#undef HAVE_LDAP_INIT_FD +#else + /* ldap_init_fd() has been around for a very long time + * SSSD has been defining the function for a while, so it's probably OK. + */ +#define HAVE_LDAP_INIT_FD 1 +#define LDAP_PROTO_TCP 1 +#define LDAP_PROTO_UDP 2 +#define LDAP_PROTO_IPC 3 +extern int ldap_init_fd(ber_socket_t fd, int proto, LDAP_CONST char *url, + LDAP **ldp); +#endif + +#if defined(MS_WINDOWS) +#include +#else /* unix */ +#include +#include +#include +#endif + +#include +#define streq( a, b ) \ + ( (*(a)==*(b)) && 0==strcmp(a,b) ) + +extern PyObject *LDAPerror_TypeError(const char *, PyObject *); + +void LDAPadd_methods(PyObject *d, PyMethodDef *methods); + +#define PyNone_Check(o) ((o) == Py_None) + +/* Py2/3 compatibility */ +#if PY_VERSION_HEX >= 0x03000000 +/* In Python 3, alias PyInt to PyLong */ +#define PyInt_FromLong PyLong_FromLong +#endif + +#endif /* __h_common_ */ diff --git a/Modules/constants.c b/Modules/constants.c new file mode 100644 index 0000000..8b902e0 --- /dev/null +++ b/Modules/constants.c @@ -0,0 +1,245 @@ +/* constants defined for LDAP + * See https://www.python-ldap.org/ for details. */ + +#include "common.h" +#include "constants.h" +#include "ldapcontrol.h" + +/* the base exception class */ + +PyObject *LDAPexception_class; + +/* list of exception classes */ + +#define LDAP_ERROR_MIN LDAP_REFERRAL_LIMIT_EXCEEDED + +#ifdef LDAP_PROXIED_AUTHORIZATION_DENIED +#define LDAP_ERROR_MAX LDAP_PROXIED_AUTHORIZATION_DENIED +#else +#ifdef LDAP_ASSERTION_FAILED +#define LDAP_ERROR_MAX LDAP_ASSERTION_FAILED +#else +#define LDAP_ERROR_MAX LDAP_OTHER +#endif +#endif + +#define LDAP_ERROR_OFFSET -LDAP_ERROR_MIN + +static PyObject *errobjects[LDAP_ERROR_MAX - LDAP_ERROR_MIN + 1]; + +/* Convert a bare LDAP error number into an exception */ +PyObject * +LDAPerr(int errnum) +{ + if (errnum >= LDAP_ERROR_MIN && errnum <= LDAP_ERROR_MAX) { + PyErr_SetNone(errobjects[errnum + LDAP_ERROR_OFFSET]); + } + else { + PyObject *args = Py_BuildValue("{s:i}", "errnum", errnum); + + if (args == NULL) + return NULL; + PyErr_SetObject(LDAPexception_class, args); + Py_DECREF(args); + } + return NULL; +} + +/* Convert an LDAP error into an informative python exception */ +PyObject * +LDAPraise_for_message(LDAP *l, LDAPMessage *m) +{ + if (l == NULL) { + PyErr_SetFromErrno(LDAPexception_class); + ldap_msgfree(m); + return NULL; + } + else { + int myerrno, errnum, opt_errnum, msgid = -1, msgtype = 0; + PyObject *errobj; + PyObject *info; + PyObject *str; + PyObject *pyerrno; + PyObject *pyresult; + PyObject *pyctrls = NULL; + char *matched = NULL, *error = NULL, **refs = NULL; + LDAPControl **serverctrls = NULL; + + /* at first save errno for later use before it gets overwritten by another call */ + myerrno = errno; + + if (m != NULL) { + msgid = ldap_msgid(m); + msgtype = ldap_msgtype(m); + ldap_parse_result(l, m, &errnum, &matched, &error, &refs, + &serverctrls, 1); + } + + if (msgtype <= 0) { + opt_errnum = ldap_get_option(l, LDAP_OPT_ERROR_NUMBER, &errnum); + if (opt_errnum != LDAP_OPT_SUCCESS) + errnum = opt_errnum; + + if (errnum == LDAP_NO_MEMORY) { + return PyErr_NoMemory(); + } + + ldap_get_option(l, LDAP_OPT_MATCHED_DN, &matched); + ldap_get_option(l, LDAP_OPT_ERROR_STRING, &error); + } + + if (errnum >= LDAP_ERROR_MIN && errnum <= LDAP_ERROR_MAX) + errobj = errobjects[errnum + LDAP_ERROR_OFFSET]; + else + errobj = LDAPexception_class; + + info = PyDict_New(); + if (info == NULL) { + ldap_memfree(matched); + ldap_memfree(error); + ldap_memvfree((void **)refs); + ldap_controls_free(serverctrls); + return NULL; + } + + if (msgtype > 0) { + pyresult = PyInt_FromLong(msgtype); + if (pyresult) + PyDict_SetItemString(info, "msgtype", pyresult); + Py_XDECREF(pyresult); + } + + if (msgid >= 0) { + pyresult = PyInt_FromLong(msgid); + if (pyresult) + PyDict_SetItemString(info, "msgid", pyresult); + Py_XDECREF(pyresult); + } + + pyresult = PyInt_FromLong(errnum); + if (pyresult) + PyDict_SetItemString(info, "result", pyresult); + Py_XDECREF(pyresult); + + str = PyUnicode_FromString(ldap_err2string(errnum)); + if (str) + PyDict_SetItemString(info, "desc", str); + Py_XDECREF(str); + + if (myerrno != 0) { + pyerrno = PyInt_FromLong(myerrno); + if (pyerrno) + PyDict_SetItemString(info, "errno", pyerrno); + Py_XDECREF(pyerrno); + } + + if (!(pyctrls = LDAPControls_to_List(serverctrls))) { + int err = LDAP_NO_MEMORY; + + ldap_set_option(l, LDAP_OPT_ERROR_NUMBER, &err); + ldap_memfree(matched); + ldap_memfree(error); + ldap_memvfree((void **)refs); + ldap_controls_free(serverctrls); + return PyErr_NoMemory(); + } + ldap_controls_free(serverctrls); + PyDict_SetItemString(info, "ctrls", pyctrls); + Py_XDECREF(pyctrls); + + if (matched != NULL) { + if (*matched != '\0') { + str = PyUnicode_FromString(matched); + if (str) + PyDict_SetItemString(info, "matched", str); + Py_XDECREF(str); + } + ldap_memfree(matched); + } + + if (errnum == LDAP_REFERRAL && refs != NULL && refs[0] != NULL) { + /* Keep old behaviour, overshadow error message */ + char err[1024]; + + snprintf(err, sizeof(err), "Referral:\n%s", refs[0]); + str = PyUnicode_FromString(err); + PyDict_SetItemString(info, "info", str); + Py_XDECREF(str); + } + else if (error != NULL && *error != '\0') { + str = PyUnicode_FromString(error); + if (str) + PyDict_SetItemString(info, "info", str); + Py_XDECREF(str); + } + + PyErr_SetObject(errobj, info); + Py_DECREF(info); + ldap_memvfree((void **)refs); + ldap_memfree(error); + return NULL; + } +} + +PyObject * +LDAPerror(LDAP *l) +{ + return LDAPraise_for_message(l, NULL); +} + +/* initialise the module constants */ + +int +LDAPinit_constants(PyObject *m) +{ + PyObject *exc, *nobj; + + /* simple constants */ + + if (PyModule_AddIntConstant(m, "OPT_ON", 1) != 0) + return -1; + if (PyModule_AddIntConstant(m, "OPT_OFF", 0) != 0) + return -1; + + /* exceptions */ + + LDAPexception_class = PyErr_NewException("ldap.LDAPError", NULL, NULL); + if (LDAPexception_class == NULL) { + return -1; + } + + if (PyModule_AddObject(m, "LDAPError", LDAPexception_class) != 0) + return -1; + Py_INCREF(LDAPexception_class); + + /* XXX - backward compatibility with pre-1.8 */ + if (PyModule_AddObject(m, "error", LDAPexception_class) != 0) + return -1; + Py_INCREF(LDAPexception_class); + + /* Generated constants -- see Lib/ldap/constants.py */ + +#define add_err(n) do { \ + exc = PyErr_NewException("ldap." #n, LDAPexception_class, NULL); \ + if (exc == NULL) return -1; \ + nobj = PyLong_FromLong(LDAP_##n); \ + if (nobj == NULL) return -1; \ + if (PyObject_SetAttrString(exc, "errnum", nobj) != 0) return -1; \ + Py_DECREF(nobj); \ + errobjects[LDAP_##n+LDAP_ERROR_OFFSET] = exc; \ + if (PyModule_AddObject(m, #n, exc) != 0) return -1; \ + Py_INCREF(exc); \ +} while (0) + +#define add_int(n) do { \ + if (PyModule_AddIntConstant(m, #n, LDAP_##n) != 0) return -1; \ +} while (0) + +#define add_string(n) do { \ + if (PyModule_AddStringConstant(m, #n, LDAP_##n) != 0) return -1; \ +} while (0) + +#include "constants_generated.h" + + return 0; +} diff --git a/Modules/constants.h b/Modules/constants.h new file mode 100644 index 0000000..7b9ce53 --- /dev/null +++ b/Modules/constants.h @@ -0,0 +1,24 @@ +/* See https://www.python-ldap.org/ for details. */ + +#ifndef __h_constants_ +#define __h_constants_ + +#include "common.h" + +extern int LDAPinit_constants(PyObject *m); +extern PyObject *LDAPconstant(int); + +extern PyObject *LDAPexception_class; +extern PyObject *LDAPerror(LDAP *); +extern PyObject *LDAPraise_for_message(LDAP *, LDAPMessage *m); +PyObject *LDAPerr(int errnum); + +#ifndef LDAP_CONTROL_PAGE_OID +#define LDAP_CONTROL_PAGE_OID "1.2.840.113556.1.4.319" +#endif /* !LDAP_CONTROL_PAGE_OID */ + +#ifndef LDAP_CONTROL_VALUESRETURNFILTER +#define LDAP_CONTROL_VALUESRETURNFILTER "1.2.826.0.1.3344810.2.3" /* RFC 3876 */ +#endif /* !LDAP_CONTROL_VALUESRETURNFILTER */ + +#endif /* __h_constants_ */ diff --git a/Modules/constants_generated.h b/Modules/constants_generated.h new file mode 100644 index 0000000..4a4cdb3 --- /dev/null +++ b/Modules/constants_generated.h @@ -0,0 +1,356 @@ +/* + * Generated with: + * python Lib/ldap/constants.py > Modules/constants_generated.h + * + * Please do any modifications there, then re-generate this file + */ + +add_err(ADMINLIMIT_EXCEEDED); +add_err(AFFECTS_MULTIPLE_DSAS); +add_err(ALIAS_DEREF_PROBLEM); +add_err(ALIAS_PROBLEM); +add_err(ALREADY_EXISTS); +add_err(AUTH_METHOD_NOT_SUPPORTED); +add_err(AUTH_UNKNOWN); +add_err(BUSY); +add_err(CLIENT_LOOP); +add_err(COMPARE_FALSE); +add_err(COMPARE_TRUE); +add_err(CONFIDENTIALITY_REQUIRED); +add_err(CONNECT_ERROR); +add_err(CONSTRAINT_VIOLATION); +add_err(CONTROL_NOT_FOUND); +add_err(DECODING_ERROR); +add_err(ENCODING_ERROR); +add_err(FILTER_ERROR); +add_err(INAPPROPRIATE_AUTH); +add_err(INAPPROPRIATE_MATCHING); +add_err(INSUFFICIENT_ACCESS); +add_err(INVALID_CREDENTIALS); +add_err(INVALID_DN_SYNTAX); +add_err(INVALID_SYNTAX); +add_err(IS_LEAF); +add_err(LOCAL_ERROR); +add_err(LOOP_DETECT); +add_err(MORE_RESULTS_TO_RETURN); +add_err(NAMING_VIOLATION); +add_err(NO_MEMORY); +add_err(NO_OBJECT_CLASS_MODS); +add_err(NO_OBJECT_CLASS_MODS); +add_err(NO_RESULTS_RETURNED); +add_err(NO_SUCH_ATTRIBUTE); +add_err(NO_SUCH_OBJECT); +add_err(NOT_ALLOWED_ON_NONLEAF); +add_err(NOT_ALLOWED_ON_RDN); +add_err(NOT_SUPPORTED); +add_err(OBJECT_CLASS_VIOLATION); +add_err(OPERATIONS_ERROR); +add_err(OTHER); +add_err(PARAM_ERROR); +add_err(PARTIAL_RESULTS); +add_err(PROTOCOL_ERROR); +add_err(REFERRAL); +add_err(REFERRAL_LIMIT_EXCEEDED); +add_err(RESULTS_TOO_LARGE); +add_err(SASL_BIND_IN_PROGRESS); +add_err(SERVER_DOWN); +add_err(SIZELIMIT_EXCEEDED); +add_err(STRONG_AUTH_NOT_SUPPORTED); +add_err(STRONG_AUTH_REQUIRED); +add_err(SUCCESS); +add_err(TIMELIMIT_EXCEEDED); +add_err(TIMEOUT); +add_err(TYPE_OR_VALUE_EXISTS); +add_err(UNAVAILABLE); +add_err(UNAVAILABLE_CRITICAL_EXTENSION); +add_err(UNDEFINED_TYPE); +add_err(UNWILLING_TO_PERFORM); +add_err(USER_CANCELLED); +add_err(VLV_ERROR); +add_err(X_PROXY_AUTHZ_FAILURE); + +#if defined(LDAP_API_FEATURE_CANCEL) +add_err(CANCELLED); +add_err(NO_SUCH_OPERATION); +add_err(TOO_LATE); +add_err(CANNOT_CANCEL); +#endif + +#if defined(LDAP_ASSERTION_FAILED) +add_err(ASSERTION_FAILED); +#endif + +#if defined(LDAP_PROXIED_AUTHORIZATION_DENIED) +add_err(PROXIED_AUTHORIZATION_DENIED); +#endif + +add_int(API_VERSION); +add_int(VENDOR_VERSION); +add_int(PORT); +add_int(VERSION1); +add_int(VERSION2); +add_int(VERSION3); +add_int(VERSION_MIN); +add_int(VERSION); +add_int(VERSION_MAX); +add_int(TAG_MESSAGE); +add_int(TAG_MSGID); +add_int(REQ_BIND); +add_int(REQ_UNBIND); +add_int(REQ_SEARCH); +add_int(REQ_MODIFY); +add_int(REQ_ADD); +add_int(REQ_DELETE); +add_int(REQ_MODRDN); +add_int(REQ_COMPARE); +add_int(REQ_ABANDON); +add_int(TAG_LDAPDN); +add_int(TAG_LDAPCRED); +add_int(TAG_CONTROLS); +add_int(TAG_REFERRAL); +add_int(REQ_EXTENDED); + +#if LDAP_API_VERSION >= 2004 +add_int(TAG_NEWSUPERIOR); +add_int(TAG_EXOP_REQ_OID); +add_int(TAG_EXOP_REQ_VALUE); +add_int(TAG_EXOP_RES_OID); +add_int(TAG_EXOP_RES_VALUE); + +#if defined(HAVE_SASL) +add_int(TAG_SASL_RES_CREDS); +#endif + +#endif + +add_int(SASL_AUTOMATIC); +add_int(SASL_INTERACTIVE); +add_int(SASL_QUIET); +add_int(RES_BIND); +add_int(RES_SEARCH_ENTRY); +add_int(RES_SEARCH_RESULT); +add_int(RES_MODIFY); +add_int(RES_ADD); +add_int(RES_DELETE); +add_int(RES_MODRDN); +add_int(RES_COMPARE); +add_int(RES_ANY); +add_int(RES_SEARCH_REFERENCE); +add_int(RES_EXTENDED); +add_int(RES_UNSOLICITED); +add_int(RES_INTERMEDIATE); +add_int(AUTH_NONE); +add_int(AUTH_SIMPLE); +add_int(SCOPE_BASE); +add_int(SCOPE_ONELEVEL); +add_int(SCOPE_SUBTREE); + +#if defined(LDAP_SCOPE_SUBORDINATE) +add_int(SCOPE_SUBORDINATE); +#endif + +add_int(MOD_ADD); +add_int(MOD_DELETE); +add_int(MOD_REPLACE); +add_int(MOD_INCREMENT); +add_int(MOD_BVALUES); +add_int(MSG_ONE); +add_int(MSG_ALL); +add_int(MSG_RECEIVED); +add_int(DEREF_NEVER); +add_int(DEREF_SEARCHING); +add_int(DEREF_FINDING); +add_int(DEREF_ALWAYS); +add_int(NO_LIMIT); +add_int(OPT_API_INFO); +add_int(OPT_DEREF); +add_int(OPT_SIZELIMIT); +add_int(OPT_TIMELIMIT); + +#if defined(LDAP_OPT_REFERRALS) +add_int(OPT_REFERRALS); +#endif + +add_int(OPT_ERROR_NUMBER); +add_int(OPT_RESTART); +add_int(OPT_PROTOCOL_VERSION); +add_int(OPT_SERVER_CONTROLS); +add_int(OPT_CLIENT_CONTROLS); +add_int(OPT_API_FEATURE_INFO); +add_int(OPT_HOST_NAME); +add_int(OPT_DESC); +add_int(OPT_DIAGNOSTIC_MESSAGE); +add_int(OPT_ERROR_STRING); +add_int(OPT_MATCHED_DN); +add_int(OPT_DEBUG_LEVEL); +add_int(OPT_TIMEOUT); +add_int(OPT_REFHOPLIMIT); +add_int(OPT_NETWORK_TIMEOUT); +add_int(OPT_URI); + +#if defined(LDAP_OPT_DEFBASE) +add_int(OPT_DEFBASE); +#endif + +#if HAVE_TLS + +#if defined(LDAP_OPT_X_TLS) +add_int(OPT_X_TLS); +#endif + +add_int(OPT_X_TLS_CTX); +add_int(OPT_X_TLS_CACERTFILE); +add_int(OPT_X_TLS_CACERTDIR); +add_int(OPT_X_TLS_CERTFILE); +add_int(OPT_X_TLS_KEYFILE); +add_int(OPT_X_TLS_REQUIRE_CERT); +add_int(OPT_X_TLS_CIPHER_SUITE); +add_int(OPT_X_TLS_RANDOM_FILE); +add_int(OPT_X_TLS_DHFILE); +add_int(OPT_X_TLS_NEVER); +add_int(OPT_X_TLS_HARD); +add_int(OPT_X_TLS_DEMAND); +add_int(OPT_X_TLS_ALLOW); +add_int(OPT_X_TLS_TRY); + +#if defined(LDAP_OPT_X_TLS_VERSION) +add_int(OPT_X_TLS_VERSION); +#endif + +#if defined(LDAP_OPT_X_TLS_CIPHER) +add_int(OPT_X_TLS_CIPHER); +#endif + +#if defined(LDAP_OPT_X_TLS_PEERCERT) +add_int(OPT_X_TLS_PEERCERT); +#endif + +#if defined(LDAP_OPT_X_TLS_CRLCHECK) +add_int(OPT_X_TLS_CRLCHECK); +#endif + +#if defined(LDAP_OPT_X_TLS_CRLFILE) +add_int(OPT_X_TLS_CRLFILE); +#endif + +add_int(OPT_X_TLS_CRL_NONE); +add_int(OPT_X_TLS_CRL_PEER); +add_int(OPT_X_TLS_CRL_ALL); + +#if defined(LDAP_OPT_X_TLS_NEWCTX) +add_int(OPT_X_TLS_NEWCTX); +#endif + +#if defined(LDAP_OPT_X_TLS_PROTOCOL_MIN) +add_int(OPT_X_TLS_PROTOCOL_MIN); +#endif + +#if defined(LDAP_OPT_X_TLS_PACKAGE) +add_int(OPT_X_TLS_PACKAGE); +#endif + +#endif + +add_int(OPT_X_SASL_MECH); +add_int(OPT_X_SASL_REALM); +add_int(OPT_X_SASL_AUTHCID); +add_int(OPT_X_SASL_AUTHZID); +add_int(OPT_X_SASL_SSF); +add_int(OPT_X_SASL_SSF_EXTERNAL); +add_int(OPT_X_SASL_SECPROPS); +add_int(OPT_X_SASL_SSF_MIN); +add_int(OPT_X_SASL_SSF_MAX); + +#if defined(LDAP_OPT_X_SASL_NOCANON) +add_int(OPT_X_SASL_NOCANON); +#endif + +#if defined(LDAP_OPT_X_SASL_USERNAME) +add_int(OPT_X_SASL_USERNAME); +#endif + +#if defined(LDAP_OPT_CONNECT_ASYNC) +add_int(OPT_CONNECT_ASYNC); +#endif + +#if defined(LDAP_OPT_X_KEEPALIVE_IDLE) +add_int(OPT_X_KEEPALIVE_IDLE); +#endif + +#if defined(LDAP_OPT_X_KEEPALIVE_PROBES) +add_int(OPT_X_KEEPALIVE_PROBES); +#endif + +#if defined(LDAP_OPT_X_KEEPALIVE_INTERVAL) +add_int(OPT_X_KEEPALIVE_INTERVAL); +#endif + +add_int(DN_FORMAT_LDAP); +add_int(DN_FORMAT_LDAPV3); +add_int(DN_FORMAT_LDAPV2); +add_int(DN_FORMAT_DCE); +add_int(DN_FORMAT_UFN); +add_int(DN_FORMAT_AD_CANONICAL); +add_int(DN_FORMAT_MASK); +add_int(DN_PRETTY); +add_int(DN_SKIP); +add_int(DN_P_NOLEADTRAILSPACES); +add_int(DN_P_NOSPACEAFTERRDN); +add_int(DN_PEDANTIC); +add_int(AVA_NULL); +add_int(AVA_STRING); +add_int(AVA_BINARY); +add_int(AVA_NONPRINTABLE); +add_int(OPT_SUCCESS); +add_int(URL_ERR_BADSCOPE); +add_int(URL_ERR_MEM); + +#ifdef HAVE_LIBLDAP_R +if (PyModule_AddIntConstant(m, "LIBLDAP_R", 1) != 0) + return -1; +#else +if (PyModule_AddIntConstant(m, "LIBLDAP_R", 0) != 0) + return -1; +#endif + +#ifdef HAVE_SASL +if (PyModule_AddIntConstant(m, "SASL_AVAIL", 1) != 0) + return -1; +#else +if (PyModule_AddIntConstant(m, "SASL_AVAIL", 0) != 0) + return -1; +#endif + +#ifdef HAVE_TLS +if (PyModule_AddIntConstant(m, "TLS_AVAIL", 1) != 0) + return -1; +#else +if (PyModule_AddIntConstant(m, "TLS_AVAIL", 0) != 0) + return -1; +#endif + +#ifdef HAVE_LDAP_INIT_FD +if (PyModule_AddIntConstant(m, "INIT_FD_AVAIL", 1) != 0) + return -1; +#else +if (PyModule_AddIntConstant(m, "INIT_FD_AVAIL", 0) != 0) + return -1; +#endif + +add_string(CONTROL_MANAGEDSAIT); +add_string(CONTROL_PROXY_AUTHZ); +add_string(CONTROL_SUBENTRIES); +add_string(CONTROL_VALUESRETURNFILTER); +add_string(CONTROL_ASSERT); +add_string(CONTROL_PRE_READ); +add_string(CONTROL_POST_READ); +add_string(CONTROL_SORTREQUEST); +add_string(CONTROL_SORTRESPONSE); +add_string(CONTROL_PAGEDRESULTS); +add_string(CONTROL_SYNC); +add_string(CONTROL_SYNC_STATE); +add_string(CONTROL_SYNC_DONE); +add_string(SYNC_INFO); +add_string(CONTROL_PASSWORDPOLICYREQUEST); +add_string(CONTROL_PASSWORDPOLICYRESPONSE); +add_string(CONTROL_RELAX); diff --git a/Modules/functions.c b/Modules/functions.c new file mode 100644 index 0000000..b811708 --- /dev/null +++ b/Modules/functions.c @@ -0,0 +1,210 @@ +/* See https://www.python-ldap.org/ for details. */ + +#include "common.h" +#include "functions.h" +#include "LDAPObject.h" +#include "berval.h" +#include "constants.h" +#include "options.h" + +/* ldap_initialize */ + +static PyObject * +l_ldap_initialize(PyObject *unused, PyObject *args) +{ + char *uri; + LDAP *ld = NULL; + int ret; + PyThreadState *save; + + if (!PyArg_ParseTuple(args, "s:initialize", &uri)) + return NULL; + + save = PyEval_SaveThread(); + ret = ldap_initialize(&ld, uri); + PyEval_RestoreThread(save); + + if (ret != LDAP_SUCCESS) + return LDAPerror(ld); + + return (PyObject *)newLDAPObject(ld); +} + +#ifdef HAVE_LDAP_INIT_FD +/* initialize_fd(fileno, url) */ + +static PyObject * +l_ldap_initialize_fd(PyObject *unused, PyObject *args) +{ + char *url; + LDAP *ld = NULL; + int ret; + int fd; + int proto = -1; + LDAPURLDesc *lud = NULL; + + PyThreadState *save; + + if (!PyArg_ParseTuple(args, "is:initialize_fd", &fd, &url)) + return NULL; + + /* Get LDAP protocol from scheme */ + ret = ldap_url_parse(url, &lud); + if (ret != LDAP_SUCCESS) + return LDAPerr(ret); + + if (strcmp(lud->lud_scheme, "ldap") == 0) { + proto = LDAP_PROTO_TCP; + } + else if (strcmp(lud->lud_scheme, "ldaps") == 0) { + proto = LDAP_PROTO_TCP; + } + else if (strcmp(lud->lud_scheme, "ldapi") == 0) { + proto = LDAP_PROTO_IPC; + } +#ifdef LDAP_CONNECTIONLESS + else if (strcmp(lud->lud_scheme, "cldap") == 0) { + proto = LDAP_PROTO_UDP; + } +#endif + else { + ldap_free_urldesc(lud); + PyErr_SetString(PyExc_ValueError, "unsupported URL scheme"); + return NULL; + } + ldap_free_urldesc(lud); + + save = PyEval_SaveThread(); + ret = ldap_init_fd((ber_socket_t) fd, proto, url, &ld); + PyEval_RestoreThread(save); + + if (ret != LDAP_SUCCESS) + return LDAPerror(ld); + + return (PyObject *)newLDAPObject(ld); +} +#endif + +/* ldap_str2dn */ + +static PyObject * +l_ldap_str2dn(PyObject *unused, PyObject *args) +{ + struct berval str; + LDAPDN dn; + int flags = 0; + PyObject *result = NULL, *tmp; + int res, i, j; + Py_ssize_t str_len; + + /* + * From a DN string such as "a=b,c=d;e=f", build + * a list-equivalent of AVA structures; namely: + * ((('a','b',1),('c','d',1)),(('e','f',1),)) + * The integers are a bit combination of the AVA_* flags + */ + if (!PyArg_ParseTuple(args, "z#|i:str2dn", &str.bv_val, &str_len, &flags)) + return NULL; + str.bv_len = (ber_len_t) str_len; + + res = ldap_bv2dn(&str, &dn, flags); + if (res != LDAP_SUCCESS) + return LDAPerr(res); + + tmp = PyList_New(0); + if (!tmp) + goto failed; + + for (i = 0; dn[i]; i++) { + LDAPRDN rdn; + PyObject *rdnlist; + + rdn = dn[i]; + rdnlist = PyList_New(0); + if (!rdnlist) + goto failed; + if (PyList_Append(tmp, rdnlist) == -1) { + Py_DECREF(rdnlist); + goto failed; + } + + for (j = 0; rdn[j]; j++) { + LDAPAVA *ava = rdn[j]; + PyObject *tuple; + + tuple = Py_BuildValue("(O&O&i)", + LDAPberval_to_unicode_object, &ava->la_attr, + LDAPberval_to_unicode_object, &ava->la_value, + ava->la_flags & ~(LDAP_AVA_FREE_ATTR | + LDAP_AVA_FREE_VALUE)); + if (!tuple) { + Py_DECREF(rdnlist); + goto failed; + } + + if (PyList_Append(rdnlist, tuple) == -1) { + Py_DECREF(tuple); + goto failed; + } + Py_DECREF(tuple); + } + Py_DECREF(rdnlist); + } + + result = tmp; + tmp = NULL; + + failed: + Py_XDECREF(tmp); + ldap_dnfree(dn); + return result; +} + +/* ldap_set_option (global options) */ + +static PyObject * +l_ldap_set_option(PyObject *self, PyObject *args) +{ + PyObject *value; + int option; + + if (!PyArg_ParseTuple(args, "iO:set_option", &option, &value)) + return NULL; + if (!LDAP_set_option(NULL, option, value)) + return NULL; + Py_INCREF(Py_None); + return Py_None; +} + +/* ldap_get_option (global options) */ + +static PyObject * +l_ldap_get_option(PyObject *self, PyObject *args) +{ + int option; + + if (!PyArg_ParseTuple(args, "i:get_option", &option)) + return NULL; + return LDAP_get_option(NULL, option); +} + +/* methods */ + +static PyMethodDef methods[] = { + {"initialize", (PyCFunction)l_ldap_initialize, METH_VARARGS}, +#ifdef HAVE_LDAP_INIT_FD + {"initialize_fd", (PyCFunction)l_ldap_initialize_fd, METH_VARARGS}, +#endif + {"str2dn", (PyCFunction)l_ldap_str2dn, METH_VARARGS}, + {"set_option", (PyCFunction)l_ldap_set_option, METH_VARARGS}, + {"get_option", (PyCFunction)l_ldap_get_option, METH_VARARGS}, + {NULL, NULL} +}; + +/* initialisation */ + +void +LDAPinit_functions(PyObject *d) +{ + LDAPadd_methods(d, methods); +} diff --git a/Modules/functions.h b/Modules/functions.h new file mode 100644 index 0000000..2aef974 --- /dev/null +++ b/Modules/functions.h @@ -0,0 +1,9 @@ +/* See https://www.python-ldap.org/ for details. */ + +#ifndef __h_functions_ +#define __h_functions_ + +#include "common.h" +extern void LDAPinit_functions(PyObject *); + +#endif /* __h_functions_ */ diff --git a/Modules/ldapcontrol.c b/Modules/ldapcontrol.c new file mode 100644 index 0000000..e287e9a --- /dev/null +++ b/Modules/ldapcontrol.c @@ -0,0 +1,394 @@ +/* See https://www.python-ldap.org/ for details. */ + +#include "common.h" +#include "LDAPObject.h" +#include "ldapcontrol.h" +#include "berval.h" +#include "constants.h" + +/* Prints to stdout the contents of an array of LDAPControl objects */ + +/* XXX: This is a debugging tool, and the printf generates some warnings + * about pointer types. I left it here in case something breaks and we + * need to inspect an LDAPControl structure. + +static void +LDAPControl_DumpList( LDAPControl** lcs ) { + LDAPControl** lcp; + LDAPControl* lc; + for ( lcp = lcs; *lcp; lcp++ ) { + lc = *lcp; + printf("OID: %s\nCriticality: %d\nBER length: %d\nBER value: %x\n", + lc->ldctl_oid, lc->ldctl_iscritical, lc->ldctl_value.bv_len, + lc->ldctl_value.bv_val); + } +} */ + +/* Free a single LDAPControl object created by Tuple_to_LDAPControl */ + +static void +LDAPControl_DEL(LDAPControl *lc) +{ + if (lc == NULL) + return; + + if (lc->ldctl_oid) + PyMem_DEL(lc->ldctl_oid); + PyMem_DEL(lc); +} + +/* Free an array of LDAPControl objects created by LDAPControls_from_object */ + +void +LDAPControl_List_DEL(LDAPControl **lcs) +{ + LDAPControl **lcp; + + if (lcs == NULL) + return; + + for (lcp = lcs; *lcp; lcp++) + LDAPControl_DEL(*lcp); + + PyMem_DEL(lcs); +} + +/* Takes a tuple of the form: + * (OID: string, Criticality: int/boolean, Value: string/None) + * and converts it into an LDAPControl structure. + * + * The Value string should represent an ASN.1 encoded structure. + */ + +static LDAPControl * +Tuple_to_LDAPControl(PyObject *tup) +{ + char *oid; + char iscritical; + struct berval berbytes; + PyObject *bytes; + LDAPControl *lc = NULL; + Py_ssize_t len; + + if (!PyTuple_Check(tup)) { + LDAPerror_TypeError("Tuple_to_LDAPControl(): expected a tuple", tup); + return NULL; + } + + if (!PyArg_ParseTuple + (tup, "sbO:Tuple_to_LDAPControl", &oid, &iscritical, &bytes)) + return NULL; + + lc = PyMem_NEW(LDAPControl, 1); + + if (lc == NULL) { + PyErr_NoMemory(); + return NULL; + } + + lc->ldctl_iscritical = iscritical; + + len = strlen(oid); + lc->ldctl_oid = PyMem_NEW(char, len + 1); + + if (lc->ldctl_oid == NULL) { + PyErr_NoMemory(); + LDAPControl_DEL(lc); + return NULL; + } + memcpy(lc->ldctl_oid, oid, len + 1); + + /* The berval can either be None or a String */ + if (PyNone_Check(bytes)) { + berbytes.bv_len = 0; + berbytes.bv_val = NULL; + } + else if (PyBytes_Check(bytes)) { + berbytes.bv_len = PyBytes_Size(bytes); + berbytes.bv_val = PyBytes_AsString(bytes); + } + else { + LDAPerror_TypeError("Tuple_to_LDAPControl(): expected bytes", bytes); + LDAPControl_DEL(lc); + return NULL; + } + + lc->ldctl_value = berbytes; + + return lc; +} + +/* Convert a list of tuples (of a format acceptable to the Tuple_to_LDAPControl + * function) into an array of LDAPControl objects. */ + +int +LDAPControls_from_object(PyObject *list, LDAPControl ***controls_ret) +{ + Py_ssize_t len, i; + LDAPControl **ldcs; + LDAPControl *ldc; + PyObject *item; + + if (!PySequence_Check(list)) { + LDAPerror_TypeError("LDAPControls_from_object(): expected a list", + list); + return 0; + } + + len = PySequence_Length(list); + ldcs = PyMem_NEW(LDAPControl *, len + 1); + + if (ldcs == NULL) { + PyErr_NoMemory(); + return 0; + } + + for (i = 0; i < len; i++) { + item = PySequence_GetItem(list, i); + if (item == NULL) { + PyMem_DEL(ldcs); + return 0; + } + + ldc = Tuple_to_LDAPControl(item); + if (ldc == NULL) { + Py_DECREF(item); + PyMem_DEL(ldcs); + return 0; + } + + ldcs[i] = ldc; + Py_DECREF(item); + } + + ldcs[len] = NULL; + *controls_ret = ldcs; + return 1; +} + +PyObject * +LDAPControls_to_List(LDAPControl **ldcs) +{ + PyObject *res = 0, *pyctrl; + LDAPControl **tmp = ldcs; + Py_ssize_t num_ctrls = 0, i; + + if (tmp) + while (*tmp++) + num_ctrls++; + + if ((res = PyList_New(num_ctrls)) == NULL) { + return NULL; + } + + for (i = 0; i < num_ctrls; i++) { + pyctrl = Py_BuildValue("sbO&", + ldcs[i]->ldctl_oid, + ldcs[i]->ldctl_iscritical, + LDAPberval_to_object, &ldcs[i]->ldctl_value); + if (pyctrl == NULL) { + Py_DECREF(res); + return NULL; + } + PyList_SET_ITEM(res, i, pyctrl); + } + return res; +} + +/* --------------- en-/decoders ------------- */ + +/* Matched Values, aka, Values Return Filter */ +static PyObject * +encode_rfc3876(PyObject *self, PyObject *args) +{ + PyObject *res = 0; + int err; + BerElement *vrber = 0; + char *vrFilter; + struct berval *ctrl_val; + + if (!PyArg_ParseTuple + (args, "s:encode_valuesreturnfilter_control", &vrFilter)) { + goto endlbl; + } + + if (!(vrber = ber_alloc_t(LBER_USE_DER))) { + LDAPerr(LDAP_NO_MEMORY); + goto endlbl; + } + + err = ldap_put_vrFilter(vrber, vrFilter); + if (err == -1) { + LDAPerr(LDAP_FILTER_ERROR); + goto endlbl; + } + + err = ber_flatten(vrber, &ctrl_val); + if (err == -1) { + LDAPerr(LDAP_NO_MEMORY); + goto endlbl; + } + + res = LDAPberval_to_object(ctrl_val); + ber_bvfree(ctrl_val); + + endlbl: + if (vrber) + ber_free(vrber, 1); + + return res; +} + +static PyObject * +encode_rfc2696(PyObject *self, PyObject *args) +{ + PyObject *res = 0; + BerElement *ber = 0; + struct berval cookie, *ctrl_val; + Py_ssize_t cookie_len; + int size = 0; /* ber_int_t is int */ + ber_tag_t tag; + + if (!PyArg_ParseTuple(args, "is#:encode_page_control", &size, + &cookie.bv_val, &cookie_len)) { + goto endlbl; + } + cookie.bv_len = (ber_len_t) cookie_len; + + if (!(ber = ber_alloc_t(LBER_USE_DER))) { + LDAPerr(LDAP_NO_MEMORY); + goto endlbl; + } + + tag = ber_printf(ber, "{i", size); + if (tag == LBER_ERROR) { + LDAPerr(LDAP_ENCODING_ERROR); + goto endlbl; + } + + if (!cookie.bv_len) + tag = ber_printf(ber, "o", "", 0); + else + tag = ber_printf(ber, "O", &cookie); + if (tag == LBER_ERROR) { + LDAPerr(LDAP_ENCODING_ERROR); + goto endlbl; + } + + tag = ber_printf(ber, /*{ */ "N}"); + if (tag == LBER_ERROR) { + LDAPerr(LDAP_ENCODING_ERROR); + goto endlbl; + } + + if (-1 == ber_flatten(ber, &ctrl_val)) { + LDAPerr(LDAP_NO_MEMORY); + goto endlbl; + } + + res = LDAPberval_to_object(ctrl_val); + ber_bvfree(ctrl_val); + + endlbl: + if (ber) + ber_free(ber, 1); + return res; +} + +static PyObject * +decode_rfc2696(PyObject *self, PyObject *args) +{ + PyObject *res = 0; + BerElement *ber = 0; + struct berval ldctl_value; + ber_tag_t tag; + struct berval *cookiep; + int count = 0; /* ber_int_t is int */ + Py_ssize_t ldctl_value_len; + + if (!PyArg_ParseTuple(args, "s#:decode_page_control", + &ldctl_value.bv_val, &ldctl_value_len)) { + goto endlbl; + } + ldctl_value.bv_len = (ber_len_t) ldctl_value_len; + + if (!(ber = ber_init(&ldctl_value))) { + LDAPerr(LDAP_NO_MEMORY); + goto endlbl; + } + + tag = ber_scanf(ber, "{iO", &count, &cookiep); + if (tag == LBER_ERROR) { + LDAPerr(LDAP_DECODING_ERROR); + goto endlbl; + } + + res = Py_BuildValue("(iO&)", count, LDAPberval_to_object, cookiep); + ber_bvfree(cookiep); + + endlbl: + if (ber) + ber_free(ber, 1); + return res; +} + +static PyObject * +encode_assertion_control(PyObject *self, PyObject *args) +{ + int err; + PyObject *res = 0; + char *assertion_filterstr; + struct berval ctrl_val; + LDAP *ld = NULL; + PyThreadState *save; + + if (!PyArg_ParseTuple(args, "s:encode_assertion_control", + &assertion_filterstr)) { + goto endlbl; + } + + /* XXX: ldap_create() is a nasty and slow hack. It's creating a full blown + * LDAP object just to encode assertion controls. + */ + save = PyEval_SaveThread(); + err = ldap_create(&ld); + PyEval_RestoreThread(save); + if (err != LDAP_SUCCESS) + return LDAPerror(ld); + + err = ldap_create_assertion_control_value(ld, assertion_filterstr, + &ctrl_val); + + if (err != LDAP_SUCCESS) { + LDAPerror(ld); + save = PyEval_SaveThread(); + ldap_unbind_ext(ld, NULL, NULL); + PyEval_RestoreThread(save); + return NULL; + } + save = PyEval_SaveThread(); + ldap_unbind_ext(ld, NULL, NULL); + PyEval_RestoreThread(save); + res = LDAPberval_to_object(&ctrl_val); + + if (ctrl_val.bv_val != NULL) { + ber_memfree(ctrl_val.bv_val); + } + endlbl: + + return res; +} + +static PyMethodDef methods[] = { + {"encode_page_control", encode_rfc2696, METH_VARARGS}, + {"decode_page_control", decode_rfc2696, METH_VARARGS}, + {"encode_valuesreturnfilter_control", encode_rfc3876, METH_VARARGS}, + {"encode_assertion_control", encode_assertion_control, METH_VARARGS}, + {NULL, NULL} +}; + +void +LDAPinit_control(PyObject *d) +{ + LDAPadd_methods(d, methods); +} diff --git a/Modules/ldapcontrol.h b/Modules/ldapcontrol.h new file mode 100644 index 0000000..74cae42 --- /dev/null +++ b/Modules/ldapcontrol.h @@ -0,0 +1,13 @@ +/* See https://www.python-ldap.org/ for details. */ + +#ifndef __h_ldapcontrol +#define __h_ldapcontrol + +#include "common.h" + +void LDAPinit_control(PyObject *d); +void LDAPControl_List_DEL(LDAPControl **); +int LDAPControls_from_object(PyObject *, LDAPControl ***); +PyObject *LDAPControls_to_List(LDAPControl **ldcs); + +#endif /* __h_ldapcontrol */ diff --git a/Modules/ldapmodule.c b/Modules/ldapmodule.c new file mode 100644 index 0000000..34d5a24 --- /dev/null +++ b/Modules/ldapmodule.c @@ -0,0 +1,94 @@ +/* See https://www.python-ldap.org/ for details. */ + +#include "common.h" +#include "constants.h" +#include "functions.h" +#include "ldapcontrol.h" + +#include "LDAPObject.h" + +#if PY_MAJOR_VERSION >= 3 +PyMODINIT_FUNC PyInit__ldap(void); +#else +PyMODINIT_FUNC init_ldap(void); +#endif + +#define _STR(x) #x +#define STR(x) _STR(x) + +static char version_str[] = STR(LDAPMODULE_VERSION); +static char author_str[] = STR(LDAPMODULE_AUTHOR); +static char license_str[] = STR(LDAPMODULE_LICENSE); + +static void +init_pkginfo(PyObject *m) +{ + PyModule_AddStringConstant(m, "__version__", version_str); + PyModule_AddStringConstant(m, "__author__", author_str); + PyModule_AddStringConstant(m, "__license__", license_str); +} + +/* dummy module methods */ +static PyMethodDef methods[] = { + {NULL, NULL} +}; + +/* module initialisation */ + +/* Common initialization code */ +PyObject * +init_ldap_module(void) +{ + PyObject *m, *d; + + /* Create the module and add the functions */ +#if PY_MAJOR_VERSION >= 3 + static struct PyModuleDef ldap_moduledef = { + PyModuleDef_HEAD_INIT, + "_ldap", /* m_name */ + "", /* m_doc */ + -1, /* m_size */ + methods, /* m_methods */ + }; + m = PyModule_Create(&ldap_moduledef); +#else + m = Py_InitModule("_ldap", methods); +#endif + /* Initialize LDAP class */ + if (PyType_Ready(&LDAP_Type) < 0) { + Py_DECREF(m); + return NULL; + } + + /* Add some symbolic constants to the module */ + d = PyModule_GetDict(m); + + init_pkginfo(m); + + if (LDAPinit_constants(m) == -1) { + return NULL; + } + + LDAPinit_functions(d); + LDAPinit_control(d); + + /* Check for errors */ + if (PyErr_Occurred()) + Py_FatalError("can't initialize module _ldap"); + + return m; +} + +#if PY_MAJOR_VERSION < 3 +PyMODINIT_FUNC +init_ldap() +{ + init_ldap_module(); +} +#else +PyMODINIT_FUNC +PyInit__ldap() +{ + return init_ldap_module(); +} +#endif diff --git a/Modules/message.c b/Modules/message.c new file mode 100644 index 0000000..22aa313 --- /dev/null +++ b/Modules/message.c @@ -0,0 +1,311 @@ +/* See https://www.python-ldap.org/ for details. */ + +#include "common.h" +#include "message.h" +#include "berval.h" +#include "ldapcontrol.h" +#include "constants.h" + +/* + * Converts an LDAP message into a Python structure. + * + * On success, returns a list of dictionaries. + * On failure, returns NULL, and sets an error. + * + * The message m is always freed, regardless of return value. + * + * If add_ctrls is non-zero, per-entry/referral/partial/intermediate + * controls will be added as a third item to each entry tuple + * + * If add_intermediates is non-zero, intermediate/partial results will + * be returned + */ +PyObject * +LDAPmessage_to_python(LDAP *ld, LDAPMessage *m, int add_ctrls, + int add_intermediates) +{ + /* we convert an LDAP message into a python structure. + * It is always a list of dictionaries. + * We always free m. + */ + + PyObject *result, *pyctrls = 0; + LDAPMessage *entry; + LDAPControl **serverctrls = 0; + int rc; + + result = PyList_New(0); + if (result == NULL) { + ldap_msgfree(m); + return NULL; + } + + for (entry = ldap_first_entry(ld, m); + entry != NULL; entry = ldap_next_entry(ld, entry)) { + char *dn; + char *attr; + BerElement *ber = NULL; + PyObject *entrytuple; + PyObject *attrdict; + PyObject *pydn; + + dn = ldap_get_dn(ld, entry); + if (dn == NULL) { + Py_DECREF(result); + ldap_msgfree(m); + return LDAPerror(ld); + } + + attrdict = PyDict_New(); + if (attrdict == NULL) { + Py_DECREF(result); + ldap_msgfree(m); + ldap_memfree(dn); + return NULL; + } + + rc = ldap_get_entry_controls(ld, entry, &serverctrls); + if (rc) { + Py_DECREF(result); + ldap_msgfree(m); + ldap_memfree(dn); + return LDAPerror(ld); + } + + /* convert serverctrls to list of tuples */ + if (!(pyctrls = LDAPControls_to_List(serverctrls))) { + int err = LDAP_NO_MEMORY; + + ldap_set_option(ld, LDAP_OPT_ERROR_NUMBER, &err); + Py_DECREF(result); + ldap_msgfree(m); + ldap_memfree(dn); + ldap_controls_free(serverctrls); + return LDAPerror(ld); + } + ldap_controls_free(serverctrls); + + /* Fill attrdict with lists */ + for (attr = ldap_first_attribute(ld, entry, &ber); + attr != NULL; attr = ldap_next_attribute(ld, entry, ber) + ) { + PyObject *valuelist; + PyObject *pyattr; + struct berval **bvals; + + pyattr = PyUnicode_FromString(attr); + + bvals = ldap_get_values_len(ld, entry, attr); + + /* Find which list to append to */ + if (PyDict_Contains(attrdict, pyattr)) { + /* Multiple attribute entries with same name. This code path + * is rarely used and cannot be exhausted with OpenLDAP + * tests. 389-DS sometimes triggeres it, see + * https://github.com/python-ldap/python-ldap/issues/218 + */ + valuelist = PyDict_GetItem(attrdict, pyattr); + /* Turn borrowed reference into owned reference */ + if (valuelist != NULL) + Py_INCREF(valuelist); + } + else { + valuelist = PyList_New(0); + if (valuelist != NULL && PyDict_SetItem(attrdict, + pyattr, + valuelist) == -1) { + Py_DECREF(valuelist); + valuelist = NULL; /* catch error later */ + } + } + + if (valuelist == NULL) { + Py_DECREF(pyattr); + Py_DECREF(attrdict); + Py_DECREF(result); + if (ber != NULL) + ber_free(ber, 0); + ldap_msgfree(m); + ldap_memfree(attr); + ldap_memfree(dn); + Py_XDECREF(pyctrls); + return NULL; + } + + if (bvals != NULL) { + Py_ssize_t i; + + for (i = 0; bvals[i]; i++) { + PyObject *valuestr; + + valuestr = LDAPberval_to_object(bvals[i]); + if (PyList_Append(valuelist, valuestr) == -1) { + Py_DECREF(pyattr); + Py_DECREF(attrdict); + Py_DECREF(result); + Py_DECREF(valuestr); + Py_DECREF(valuelist); + if (ber != NULL) + ber_free(ber, 0); + ldap_msgfree(m); + ldap_memfree(attr); + ldap_memfree(dn); + Py_XDECREF(pyctrls); + return NULL; + } + Py_DECREF(valuestr); + } + ldap_value_free_len(bvals); + } + Py_DECREF(pyattr); + Py_DECREF(valuelist); + ldap_memfree(attr); + } + + pydn = PyUnicode_FromString(dn); + if (pydn == NULL) { + Py_DECREF(result); + ldap_msgfree(m); + ldap_memfree(dn); + return NULL; + } + + if (add_ctrls) { + entrytuple = Py_BuildValue("(OOO)", pydn, attrdict, pyctrls); + } + else { + entrytuple = Py_BuildValue("(OO)", pydn, attrdict); + } + Py_DECREF(pydn); + ldap_memfree(dn); + Py_DECREF(attrdict); + Py_XDECREF(pyctrls); + PyList_Append(result, entrytuple); + Py_DECREF(entrytuple); + if (ber != NULL) + ber_free(ber, 0); + } + for (entry = ldap_first_reference(ld, m); + entry != NULL; entry = ldap_next_reference(ld, entry)) { + char **refs = NULL; + PyObject *entrytuple; + PyObject *reflist = PyList_New(0); + + if (reflist == NULL) { + Py_DECREF(result); + ldap_msgfree(m); + return NULL; + } + if (ldap_parse_reference(ld, entry, &refs, &serverctrls, 0) != + LDAP_SUCCESS) { + Py_DECREF(reflist); + Py_DECREF(result); + ldap_msgfree(m); + return LDAPerror(ld); + } + /* convert serverctrls to list of tuples */ + if (!(pyctrls = LDAPControls_to_List(serverctrls))) { + int err = LDAP_NO_MEMORY; + + ldap_set_option(ld, LDAP_OPT_ERROR_NUMBER, &err); + Py_DECREF(reflist); + Py_DECREF(result); + ldap_msgfree(m); + ldap_controls_free(serverctrls); + return LDAPerror(ld); + } + ldap_controls_free(serverctrls); + if (refs) { + Py_ssize_t i; + + for (i = 0; refs[i] != NULL; i++) { + /* A referal is a distinguishedName => unicode */ + PyObject *refstr = PyUnicode_FromString(refs[i]); + + PyList_Append(reflist, refstr); + Py_DECREF(refstr); + } + ber_memvfree((void **)refs); + } + if (add_ctrls) { + entrytuple = Py_BuildValue("(sOO)", NULL, reflist, pyctrls); + } + else { + entrytuple = Py_BuildValue("(sO)", NULL, reflist); + } + Py_DECREF(reflist); + Py_XDECREF(pyctrls); + PyList_Append(result, entrytuple); + Py_DECREF(entrytuple); + } + if (add_intermediates) { + for (entry = ldap_first_message(ld, m); + entry != NULL; entry = ldap_next_message(ld, entry)) { + /* list of tuples */ + /* each tuple is OID, Berval, controllist */ + if (LDAP_RES_INTERMEDIATE == ldap_msgtype(entry)) { + PyObject *valtuple; + PyObject *valuestr; + char *retoid = 0; + PyObject *pyoid; + struct berval *retdata = 0; + + if (ldap_parse_intermediate + (ld, entry, &retoid, &retdata, &serverctrls, + 0) != LDAP_SUCCESS) { + Py_DECREF(result); + ldap_msgfree(m); + return LDAPerror(ld); + } + /* convert serverctrls to list of tuples */ + if (!(pyctrls = LDAPControls_to_List(serverctrls))) { + int err = LDAP_NO_MEMORY; + + ldap_set_option(ld, LDAP_OPT_ERROR_NUMBER, &err); + Py_DECREF(result); + ldap_msgfree(m); + ldap_controls_free(serverctrls); + ldap_memfree(retoid); + ber_bvfree(retdata); + return LDAPerror(ld); + } + ldap_controls_free(serverctrls); + + valuestr = LDAPberval_to_object(retdata); + ber_bvfree(retdata); + if (valuestr == NULL) { + ldap_memfree(retoid); + Py_DECREF(result); + ldap_msgfree(m); + return NULL; + } + + pyoid = PyUnicode_FromString(retoid); + ldap_memfree(retoid); + if (pyoid == NULL) { + Py_DECREF(valuestr); + Py_DECREF(result); + ldap_msgfree(m); + return NULL; + } + + valtuple = Py_BuildValue("(NNN)", pyoid, valuestr, pyctrls); + if (valtuple == NULL) { + Py_DECREF(result); + ldap_msgfree(m); + return NULL; + } + + if (PyList_Append(result, valtuple) == -1) { + Py_DECREF(valtuple); + Py_DECREF(result); + ldap_msgfree(m); + return NULL; + } + Py_DECREF(valtuple); + } + } + } + ldap_msgfree(m); + return result; +} diff --git a/Modules/message.h b/Modules/message.h new file mode 100644 index 0000000..ed73f32 --- /dev/null +++ b/Modules/message.h @@ -0,0 +1,11 @@ +/* See https://www.python-ldap.org/ for details. */ + +#ifndef __h_message +#define __h_message + +#include "common.h" + +extern PyObject *LDAPmessage_to_python(LDAP *ld, LDAPMessage *m, int add_ctrls, + int add_intermediates); + +#endif /* __h_message_ */ diff --git a/Modules/options.c b/Modules/options.c new file mode 100644 index 0000000..549a672 --- /dev/null +++ b/Modules/options.c @@ -0,0 +1,407 @@ +/* See https://www.python-ldap.org/ for details. */ + +#include "common.h" +#include "constants.h" +#include "LDAPObject.h" +#include "ldapcontrol.h" +#include "options.h" + +void +set_timeval_from_double(struct timeval *tv, double d) +{ + tv->tv_usec = (long)(fmod(d, 1.0) * 1000000.0); + tv->tv_sec = (long)floor(d); +} + +/** + * Converts a return code from ldap_set_option() or ldap_get_option() + * into a python error, and returns NULL. + */ +static PyObject * +option_error(int res, const char *fn) +{ + if (res == LDAP_OPT_ERROR) + PyErr_SetString(PyExc_ValueError, "option error"); + else if (res == LDAP_PARAM_ERROR) + PyErr_SetString(PyExc_ValueError, "parameter error"); + else if (res == LDAP_NO_MEMORY) + PyErr_NoMemory(); + else + PyErr_Format(PyExc_SystemError, "error %d from %s", res, fn); + return NULL; +} + +/** + * Sets an LDAP option. + * Returns 0 on failure, 1 on success + */ +int +LDAP_set_option(LDAPObject *self, int option, PyObject *value) +{ + int res; + int intval; + double doubleval; + char *strval; + struct timeval tv; + void *ptr; + LDAP *ld; + LDAPControl **controls = NULL; + + ld = self ? self->ldap : NULL; + + switch (option) { + case LDAP_OPT_API_INFO: + case LDAP_OPT_API_FEATURE_INFO: +#ifdef HAVE_SASL + case LDAP_OPT_X_SASL_SSF: +#endif + /* Read-only options */ + PyErr_SetString(PyExc_ValueError, "read-only option"); + return 0; + case LDAP_OPT_REFERRALS: + case LDAP_OPT_RESTART: +#ifdef LDAP_OPT_X_SASL_NOCANON + case LDAP_OPT_X_SASL_NOCANON: +#endif +#ifdef LDAP_OPT_CONNECT_ASYNC + case LDAP_OPT_CONNECT_ASYNC: +#endif + /* Truth-value options */ + ptr = PyObject_IsTrue(value) ? LDAP_OPT_ON : LDAP_OPT_OFF; + break; + + case LDAP_OPT_DEREF: + case LDAP_OPT_SIZELIMIT: + case LDAP_OPT_TIMELIMIT: + case LDAP_OPT_PROTOCOL_VERSION: + case LDAP_OPT_ERROR_NUMBER: + case LDAP_OPT_DEBUG_LEVEL: +#ifdef HAVE_TLS + case LDAP_OPT_X_TLS: + case LDAP_OPT_X_TLS_REQUIRE_CERT: +#ifdef LDAP_OPT_X_TLS_CRLCHECK + case LDAP_OPT_X_TLS_CRLCHECK: +#endif +#ifdef LDAP_OPT_X_TLS_NEWCTX + case LDAP_OPT_X_TLS_NEWCTX: +#endif +#ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN + case LDAP_OPT_X_TLS_PROTOCOL_MIN: +#endif +#endif +#ifdef HAVE_SASL + case LDAP_OPT_X_SASL_SSF_MIN: + case LDAP_OPT_X_SASL_SSF_MAX: +#endif +#ifdef LDAP_OPT_X_KEEPALIVE_IDLE + case LDAP_OPT_X_KEEPALIVE_IDLE: +#endif +#ifdef LDAP_OPT_X_KEEPALIVE_PROBES + case LDAP_OPT_X_KEEPALIVE_PROBES: +#endif +#ifdef LDAP_OPT_X_KEEPALIVE_INTERVAL + case LDAP_OPT_X_KEEPALIVE_INTERVAL: +#endif + + /* integer value options */ + if (!PyArg_Parse(value, "i:set_option", &intval)) + return 0; + ptr = &intval; + break; + case LDAP_OPT_HOST_NAME: + case LDAP_OPT_URI: +#ifdef LDAP_OPT_DEFBASE + case LDAP_OPT_DEFBASE: +#endif + case LDAP_OPT_ERROR_STRING: + case LDAP_OPT_MATCHED_DN: +#ifdef HAVE_TLS + case LDAP_OPT_X_TLS_CACERTFILE: + case LDAP_OPT_X_TLS_CACERTDIR: + case LDAP_OPT_X_TLS_CERTFILE: + case LDAP_OPT_X_TLS_KEYFILE: + case LDAP_OPT_X_TLS_CIPHER_SUITE: + case LDAP_OPT_X_TLS_RANDOM_FILE: + case LDAP_OPT_X_TLS_DHFILE: +#ifdef LDAP_OPT_X_TLS_CRLFILE + case LDAP_OPT_X_TLS_CRLFILE: +#endif +#endif +#ifdef HAVE_SASL + case LDAP_OPT_X_SASL_SECPROPS: +#endif + /* String valued options */ + if (!PyArg_Parse(value, "s:set_option", &strval)) + return 0; + ptr = strval; + break; + case LDAP_OPT_TIMEOUT: + case LDAP_OPT_NETWORK_TIMEOUT: + /* Float valued timeval options */ + if (value == Py_None) { + /* None is mapped to infinity timeout */ + doubleval = -1; + } + else { + /* 'd' handles int/long */ + if (!PyArg_Parse(value, "d:set_option", &doubleval)) { + if (PyErr_ExceptionMatches(PyExc_TypeError)) { + /* TypeError: mention either float or None is expected */ + PyErr_Clear(); + PyErr_Format(PyExc_TypeError, + "A float or None is expected for timeout, got %.100s", + Py_TYPE(value)->tp_name); + } + return 0; + } + } + + if (doubleval >= 0) { + set_timeval_from_double(&tv, doubleval); + ptr = &tv; + } + else if (doubleval == -1) { + /* -1 is infinity timeout */ + tv.tv_sec = -1; + tv.tv_usec = 0; + ptr = &tv; + } + else { + PyErr_Format(PyExc_ValueError, + "timeout must be >= 0 or -1/None for infinity, got %d", + option); + return 0; + } + break; + + case LDAP_OPT_SERVER_CONTROLS: + case LDAP_OPT_CLIENT_CONTROLS: + if (!LDAPControls_from_object(value, &controls)) + return 0; + ptr = controls; + break; + default: + PyErr_Format(PyExc_ValueError, "unknown option %d", option); + return 0; + } + + if (self) { + LDAP_BEGIN_ALLOW_THREADS(self); + res = ldap_set_option(ld, option, ptr); + LDAP_END_ALLOW_THREADS(self); + } + else { + PyThreadState *save; + + save = PyEval_SaveThread(); + res = ldap_set_option(NULL, option, ptr); + PyEval_RestoreThread(save); + } + + if ((option == LDAP_OPT_SERVER_CONTROLS) || + (option == LDAP_OPT_CLIENT_CONTROLS)) + LDAPControl_List_DEL(controls); + + if (res != LDAP_OPT_SUCCESS) { + option_error(res, "ldap_set_option"); + return 0; + } + + return 1; +} + +static int +LDAP_int_get_option(LDAPObject *self, int option, void *value) +{ + int res; + + if (self != NULL) { + LDAP_BEGIN_ALLOW_THREADS(self); + res = ldap_get_option(self->ldap, option, value); + LDAP_END_ALLOW_THREADS(self); + } + else { + PyThreadState *save; + + save = PyEval_SaveThread(); + res = ldap_get_option(NULL, option, value); + PyEval_RestoreThread(save); + } + return res; +} + +PyObject * +LDAP_get_option(LDAPObject *self, int option) +{ + int res; + int intval; + struct timeval *tv; + LDAPAPIInfo apiinfo; + LDAPControl **lcs; + char *strval; + PyObject *extensions, *v; + Py_ssize_t i, num_extensions; + + switch (option) { + case LDAP_OPT_API_INFO: + apiinfo.ldapai_info_version = LDAP_API_INFO_VERSION; + res = LDAP_int_get_option(self, option, &apiinfo); + if (res != LDAP_OPT_SUCCESS) + return option_error(res, "ldap_get_option"); + + /* put the extensions into tuple form */ + num_extensions = 0; + while (apiinfo.ldapai_extensions[num_extensions]) + num_extensions++; + extensions = PyTuple_New(num_extensions); + for (i = 0; i < num_extensions; i++) + PyTuple_SET_ITEM(extensions, i, + PyUnicode_FromString(apiinfo.ldapai_extensions + [i])); + + /* return api info as a dictionary */ + v = Py_BuildValue("{s:i, s:i, s:i, s:s, s:i, s:O}", + "info_version", apiinfo.ldapai_info_version, + "api_version", apiinfo.ldapai_api_version, + "protocol_version", apiinfo.ldapai_protocol_version, + "vendor_name", apiinfo.ldapai_vendor_name, + "vendor_version", apiinfo.ldapai_vendor_version, + "extensions", extensions); + + if (apiinfo.ldapai_vendor_name) + ldap_memfree(apiinfo.ldapai_vendor_name); + for (i = 0; i < num_extensions; i++) + ldap_memfree(apiinfo.ldapai_extensions[i]); + ldap_memfree(apiinfo.ldapai_extensions); + Py_DECREF(extensions); + + return v; + +#ifdef HAVE_SASL + case LDAP_OPT_X_SASL_SSF: +#endif + case LDAP_OPT_REFERRALS: + case LDAP_OPT_RESTART: + case LDAP_OPT_DEREF: + case LDAP_OPT_SIZELIMIT: + case LDAP_OPT_TIMELIMIT: + case LDAP_OPT_PROTOCOL_VERSION: + case LDAP_OPT_ERROR_NUMBER: + case LDAP_OPT_DEBUG_LEVEL: + case LDAP_OPT_DESC: +#ifdef HAVE_TLS + case LDAP_OPT_X_TLS: + case LDAP_OPT_X_TLS_REQUIRE_CERT: +#ifdef LDAP_OPT_X_TLS_CRLCHECK + case LDAP_OPT_X_TLS_CRLCHECK: +#endif +#ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN + case LDAP_OPT_X_TLS_PROTOCOL_MIN: +#endif +#endif +#ifdef HAVE_SASL + case LDAP_OPT_X_SASL_SSF_MIN: + case LDAP_OPT_X_SASL_SSF_MAX: +#endif +#ifdef LDAP_OPT_X_SASL_NOCANON + case LDAP_OPT_X_SASL_NOCANON: +#endif +#ifdef LDAP_OPT_CONNECT_ASYNC + case LDAP_OPT_CONNECT_ASYNC: +#endif +#ifdef LDAP_OPT_X_KEEPALIVE_IDLE + case LDAP_OPT_X_KEEPALIVE_IDLE: +#endif +#ifdef LDAP_OPT_X_KEEPALIVE_PROBES + case LDAP_OPT_X_KEEPALIVE_PROBES: +#endif +#ifdef LDAP_OPT_X_KEEPALIVE_INTERVAL + case LDAP_OPT_X_KEEPALIVE_INTERVAL: +#endif + /* Integer-valued options */ + res = LDAP_int_get_option(self, option, &intval); + if (res != LDAP_OPT_SUCCESS) + return option_error(res, "ldap_get_option"); + return PyInt_FromLong(intval); + + case LDAP_OPT_HOST_NAME: + case LDAP_OPT_URI: +#ifdef LDAP_OPT_DEFBASE + case LDAP_OPT_DEFBASE: +#endif + case LDAP_OPT_ERROR_STRING: + case LDAP_OPT_MATCHED_DN: +#ifdef HAVE_TLS + case LDAP_OPT_X_TLS_CACERTFILE: + case LDAP_OPT_X_TLS_CACERTDIR: + case LDAP_OPT_X_TLS_CERTFILE: + case LDAP_OPT_X_TLS_KEYFILE: + case LDAP_OPT_X_TLS_CIPHER_SUITE: + case LDAP_OPT_X_TLS_RANDOM_FILE: + case LDAP_OPT_X_TLS_DHFILE: +#ifdef LDAP_OPT_X_TLS_CRLFILE + case LDAP_OPT_X_TLS_CRLFILE: +#endif +#ifdef LDAP_OPT_X_TLS_VERSION + case LDAP_OPT_X_TLS_VERSION: +#endif +#ifdef LDAP_OPT_X_TLS_CIPHER + case LDAP_OPT_X_TLS_CIPHER: +#endif +#ifdef LDAP_OPT_X_TLS_PACKAGE + case LDAP_OPT_X_TLS_PACKAGE: +#endif +#endif +#ifdef HAVE_SASL + case LDAP_OPT_X_SASL_SECPROPS: + case LDAP_OPT_X_SASL_MECH: + case LDAP_OPT_X_SASL_REALM: + case LDAP_OPT_X_SASL_AUTHCID: + case LDAP_OPT_X_SASL_AUTHZID: +#ifdef LDAP_OPT_X_SASL_USERNAME + case LDAP_OPT_X_SASL_USERNAME: +#endif +#endif + /* String-valued options */ + res = LDAP_int_get_option(self, option, &strval); + if (res != LDAP_OPT_SUCCESS) + return option_error(res, "ldap_get_option"); + if (strval == NULL) { + Py_INCREF(Py_None); + return Py_None; + } + v = PyUnicode_FromString(strval); + ldap_memfree(strval); + return v; + + case LDAP_OPT_TIMEOUT: + case LDAP_OPT_NETWORK_TIMEOUT: + /* Double-valued timeval options */ + res = LDAP_int_get_option(self, option, &tv); + if (res != LDAP_OPT_SUCCESS) + return option_error(res, "ldap_get_option"); + if (tv == NULL) { + Py_INCREF(Py_None); + return Py_None; + } + v = PyFloat_FromDouble((double)tv->tv_sec + + ((double)tv->tv_usec / 1000000.0) + ); + ldap_memfree(tv); + return v; + + case LDAP_OPT_SERVER_CONTROLS: + case LDAP_OPT_CLIENT_CONTROLS: + res = LDAP_int_get_option(self, option, &lcs); + if (res != LDAP_OPT_SUCCESS) + return option_error(res, "ldap_get_option"); + + v = LDAPControls_to_List(lcs); + ldap_controls_free(lcs); + return v; + + default: + PyErr_Format(PyExc_ValueError, "unknown option %d", option); + return NULL; + } +} diff --git a/Modules/options.h b/Modules/options.h new file mode 100644 index 0000000..fd6a5ce --- /dev/null +++ b/Modules/options.h @@ -0,0 +1,7 @@ +/* See https://www.python-ldap.org/ for details. */ + +int LDAP_optionval_by_name(const char *name); +int LDAP_set_option(LDAPObject *self, int option, PyObject *value); +PyObject *LDAP_get_option(LDAPObject *self, int option); + +void set_timeval_from_double(struct timeval *tv, double d); diff --git a/README b/README new file mode 100644 index 0000000..81db9bb --- /dev/null +++ b/README @@ -0,0 +1,129 @@ +--------------------------------------- +python-ldap: LDAP client API for Python +--------------------------------------- + +What is python-ldap? +==================== + +python-ldap provides an object-oriented API to access LDAP +directory servers from Python programs. Mainly it wraps the +OpenLDAP client libs for that purpose. + +Additionally the package contains modules for other LDAP-related +stuff (e.g. processing LDIF, LDAPURLs, LDAPv3 sub-schema, etc.). + +Not included: Direct BER support + +See INSTALL for version compatibility + +See TODO for planned features. Contributors welcome. + +For module documentation, see: + + https://www.python-ldap.org/ + +Quick usage example: +==================== + +.. code-block:: python + + import ldap + l = ldap.initialize("ldap://my_ldap_server.my_domain") + l.simple_bind_s("","") + l.search_s("o=My Organisation, c=AU", ldap.SCOPE_SUBTREE, "objectclass=*") + +See directory ``Demo/`` of source distribution package for more +example code. + +Author(s) contact and documentation: +==================================== + + https://www.python-ldap.org/ + +If you are looking for help, please try the mailing list archives +first, then send a question to the mailing list. +Be warned that questions will be ignored if they can be +trivially answered by referring to the documentation. + +If you are interested in helping, please contact the mailing list. +If you want new features or upgrades, please check the mailing list +archives and then enquire about any progress. + +Acknowledgements: +================= + +Thanks to Konstantin Chuguev +and Steffen Ries for working +on support for OpenLDAP 2.0.x features. + +Thanks to Michael Stroeder for the +modules ``ldif``, ``ldapurl``, ``ldap/schema/*.py``, ``ldap/*.py`` and ``ldap/controls/*.py``. + +Thanks to Hans Aschauer +for the C wrapper schema and SASL support. + +Thanks to Mauro Cicognini for the +WIN32/MSVC6 bits, and the pre-built WIN32 ``ldap.pyd``. + +Thanks to Waldemar Osuch for contributing +the new-style docs based on reStructuredText. + +Thanks to Torsten Kurbad for the +easy_install support. + +Thanks to James Andrewartha for +significant contribution to ``Doc/*.tex``. + +Thanks to Rich Megginson for extending +support for LDAPv3 controls and adding support for LDAPv3 extended +operations. + +Thanks to Peter Gietz, DAASI for funding some control modules. + +Thanks to Chris Mikkelson for various fixes and ldap.syncrepl. + +These very kind people have supplied patches or suggested changes: + +* Federico Di Gregorio +* John Benninghoff +* Donn Cave +* Jason Gunthorpe +* gurney_j +* Eric S. Johansson +* David Margrave +* Uche Ogbuji +* Neale Pickett +* Blake Weston +* Wido Depping +* Deepak Giridharagopal +* Ingo Steuwer +* Andreas Hasenack +* Matej Vela + +These people contributed to Python 3 porting (at https://github.com/pyldap/): + +* ​A. Karl Kornel +* Alex Willmer +* Aymeric Augustin +* Bradley Baetz +* Christian Heimes +* Dirk Mueller +* Jon Dufresne +* Martin Basti +* Miro Hrončok +* Paul Aurich +* Petr Viktorin +* Pieterjan De Potter +* Raphaël Barrois +* Robert Kuska +* Stanislav Láznička +* Tobias Bräutigam +* Tom van Dijk +* Wentao Han +* William Brown + +Thanks to all the guys on the python-ldap mailing list for +their contributions and input into this package. + + Thanks! We may have missed someone: please mail us if we have omitted + your name. diff --git a/README.rst b/README.rst new file mode 120000 index 0000000..100b938 --- /dev/null +++ b/README.rst @@ -0,0 +1 @@ +README \ No newline at end of file diff --git a/TODO b/TODO new file mode 100644 index 0000000..b728424 --- /dev/null +++ b/TODO @@ -0,0 +1,27 @@ +*** List of things to-do in no particular order *** + +General: +- Define common Python style license for all modules +- Support Python 3.2+ + +Modules/ +- Specific support for more controls + - VLV control + - server-side sorting control +- Wrap libldif as faster drop-in replacement for module ldif? +- Extract response controls in SASL bind responses +- Attach response controls to LDAPError instances to deliver the + controls to the calling application in case of an error +- Attach more useful information to LDAPError instances, e.g. the filter used + when doing a search in case of ldap.FILTER_ERROR etc. + +Lib/ +- Unicode support for DNs, filter strings, etc. but not entry attributes! +(Everybody asking for the latter should check the mailing list archive first.) +- Caching of search requests for each LDAPObject instance +- LDIF parser for replication logs and change records + +Tests/ +- Clean up and finish the mess of small test scripts started. +- Create a test script that exercises everything with a server + holding the BLITS test data set diff --git a/Tests/__init__.py b/Tests/__init__.py new file mode 100644 index 0000000..ea28d0c --- /dev/null +++ b/Tests/__init__.py @@ -0,0 +1,23 @@ +""" +Automatic tests for python-ldap + +See https://www.python-ldap.org/ for details. +""" + + +from . import t_bind +from . import t_cext +from . import t_cidict +from . import t_ldap_dn +from . import t_ldap_filter +from . import t_ldap_functions +from . import t_ldap_modlist +from . import t_ldap_schema_tokenizer +from . import t_ldapurl +from . import t_ldif +from . import t_ldapobject +from . import t_edit +from . import t_ldap_schema_subentry +from . import t_untested_mods +from . import t_ldap_controls_libldap +from . import t_ldap_options diff --git a/Tests/data/subschema-ipa.demo1.freeipa.org.ldif b/Tests/data/subschema-ipa.demo1.freeipa.org.ldif new file mode 100644 index 0000000..a420a1a --- /dev/null +++ b/Tests/data/subschema-ipa.demo1.freeipa.org.ldif @@ -0,0 +1,6809 @@ +######################################################################## +# LDIF export by web2ldap 1.2.80, see http://www.web2ldap.de +# Date and time: Saturday, 2017-02-18 17:09:08 GMT +# Bind-DN: u'uid=admin,cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org' +# LDAP-URL of search: +# ldap://ipa.demo1.freeipa.org/cn%3Dschema?matchingRuleUse,ldapSyntaxes,nameForms,dITStructureRules,attributeTypes,matchingRules,dITContentRules,objectClasses,objectClass,cn?base?%28objectClass%3D%2A%29?bindname=uid%3Dadmin%2Ccn%3Dusers%2Ccn%3Daccounts%2Cdc%3Ddemo1%2Cdc%3Dfreeipa%2Cdc%3Dorg +######################################################################## +version: 1 + +dn: cn=schema +attributeTypes: ( 2.16.840.1.113730.3.1.582 NAME 'nsDS5ReplicaCredentials' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 S + INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who + may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.51 NAME 'ipaAllowedToPerform' DES + C 'DNs allowed to perform an operation' SUP distinguishedName EQUALITY dist + inguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA v4. + 0' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2274 NAME 'nsslapd-instancedir' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN + GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.24.1 NAME 'krbHostServer' EQUAL + ITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.18.0.2.4.1139 NAME 'printer-info' DESC 'Descriptive in + formation about this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu + bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'r + fc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.4 NAME 'ipatokenNotAfter' DESC + 'Token expiration date' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.24 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.532 NAME 'ntUserCountryCode' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY caseIg + noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'LDAP referrals a + ttribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'LDAPv3 referr + als Internet Draft' ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.4 NAME ( 'nsAIMid' 'nscpaimscreenname' + ) EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.52 NAME 'ipk11Verify' DESC 'Key + supports verification where the signature is an appendix to the data' EQUA + LITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN + ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.204 NAME 'replicaNickName' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape Directory Server' ) +attributeTypes: ( sslVersionMin-oid NAME 'sslVersionMin' DESC 'Netscape defi + ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape + ' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord' DESC 'Key, RFC 2 + 535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.2 NAME 'ipaNTSecurityIdentifier' + DESC 'NT Security ID' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IP + A v3' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DES + C 'Base at which the samba RID generation algorithm should operate' EQUALIT + Y integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.2243 NAME 'nsslapd-securelistenhost' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( modified-oid NAME 'modified' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2108 NAME 'nsPagedLookThroughLimit' + DESC 'Binder-based simple paged search operation look through limit' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIG + IN '389' ) +attributeTypes: ( 1.3.6.1.4.1.6981.11.3.7 NAME 'FTPStatus' DESC 'Account sta + tus: enabled or disabled' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.7 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) +attributeTypes: ( notBefore-oid NAME 'notBefore' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2091 NAME 'nsslapd-suffix' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN + 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.24 NAME 'ipaEntitlementId' DESC 'E + ntitlement Unique identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreO + rderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'NT Gro + up Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- + VALUE ) +attributeTypes: ( nsUserRDNComponent-oid NAME 'nsUserRDNComponent' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape Administration Services' ) +attributeTypes: ( 1.3.18.0.2.4.1117 NAME 'printer-media-local-supported' DES + C 'Site-specific names of media supported by this printer.' EQUALITY caseIg + noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.5.4.51 NAME 'houseIdentifier' EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORI + GIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2301 NAME 'nsslapd-plugin-logging' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822mailbox' ) + EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 4524' X-DEPRECATED 'rfc822mailbox' + ) +attributeTypes: ( 2.16.840.1.113730.3.1.607 NAME 'nsDS5Flags' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsTaskLabel-oid NAME 'nsTaskLabel' DESC 'Netscape defined + attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord' DESC 'NSEC, RFC + 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113730.3.1.2068 NAME 'pamExcludeSuffix' DESC 'S + uffixes to exclude from PAM authentication' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.12 X-ORIGIN 'Red Hat Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2157 NAME 'dnaRemoteBindCred' DESC ' + Remote bind credentials' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + X-ORIGIN '389 Directory Server' ) +attributeTypes: ( nsBindDN-oid NAME 'nsBindDN' DESC 'Netscape defined attrib + ute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' ) +attributeTypes: ( requestError-oid NAME 'requestError' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( Clone-oid NAME 'Clone' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 7 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( tokenMsg-oid NAME 'tokenMsg' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.44 NAME 'ipaPermExcludedAttr' DES + C 'IPA permission explicitly excluded attribute' EQUALITY caseIgnoreMatch O + RDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN ( 'IPA v4.0' 'user defined' ) ) +attributeTypes: ( 2.5.4.18 NAME 'postOfficeBox' EQUALITY caseIgnoreMatch SU + BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI + N 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2261 NAME 'nsslapd-attribute-name-ex + ceptions' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.527 NAME 'ntUserLastLogoff' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 1.3.6.1.4.1.250.1.2 NAME 'multiLineDescription' DESC 'Pilo + t attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Internet W + hite Pages Pilot' ) +attributeTypes: ( 2.16.840.1.113730.3.1.102 NAME ( 'passwordChange' 'pwdAllo + wUserChange' ) DESC 'Netscape defined password policy attribute type' SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory S + erver' ) +attributeTypes: ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' DESC 'Standard LDAP a + ttribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ' + RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.21 NAME 'mailQuota' DESC 'Netscape M + essaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 1.2.840.113556.1.4.482 NAME 'calOtherCalURIs' DESC 'RFC273 + 9: multi-value URI for snapshots of other calendars' EQUALITY caseIgnoreIA5 + Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .26 X-ORIGIN 'rfc2739' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2238 NAME 'nsslapd-security' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( ownerName-oid NAME 'ownerName' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.14 NAME 'nisNetIdHost' DESC 'nisNe + tIdHost' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X- + ORIGIN ( 'RFC2307bis' 'user defined' ) ) +attributeTypes: ( numberOfResets-oid NAME 'numberOfResets' DESC 'CMS defined + attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2327 NAME 'nsslapd-auditfaillog' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.6 NAME 'javaClassName' DESC 'Fully + qualified name of distinguished Java class or interface' EQUALITY caseExac + tMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2713 + ' ) +attributeTypes: ( 2.16.840.1.113730.3.1.240 NAME 'replicatedattributelist' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2175 NAME 'nsslapd-accesslog-logrota + tionsync-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsRevisionNumber-oid NAME 'nsRevisionNumber' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne + tscape' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.11 NAME 'externalHost' DESC 'Multi + value string attribute that allows storing host names.' EQUALITY caseIgnore + Match ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.62 NAME 'ipaAnchorUUID' DESC 'Uni + que Anchor Identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrdering + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4' + 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2207 NAME 'nsslapd-rootdn' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-V + ALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsHelpRef-oid NAME 'nsHelpRef' DESC 'Netscape defined attr + ibute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.3 NAME 'searchTimeLimit' DESC 'Maxi + mum time an agent or service allows for a search to complete' EQUALITY inte + gerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.15.2.1 NAME 'krbPrincipalAuthInd' E + QUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA + v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.43 NAME 'ntUserDeleteAccount' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.9 NAME 'ipaMaxUsernameLength' EQU + ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.217 NAME 'replicaCFUpdated' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI + N 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.61 NAME 'ipk11Sensitive' DESC ' + Key is sensitive' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.6 NAME 'targetDn' DESC 'Changelog at + tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Changelog Inte + rnet Draft' ) +attributeTypes: ( transId-oid NAME 'transId' DESC 'CMS defined attribute' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC 'Logon + Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SI + NGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.5.4.25 NAME 'internationalISDNNumber' EQUALITY numericS + tringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.36 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.998 NAME ( 'passwordGraceUserTime' ' + pwdGraceUserTime' ) DESC 'Netscape defined password policy attribute type' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation + X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.9.1 NAME 'krbMaxTicketLife' EQU + ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.3 NAME 'cmdCategory' DESC 'Additio + nal classification for commands' EQUALITY caseIgnoreMatch ORDERING caseIgno + reMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord' DESC 'host inf + ormation, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substri + ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' DESC 'Standard LDA + P attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGI + N 'RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2225 NAME 'nsslapd-workingdir' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING + LE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' EQUA + LITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 2.16.840.1.113730.3.1.781 NAME 'mgrpAddHeader' DESC 'Netsc + ape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.65 NAME 'ntUserLogonServer' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2295 NAME 'nsslapd-allowed-sasl-mech + anisms' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2162 NAME 'winSyncDirectoryFilter' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.9 NAME 'sudoNotAfter' DESC 'End of t + ime interval for which the entry is valid' EQUALITY generalizedTimeMatch OR + DERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 X- + ORIGIN 'SUDO' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.59 NAME 'ipaKeyUsage' DESC 'Allow + ed key usage' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.73 NAME 'sambaTrustPartner' DESC 'Ful + ly qualified name of the domain with which a trust exists' EQUALITY caseIgn + oreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user + defined' ) ) +attributeTypes: ( 1.3.18.0.2.4.1121 NAME 'printer-resolution-supported' DESC + 'List of resolutions supported for printing documents by this printer.' EQ + UALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.12 NAME 'ipatokenTOTPtimeStep' + DESC 'TOTP time-step' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( tokenKeyType-oid NAME 'tokenKeyType' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2139 NAME 'winSyncMoveAction' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.14 NAME 'idnsForwardPolicy' DESC ' + forward policy: only or first' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnor + eIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORI + GIN ( 'IPA v2' 'user defined' ) ) +attributeTypes: ( nsExpirationDate-oid NAME 'nsExpirationDate' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne + tscape' ) +attributeTypes: ( dateOfArchival-oid NAME 'dateOfArchival' DESC 'CMS defined + attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( unrevokedCerts-oid NAME 'unrevokedCerts' DESC 'CMS defined + attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.1 NAME 'eduPersonAffiliation' DESC + 'Affiliation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'http://middlew + are.internet2.edu/eduperson/' ) +attributeTypes: ( nsVendor-oid NAME 'nsVendor' DESC 'Netscape defined attrib + ute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2332 NAME 'allowWeakDHParam' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.87 NAME 'cirUpdateSchedule' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI + N 'Netscape Directory Server' ) +attributeTypes: ( thisUpdate-oid NAME 'thisUpdate' DESC 'CMS defined attribu + te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.253 NAME 'nsValueSyntax' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' + Netscape servers - value item' ) +attributeTypes: ( 2.5.4.32 NAME 'owner' SUP distinguishedName EQUALITY dist + inguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4519' + ) +attributeTypes: ( nsLdapSchemaVersion-oid NAME 'nsLdapSchemaVersion' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.44.1 NAME 'krbPwdHistory' EQUAL + ITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 2.16.840.1.113730.3.1.2100 NAME 'autoMemberInclusiveRegex' + DESC 'Auto Membership inclusive regex rule' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.11 NAME 'objectclassMap' DESC 'Obje + ct class mappings used, required, or supported by an agent or service' EQUA + LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'RF + C4876' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2089 NAME 'mepMappedAttr' DESC 'Mana + ged Entries mapped attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN + '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2212 NAME 'nsslapd-useroc' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.20.2.6 NAME 'ipaReplTopoSegmentGener + ated' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 X-ORIGIN ( 'FreeIPA' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2282 NAME 'nsslapd-rundir' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( tokenResult-oid NAME 'tokenResult' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.13769.3.3 NAME 'mozillaHomeLocalityName' SUP + name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DESC 'Disc + onnect Users outside logon hours (default: -1 => off, 0 => on)' EQUALITY in + tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationname' ) SUP name EQUALIT + Y caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'organizationname' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2259 NAME 'nsslapd-return-exact-case + ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsAdminAccessAddresses-oid NAME 'nsAdminAccessAddresses' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Netscape Administration Services' ) +attributeTypes: ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus' EQ + UALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( nsAdminUsers-oid NAME 'nsAdminUsers' DESC 'Netscape define + d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape A + dministration Services' ) +attributeTypes: ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' DESC 'Standard LDAP a + ttribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ' + RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.19 NAME 'mailMessageStore' DESC 'Net + scape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2126 NAME 'dnaHostname' DESC 'DNA ho + stname of replica to get new range of values' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.221 NAME 'passwordStorageScheme' DES + C 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2230 NAME 'nsslapd-ldapiautobind' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2196 NAME 'nsslapd-accesslog-logexpi + rationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.576 NAME 'nsRoleFilter' DESC 'Netsca + pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALU + E X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.70 NAME 'serverRoot' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets + cape Administration Services' ) +attributeTypes: ( 5.3.6.1.1.1.1.0 NAME 'trustModel' DESC 'Access scheme' EQU + ALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'nss_ldap/pam_ldap' ) +attributeTypes: ( 1.2.840.113554.1.4.1.6.2 NAME 'krbPwdAttributes' EQUALITY + integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( + 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.248 NAME 'nsValueDN' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Nets + cape servers - value item' ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.41 NAME 'parentOrganization' EQU + ALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VA + LUE X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.8 NAME 'hostCategory' DESC 'Additi + onal classification for hosts' EQUALITY caseIgnoreMatch ORDERING caseIgnore + OrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) imp + ersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.26 X-ORIGIN 'SUDO' ) +attributeTypes: ( nsAdminEnableDSGW-oid NAME 'nsAdminEnableDSGW' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' + Netscape Administration Services' ) +attributeTypes: ( 1.3.18.0.2.4.1132 NAME 'printer-multiple-document-jobs-sup + ported' DESC 'Indicates whether or not this printer supports more than one + document per job.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 7 SINGLE-VALUE X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.21 NAME 'ipatokenHOTPcounter' D + ESC 'HOTP counter' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.21.1.1 NAME 'ipaCertProfileStoreIssu + ed' DESC 'Store certificates issued using this profile' EQUALITY booleanMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.2' ' + user defined' ) ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1 NAME ( 'mozillaNickname' 'xmozillani + ckname' ) SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.27 NAME 'idnsSecAlgorithm' DESC 'D + NSKEY algorithm: string used as mnemonic' EQUALITY caseIgnoreIA5Match SUBST + R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE- + VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( notAfter-oid NAME 'notAfter' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.5.18.2 NAME 'modifyTimestamp' EQUALITY generalizedTimeM + atch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'R + FC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.1.92 NAME ( 'passwordExpWarned' 'pwdEx + pirationWarned' ) DESC 'Netscape defined password policy attribute type' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X- + ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.5322.21.2.1 NAME 'krbPwdMaxFailure' EQUALITY + integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.5 NAME 'ipaNTHash' DESC 'NT Hash + of user password' EQUALITY octetStringMatch ORDERING octetStringOrderingMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'u + ser defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2246 NAME 'nsslapd-maxdescriptors' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.23 NAME 'ipaNTTrustedDomainSID' D + ESC 'NT Trusted Domain Security ID' EQUALITY caseIgnoreIA5Match SUBSTR case + IgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE + X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.11 NAME 'ipaUserObjectClasses' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.32.1 NAME 'krbPwdMinDiffChars' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.2113 NAME 'internalModifiersName' DE + SC 'plugin dn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MO + DIFICATION USAGE directoryOperation X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.20 NAME 'ipk11PublicKeyInfo' DE + SC 'DER-encoding of SubjectPublicKeyInfo of associated public key' EQUALITY + octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN ( 'IPA v4.1 + ' 'user defined' ) ) +attributeTypes: ( issueInfo-oid NAME 'issueInfo' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2094 NAME 'nsslapd-parent-suffix' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X + -ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.692 NAME 'inetUserStatus' DESC '"act + ive", "inactive", or "deleted" status of a user' SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape subscriber interoperability' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC 'Nex + t NT rid to give out for groups' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.18.0.2.4.1110 NAME 'printer-job-priority-supported' DE + SC 'Indicates the number of job priority levels supported by this printer.' + EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2183 NAME 'nsslapd-audit-logrotation + syncmin' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.789 NAME 'mgrpNoDuplicateChecks' DES + C 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2304 NAME 'nsslapd-dynamic-plugins' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.602 NAME 'entrydn' DESC 'internal se + rver defined attribute type' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOpe + ration ) +attributeTypes: ( 2.16.840.1.113730.3.1.1098 NAME 'nsds5replicaSessionPauseT + ime' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Serve + r' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2073 NAME 'pamSecure' DESC 'Require + secure (TLS/SSL) connection for PAM auth' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .7 SINGLE-VALUE X-ORIGIN 'Red Hat Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2264 NAME 'nsslapd-max-filter-nest-l + evel' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.41 NAME 'ipaRangeType' DESC 'Rang + e type' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 1.3.18.0.2.4.1129 NAME 'printer-color-supported' DESC 'Ind + icates whether this printer is capable of any type of color printing at all + , including highlight color.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.7 SINGLE-VALUE X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.5.21.2 NAME 'dITContentRules' EQUALITY objectIdentifier + FirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOpe + ration X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' EQUAL + ITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.15 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 2.16.840.1.113730.3.1.522 NAME 'ntUserComment' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VAL + UE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( nsmsgDisallowAccess-oid NAME 'nsmsgDisallowAccess' DESC 'N + etscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.24 NAME 'mailRoutingAddress' DESC 'N + etscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 1.2.840.113556.1.4.485 NAME 'calOtherCalAdrURIs' DESC 'RFC + 2739: multi-value URI to other request destinations' EQUALITY caseIgnoreIA5 + Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .26 X-ORIGIN 'rfc2739' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2131 NAME 'pamFilter' DESC 'Filter t + o match entries that should use PAM authentication' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Red Hat Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.42 NAME 'ipk11Derive' DESC 'Key + supports key derivation' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.234 NAME 'nsSNMPLocation' DESC 'Nets + cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape Directory Server' ) +attributeTypes: ( tokenIssuer-oid NAME 'tokenIssuer' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord' DESC 'Naming A + uthority Pointer, RFC 2915' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA + 5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' S + YNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation X-ORIGIN 'RFC 4512' + ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.9 NAME 'eduPersonScopedAffiliation' + DESC 'Scoped Affiliation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'h + ttp://middleware.internet2.edu/eduperson/' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.16 NAME 'ipaNTTrustAuthIncoming' + DESC 'Authentication information for the incoming portion of a trust' EQUAL + ITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( requestFlag-oid NAME 'requestFlag' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( nsHostLocation-oid NAME 'nsHostLocation' DESC 'Netscape de + fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netsca + pe' ) +attributeTypes: ( 2.16.840.1.113730.3.1.590 NAME 'nsDS5ReplicaName' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2178 NAME 'nsslapd-accesslog-logrota + tionsynchour' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.15 NAME 'ipk11Destroyable' DESC + 'Can be destroyed by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2081 NAME ( 'passwordMaxRepeats' 'pw + dMaxRepeats' ) DESC 'Netscape defined password policy attribute type' SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory S + erver' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.14 NAME 'accessTime' DESC 'Access + time' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.687 NAME 'nsds5replicaChangesSentSin + ceStartup' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGI + N 'Netscape Directory Server' ) +attributeTypes: ( 1.3.18.0.2.4.1107 NAME 'printer-xri-supported' DESC 'The u + nordered list of XRI (extended resource identifiers) supported by this prin + ter.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.1.46 NAME 'ntGroupDeleteGroup' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.4 NAME 'ipaSearchRecordsLimit' EQ + UALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.32 NAME 'ipaLocation' DESC 'Refere + nce to IPA location' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.12 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.9 NAME 'newRdn' DESC 'Changelog attr + ibute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Changelog Intern + et Draft' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2147 NAME 'rootdn-allow-host' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORI + GIN 'Netscape Directory Server' ) +attributeTypes: ( autoRenew-oid NAME 'autoRenew' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.34 NAME 'ipaIDRangeSize' DESC 'Si + ze of a Posix ID range' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2251 NAME 'nsslapd-accesscontrol' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod' SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.14 SINGLE-VALUE X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.26 USAGE dSAOperation X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.1.11 NAME 'newSuperior' DESC 'Changelo + g attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Changelog + Internet Draft' ) +attributeTypes: ( 2.16.840.1.113730.3.1.229 NAME 'nsslapd-pluginVendor' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN + GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord' DESC 'for AFS + Data Base location, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnore + IA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( clientId-oid NAME 'clientId' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Home di + rectory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2228 NAME 'nsslapd-ldapifilepath' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' DESC 'Standard LDAP a + ttribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ' + RFC 2307' ) +attributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.21 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2317 NAME 'nsslapd-auditfaillog-logr + otationsync-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.68 NAME 'ntUserPasswordExpired' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SING + LE-VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.7 NAME 'idnsSOAretry' DESC 'SOA re + try value' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2298 NAME 'nsslapd-enable-turbo-mode + ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.585 NAME 'nsDS5ReplicatedAttributeLi + st' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2165 NAME 'schemaUpdateObjectclassAc + cept' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.52 NAME 'ipaProtectedOperation' D + ESC 'Operation to be protected' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2277 NAME 'nsslapd-tmpdir' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.1002 NAME 'nsds7NewWinUserSyncEnable + d' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.7 NAME 'ipatokenSerial' DESC 'O + TP Token Serial number' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.19 NAME 'ipatokenRadiusRetries' + DESC 'Number of allowed Retries' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime' DESC 'o + ld variant of modifyTimestamp' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI + N 'RFC 1274' ) +attributeTypes: ( 2.16.840.1.113730.3.1.535 NAME 'ntUserHomeDirDrive' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.110 NAME 'ntGroupId' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X- + ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.33 NAME 'mgrpModerator' DESC 'Netsca + pe Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.207 NAME 'vlvBase' DESC 'Netscape de + fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netsca + pe Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.51 NAME 'ipk11Encrypt' DESC 'Ke + y supports encryption' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( nsServerMigrationClassname-oid NAME 'nsServerMigrationClas + sname' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( nsSSLPersonalitySSL-oid NAME 'nsSSLPersonalitySSL' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN 'Netscape' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' DESC 'A s + tring option' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 26 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( crlExtensions-oid NAME 'crlExtensions' DESC 'CMS defined a + ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.1.4 NAME 'vendorName' EQUALITY 1.3.6.1.4.1.1466.1 + 09.114.1 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICA + TION USAGE dSAOperation X-ORIGIN 'RFC 3045' ) +attributeTypes: ( 1.3.6.1.4.1.6981.11.3.4 NAME 'FTPDownloadRatio' DESC 'Rati + o (compared with FTPRatioUp) for downloaded files' EQUALITY integerMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.16 NAME 'dereferenceAliases' DESC ' + Specifies if a service or agent either requires, supports, or uses derefere + ncing of aliases.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 7 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.18 NAME 'ipk11StartDate' DESC ' + Validity start date' EQUALITY generalizedTimeMatch ORDERING generalizedTime + OrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-ORIGIN ( + 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.801 NAME 'mgrpRemoveHeader' DESC 'Ne + tscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.27 NAME 'ipaSELinuxUserMapOrder' D + ESC 'Available SELinux user context ordering' EQUALITY caseIgnoreMatch ORDE + RING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.70 NAME 'ipaPermTargetTo' DESC 'D + estination location to move an entry IPA permission ACI' EQUALITY distingui + shedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN ( + 'IPA v4.0' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2215 NAME 'nsslapd-allow-unauthentic + ated-binds' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.18.0.2.4.1118 NAME 'printer-copies-supported' DESC 'Th + e maximum number of copies of a document that may be printed as a single jo + b on this printer.' EQUALITY integerMatch ORDERING integerOrderingMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.1.55 NAME 'aci' DESC 'Netscape defined + access control information attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( tokenOp-oid NAME 'tokenOp' DESC 'CMS defined attribute' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' EQUALITY case + IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2285 NAME 'nsslapd-hash-filters' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.7 NAME ( 'l' 'locality' 'localityname' ) SUP name E + QUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'locality localityname' + ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord' DESC 'SSH Key + Fingerprint, draft-ietf-secsh-dns-05.txt' EQUALITY caseIgnoreIA5Match SUBST + R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( nsSSL3SessionTimeout-oid NAME 'nsSSL3SessionTimeout' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR + IGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2152 NAME 'nsds5ReplicaProtocolTimeo + ut' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( dataType-oid NAME 'dataType' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.52.1 NAME 'krbObjectReferences' + EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' DESC ' + Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY integerM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.49 NAME 'ipaPermTarget' DESC 'IPA + permission target' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.105 NAME ( 'passwordLockout' 'pwdLoc + kOut' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' + ) +attributeTypes: ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' DESC 'Standard LDAP + attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN + 'RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2129 NAME 'dnaNextRange' DESC 'DNA r + ange of values to get from replica' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( nsSSL3-oid NAME 'nsSSL3' DESC 'Netscape defined attribute + type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC 'Windo + ws NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2199 NAME 'nsslapd-accesslog-logexpi + rationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.571 NAME 'nsSizeLimit' DESC 'Binder- + based search operation size limit (entries)' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory S + erver' ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.13 NAME 'nisNetIdGroup' DESC 'nisN + etIdGroup' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + X-ORIGIN ( 'RFC2307bis' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2322 NAME 'nsslapd-auditfaillog-logm + infreediskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.77 NAME 'changeTime' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets + cape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.243 NAME 'nsValueCIS' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Net + scape servers - value item' ) +attributeTypes: ( 2.16.840.1.113730.3.8.18.2.3 NAME 'ipaVaultPublicKey' DESC + 'IPA vault public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.40 X-ORIGIN ( 'IPA v4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2170 NAME 'nsslapd-accesslog-level' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.3 NAME 'enrolledBy' DESC 'DN of ad + ministrator who performed manual enrollment of the host' SUP distinguishedN + ame EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X- + ORIGIN 'IPA v2' ) +attributeTypes: ( publicKeyFormat-oid NAME 'publicKeyFormat' DESC 'CMS defin + ed attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' + ) +attributeTypes: ( 2.16.840.1.113730.3.1.2202 NAME 'nsslapd-accesslog-logging + -enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( classId-oid NAME 'classId' DESC 'Certificate profile class + ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 NAME 'authenticationMethod' DESC + 'Identifies the types of authentication methods either used, required, or p + rovided by a service or peer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( ' + RFC4876' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.21.1.4 NAME 'ipaCaCategory' DESC 'Ad + ditional classification for CAs' EQUALITY caseIgnoreMatch ORDERING caseIgno + reOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.15 X-ORIGIN ( 'IPA v4.2' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC 'Automou + nt information' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.26 SINGLE-VALUE X-ORIGIN 'RFC 2307bis' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.29.1 NAME 'krbAdmServers' EQUAL + ITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.64 NAME 'ipk11SignRecover' DESC + 'Key supports signatures where data can be recovered from the signature' E + QUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORI + GIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( publishingStatus-oid NAME 'publishingStatus' DESC 'CMS def + ined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined + ' ) +attributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'vehicle li + cense or registration plate' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs + tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2798' ) +attributeTypes: ( nsCertConfig-oid NAME 'nsCertConfig' DESC 'Netscape define + d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape C + ertificate Management System' ) +attributeTypes: ( 2.16.840.1.113730.3.1.99 NAME ( 'passwordMinLength' 'pwdMi + nLength' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Serve + r' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.8 NAME 'ipaNTHomeDirectory' DESC + 'User Home Directory Path' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrde + ringMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2249 NAME 'nsslapd-idletimeout' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN + GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.20 NAME 'telephoneNumber' EQUALITY telephoneNumberM + atch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.50 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.6 NAME 'ipaSudoRunAs' DESC 'Refere + nce to a user or group that the commands can be run as.' SUP memberUser EQU + ALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN + 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2116 NAME 'dnaPrefix' DESC 'DNA stri + ng prefix for dna value' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2220 NAME 'nsslapd-minssf-exclude-ro + otdse' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'Standard LDAP attri + bute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC + 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2186 NAME 'nsslapd-auditlog-logrotat + iontime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' EQUALITY + caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.15 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 2.16.840.1.113730.3.1.60 NAME 'ntUserAuthFlags' DESC 'Nets + cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VAL + UE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( DomainManager-oid NAME 'DomainManager' SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2290 NAME 'nsslapd-disk-monitoring-t + hreshold' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2076 NAME ( 'passwordMinAlphas' 'pwd + MinAlphas' ) DESC 'Netscape defined password policy attribute type' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Ser + ver' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.49 NAME 'DHCIDRecord' DESC 'Dynamic + Host Configuration Protocol (DHCP) Information, RFC 4701' EQUALITY caseIgno + reIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.40.1 NAME 'krbTicketPolicyRefere + nce' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + SINGLE-VALUE ) +attributeTypes: ( authorityKeyHost-oid NAME 'authorityKeyHost' DESC 'Authori + ty Key Hosts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' + ) +attributeTypes: ( 2.16.840.1.113730.3.1.406 NAME 'nsSynchUserIDFormat' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR + IGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.74 NAME 'sambaFlatName' DESC 'NetBIOS + name of a domain' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 1.3.18.0.2.4.1122 NAME 'printer-media-supported' DESC 'The + standard names/types/sizes (and optional color suffixes) of the media supp + orted by this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.5.21.5 NAME 'attributeTypes' EQUALITY objectIdentifierF + irstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOper + ation X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.11 NAME 'ipatokenTOTPclockOffse + t' DESC 'TOTP clock offset' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( nsAdminEnableEnduser-oid NAME 'nsAdminEnableEnduser' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR + IGIN 'Netscape Administration Services' ) +attributeTypes: ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' DESC 'Standard LDAP att + ribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.17 NAME 'idnsPersistentSearch' DES + C 'allow persistent searches' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2134 NAME 'nsds5ReplicaStripAttrs' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.544 NAME 'nsParentUniqueId' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.4 NAME 'eduPersonOrgUnitDN' DESC 'O + rganizational Unit DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'http: + //middleware.internet2.edu/eduperson/' ) +attributeTypes: ( 2.16.840.1.113730.3.1.82 NAME 'cirBindDn' DESC 'Netscape d + efined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netsc + ape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.13 NAME 'ipaNTTrustDirection' DES + C 'Direction of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.27 SINGLE-VALUE ) +attributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'a JPEG i + mage' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 X-ORIGIN 'RFC 2798' ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.13 NAME 'javaClassNames' DESC 'Ful + ly qualified Java class or interface name' EQUALITY caseExactMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2713' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2103 NAME 'autoMemberDisabled' DESC + 'Auto Membership disabled attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.809 NAME 'nsds5replicaLastInitStatus + ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2084 NAME 'nsSymmetricKey' DESC 'A s + ymmetric key - currently used by attribute encryption' SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'attribute encryption' ) +attributeTypes: ( 2.16.840.1.113730.3.1.682 NAME 'nsds5ReplicaPurgeDelay' DE + SC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' EQUAL + ITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.41 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 1.3.6.1.4.1.1.1.1.12 NAME 'nisDomain' DESC 'NIS domain' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'RFC2307bis' 'user defined' ) + ) +attributeTypes: ( 2.16.840.1.113730.3.8.20.2.1 NAME 'ipaReplTopoConfRoot' DE + SC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN ( 'FreeIPA' 'user defined' ) ) +attributeTypes: ( requestInfo-oid NAME 'requestInfo' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( nsTLS1-oid NAME 'nsTLS1' DESC 'Netscape defined attribute + type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( keySize-oid NAME 'keySize' DESC 'CMS defined attribute' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2063 NAME 'nsEncryptionAlgorithm' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.13769.3.4 NAME 'mozillaHomeState' SUP name EQ + UALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.31 NAME 'ipaSshPubKey' DESC 'SSH + public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 + X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.5.4.13 NAME 'description' EQUALITY caseIgnoreMatch SUBS + TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2254 NAME 'nsslapd-pwpolicy-local' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( keyState-oid NAME 'keyState' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.14 NAME 'mailAutoReplyMode' DESC 'Ne + tscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( tokenPolicy-oid NAME 'tokenPolicy' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2121 NAME 'dnaScope' DESC 'DNA base + DN for finding entries' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X + -ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.224 NAME 'nsslapd-pluginPath' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.2.1.2 NAME 'acctPolicySubentry' DESC 'A + ccount policy pointer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE US + AGE directoryOperation X-ORIGIN 'Account Policy Plugin' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Timest + amp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.2233 NAME 'nsslapd-ldapiuidnumbertyp + e' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2191 NAME 'nsslapd-errorlog-logmaxdi + skspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.579 NAME 'nsDS5ReplicaPort' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.2 NAME 'idnsZoneActive' DESC 'defi + ne if the zone is considered in use' EQUALITY booleanMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.610 NAME 'nsAccountLock' DESC 'Opera + tional attribute for Account Inactivation' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.2.840.113554.1.4.1.6.1 NAME 'krbCanonicalName' EQUALITY + caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( proofOfArchival-oid NAME 'proofOfArchival' DESC 'CMS defin + ed attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.707 NAME 'vacationstartdate' DESC 'N + etscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.580 NAME 'nsDS5ReplicaTransportInfo' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2168 NAME 'schemaUpdateAttributeReje + ct' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( metaInfo-oid NAME 'metaInfo' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s + ) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.26 X-ORIGIN 'SUDO' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.79 NAME 'sambaTrustPosixOffset' DESC + 'POSIX offset of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.27 SINGLE-VALUE ) +attributeTypes: ( dateOfRevocation-oid NAME 'dateOfRevocation' DESC 'CMS def + ined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined + ' ) +attributeTypes: ( 1.3.18.0.2.4.1137 NAME 'printer-generated-natural-language + -supported' DESC 'Natural language(s) supported for this directory entry.' + EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.1.1005 NAME 'nsds7DirsyncCookie' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGL + E-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.530 NAME 'ntUserLogonHours' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-V + ALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.24 NAME 'ipatokenTOTPsyncWindow + ' DESC 'TOTP Sync Window (maximum synchronization variance in seconds)' EQU + ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIG + IN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy' DESC 'old + variant of modifiersName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'R + FC 1274' ) +attributeTypes: ( 2.16.840.1.113730.3.1.36 NAME 'nsLicensedFor' DESC 'Netsca + pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'N + etscape Administration Services' ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.2 NAME ( 'mozillaSecondEmail' 'xmozill + asecondemail' ) EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Mozilla A + ddress Book' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.22 NAME 'idnsSecKeyInactive' DESC + 'DNSSEC key (planned) inactivation time' EQUALITY generalizedTimeMatch ORDE + RING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SING + LE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.202 NAME 'replicaCredentials' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIG + IN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.3023 NAME 'nsViewFilter' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' + Netscape Directory Server' ) +attributeTypes: ( nsSSL2Ciphers-oid NAME 'nsSSL2Ciphers' DESC 'Netscape defi + ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape + ' ) +attributeTypes: ( nsServerAddress-oid NAME 'nsServerAddress' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets + cape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.91 NAME 'passwordExpirationTime' DES + C 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Dire + ctory Server' ) +attributeTypes: ( 1.3.6.1.4.1.5322.21.2.2 NAME 'krbPwdFailureCountInterval' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.2241 NAME 'nsslapd-errorlog' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsProductName-oid NAME 'nsProductName' DESC 'Netscape defi + ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape + ' ) +attributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList' DESC 'X.509 author + ity revocation list' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.40 X-ORIGIN 'RFC 4523' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2027 NAME 'nsruvReplicaLastModified' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2097 NAME 'autoMemberScope' DESC 'Au + to Membership scope criteria' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-V + ALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'Times + tamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.695 NAME 'inetSubscriberChallenge' D + ESC 'Used to confirm subscriberIdentity. This attribute holds the challeng + e phrase and is used in conjunction with the inetSubscriberResponse' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Netscape subscriber i + nteroperability' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.49.1 NAME 'krbLastFailedAuth' E + QUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VA + LUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.2218 NAME 'nsslapd-localssf' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE + -VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.18.0.2.4.1115 NAME 'printer-stacking-order-supported' + DESC 'The possible stacking order of pages as they are printed and ejected + from this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.15.1 NAME 'krbLdapServers' EQUA + LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.2.840.113556.1.4.479 NAME 'calFBURL' DESC 'RFC2739: URI + to the users default freebusy data' EQUALITY caseIgnoreIA5Match SUBSTR case + IgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'rfc + 2739' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2307 NAME 'nsslapd-allow-hashed-pass + words' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.58 NAME 'replicaBindDn' DESC 'Netsca + pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'N + etscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.605 NAME 'entryid' DESC 'internal se + rver defined attribute type' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation + ) +attributeTypes: ( 2.16.840.1.113730.3.1.2288 NAME 'nsslapd-defaultnamingcont + ext' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( authorityParentID-oid NAME 'authorityParentID' DESC 'Autho + rity Parent ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN + 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.13769.3.9 NAME 'mozillaWorkUrl' EQUALITY case + IgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Moz + illa Address Book' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2155 NAME 'nsds5ReplicaBackoffMax' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.42 NAME 'ipaPermDefaultAttr' DESC + 'IPA permission default attribute' EQUALITY caseIgnoreMatch ORDERING caseI + gnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4. + 0' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2267 NAME 'nsslapd-certmap-basedn' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.525 NAME 'ntUserWorkstations' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.100 NAME 'passwordKeepHistory' DESC + 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.23 NAME 'mgrpAllowedDomain' DESC 'Ne + tscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 1.2.840.113556.1.4.480 NAME 'calCAPURI' DESC 'RFC2739: URI + used to communicate with the users calendar' EQUALITY caseIgnoreIA5Match S + UBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-O + RIGIN 'rfc2739' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.41 NAME 'ipk11KeyType' DESC 'Ke + y type' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.237 NAME 'nsSNMPMasterHost' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( profileID-oid NAME 'profileID' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( nsDefaultAcceptLanguage-oid NAME 'nsDefaultAcceptLanguage' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.6.1 NAME 'krbPrincipalExpiration + ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL + E-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.2325 NAME 'nsslapd-auditfaillog-logg + ing-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( requestOwner-oid NAME 'requestOwner' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.593 NAME 'nsSNMPName' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Net + scape Directory Server' ) +attributeTypes: ( nextRange-oid NAME 'nextRange' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.17 NAME 'hostCApolicy' DESC 'Polic + y on how to treat host requests for cert operations.' EQUALITY caseIgnoreMa + tch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.60 NAME 'ipaKeyExtUsage' DESC 'Al + lowed extended key usage' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.38 X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2205 NAME 'nsslapd-auditlog-logging- + hide-unhashed-pw' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.18.0.2.4.1108 NAME 'printer-aliases' DESC 'List of sit + e-specific administrative names of this printer in addition to the value sp + ecified for printer-name.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstr + ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALITY ca + seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.45 NAME 'ntGroupCreateNewGroup' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN + GLE-VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.7 NAME 'ipaDefaultLoginShell' EQU + ALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.63 NAME 'ipk11Sign' DESC 'Key s + upports signatures where the signature is an appendix to the data' EQUALITY + booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( ' + IPA v4.1' 'user defined' ) ) +attributeTypes: ( serialno-oid NAME 'serialno' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.215 NAME 'oid' DESC 'Netscape define + d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape D + irectory Server' ) +attributeTypes: ( userDN-oid NAME 'userDN' DESC 'CMS defined attribute' SYNT + AX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'type of + employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin + gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2798' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2142 NAME 'nsSaslMapPriority' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGL + E-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.39 NAME 'ipaNTSIDBlacklistOutgoin + g' DESC 'Extra SIDs filtered out from outgoing MS-PAC' EQUALITY caseIgnoreI + A5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.26 X-ORIGIN 'IPA v3' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC 'Trust + Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.26 ) +attributeTypes: ( publicKeyData-oid NAME 'publicKeyData' DESC 'CMS defined a + ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2119 NAME 'dnaMagicRegen' DESC 'DNA + value that will trigger regeneration of attribute value' SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.1 NAME 'memberAllowCmd' DESC 'Refe + rence to a command or group of commands that are allowed by the rule.' SUP + distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.12 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.47.1 NAME 'krbPrincipalAliases' + EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC 'Tim + estamp of when the user is allowed to update the password' EQUALITY integer + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( sessionContext-oid NAME 'sessionContext' DESC 'CMS defined + attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.5.4.42 NAME 'givenName' SUP name EQUALITY caseIgnoreMat + ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- + ORIGIN 'RFC 4519' ) +attributeTypes: ( tokenType-oid NAME 'tokenType' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2189 NAME 'nsslapd-auditlog-logrotat + iontimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.12 NAME 'hostMask' DESC 'IP mask t + o identify a subnet.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUB + STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2312 NAME 'dnaExcludeScope' DESC 'DN + of a subtree excluded from DNA plugin scope' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.12 X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.67 NAME 'ntUserProfile' DESC 'Netsca + pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALU + E X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( revokedCerts-oid NAME 'revokedCerts' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2079 NAME ( 'passwordMinSpecials' 'p + wdMinSpecials' ) DESC 'Netscape defined password policy attribute type' SYN + TAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory + Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.588 NAME 'nsDS5ReplicaId' DESC 'Nets + cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA + LUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2160 NAME 'dnaRemoteBindMethod' DESC + 'Remote bind method: SIMPLE, SSL, SASL/DIGEST-MD5, or SASL/GSSAPI' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' + ) +attributeTypes: ( 1.3.6.1.4.1.13769.4.3 NAME 'mozillaCustom3' EQUALITY case + IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.71 NAME 'sambaTrustAttributes' DESC ' + Trust attributes for a trusted domain' EQUALITY integerMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.57 NAME 'ipaCertIssuerSerial' DES + C 'Issuer name and serial number' EQUALITY caseIgnoreMatch SUBSTR caseIgnor + eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.1' + 'user defined' ) ) +attributeTypes: ( transStatus-oid NAME 'transStatus' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2272 NAME 'nsslapd-plugin-binddn-tra + cking' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.2 NAME 'ipatokenDisabled' DESC + 'Optionally marks token as Disabled' EQUALITY booleanMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 2.5.21.8 NAME 'matchingRuleUse' EQUALITY objectIdentifier + FirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOpe + ration X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME ( 'labeledURI' 'labeledurl' ) E + QUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15 X-ORIGIN 'RFC 2079' X-DEPRECATED 'labeledurl' ) +attributeTypes: ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'Standard LDAP + attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.54 NAME 'ipk11Wrap' DESC 'Key s + upports wrapping' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( beginRange-oid NAME 'beginRange' DESC 'CMS defined attribu + te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( signingAlgorithmId-oid NAME 'signingAlgorithmId' DESC 'CMS + defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user def + ined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2330 NAME 'nsslapd-logging-backend' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.89 NAME 'cirSyncInterval' DESC 'Nets + cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' DESC + 'A string list option' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' DESC 'The class of + a resource record' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.26 ) +attributeTypes: ( 2.16.840.1.113730.3.1.251 NAME 'nsValueFlags' DESC 'Netsca + pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'N + etscape servers - value item' ) +attributeTypes: ( 1.3.6.1.4.1.6981.11.3.1 NAME 'FTPQuotaFiles' DESC 'Quota ( + in number of files) for an FTP user' EQUALITY integerMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.13 NAME 'serviceCredentialLevel' DE + SC 'Specifies the type of credentials either used, required, or supported b + y a specific service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.26 X-ORIGIN ( 'RFC4876' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2106 NAME 'nsIDListScanLimit' DESC ' + Binder-based search operation ID list scan limit (candidate entries)' SYNTA + X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORI + GIN '389' ) +attributeTypes: ( 2.16.840.1.113730.3.1.804 NAME 'nsSchemaCSN' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsServerSecurity-oid NAME 'nsServerSecurity' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne + tscape' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.22 NAME 'ipaMigrationEnabled' DESC + 'Enable adding user entries with pre-hashed passwords.' SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.75 NAME 'ipaNTAdditionalSuffixes' + DESC 'Suffix for the user principal name associated with the domain' EQUAL + ITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4 + .4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2210 NAME 'nsslapd-auditlog' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.50 NAME 'replicaBeginOrc' DESC 'Nets + cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.20.2.4 NAME 'ipaReplTopoSegmentRight + Node' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 X-ORIGIN ( 'FreeIPA' 'user defined' ) ) +attributeTypes: ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDrink' + ) EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' X-DEPRECATED 'favouriteDrink' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2280 NAME 'nsslapd-bakdir' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surName' ) SUP name EQUALITY caseIgn + oreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'surName' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2066 NAME 'nsSaslMapFilterTemplate' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.13769.3.1 NAME 'mozillaHomeStreet' EQUALITY c + aseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( 2.16.840.1.113730.3.1.198 NAME 'memberURL' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Nets + cape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindo + w' DESC 'Reset time after lockout in minutes (default: 30)' EQUALITY intege + rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.16 NAME 'postalAddress' EQUALITY caseIgnoreListMatc + h SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 + X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.108 NAME 'passwordUnlock' DESC 'Nets + cape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' DESC 'Standard L + DAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2307 + ' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2124 NAME 'dnaRemainingValues' DESC + 'DNA remaining values left to assign' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( nsSSLClientAuth-oid NAME 'nsSSLClientAuth' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets + cape' ) +attributeTypes: ( duration-oid NAME 'duration' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenID-oid NAME 'tokenID' DESC 'CMS defined attribute' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2236 NAME 'nsslapd-anonlimitsdn' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SI + NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2194 NAME 'nsslapd-errorlog-logminfr + eediskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.574 NAME 'nsRole' DESC 'Netscape def + ined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICAT + ION USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsAdminGroupName-oid NAME 'nsAdminGroupName' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne + tscape' ) +attributeTypes: ( 2.16.840.1.113730.3.8.19.2.2 NAME 'ipaMinDomainLevel' DESC + 'Minimal supported Domain Level value' EQUALITY numericStringMatch ORDERIN + G numericStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE X-OR + IGIN ( 'IPA v4' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.72 NAME 'serverVersionNumber' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORI + GIN 'Netscape Administration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.1.246 NAME 'nsValueInt' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Net + scape servers - value item' ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.43 NAME 'preferredTimeZone' DESC + 'preferred time zone for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgno + reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGI + N 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2173 NAME 'nsslapd-errorlog-maxlogsi + ze' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.6 NAME 'userCategory' DESC 'Additi + onal classification for users' EQUALITY caseIgnoreMatch ORDERING caseIgnore + OrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) + impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.26 X-ORIGIN 'SUDO' ) +attributeTypes: ( SecureAdminPort-oid NAME 'SecureAdminPort' SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.18.0.2.4.1130 NAME 'printer-document-format-supported' + DESC 'The possible source document formats which may be interpreted and pr + inted by this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.5 NAME 'followReferrals' DESC 'An a + gent or service does or should follow referrals' EQUALITY booleanMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user def + ined' ) ) +attributeTypes: ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY caseI + gnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.23 NAME 'ipatokenTOTPauthWindow + ' DESC 'TOTP Auth Window (maximum authentication variance in seconds)' EQUA + LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGI + N ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.21.1.7 NAME 'ipaCaIssuerDN' DESC 'Is + suer DN' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA v4.4 Lightweight CAs' 'user define + d' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.25 NAME 'idnsSecKeyRevoke' DESC 'D + NSKEY REVOKE flag (equivalent to bit 8): RFC 5011' EQUALITY booleanMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user + defined' ) ) +attributeTypes: ( requestId-oid NAME 'requestId' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.552 NAME 'costargettree' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VAL + UE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.94 NAME 'retryCountResetTime' DESC ' + Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directo + ry Server' ) +attributeTypes: ( tokenNotBefore-oid NAME 'tokenNotBefore' DESC 'CMS defined + attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.21 NAME 'ipaAllowToImpersonate' D + ESC 'Principals that can be impersonated' SUP distinguishedName EQUALITY di + stinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA-v + 3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2244 NAME 'nnslapd-threadnumber' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SI + NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.2.840.113556.1.2.102 NAME 'memberOf' DESC 'Group that th + e entry belongs to' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape + Delegated Administrator' ) +attributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) SYNTAX + 1.3.6.1.4.1.1466.115.121.1.22 X-ORIGIN 'RFC 4519' X-DEPRECATED 'fax' ) +attributeTypes: ( authorityEnabled-oid NAME 'authorityEnabled' DESC 'Authori + ty Enabled' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user + defined' ) +attributeTypes: ( nsDirectoryURL-oid NAME 'nsDirectoryURL' DESC 'Netscape de + fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netsca + pe' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2111 NAME 'tombstoneNumSubordinates' + DESC 'count of immediate subordinates for tombstone entries' EQUALITY inte + gerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN '389 d + irectory server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.9 NAME 'ipaSudoRunAsGroup' DESC 'R + eference to group that the commands can be run as.' SUP memberUser EQUALITY + distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA + v2' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.22 NAME 'ipk11Subject' DESC 'DE + R-encoding of subject name' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.40 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( deltaSize-oid NAME 'deltaSize' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.690 NAME 'inetDomainBaseDN' DESC 'Ba + se DN of user subtree for a DNS domain' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 2 SINGLE-VALUE X-ORIGIN 'Netscape subscriber interoperability' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' + EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user define + d' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2223 NAME 'nsslapd-localhost' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'Standard LDAP a + ttribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ' + RFC 2307' ) +attributeTypes: ( ServerCertExtractFile-oid NAME 'ServerCertExtractFile' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- + ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2181 NAME 'nsslapd-accesslog-logrota + tionsyncmin' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.569 NAME 'cosPriority' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE + X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsOsVersion-oid NAME 'nsOsVersion' DESC 'Netscape defined + attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( nsJarfilename-oid NAME 'nsJarfilename' DESC 'Netscape defi + ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape + ' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2293 NAME 'nsslapd-ndn-cache-enabled + ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2071 NAME 'pamIDAttr' DESC 'Name of + attribute holding PAM ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Re + d Hat Directory Server' ) +attributeTypes: ( tokenSerial-oid NAME 'tokenSerial' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( password-oid NAME 'password' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2158 NAME 'dnaRemoteBindDN' DESC 'Re + mote bind DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN '3 + 89 Directory Server' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.3.1 NAME 'krbPrincipalType' EQU + ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPasswo + rd' DESC 'Previous clear text password (used for trusted domain passwords)' + EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.3.18.0.2.4.1127 NAME 'printer-pages-per-minute' DESC 'Th + e nominal number of pages per minute which may be output by this printer.' + EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.14 NAME 'ipatokenRadiusUserName + ' DESC 'Corresponding Radius username' EQUALITY caseIgnoreMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' + ) ) +attributeTypes: ( 0.9.2342.19200300.100.1.54 NAME 'ditRedirect' DESC 'Standa + rd LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC + 1274' ) +attributeTypes: ( 2.16.840.1.113730.3.1.520 NAME 'nswmExtendedUserPrefs' DES + C 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.26 NAME 'mgrpErrorsTo' DESC 'Netscap + e Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .26 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2137 NAME 'nsds5ReplicaAbortCleanRUV + ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.12 NAME 'idnsAllowTransfer' DESC ' + BIND9 allow-transfer ACL element' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v2' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' EQUALITY + objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperati + on X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.1.232 NAME 'nsSNMPEnabled' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VAL + UE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( algorithmId-oid NAME 'algorithmId' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord' DESC 'certifica + te, RFC 2538' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.17 NAME 'ldapSchemas' SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'RFC 2927' ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.7 NAME 'eduPersonEntitlement' DESC + 'Entitlement' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'http://middlew + are.internet2.edu/eduperson/' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2328 NAME 'nsslapd-auditfaillog-list + ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.81 NAME 'cirPort' DESC 'Netscape def + ined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscap + e Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.14 NAME 'ipaNTTrustPartner' DESC + 'Fully qualified name of the domain with which a trust exists' EQUALITY cas + eIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' ' + user defined' ) ) +attributeTypes: ( 1.3.6.1.4.1.6981.11.3.9 NAME 'FTPgid' DESC 'System uid (ov + errides gidNumber if present)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.17 NAME 'ipk11CheckValue' DESC + 'Checksum' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X + -ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2087 NAME 'mepManagedEntry' DESC 'Ma + naged Entries pointer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN '389 D + irectory Server' ) +attributeTypes: ( nsAdminSIEDN-oid NAME 'nsAdminSIEDN' DESC 'Netscape define + d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' + ) +attributeTypes: ( 2.16.840.1.113730.3.1.685 NAME 'nsds5replicaLastUpdateStar + t' DESC 'Netscape defined attribute type' EQUALITY generalizedTimeMatch ORD + ERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SIN + GLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2208 NAME 'nsslapd-rootdnpw' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.48 NAME 'replicaPort' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Net + scape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.2 NAME 'ipaGroupSearchFields' EQU + ALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.30 NAME 'idnsSubstitutionVariable' + DESC 'User defined variable for DNS plugin' EQUALITY caseIgnoreIA5Match SY + NTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.210 NAME 'vlvSort' DESC 'Netscape de + fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netsca + pe Directory Server' ) +attributeTypes: ( dateOfModify-oid NAME 'dateOfModify' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.51 NAME 'nSEC3PARAMRecord' DESC 'RFC + 5155' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user + defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2145 NAME 'rootdn-close-time' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2257 NAME 'nsslapd-accesslog-logbuff + ering' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.32 NAME 'ipaKrbPrincipalAlias' DE + SC 'DEPRECATED - DO NOT USE' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOr + deringMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlycountrynam + e' ) EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' X-DEPRECATED 'friendlycountry + name' ) +attributeTypes: ( extension-oid NAME 'extension' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.13 NAME 'mailAlternateAddress' DESC + 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.227 NAME 'nsslapd-pluginId' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC 'Roam + ing profile path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier' EQUALITY bitStringMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.5 NAME 'idnsSOAserial' DESC 'SOA s + erial number' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2315 NAME 'nsDS5ReplicaWaitForAsyncR + esults' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.613 NAME 'copiedFrom' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsServerPort-oid NAME 'nsServerPort' DESC 'Netscape define + d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' + ) +attributeTypes: ( 1.2.840.113554.1.4.1.6.4 NAME 'krbPwdMaxRenewableLife' EQ + UALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORI + GIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.8 NAME 'javaSerializedData' DESC ' + Serialized form of a Java object' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SING + LE-VALUE X-ORIGIN 'RFC 2713' ) +attributeTypes: ( deltaNumber-oid NAME 'deltaNumber' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.583 NAME 'nsDS5ReplicaBindMethod' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2275 NAME 'nsslapd-schemadir' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsSSLActivation-oid NAME 'nsSSLActivation' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets + cape' ) +attributeTypes: ( 1.3.18.0.2.4.1138 NAME 'printer-make-and-model' DESC 'Make + and model of this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs + tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc + 3712' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.5 NAME 'ipatokenVendor' DESC 'O + ptional Vendor identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstr + ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA + OTP' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.1000 NAME 'nsds7WindowsReplicaSubtre + e' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' EQUALITY dist + inguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4524' + ) +attributeTypes: ( 2.16.840.1.113730.3.1.533 NAME 'ntUserCodePage' DESC 'Nets + cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VAL + UE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.35 NAME 'changeLog' DESC 'the distin + guished name of the entry which contains the set of entries comprising this + servers changelog' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.12 X-ORIGIN 'Changelog Internet Draft' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.53 NAME 'ipk11VerifyRecover' DE + SC 'Key supports verification where data is recovered from the signature' E + QUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORI + GIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.205 NAME 'changeLogMaximumConcurrent + Writes' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord' DESC 'Signature, + RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' DESC 'A boo + lean option' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SING + LE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.3 NAME 'ipaNTFlatName' DESC 'Flat + /Netbios Name' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SU + BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( nsDirectoryInfoRef-oid NAME 'nsDirectoryInfoRef' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN + 'Netscape' ) +attributeTypes: ( 1.3.6.1.4.1.6981.11.3.6 NAME 'FTPDownloadBandwidth' DESC ' + Bandwidth (in KB/s) to limit download speeds to' EQUALITY integerMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2109 NAME 'nsPagedIDListScanLimit' D + ESC 'Binder-based simple paged search operation ID list scan limit' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGI + N '389' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2092 NAME 'nsslapd-ldapiautodnsuffix + ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 12 X-ORIGIN 'Netscape' ) +attributeTypes: ( transOps-oid NAME 'transOps' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.25 NAME 'ipaPermissionType' DESC ' + IPA permission flags' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingM + atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'X.509 supported + algorithms' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 + X-ORIGIN 'RFC 4523' ) +attributeTypes: ( 1.3.18.0.2.4.1116 NAME 'printer-output-features-supported' + DESC 'The possible output features supported by this printer.' EQUALITY ca + seIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2302 NAME 'nsslapd-listen-backlog-si + ze' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.57 NAME 'replicaRoot' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Net + scape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.608 NAME 'nsDS5Task' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets + cape Directory Server' ) +attributeTypes: ( nextUpdate-oid NAME 'nextUpdate' DESC 'CMS defined attribu + te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2069 NAME 'pamMissingSuffix' DESC 'H + ow to handle missing include or exclude suffixes' SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.15 SINGLE-VALUE X-ORIGIN 'Red Hat Directory Server' ) +attributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetaddress' ) EQUALITY caseIg + noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'streetaddress' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord' DESC 'RRSIG, R + FC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.28.1 NAME 'krbPrincNamingAttr' + EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + ) +attributeTypes: ( 2.16.840.1.113730.3.1.2150 NAME 'rootdn-deny-ip' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape Directory Server' ) +attributeTypes: ( nsGroupRDNComponent-oid NAME 'nsGroupRDNComponent' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN 'Netscape Administration Services' ) +attributeTypes: ( algorithm-oid NAME 'algorithm' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC 'Maximu + m password age, in seconds (default: -1 => never expire passwords)' EQUALIT + Y integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.47 NAME 'ipaPermRight' DESC 'IPA + permission rights' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2262 NAME 'nsslapd-maxbersize' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING + LE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' EQUALITY caseI + gnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.528 NAME 'ntUserAcctExpires' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.103 NAME ( 'passwordCheckSyntax' 'pw + dCheckSyntax' ) DESC 'Netscape defined password policy attribute type' SYNT + AX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory + Server' ) +attributeTypes: ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' DESC 'Standard L + DAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307 + ' ) +attributeTypes: ( 1.2.840.113556.1.4.483 NAME 'calOtherFBURLs' DESC 'RFC2739 + : multi-value URI for other free/busy data' EQUALITY caseIgnoreIA5Match SUB + STR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORI + GIN 'rfc2739' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.44 NAME 'ipk11AllowedMechanisms + ' DESC 'Space-separated list of mechanisms allowed to be used with this key + ' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2239 NAME 'nsslapd-SSL3ciphers' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN + GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2320 NAME 'nsslapd-auditfaillog-logr + otationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.79 NAME 'cirReplicaRoot' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ' + Netscape Directory Server' ) +attributeTypes: ( issuerName-oid NAME 'issuerName' DESC 'CMS defined attribu + te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'preferr + ed name of a person to be used when displaying entries' EQUALITY caseIgnore + Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'RFC 2798' ) +attributeTypes: ( nsProductVersion-oid NAME 'nsProductVersion' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne + tscape' ) +attributeTypes: ( 2.16.840.1.113730.3.8.18.2.1 NAME 'ipaVaultType' DESC 'IPA + vault type' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X + -ORIGIN ( 'IPA v4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2176 NAME 'nsslapd-errorlog-logrotat + ionsync-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.1 NAME 'ipaUniqueID' DESC 'Unique + identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( endRange-oid NAME 'endRange' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.12 NAME 'sourceHostCategory' DESC + 'Additional classification for hosts' EQUALITY caseIgnoreMatch ORDERING cas + eIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.43.1 NAME 'krbSupportedEncSaltTy + pes' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.65 NAME 'ipaWrappingMech' DESC 'P + KCS#11 wrapping mechanism equivalent to CK_MECHANISM_TYPE' EQUALITY caseIgn + oreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA + v4.1' 'user defined' ) ) +attributeTypes: ( crlCache-oid NAME 'crlCache' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2200 NAME 'nsslapd-errorlog-logexpir + ationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.0 NAME 'defaultServerList' DESC 'Li + st of default servers' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'RFC4876 + ' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' DESC + 'signed message used to support S/MIME' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 + X-ORIGIN 'RFC 2798' ) +attributeTypes: ( 1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'automount M + ap Name' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SI + NGLE-VALUE X-ORIGIN 'RFC 2307bis' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.28 NAME 'idnsSecKeyRef' DESC 'PKCS + #11 URI of the key' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( nsSecureServerPort-oid NAME 'nsSecureServerPort' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.218 NAME 'replicaAbandonedChanges' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.66 NAME 'ipk11Extractable' DESC + 'Key is extractable and can be wrapped' EQUALITY booleanMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) + ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord' DESC 'Location, + RFC 1876' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( authorityKeyNickname-oid NAME 'authorityKeyNickname' DESC + 'Authority key nickname' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE + X-ORIGIN ( 'user-defined' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.7 NAME 'changeType' DESC 'Changelog + attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Changelog In + ternet Draft' ) +attributeTypes: ( usertype-oid NAME 'usertype' DESC 'Distinguish whether the + user is administrator, agent or subsystem.' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC ' + Concatenated MD5 hashes of the salted NT passwords used on this account' EQ + UALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( ' + IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.5.4.26 NAME 'registeredAddress' SUP postalAddress EQUAL + ITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.41 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.999 NAME ( 'passwordGraceLimit' 'pwd + GraceLoginLimit' ) DESC 'Netscape defined password policy attribute type' S + YNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directo + ry Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2114 NAME 'internalCreatorsName' DES + C 'plugin dn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MOD + IFICATION USAGE directoryOperation X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.4 NAME 'externalUser' DESC 'Multiv + alue string attribute that allows storing user names.' EQUALITY caseIgnoreM + atch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( nsBindPassword-oid NAME 'nsBindPassword' DESC 'Netscape de + fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netsca + pe' ) +attributeTypes: ( 2.16.840.1.113730.3.1.812 NAME 'netscapeReversiblePassword + ' DESC 'password for HTTP Digest/MD5 authentication' EQUALITY octetStringMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'Netscape Web Server' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' DESC 'domain nam + e pointer, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr + ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' DESC 'Standard LDAP attri + bute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC + 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2226 NAME 'nsslapd-listenhost' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING + LE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2184 NAME 'nsslapd-accesslog-logrota + tiontime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' EQUALITY distin + guishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 2.16.840.1.113730.3.1.62 NAME 'ntUserParms' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2296 NAME 'nsslapd-ignore-virtual-at + trs' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2074 NAME 'pamService' DESC 'Service + name to pass to pam_start' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VAL + UE X-ORIGIN 'Red Hat Directory Server' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.26.1 NAME 'krbPrincipalReference + s' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.1 NAME 'ipk11UniqueId' DESC 'Me + aningless unique identifier' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2163 NAME 'winSyncWindowsFilter' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.13769.4.4 NAME 'mozillaCustom4' EQUALITY case + IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( resourceACLS-oid NAME 'resourceACLS' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.72 NAME 'sambaTrustDirection' DESC 'D + irection of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.58 NAME 'ipaKeyTrust' DESC 'Key t + rust (unknown, trusted, distrusted)' EQUALITY caseIgnoreMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) + ) +attributeTypes: ( 1.3.18.0.2.4.1120 NAME 'printer-print-quality-supported' D + ESC 'List of print qualities supported for printing documents on this print + er.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.13 NAME 'ipatokenOwner' DESC 'U + ser entry that owns this token' SUP distinguishedName EQUALITY distinguishe + dNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN ( 'IP + A OTP' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Standard LDAP attri + bute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.15 NAME 'idnsForwarders' DESC 'lis + t of forwarders' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v2' 'user define + d' ) ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.2 NAME 'eduPersonNickName' DESC 'Ni + ckName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'http://middleware.in + ternet2.edu/eduperson/' ) +attributeTypes: ( 2.16.840.1.113730.3.1.542 NAME 'nsUniqueId' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'Netscape Directory + Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2333 NAME 'nsds5ReplicaReleaseTimeou + t' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.84 NAME 'cirUseSsl' DESC 'Netscape d + efined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netsc + ape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.11 NAME 'ipaNTTrustType' DESC 'Ty + pe of trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN + GLE-VALUE ) +attributeTypes: ( nsServerID-oid NAME 'nsServerID' DESC 'Netscape defined at + tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.254 NAME 'nsValueHelpURL' DESC 'Nets + cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN + 'Netscape servers - value item' ) +attributeTypes: ( expiredCerts-oid NAME 'expiredCerts' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.0.2 NAME 'dNSdefaultTTL' DESC 'An inte + ger denoting default time to live, RFC 2308' EQUALITY integerMatch ORDERING + integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN ( 'IPA + v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.5.4.33 NAME 'roleOccupant' SUP distinguishedName EQUALI + TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RF + C 4519' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.10 NAME 'credentialLevel' DESC 'Ide + ntifies type of credentials either used, required, or supported by an agent + or service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 26 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2101 NAME 'autoMemberDefaultGroup' D + ESC 'Auto Membership default group' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X- + ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.12 NAME 'ipk11Modifiable' DESC + 'Can be modified by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.807 NAME 'nsds5replicaLastInitStart' + DESC 'Netscape defined attribute type' EQUALITY generalizedTimeMatch ORDER + ING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL + E-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.31.1 NAME 'krbMinPwdLife' EQUAL + ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.2213 NAME 'nsslapd-userat' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.20.2.7 NAME 'ipaReplTopoManagedAgree + mentState' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 X-ORIGIN ( 'FreeIPA' 'user defined' ) ) +attributeTypes: ( 0.9.2342.19200300.100.1.8 NAME 'userClass' EQUALITY caseI + gnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.80 NAME 'sambaSupportedEncryptionType + s' DESC 'Supported encryption types of a trust' EQUALITY integerMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.2283 NAME 'nsslapd-SSLclientAuth' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.1 NAME 'aliasedObjectName' EQUALITY distinguishedNa + meMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'RFC 451 + 2' ) +attributeTypes: ( 1.3.6.1.4.1.13769.3.2 NAME 'mozillaHomeStreet2' EQUALITY + caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2148 NAME 'rootdn-deny-host' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength' DESC + 'Length of Password History Entries (default: 0 => off)' EQUALITY integerMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) SUP name + EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'organizationalUnitNam + e' ) +attributeTypes: ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' EQUALI + TY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 2.16.840.1.113730.3.1.16 NAME 'mailDeliveryOption' DESC 'N + etscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2127 NAME 'dnaPortNum' DESC 'DNA por + t number of replica to get new range of values' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.222 NAME ( 'passwordMinAge' 'pwdMinA + ge' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113719.1.1.4.1.35 NAME 'lastLoginTime' DESC 'La + st login time' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE dire + ctoryOperation X-ORIGIN 'Account Policy Plugin' ) +attributeTypes: ( SecurePort-oid NAME 'SecurePort' SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2231 NAME 'nsslapd-ldapimaprootdn' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2197 NAME 'nsslapd-errorlog-logexpir + ationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.577 NAME 'cosIndirectSpecifier' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN + GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2318 NAME 'nsslapd-auditfaillog-logr + otationsynchour' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.71 NAME 'serverProductName' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI + N 'Netscape Administration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.0 NAME 'idnsName' DESC 'DNS FQDN' + EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.48.1 NAME 'krbLastSuccessfulAuth + ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL + E-VALUE ) +attributeTypes: ( 5.3.6.1.1.1.1.1 NAME 'accessTo' DESC 'Access to which serv + ers user is allowed' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr + ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'nss_ldap/pam_ldap' + ) +attributeTypes: ( 1.2.840.113554.1.4.1.6.3 NAME 'krbPwdMaxLife' EQUALITY in + tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IP + A v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.249 NAME 'nsValueType' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne + tscape servers - value item' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.14.1 NAME 'krbRealmReferences' + EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.9 NAME 'ipaEnabledFlag' DESC 'The + flag to show if the association is active or should be ignored' EQUALITY bo + oleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v + 2' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) + followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.26 X-ORIGIN 'SUDO' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2278 NAME 'nsslapd-certdir' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.18.0.2.4.1135 NAME 'printer-name' DESC 'The site-speci + fic administrative name of this printer.' EQUALITY caseIgnoreMatch SUBSTR c + aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.26 NAME 'ipatokenHOTPsyncWindow + ' DESC 'HOTP Sync Window (maximum synchronization skip-ahead)' EQUALITY int + egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA + OTP' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.21.1.2 NAME 'ipaMemberCa' DESC 'Refe + rence to a CA member' SUP distinguishedName EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA v4.2' 'user defined' + ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.38 NAME 'nsLicenseEndTime' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape Administration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.20 NAME 'idnsSecKeyPublish' DESC ' + DNSSEC key (planned) publication time' EQUALITY generalizedTimeMatch ORDERI + NG generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE + -VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.200 NAME 'changeLogMaximumAge' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR + IGIN 'Netscape Directory Server' ) +attributeTypes: ( authorityDN-oid NAME 'authorityDN' DESC 'Authority DN' SYN + TAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.5.18.3 NAME 'creatorsName' EQUALITY distinguishedNameMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION + USAGE directoryOperation X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.1.93 NAME 'passwordRetryCount' DESC 'N + etscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Director + y Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.6 NAME 'ipaNTLogonScript' DESC 'U + ser Logon Script Name' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrdering + Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.22 NAME 'ipaAllowedTarget' DESC ' + Target principals alowed to get a ticket for' SUP distinguishedName EQUALIT + Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'I + PA-v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2247 NAME 'nsslapd-conntablesize' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S + INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( requestSourceId-oid NAME 'requestSourceId' DESC 'CMS defin + ed attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' + ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.12 NAME 'ipaGroupObjectClasses' S + YNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( crlSize-oid NAME 'crlSize' DESC 'CMS defined attribute' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.21 NAME 'ipk11Distrusted' DESC + 'Must not be trusted by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( nsSuiteSpotUser-oid NAME 'nsSuiteSpotUser' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets + cape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2095 NAME 'connection' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne + tscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.693 NAME 'inetUserHttpURL' DESC 'A u + sers Web addresses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape + subscriber interoperability' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 h + ash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 1.3.18.0.2.4.1113 NAME 'printer-service-person' DESC 'The + identity of the current human service person responsible for servicing this + printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2305 NAME 'nsslapd-moddn-aci' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.603 NAME 'dncomp' DESC 'internal ser + ver defined attribute type' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE directoryOperation ) +attributeTypes: ( 2.16.840.1.113730.3.1.1099 NAME 'winSyncInterval' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord' DESC 'Delegation + Signer, RFC 3658' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( revokedOn-oid NAME 'revokedOn' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( nsBaseDN-oid NAME 'nsBaseDN' DESC 'Netscape defined attrib + ute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.40 NAME 'ipaUserAuthType' DESC 'A + llowed authentication methods' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15 X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2265 NAME 'nsslapd-versionstring' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.18.0.2.4.1128 NAME 'printer-compression-supported' DES + C 'Compression algorithms supported by this printer.' EQUALITY caseIgnoreMa + tch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X + -ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.1.523 NAME 'ntUserFlags' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE + X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.25 NAME 'mgrpDeliverTo' DESC 'Netsca + pe Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2132 NAME 'nsds5ReplicaEnabled' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN + GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsExecRef-oid NAME 'nsExecRef' DESC 'Netscape defined attr + ibute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.235 NAME 'nsSNMPContact' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' + Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.43 NAME 'ipk11KeyGenMechanism' + DESC 'Mechanism used to generate this key' EQUALITY caseIgnoreMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defi + ned' ) ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.46.1 NAME 'krbMKey' EQUALITY oc + tetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.19 NAME 'ipaNTSupportedEncryption + Types' DESC 'Supported encryption types of a trust' EQUALITY integerMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.591 NAME 'nsDS5ReplicaReferral' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O + RIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2179 NAME 'nsslapd-errorlog-logrotat + ionsynchour' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2082 NAME ( 'passwordMinCategories' + 'pwdMinCategories' ) DESC 'Netscape defined password policy attribute type' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Direc + tory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.15 NAME 'nisDomainName' DESC 'NIS + domain name.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUB + STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.688 NAME 'nsds5replicaLastUpdateStat + us' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' + ) +attributeTypes: ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' EQUALI + TY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.26 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.5 NAME 'ipaCustomFields' EQUALITY + caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.33 NAME 'ipaServiceWeight' DESC 'W + eight for the server in IPA location' EQUALITY integerMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.213 NAME 'vlvEnabled' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Net + scape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2140 NAME 'passwordTrackUpdateTime' + DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.37 NAME 'ipaKrbAuthzData' DESC 't + ype of PAC preferred by a service' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.15 X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' DESC 'Security + ID List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2252 NAME 'nsslapd-groupevalnestleve + l' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.51.1 NAME 'krbExtraData' EQUALI + TY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' DESC + 'List of user workstations the user is allowed to logon to' EQUALITY caseIg + noreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA + v4.4.2' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' DESC 'Standard LDAP + attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN + 'RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.8.12.33 NAME 'ipaAssignedIDView' DESC + 'DN of view assigned to this particular host' SUP distinguishedName EQUALIT + Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE + X-ORIGIN ( 'IPA v4' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2229 NAME 'nsslapd-ldapilisten' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN + GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair' DESC 'X.509 cross cer + tificate pair' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 40 X-ORIGIN 'RFC 4523' ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.10 NAME 'ipaSudoRunAsExtGroup' DES + C 'Multivalue string attribute that allows storing group name the command c + an be run as' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR case + IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2 + ' ) +attributeTypes: ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' EQUALI + TY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.8 NAME 'idnsSOAexpire' DESC 'SOA e + xpire value' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2310 NAME 'nsds5ReplicaFlowControlWi + ndow' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.69 NAME 'subtreeACI' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Nets + cape Directory Server 1.0' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2299 NAME 'nsslapd-connection-buffer + ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2166 NAME 'schemaUpdateObjectclassRe + ject' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( revokedBy-oid NAME 'revokedBy' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.586 NAME 'nsDS5ReplicaUpdateSchedule + ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.13769.4.1 NAME 'mozillaCustom1' EQUALITY case + IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.55 NAME 'ipaSecretKey' DESC 'Encr + ypted secret key data' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.40 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2270 NAME 'nsslapd-auditlog-list' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X + -ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.1003 NAME 'nsds7NewWinGroupSyncEnabl + ed' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.536 NAME 'ntGroupAttributes' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE- + VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.111 NAME 'ntUniqueId' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'Standard LDA + P attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGI + N 'RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.30 NAME 'mgrpRFC822MailMember' DESC + 'mgrpRFC822MailMember' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.26 X-ORIGIN ( 'RFC2307bis' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.18 NAME 'idnsSecInlineSigning' DES + C 'allow inline DNSSEC signing' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.208 NAME 'vlvScope' DESC 'Netscape d + efined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Netsc + ape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' DESC 'Non-Term + inal DNS Name Redirection, RFC 2672' EQUALITY caseIgnoreIA5Match SUBSTR cas + eIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE + ) +attributeTypes: ( privateKeyData-oid NAME 'privateKeyData' DESC 'CMS defined + attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.34.1 NAME 'krbPwdHistoryLength' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( nsNickName-oid NAME 'nsNickName' DESC 'Netscape defined at + tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' DESC 'An + integer option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) +attributeTypes: ( 2.5.4.36 NAME 'userCertificate' DESC 'X.509 user certifica + te' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN + 'RFC 4523' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2104 NAME 'nsslapd-pluginConfigArea' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 2 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.1.5 NAME 'vendorVersion' EQUALITY 1.3.6.1.4.1.146 + 6.109.114.1 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIF + ICATION USAGE dSAOperation X-ORIGIN 'RFC 3045' ) +attributeTypes: ( 1.3.6.1.4.1.6981.11.3.3 NAME 'FTPUploadRatio' DESC 'Ratio + (compared with FTPRatioDown) for uploaded files' EQUALITY integerMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.15 NAME 'serviceAuthenticationMetho + d' DESC 'Specifies types authentication methods either used, required, or s + upported by a particular service' EQUALITY caseIgnoreMatch SUBSTR caseIgnor + eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'RFC4876' + 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.19 NAME 'ipk11EndDate' DESC 'Va + lidity end date' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrde + ringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-ORIGIN ( 'IPA + v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.802 NAME 'nsds5ReplicaLegacyConsumer + ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.20 NAME 'memberService' DESC 'Refe + rence to the pam service of this operation.' SUP distinguishedName EQUALITY + distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA + v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2216 NAME 'nsslapd-require-secure-bi + nds' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsKeyfile-oid NAME 'nsKeyfile' DESC 'Netscape defined attr + ibute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.52 NAME 'replicaUpdateSchedule' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O + RIGIN 'Netscape Directory Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.23 X-ORIGIN 'RFC 1274' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.70 NAME 'ipk11UnwrapTemplate' D + ESC 'DN of template to apply to keys unwrapped using this key' EQUALITY dis + tinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORI + GIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2286 NAME 'nsslapd-outbound-ldap-io- + timeout' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' ) SUP name EQUALITY case + IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.11 SINGLE-VALUE X-ORIGIN 'RFC 4519' X-DEPRECATED 'countryName' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2064 NAME 'nsSaslMapRegexString' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2153 NAME ( 'passwordAdminDN' 'pwdAd + minDN' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' + ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC 'Minimu + m password age, in seconds (default: 0 => allow immediate password change)' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.48 NAME 'ipaPermTargetFilter' DES + C 'IPA permission target filter' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) +attributeTypes: ( 2.5.4.14 NAME 'searchGuide' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.25 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( version-oid NAME 'version' DESC 'CMS defined attribute' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.106 NAME ( 'passwordMaxFailure' 'pwd + MaxFailure' ) DESC 'Netscape defined password policy attribute type' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Se + rver' ) +attributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Standard L + DAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307 + ' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2234 NAME 'nsslapd-ldapigidnumbertyp + e' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.572 NAME 'nsTimeLimit' DESC 'Binder- + based search operation time limit (seconds)' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory S + erver' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2323 NAME 'nsslapd-auditfaillog-loge + xpirationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.74 NAME 'administratorContactInfo' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Netscape Administration Services' ) +attributeTypes: ( nsClassname-oid NAME 'nsClassname' DESC 'Netscape defined + attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.244 NAME 'nsValueCES' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Net + scape servers - value item' ) +attributeTypes: ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' DESC 'IAN + A GSS-API authorized service name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.15 X-ORIGIN 'NSS LDAP schema' ) +attributeTypes: ( allowWeakCipher-oid NAME 'allowWeakCipher' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets + cape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2171 NAME 'nsslapd-accesslog-maxlogs + perdir' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.4 NAME 'fqdn' DESC 'FQDN' EQUALITY + caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstrin + gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2203 NAME 'nsslapd-errorlog-logging- + enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.7 NAME 'profileTTL' DESC 'Time to l + ive, in seconds, before a profile is considered stale' EQUALITY integerMatc + h ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE + -VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.21.1.5 NAME 'ipaCertProfileCategory' + DESC 'Additional classification for certificate profiles' EQUALITY caseIgn + oreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.2' 'user defined' ) + ) +attributeTypes: ( 1.3.6.1.1.1.1.32 NAME 'automountKey' DESC 'Automount Key v + alue' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGL + E-VALUE X-ORIGIN 'RFC 2307bis' ) +attributeTypes: ( nsDeleteclassname-oid NAME 'nsDeleteclassname' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' + Netscape Administration Services' ) +attributeTypes: ( nsmsgNumMsgQuota-oid NAME 'nsmsgNumMsgQuota' DESC 'Netscap + e Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.65 NAME 'ipk11Unwrap' DESC 'Key + supports unwrapping' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( nsAdminCgiWaitPid-oid NAME 'nsAdminCgiWaitPid' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' + Netscape Administration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC 'iden + tifies a department within an organization' EQUALITY caseIgnoreMatch SUBSTR + caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'R + FC 2798' ) +attributeTypes: ( 2.16.840.1.113730.3.1.550 NAME 'cosAttribute' DESC 'Netsca + pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'N + etscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.96 NAME ( 'passwordHistory' 'pwdHist + ory' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.5 USAGE directoryOperation X-ORIGIN 'Netscape Director + y Server' ) +attributeTypes: ( 1.3.6.1.4.1.5322.21.2.5 NAME 'krbLastAdminUnlock' EQUALIT + Y generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' DESC ' + Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.9 NAME 'ipaNTHomeDirectoryDrive' + DESC 'User Home Drive Letter' EQUALITY caseIgnoreMatch ORDERING caseIgnoreO + rderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.5.4.21 NAME 'telexNumber' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.52 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( numberOfRenewals-oid NAME 'numberOfRenewals' DESC 'CMS def + ined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined + ' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2117 NAME 'dnaNextValue' DESC 'DNA n + ext available value for assignment' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SI + NGLE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.7 NAME 'ipaSudoRunAsExtUser' DESC + 'Multivalue string attribute that allows storing user name the command can + be run as' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgn + oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2098 NAME 'autoMemberFilter' DESC 'A + uto Membership filter criteria' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.17 NAME 'RPRecord' DESC 'Responsible + Person, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrin + gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user + defined' ) ) +attributeTypes: ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' DESC 'Standard LDAP attri + bute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC + 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2221 NAME 'nsslapd-validate-cert' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2187 NAME 'nsslapd-accesslog-logrota + tiontimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2308 NAME 'nstombstonecsn' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.61 NAME 'ntUserUsrComment' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2291 NAME 'nsslapd-disk-monitoring-g + race-period' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2077 NAME ( 'passwordMinUppers' 'pwd + MinUppers' ) DESC 'Netscape defined password policy attribute type' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Ser + ver' ) +attributeTypes: ( SecureEEClientAuthPort-oid NAME 'SecureEEClientAuthPort' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.407 NAME 'nsSynchUniqueAttribute' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X + -ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.77 NAME 'sambaSecurityIdentifier' DES + C 'SID of a trusted domain' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5 + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN + ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2268 NAME 'nsslapd-accesslog-list' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.18.0.2.4.1125 NAME 'printer-finishings-supported' DESC + 'The possible finishing operations supported by this printer.' EQUALITY ca + seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.8 NAME 'ipatokenOTPkey' DESC 'O + TP Token Key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.4 + 0 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 2.5.21.6 NAME 'objectClasses' EQUALITY objectIdentifierFi + rstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOpera + tion X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.16 NAME 'ipatokenRadiusServer' + DESC 'Server String Configuration' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( cmsUserGroup-oid NAME 'cmsUserGroup' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.28 NAME 'mgrpMsgRejectAction' DESC ' + Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 1.3.6.1.1.1.1.29 NAME 'nisSecretkey' DESC 'nisSecretkey' E + QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( + 'RFC2307bis' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2135 NAME 'nsds5ReplicaCleanRUV' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- + ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.10 NAME 'idnsUpdatePolicy' DESC 'D + NS dynamic updates policy' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5 + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN + 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.230 NAME 'nsslapd-pluginDescription' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsAdminCacheLifetime-oid NAME 'nsAdminCacheLifetime' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR + IGIN 'Netscape Administration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.1.327 NAME 'nsIndexType' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne + tscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.545 NAME 'nscpEntryDN' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE + NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'Netscape Directory + Server' ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.5 NAME 'eduPersonPrimaryAffiliation + ' DESC 'Primary Affiliation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA + LUE X-ORIGIN 'http://middleware.internet2.edu/eduperson/' ) +attributeTypes: ( 2.16.840.1.113730.3.1.83 NAME 'cirUsePersistentSearch' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- + ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.12 NAME 'ipaNTTrustAttributes' DE + SC 'Trust attributes for a trusted domain' EQUALITY integerMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.10 NAME 'javaFactory' DESC 'Fully + qualified Java class name of a JNDI object factory' EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2713' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.11 NAME 'ipk11Private' DESC 'Is + private to application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.5.18.10 NAME 'subschemaSubentry' EQUALITY distinguished + NameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFIC + ATION USAGE directoryOperation X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2085 NAME 'isReplicated' DESC 'Chang + elog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 X-ORIGIN 'Netscape + Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.18 NAME 'managedBy' DESC 'DNs of e + ntries allowed to manage' SUP distinguishedName EQUALITY distinguishedNameM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.683 NAME 'nsds5ReplicaTombstonePurge + Interval' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory + Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC 'Sta + ndard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( + 'RFC 1274' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.20.2.2 NAME 'ipaReplTopoSegmentDirec + tion' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 X-ORIGIN ( 'FreeIPA' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.1100 NAME 'oneWaySync' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.68 NAME 'ipk11NeverExtractable' + DESC 'Key has never been extractable' EQUALITY booleanMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( nsConfigRoot-oid NAME 'nsConfigRoot' DESC 'Netscape define + d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' + ) +attributeTypes: ( requestType-oid NAME 'requestType' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.10.1 NAME 'krbMaxRenewableAge' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.13769.3.7 NAME 'mozillaHomeUrl' EQUALITY case + IgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Moz + illa Address Book' ) +attributeTypes: ( issuedBy-oid NAME 'issuedBy' DESC 'CMS defined attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.30 NAME 'ipaSELinuxUser' DESC 'An + SELinux user' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SU + BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2255 NAME 'passwordIsGlobalPolicy' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( requestState-oid NAME 'requestState' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTelephon + eNumber' ) EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 4524' X-DEPRECATED + 'mobileTelephoneNumber' ) +attributeTypes: ( nsAdminDomainName-oid NAME 'nsAdminDomainName' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' + Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.15 NAME 'mailAutoReplyText' DESC 'Ne + tscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2122 NAME 'dnaMaxValue' DESC 'DNA ma + ximum value to assign' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X- + ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.225 NAME 'nsslapd-pluginInitfunc' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsAdminEndUserHTMLIndex-oid NAME 'nsAdminEndUserHTMLIndex' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 X-ORIGIN 'Netscape Administration Services' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.2.1.3 NAME 'accountInactivityLimit' DES + C 'Account inactivity limit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA + LUE X-ORIGIN 'Account Policy Plugin' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'Driver + letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined + ' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2192 NAME 'nsslapd-auditlog-logmaxdi + skspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsBuildSecurity-oid NAME 'nsBuildSecurity' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets + cape' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.3 NAME 'idnsSOAmName' DESC 'SOA Na + me' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.708 NAME 'vacationenddate' DESC 'Net + scape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.581 NAME 'nsDS5ReplicaBindDN' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORI + GIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2169 NAME 'nsslapd-pagedsizelimit' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( mgrpApprovePassword-oid NAME 'mgrpApprovePassword' DESC 'N + etscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.26 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.78 NAME 'sambaTrustForestTrustInfo' D + ESC 'Forest trust information for a trusted domain object' EQUALITY caseExa + ctMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user + defined' ) ) +attributeTypes: ( 1.3.18.0.2.4.1136 NAME 'printer-location' DESC 'The physic + al location of this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rf + c3712' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.25 NAME 'ipatokenHOTPauthWindow + ' DESC 'HOTP Auth Window (maximum authentication skip-ahead)' EQUALITY inte + gerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA + OTP' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.531 NAME 'ntUserBadPwCount' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-V + ALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY caseI + gnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113730.3.1.37 NAME 'nsLicenseStartTime' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN 'Netscape Administration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.23 NAME 'idnsSecKeyDelete' DESC 'D + NSSEC key (planned) deletion timestamp' EQUALITY generalizedTimeMatch ORDER + ING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL + E-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.203 NAME 'replicaEntryFilter' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORI + GIN 'Netscape Directory Server' ) +attributeTypes: ( authorityID-oid NAME 'authorityID' DESC 'Authority ID' SYN + TAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC 'Share + Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.1 NAME 'ipaExternalMember' DESC ' + External Group Member Identifier' EQUALITY caseIgnoreMatch ORDERING caseIgn + oreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v3' ' + user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2242 NAME 'nsslapd-securePort' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING + LE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList' DESC 'X.509 cert + ificate revocation list' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.40 X-ORIGIN 'RFC 4523' ) +attributeTypes: ( nsAdminAccountInfo-oid NAME 'nsAdminAccountInfo' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape Administration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.24 NAME 'ipk11Local' DESC 'Was + created locally on token' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2090 NAME 'mepRDNAttr' DESC 'Managed + Entries RDN attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN '389 + Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.696 NAME 'inetSubscriberResponse' DE + SC 'Used to confirm subscriberIdentity. This attribute holds the response + phrase and is used in conjunction with the inetSubscriberChallenge' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Netscape subscriber in + teroperability' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Accoun + t Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 S + INGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.5.4.50 NAME 'uniqueMember' EQUALITY uniqueMemberMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.34 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2219 NAME 'nsslapd-minssf' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-V + ALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.18.0.2.4.1114 NAME 'printer-delivery-orientation-suppo + rted' DESC 'The possible delivery orientations of pages as they are printed + and ejected from this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 1.3.6.1.4.1.250.1.60 NAME ( 'ttl' 'timeToLive' ) DESC 'tim + e to live in seconds for cached objects' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 X-ORIGIN 'LDAP Caching Internet Draft' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.42.1 NAME 'krbDefaultEncSaltType + s' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.16.840.1.113730.3.1.2300 NAME 'nsslapd-connection-nocano + n' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.59 NAME 'ntUserPriv' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X- + ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2289 NAME 'nsslapd-disk-monitoring' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsDefaultObjectClass-oid NAME 'nsDefaultObjectClass' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR + IGIN 'Netscape Administration Services' ) +attributeTypes: ( 1.3.6.1.4.1.13769.3.8 NAME 'mozillaWorkStreet2' EQUALITY + caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2156 NAME 'nsslapd-sasl-max-buffer-s + ize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2260 NAME 'nsslapd-result-tweak' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.45 NAME 'ipaPermBindRuleType' DES + C 'IPA permission bind rule type' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.526 NAME 'ntUserLastLogon' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.101 NAME ( 'passwordInHistory' 'pwdI + nHistory' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' DESC 'Standard LDAP att + ribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RF + C 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.20 NAME 'mailProgramDeliveryInfo' DE + SC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 1.2.840.113556.1.4.481 NAME 'calCalAdrURI' DESC 'RFC2739: + URI for event equests destination' EQUALITY caseIgnoreIA5Match SUBSTR caseI + gnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'rfc2 + 739' ) +attributeTypes: ( 2.16.840.1.113730.3.1.238 NAME 'nsSNMPMasterPort' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.10 NAME 'sudoOrder' DESC 'an integer + to order the sudoRole entries' EQUALITY integerMatch ORDERING integerOrder + ingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'SUDO' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2326 NAME 'nsslapd-auditfaillog-logg + ing-hide-unhashed-pw' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.7 NAME 'javaCodebase' DESC 'URL(s) + specifying the location of class definition' EQUALITY caseExactIA5Match SY + NTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2713' ) +attributeTypes: ( firstUnsaved-oid NAME 'firstUnsaved' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.594 NAME 'nsDS5ReplicatedAttributeLi + stTotal' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2174 NAME 'nsslapd-auditlog-maxlogsi + ze' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.10 NAME 'sourceHost' DESC 'Link to + a host or group of hosts' SUP memberHost EQUALITY distinguishedNameMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2206 NAME 'nsslapd-unhashed-pw-switc + h' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.63 NAME 'ipaOriginalUid' DESC 'Or + iginal UID of overriden user' EQUALITY caseIgnoreMatch ORDERING caseIgnoreO + rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( ' + IPA v4' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 NAME 'preferredServerList' DESC ' + List of preferred servers' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstr + ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'RFC + 4876' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.42 NAME 'ntUserCreateNewAccount' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.8 NAME 'ipaDefaultPrimaryGroup' E + QUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'PKCS #12 + PFX PDU for exchange of personal identity information' SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.5 X-ORIGIN 'RFC 2798' ) +attributeTypes: ( 2.16.840.1.113730.3.1.5 NAME 'changeNumber' DESC 'Changelo + g attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Changelog + Internet Draft' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2143 NAME 'nsslapd-sasl-mapping-fall + back' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.18.9 NAME 'hasSubordinates' DESC 'if TRUE, subordinate + entries may exist' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .7 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'num + Subordinates Internet Draft' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.38 NAME 'ipaNTSIDBlacklistIncomin + g' DESC 'Extra SIDs filtered out from incoming MS-PAC' EQUALITY caseIgnoreI + A5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.26 X-ORIGIN 'IPA v3' ) +attributeTypes: ( SecureAgentPort-oid NAME 'SecureAgentPort' SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.5.4.24 NAME 'x121Address' EQUALITY numericStringMatch S + UBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 X-O + RIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.997 NAME 'pwdpolicysubentry' DESC 'N + etscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.12 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Director + y Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.2 NAME 'memberDenyCmd' DESC 'Refer + ence to a command or group of commands that are denied by the rule.' SUP di + stinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.12 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2224 NAME 'nsslapd-port' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VAL + UE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'Standard LDAP attr + ibute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'RFC + 2307' ) +attributeTypes: ( 2.5.4.43 NAME 'initials' SUP name EQUALITY caseIgnoreMatc + h SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O + RIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.30.1 NAME 'krbMaxPwdLife' EQUAL + ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.13 NAME 'sudoCmd' DESC 'Command(s) + to be executed by sudo' EQUALITY caseExactMatch ORDERING caseExactMatch SU + BSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2313 NAME 'nsslapd-changelogtrim-int + erval' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.64 NAME 'ntUserNumLogons' DESC 'Nets + cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VAL + UE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2294 NAME 'nsslapd-ndn-cache-max-siz + e' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2161 NAME 'nsIndexIDListScanLimit' D + ESC 'fine grained idlistscanlimit - per index/type/value' SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.589 NAME 'nsDS5ReplicaType' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.13769.4.2 NAME 'mozillaCustom2' EQUALITY case + IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.8 NAME 'sudoNotBefore' DESC 'Start o + f time interval for which the entry is valid' EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + X-ORIGIN 'SUDO' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.70 NAME 'sambaTrustType' DESC 'Type o + f trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- + VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.56 NAME 'ipaCertSubject' DESC 'Su + bject name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2273 NAME 'nsslapd-config' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-V + ALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.21.9 NAME 'structuralObjectClass' EQUALITY objectIden + tifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIF + ICATION USAGE directoryOperation X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.3 NAME 'ipatokenNotBefore' DESC + 'Token validity date' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.24 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( nsDisplayName-oid NAME 'nsDisplayName' DESC 'Netscape defi + ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape + Administration Services' ) +attributeTypes: ( authorityParentDN-oid NAME 'authorityParentDN' DESC 'Autho + rity Parent DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN + 'user defined' ) +attributeTypes: ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'Standard LDAP att + ribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2138 NAME 'nsslapd-readonly' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.55 NAME 'ipk11WrapTemplate' DES + C 'DN of template of keys which can be wrapped using this key' EQUALITY dis + tinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORI + GIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2331 NAME 'nsslapd-logging-hr-timest + amps-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.86 NAME 'cirLastUpdateApplied' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR + IGIN 'Netscape Directory Server' ) +attributeTypes: ( certProfileConfig-oid NAME 'certProfileConfig' DESC 'Certi + ficate profile configuration' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN + 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' DESC 'An integer den + oting time to live' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .27 ) +attributeTypes: ( 2.5.4.31 NAME 'member' SUP distinguishedName EQUALITY dis + tinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4519 + ' ) +attributeTypes: ( sslVersionMax-oid NAME 'sslVersionMax' DESC 'Netscape defi + ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape + ' ) +attributeTypes: ( 2.16.840.1.113730.3.1.252 NAME 'nsValueDescription' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORI + GIN 'Netscape servers - value item' ) +attributeTypes: ( userstate-oid NAME 'userstate' DESC 'Distinguish whether t + he user is administrator, agent or subsystem.' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2107 NAME 'nsPagedSizeLimit' DESC 'B + inder-based simple paged search operation size limit' SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN '389' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.17.1 NAME 'krbKdcServers' EQUAL + ITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.12 NAME 'defaultSearchScope' DESC ' + Default scope used when performing a search' EQUALITY caseIgnoreIA5Match SY + NTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user + defined' ) ) +attributeTypes: ( tokenSubject-oid NAME 'tokenSubject' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.805 NAME 'nsds5replicaTimeout' DESC + 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2088 NAME 'mepStaticAttr' DESC 'Mana + ged Entries static attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN + '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.23 NAME 'ipaCertificateSubjectBase + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( keyInfo-oid NAME 'keyInfo' DESC 'CMS defined attribute' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.74 NAME 'ipaDNSVersion' DESC 'IPA + DNS data version' EQUALITY integerMatch ORDERING integerOrderingMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v4.3' 'user d + efined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2211 NAME 'nsslapd-dynamicconf' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN + GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.51 NAME 'replicaUpdateReplayed' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O + RIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.20.2.5 NAME 'ipaReplTopoSegmentStatu + s' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X + -ORIGIN ( 'FreeIPA' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2281 NAME 'nsslapd-saslpath' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) SUP name EQUALITY case + IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'commonName' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2067 NAME 'pamIncludeSuffix' DESC 'S + uffixes to include for PAM authentication' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.12 X-ORIGIN 'Red Hat Directory Server' ) +attributeTypes: ( UnSecurePort-oid NAME 'UnSecurePort' SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.199 NAME 'memberCertificateDescripti + on' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.26 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.2312.4.3.3.1 NAME 'sabayonProfileURL' DESC 'Th + e URL of a sabayon profile' SUP labeledURI EQUALITY caseExactMatch SUBSTR c + aseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Saba + yon' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange' + DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY integer + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.17 NAME 'postalCode' EQUALITY caseIgnoreMatch SUBST + R caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' + RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2258 NAME 'nsslapd-csnlogging' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING + LE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsSSL2-oid NAME 'nsSSL2' DESC 'Netscape defined attribute + type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.109 NAME ( 'passwordLockoutDuration' + 'pwdLockoutDuration' ) DESC 'Netscape defined password policy attribute ty + pe' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Di + rectory Server' ) +attributeTypes: ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'Standard LDAP a + ttribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.18 NAME 'mailHost' DESC 'Netscape Me + ssaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2125 NAME 'dnaThreshold' DESC 'DNA t + hreshold for getting next range of values' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.220 NAME ( 'passwordMustChange' 'pwd + MustChange' ) DESC 'Netscape defined password policy attribute type' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Se + rver' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2237 NAME 'nsslapd-counters' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2195 NAME 'nsslapd-auditlog-logminfr + eediskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.575 NAME 'nsRoleDN' DESC 'Netscape d + efined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE directory + Operation X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.19.2.3 NAME 'ipaMaxDomainLevel' DESC + 'Maximal supported Domain Level value' EQUALITY numericStringMatch ORDERIN + G numericStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE X-OR + IGIN ( 'IPA v4' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.73 NAME 'installationTimeStamp' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O + RIGIN 'Netscape Administration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.1.247 NAME 'nsValueBin' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'Nets + cape servers - value item' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.7 NAME 'memberHost' DESC 'Referenc + e to a device where the operation takes place (usually host).' SUP distingu + ishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .12 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group( + s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.26 X-ORIGIN 'SUDO' ) +attributeTypes: ( 1.3.18.0.2.4.1133 NAME 'printer-ipp-versions-supported' DE + SC 'IPP protocol version(s) that this printer supports.' EQUALITY caseIgnor + eMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.20 NAME 'ipatokenUserMapAttribu + te' DESC 'Attribute to map from the user entry for RADIUS server authentica + tion' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY caseI + gnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.26 NAME 'idnsSecKeySep' DESC 'DNSK + EY SEP flag (equivalent to bit 15): RFC 4035' EQUALITY booleanMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defin + ed' ) ) +attributeTypes: ( 2.5.18.1 NAME 'createTimestamp' EQUALITY generalizedTimeM + atch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'R + FC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.1.553 NAME 'costemplatedn' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VAL + UE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.95 NAME 'accountUnlockTime' DESC 'Ne + tscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory + Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.20 NAME 'memberPrincipal' DESC 'P + rincipal names member of a groupOfPrincipals group' EQUALITY caseIgnoreMatc + h SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O + RIGIN ( 'IPA-v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.4 NAME 'ipaNTFallbackPrimaryGroup + ' DESC 'Fallback Group to set the Primary group Security Identifier for use + rs with UPGs' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2245 NAME 'nsslapd-maxthreadsperconn + ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.39.1 NAME 'krbPrincipalKey' EQU + ALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.10 NAME 'ipaPwdExpAdvNotify' EQUA + LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.2112 NAME 'ntGroupType' DESC 'Netsca + pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALU + E X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.23 NAME 'ipk11Id' DESC 'Key ass + ociation identifier' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.40 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( numberOfEnrollments-oid NAME 'numberOfEnrollments' DESC 'C + MS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user d + efined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord' DESC 'mailbox + or mail list information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR case + IgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' DESC ' + Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.691 NAME 'inetDomainStatus' DESC '"a + ctive", "inactive", or "deleted" status of a domain' SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape subscriber interoperability' + ) +attributeTypes: ( 1.3.18.0.2.4.1111 NAME 'printer-job-k-octets-supported' DE + SC 'The maximum size in kilobytes (1,024 octets actually) incoming print jo + b that this printer will accept.' EQUALITY integerMatch ORDERING integerOrd + eringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3 + 712' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2182 NAME 'nsslapd-errorlog-logrotat + ionsyncmin' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.788 NAME 'mgrpBroadcasterPolicy' DES + C 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( crlNumber-oid NAME 'crlNumber' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.601 NAME 'adminRole' DESC 'Administr + ative role' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Delegat + ed Administrator' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2072 NAME 'pamFallback' DESC 'Fallba + ck to regular LDAP BIND if PAM auth fails' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.7 SINGLE-VALUE X-ORIGIN 'Red Hat Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2159 NAME 'dnaRemoteConnProtocol' DE + SC 'Connection protocol: LDAP, TLS, or SSL' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( nsLogSuppress-oid NAME 'nsLogSuppress' DESC 'Netscape defi + ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape + ' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword' DESC + 'Clear text password (used for trusted domain passwords)' EQUALITY octetSt + ringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 2.5.21.1 NAME 'dITStructureRules' EQUALITY integerFirstCo + mponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation + X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 1.3.18.0.2.4.1126 NAME 'printer-pages-per-minute-color' DE + SC 'The nominal number of color pages per minute which may be output by thi + s printer.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.1.521 NAME 'ntUserHomeDir' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VAL + UE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.15 NAME 'ipatokenRadiusConfigLi + nk' DESC 'Corresponding Radius Configuration link' SUP distinguishedName EQ + UALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-V + ALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 1.2.840.113556.1.4.484 NAME 'calOtherCAPURIs' DESC 'RFC273 + 9: multi-value URI to other calendars' EQUALITY caseIgnoreIA5Match SUBSTR c + aseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ' + rfc2739' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.50.1 NAME 'krbLoginFailedCount' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.13 NAME 'idnsAllowSyncPTR' DESC 'p + ermit synchronization of PTR records' EQUALITY booleanMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2130 NAME 'dnaRangeRequestTimeout' D + ESC 'DNA timeout for querying replica for next range of values' SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.233 NAME 'nsSNMPOrganization' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORI + GIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord' DESC 'Key Exchang + e Delegation, RFC 2230' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Sub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation X-ORIGIN 'RFC 451 + 2' ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.8 NAME 'eduPersonPrimaryOrgUnitDN' + DESC 'Primary Organizational Unit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-O + RIGIN 'http://middleware.internet2.edu/eduperson/' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2329 NAME ( 'passwordSendExpiringTim + e' 'pwdSendExpiringTime' ) DESC 'Netscape defined password policy attribute + type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape + Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.17 NAME 'ipaNTTrustForestTrustInf + o' DESC 'Forest trust information for a trusted domain object' EQUALITY oct + etStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( nsHardwarePlatform-oid NAME 'nsHardwarePlatform' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape' ) +attributeTypes: ( 1.3.6.1.4.1.6981.11.3.8 NAME 'FTPuid' DESC 'System uid (ov + errides uidNumber if present)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) +attributeTypes: ( transName-oid NAME 'transName' DESC 'CMS defined attribute + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.14 NAME 'ipk11Copyable' DESC 'C + an be copied by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2080 NAME ( 'passwordMin8bit' 'pwdMi + n8bit' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' + ) +attributeTypes: ( 2.16.840.1.113730.3.1.686 NAME 'nsds5replicaLastUpdateEnd' + DESC 'Netscape defined attribute type' EQUALITY generalizedTimeMatch ORDER + ING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL + E-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2209 NAME 'nsslapd-rootpwstoragesche + me' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.49 NAME 'replicaUpdateFailedAt' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O + RIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.3 NAME 'ipaSearchTimeLimit' EQUAL + ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.31 NAME 'idnsServerId' DESC 'DNS s + erver identifier' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.8 NAME 'changes' DESC 'Changelog att + ribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'Changelog Intern + et Draft' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2146 NAME 'rootdn-days-allowed' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN + GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.37.1 NAME 'krbPasswordExpiration + ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL + E-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.35 NAME 'ipaBaseRID' DESC 'First + value of a RID range' EQUALITY integerMatch ORDERING integerOrderingMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user + defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2250 NAME 'nsslapd-ioblocktimeout' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' SYNT + AX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelephoneN + umber' ) EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 4524' X-DEPRECATED 'p + agerTelephoneNumber' ) +attributeTypes: ( 2.16.840.1.113730.3.1.10 NAME 'deleteOldRdn' DESC 'Changel + og attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 X-ORIGIN 'Changelog + Internet Draft' ) +attributeTypes: ( 2.16.840.1.113730.3.1.228 NAME 'nsslapd-pluginVersion' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC 'Logo + n script path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.5.4.46 NAME 'dnQualifier' EQUALITY caseIgnoreMatch ORDE + RING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.44 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2316 NAME 'nsslapd-auditfaillog-maxl + ogsize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.6 NAME 'idnsSOArefresh' DESC 'SOA + refresh value' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.614 NAME 'copyingFrom' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.2.840.113554.1.4.1.6.5 NAME 'krbPwdAllowedKeysalts' EQU + ALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE + X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( nsSSLToken-oid NAME 'nsSSLToken' DESC 'Netscape defined at + tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.584 NAME 'nsDS5ReplicaRoot' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2164 NAME 'winSyncSubtreePair' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR + IGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.53 NAME 'ipaPublicKey' DESC 'Publ + ic key as DER-encoded SubjectPublicKeyInfo (RFC 5280)' EQUALITY octetString + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN ( 'IPA v4.1' 'user defi + ned' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2276 NAME 'nsslapd-lockdir' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.6 NAME 'ipatokenModel' DESC 'Op + tional Model identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin + gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA O + TP' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.1001 NAME 'nsds7DirectoryReplicaSubt + ree' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.534 NAME 'ntUserPrimaryGroupId' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SING + LE-VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.18 NAME 'ipatokenRadiusTimeout' + DESC 'Server Timeout' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTelepho + neNumber' ) EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 4524' X-DEPRECATED + 'homeTelephoneNumber' ) +attributeTypes: ( 2.16.840.1.113730.3.8.21.1.8 NAME 'ipaCaSubjectDN' DESC 'S + ubject DN' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA v4.4 Lightweight CAs' 'user defi + ned' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.32 NAME 'mgrpMsgMaxSize' DESC 'Netsc + ape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.206 NAME 'filterInfo' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Net + scape Directory Server' ) +attributeTypes: ( 1.3.18.0.2.4.1140 NAME 'printer-uri' DESC 'A URI supported + by this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2334 NAME 'ntUserNtPassword' DESC 'N + etscape defined attribute type, synced or generated NT Password hash' SYNTA + X 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchroni + zation' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC 'Optio + n Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.5.4.34 NAME 'seeAlso' SUP distinguishedName EQUALITY di + stinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 451 + 9' ) +attributeTypes: ( nsSSL3Ciphers-oid NAME 'nsSSL3Ciphers' DESC 'Netscape defi + ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape + ' ) +attributeTypes: ( 1.3.6.1.4.1.6981.11.3.5 NAME 'FTPUploadBandwidth' DESC 'Ba + ndwidth (in KB/s) to limit upload speeds to' EQUALITY integerMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2093 NAME 'nsslapd-changelogsuffix' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.26 NAME 'ipaSELinuxUserMapDefault' + DESC 'Default SELinux user' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMa + tch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( nsUniqueAttribute-oid NAME 'nsUniqueAttribute' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' + Netscape Administration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.71 NAME 'ipaPermTargetFrom' DESC + 'Source location from where moving an entry IPA permission ACI' EQUALITY di + stinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-OR + IGIN ( 'IPA v4.0' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2214 NAME 'nsslapd-svrtab' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList' DESC 'X.509 delta revo + cation list' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 + X-ORIGIN 'RFC 4523' ) +attributeTypes: ( 1.3.18.0.2.4.1119 NAME 'printer-natural-language-configure + d' DESC 'The configured natural language in which error and status messages + will be generated (by default) by this printer.' EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.1.1 NAME 'krbPrincipalName' EQU + ALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113730.3.1.2303 NAME 'nsslapd-ignore-time-skew' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.54 NAME 'replicaUseSSL' DESC 'Netsca + pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'N + etscape Directory Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) EQUALIT + Y caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'userid' ) +attributeTypes: ( 2.16.840.1.113730.3.1.609 NAME 'nsds5BeginReplicaRefresh' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2284 NAME 'nsslapd-ssl-check-hostnam + e' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.1097 NAME 'nsds5replicaBusyWaitTime' + DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) SUP name EQUA + LITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'stateOrProvinceName' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.45 NAME 'IPSECKEYRecord' DESC 'IPSEC + KEY, RFC 4025' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defi + ned' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2151 NAME 'nsslapd-plugin-depends-on + -type' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsViewConfiguration-oid NAME 'nsViewConfiguration' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN 'Netscape Administration Services' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.25.1 NAME 'krbSearchScope' EQUA + LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' DESC 'Fo + rce Users to logon for password change (default: 0 => off, 2 => on)' EQUALI + TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.46 NAME 'ipaPermLocation' DESC 'L + ocation of IPA permission ACI' EQUALITY distinguishedNameMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN ( 'IPA v4.0' 'user defined' + ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2263 NAME 'nsslapd-maxsasliosize' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S + INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.529 NAME 'ntUserMaxStorage' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-V + ALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( CACertExtractFile-oid NAME 'CACertExtractFile' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' + Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.104 NAME ( 'passwordWarning' 'pwdExp + ireWarning' ) DESC 'Netscape defined password policy attribute type' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Se + rver' ) +attributeTypes: ( 1.3.6.1.1.1.1.12 NAME 'memberUid' DESC 'Standard LDAP attr + ibute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307' ) +attributeTypes: ( nsAccessLog-oid NAME 'nsAccessLog' DESC 'Netscape defined + attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2128 NAME 'dnaSecurePortNum' DESC 'D + NA secure port number of replica to get new range of values' SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( dateOfRecovery-oid NAME 'dateOfRecovery' DESC 'CMS defined + attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( ServerKeyExtractFile-oid NAME 'ServerKeyExtractFile' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR + IGIN 'Netscape' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Next NT + rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( nsPidLog-oid NAME 'nsPidLog' DESC 'Netscape defined attrib + ute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2198 NAME 'nsslapd-auditlog-logexpir + ationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.570 NAME 'nsLookThroughLimit' DESC ' + Binder-based search operation look through limit (candidate entries)' SYNTA + X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORI + GIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.12 NAME 'nisNetIdUser' DESC 'nisNe + tIdUser' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X- + ORIGIN ( 'RFC2307bis' 'user defined' ) ) +attributeTypes: ( nsCertfile-oid NAME 'nsCertfile' DESC 'Netscape defined at + tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2321 NAME 'nsslapd-auditfaillog-logm + axdiskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.76 NAME 'serverHostName' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' + Netscape Administration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.1.242 NAME 'nsSystemIndex' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' + Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.18.2.2 NAME 'ipaVaultSalt' DESC 'IPA + vault salt' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 + X-ORIGIN ( 'IPA v4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2177 NAME 'nsslapd-auditlog-logrotat + ionsync-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.2 NAME 'ipaClientVersion' DESC 'Te + xt string describing client version of the IPA software installed' EQUALITY + caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstrin + gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.13 NAME 'accessRuleType' DESC 'The + flag to represent if it is allow or deny rule.' EQUALITY caseIgnoreMatch O + RDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.64 NAME 'ipaSecretKeyRef' DESC 'D + N of the ipa key object' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.12 X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2201 NAME 'nsslapd-auditlog-logexpir + ationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 NAME 'defaultSearchBase' DESC 'De + fault base for searches' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.12 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) +attributeTypes: ( nsServerCreationClassname-oid NAME 'nsServerCreationClassn + ame' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.41 NAME 'ntUserDomainId' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VAL + UE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.29 NAME 'idnsTemplateAttribute' DE + SC 'Template attribute for dynamic attribute generation' EQUALITY caseIgnor + eIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4' 'user + defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.67 NAME 'ipk11AlwaysSensitive' + DESC 'Key has always been sensitive' EQUALITY booleanMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.219 NAME 'vlvUses' DESC 'Netscape de + fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Netsca + pe Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord' DESC 'IPv6 addr + ess, RFC 1886' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113730.3.1.973 NAME 'nsds5ReplConflict' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE + directoryOperation X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.18.4 NAME 'modifiersName' EQUALITY distinguishedNameM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION + USAGE directoryOperation X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.1.98 NAME 'passwordExp' DESC 'Netscape + defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.27 NAME 'destinationIndicator' EQUALITY caseIgnoreM + atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 + X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2248 NAME 'nsslapd-reservedescriptor + s' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( tokenIP-oid NAME 'tokenIP' DESC 'CMS defined attribute' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2115 NAME 'dnaType' DESC 'DNA attrib + ute type to maintain' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN '389 Di + rectory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.5 NAME 'ipaSudoOpt' DESC 'Options( + s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.26 X-ORIGIN 'IPA v2' ) +attributeTypes: ( subjectName-oid NAME 'subjectName' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2227 NAME 'nsslapd-snmp-index' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING + LE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' DESC 'Standard LDAP attri + bute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC + 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2185 NAME 'nsslapd-errorlog-logrotat + iontime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' EQUALIT + Y caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.15 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 2.16.840.1.113730.3.1.63 NAME 'ntUserUnitsPerWeek' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE- + VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2297 NAME 'nsslapd-search-return-ori + ginal-type-switch' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2075 NAME ( 'passwordMinDigits' 'pwd + MinDigits' ) DESC 'Netscape defined password policy attribute type' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Ser + ver' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.75 NAME 'sambaTrustAuthOutgoing' DESC + 'Authentication information for the outgoing portion of a trust' EQUALITY + caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' + 'user defined' ) ) +attributeTypes: ( 1.3.18.0.2.4.1123 NAME 'printer-sides-supported' DESC 'The + number of impression sides (one or two) and the two-sided impression rotat + ions supported by this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.5.21.4 NAME 'matchingRules' EQUALITY objectIdentifierFi + rstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOpera + tion X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.10 NAME 'ipatokenOTPdigits' DES + C 'OTP Token Number of digits' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' DESC 'Standard LDAP at + tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'R + FC 2307' ) +attributeTypes: ( requestResult-oid NAME 'requestResult' DESC 'CMS defined a + ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.16 NAME 'idnsZoneRefresh' DESC 'zo + ne refresh interval' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v2' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord' DESC 'service lo + cation, RFC 2782' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.3 NAME 'eduPersonOrgDN' DESC 'Organ + ization DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'htt + p://middleware.internet2.edu/eduperson/' ) +attributeTypes: ( 2.16.840.1.113730.3.1.543 NAME 'nsState' DESC 'Netscape de + fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-OR + IGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.85 NAME 'cirBindCredentials' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIG + IN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.10 NAME 'ipaNTDomainGUID' DESC 'N + T Domain GUID' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v3' ' + user defined' ) ) +attributeTypes: ( dateOfCreate-oid NAME 'dateOfCreate' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.8.1 NAME 'krbTicketFlags' EQUAL + ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.12 NAME 'javaDoc' DESC 'The Java d + ocumentation for the class' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26 X-ORIGIN 'RFC 2713' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2102 NAME 'autoMemberGroupingAttr' D + ESC 'Auto Membership grouping attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 26 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.13 NAME 'ipk11Label' DESC 'Desc + ription' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.808 NAME 'nsds5replicaLastInitEnd' D + ESC 'Netscape defined attribute type' EQUALITY generalizedTimeMatch ORDERIN + G generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE- + VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsUserIDFormat-oid NAME 'nsUserIDFormat' DESC 'Netscape de + fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netsca + pe Administration Services' ) +attributeTypes: ( 0.9.2342.19200300.100.1.9 NAME 'host' EQUALITY caseIgnore + Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'RFC 4524' ) +attributeTypes: ( nsAdminOneACLDir-oid NAME 'nsAdminOneACLDir' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne + tscape Administration Services' ) +attributeTypes: ( 2.5.4.0 NAME 'objectClass' EQUALITY objectIdentifierMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 X-ORIGIN 'RFC 4512' ) +attributeTypes: ( nsBuildNumber-oid NAME 'nsBuildNumber' DESC 'Netscape defi + ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape + ' ) +attributeTypes: ( 1.3.6.1.4.1.13769.3.5 NAME 'mozillaHomePostalCode' EQUALI + TY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2149 NAME 'rootdn-allow-ip' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI + N 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.2312.4.3.3.2 NAME 'sabayonProfileName' DESC 'T + he Name of a sabayon profile' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Sa + bayon' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' DESC 'Min + imal password length (default: 5)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.12 NAME 'title' SUP name EQUALITY caseIgnoreMatch S + UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN 'RFC 4519' ) +attributeTypes: ( authoritySerial-oid NAME 'authoritySerial' DESC 'Authority + certificate serial number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VAL + UE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.17 NAME 'mailForwardingAddress' DESC + 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( revInfo-oid NAME 'revInfo' DESC 'CMS defined attribute' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2120 NAME 'dnaFilter' DESC 'DNA filt + er for finding entries' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X + -ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.223 NAME ( 'passwordResetFailureCoun + t' 'pwdFailureCountInterval' ) DESC 'Netscape defined password policy attri + bute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Nets + cape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'Times + tamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.49 NAME ( 'distinguishedName' 'dn' ) EQUALITY disti + nguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4519' + X-DEPRECATED 'dn' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2232 NAME 'nsslapd-ldapimaptoentries + ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.578 NAME 'nsDS5ReplicaHost' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2190 NAME 'nsslapd-accesslog-logmaxd + iskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.1 NAME 'idnsAllowDynUpdate' DESC ' + permit dynamic updates on this zone' EQUALITY booleanMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2319 NAME 'nsslapd-auditfaillog-logr + otationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.45.1 NAME 'krbLastPwdChange' EQ + UALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VAL + UE ) +attributeTypes: ( 2.5.21.10 NAME 'governingStructureRule' EQUALITY integerM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION + USAGE directoryOperation X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who + may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2279 NAME 'nsslapd-ldifdir' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.18.0.2.4.1134 NAME 'printer-more-info' DESC 'A URI for + more information about this specific printer.' EQUALITY caseIgnoreMatch SU + BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'rfc3712' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.9 NAME 'attributeMap' DESC 'Attribu + te mappings used, required, or supported by an agent or service' EQUALITY c + aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'RFC4876' + 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.1004 NAME 'nsds7WindowsDomain' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING + LE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) + DESC 'Standard LDAP attribute type' EQUALITY caseIgnoreIA5Match SUBSTR cas + eIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE + X-ORIGIN ( 'RFC 2247' 'user defined' ) ) +attributeTypes: ( certStatus-oid NAME 'certStatus' DESC 'CMS defined attribu + te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.21.1.3 NAME 'ipaMemberCertProfile' D + ESC 'Reference to a certificate profile member' SUP distinguishedName EQUAL + ITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( + 'IPA v4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC 'pr + eferred written or spoken language for a person' EQUALITY caseIgnoreMatch S + UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'RFC 2798' ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.3 NAME ( 'mozillaUseHtmlMail' 'xmozill + ausehtmlmail' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN + 'Mozilla Address Book' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.21 NAME 'idnsSecKeyActivate' DESC + 'DNSSEC key (planned) activation time' EQUALITY generalizedTimeMatch ORDERI + NG generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE + -VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.201 NAME 'changeLogMaximumSize' DESC + 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O + RIGIN 'Netscape Directory Server' ) +attributeTypes: ( adminMessages-oid NAME 'adminMessages' DESC 'CMS defined a + ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( nsSerialNumber-oid NAME 'nsSerialNumber' DESC 'Netscape de + fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netsca + pe' ) +attributeTypes: ( 1.3.6.1.4.1.5322.21.2.3 NAME 'krbPwdLockoutDuration' EQUA + LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.90 NAME 'cirBeginORC' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Net + scape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.7 NAME 'ipaNTProfilePath' DESC 'U + ser Profile Path' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch + SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING + LE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2240 NAME 'nsslapd-accesslog' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.13 NAME 'ipaDefaultEmailDomain' E + QUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.99 NAME 'SPFRecord' DESC 'Sender Pol + icy Framework (SPF) for Authorizing Use of Domains in Email, RFC 7208' EQUA + LITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2096 NAME 'entryusn' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE N + O-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'Netscape' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'LanMa + nager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.694 NAME 'inetSubscriberAccountId' D + ESC 'A unique attribute linking the subscriber to a billing system' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape subscriber interoperabilit + y' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.18.1 NAME 'krbPwdServers' EQUAL + ITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.18.0.2.4.1112 NAME 'printer-current-operator' DESC 'Th + e identity of the current human operator responsible for operating this pri + nter.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2306 NAME 'nsslapd-return-default-op + attr' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.2.840.113556.1.4.478 NAME 'calCalURI' DESC 'RFC2739: URI + of entire default calendar' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreI + A5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'rfc2739' ) +attributeTypes: ( tokenNotAfter-oid NAME 'tokenNotAfter' DESC 'CMS defined a + ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.604 NAME 'parentid' DESC 'internal s + erver defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.42 NAME 'APLRecord' DESC 'Lists of A + ddress Prefixes, RFC 3132' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5 + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2 + ' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2154 NAME 'nsds5ReplicaBackoffMin' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.43 NAME 'ipaPermIncludedAttr' DES + C 'IPA permission explicitly included attribute' EQUALITY caseIgnoreMatch O + RDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN ( 'IPA v4.0' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2266 NAME 'nsslapd-enquote-sup-oc' D + ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.524 NAME 'ntUserScriptPath' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.1.22 NAME 'mgrpAllowedBroadcaster' DES + C 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2133 NAME 'pwdUpdateTime' DESC 'Last + password update time' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE US + AGE directoryOperation X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.236 NAME 'nsSNMPDescription' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' SYNTA + X 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2324 NAME 'nsslapd-auditfaillog-loge + xpirationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsPreference-oid NAME 'nsPreference' DESC 'Netscape define + d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape A + dministration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.18 NAME 'ipaNTTrustPosixOffset' D + ESC 'POSIX offset of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.33.1 NAME 'krbPwdMinLength' EQU + ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( crlName-oid NAME 'crlName' DESC 'CMS defined attribute' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( status-oid NAME 'status' DESC 'CMS defined attribute' SYNT + AX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.592 NAME 'nsDS5ReplicaAutoReferral' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( requestAgentGroup-oid NAME 'requestAgentGroup' DESC 'CMS d + efined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defin + ed' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2083 NAME ( 'passwordMinTokenLength' + 'pwdMinTokenLength' ) DESC 'Netscape defined password policy attribute typ + e' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Dir + ectory Server' ) +attributeTypes: ( numberOfRecoveries-oid NAME 'numberOfRecoveries' DESC 'CMS + defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user def + ined' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.16 NAME 'ipaConfigString' DESC 'Ge + neric configuration stirng' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMat + ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- + ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.689 NAME 'nsds5replicaUpdateInProgre + ss' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.7 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' + ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.61 NAME 'ipaWrappingKey' DESC 'PK + CS#11 URI of the wrapping key' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2204 NAME 'nsslapd-auditlog-logging- + enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.18.0.2.4.1109 NAME 'printer-charset-configured' DESC ' + The configured charset in which error and status messages will be generated + (by default) by this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.1.44 NAME 'ntGroupDomainId' DESC 'Nets + cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA + LUE X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.8.20.2.8 NAME 'ipaReplTopoManagedSuffi + x' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X + -ORIGIN ( 'FreeIPA' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.6 NAME 'ipaHomesRootDir' EQUALITY + caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.214 NAME 'passwordAllowChangeTime' D + ESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Di + rectory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.62 NAME 'ipk11Decrypt' DESC 'Ke + y supports decryption' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( tokenStatus-oid NAME 'tokenStatus' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.55 NAME 'HIPRecord' DESC 'Host Ident + ity Protocol (HIP) Domain Name System (DNS) Extension, RFC 5205' EQUALITY c + aseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2141 NAME 'dsOnlyMemberUid' DESC 'El + ements from a memberuid attribute created to reflect dynamic group membersh + ip' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Red Hat Directory Server + ' ) +attributeTypes: ( nsDirectoryFailoverList-oid NAME 'nsDirectoryFailoverList' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 6 X-ORIGIN 'Netscape' ) +attributeTypes: ( nsSSLSessionTimeout-oid NAME 'nsSSLSessionTimeout' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.36 NAME 'ipaSecondaryBaseRID' DES + C 'First value of a secondary RID range' EQUALITY integerMatch ORDERING int + egerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGI + N ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2253 NAME 'nsslapd-nagle' DESC 'Nets + cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA + LUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2118 NAME 'dnaInterval' DESC 'DNA in + terval between values' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X- + ORIGIN '389 Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC 'Ti + mestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch SUBSTR case + IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 45 + 19' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2188 NAME 'nsslapd-errorlog-logrotat + iontimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.32769 NAME 'DLVRecord' DESC 'DNSSEC + Lookaside Validation, RFC 4431' EQUALITY caseIgnoreIA5Match SUBSTR caseIgno + reIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v + 4.4.2' 'user defined' ) ) +attributeTypes: ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' EQUALITY + distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC + 4524' ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.11 NAME 'ipaSudoRunAsGroupCategory + ' DESC 'Additional classification for groups' SUP userCategory EQUALITY cas + eIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2311 NAME 'nsds5ReplicaFlowControlPa + use' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.66 NAME 'ntUserUniqueId' DESC 'Netsc + ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALU + E X-ORIGIN 'Netscape NT Synchronization' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.9 NAME 'idnsSOAminimum' DESC 'SOA + minimum value' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2078 NAME ( 'passwordMinLowers' 'pwd + MinLowers' ) DESC 'Netscape defined password policy attribute type' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Ser + ver' ) +attributeTypes: ( 2.16.840.1.113730.3.1.587 NAME 'nsds50ruv' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets + cape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2167 NAME 'schemaUpdateAttributeAcce + pt' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2271 NAME 'nsslapd-rewrite-rfc1274' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.54 NAME 'ipaPrivateKey' DESC 'Pri + vate key as DER-encoded EncryptedPrivateKeyInfo (RFC 5958)' EQUALITY octetS + tringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN ( 'IP + A v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.1 NAME 'ipatokenUniqueID' DESC + 'Token Unique Identifier' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'Standard LDA + P attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGI + N 'RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.31 NAME 'mailEnhancedUniqueMember' D + ESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.12 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.5.1 NAME 'krbUPEnabled' DESC 'Bo + olean' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.19 NAME 'idnsSecKeyCreated' DESC ' + DNSSEC key creation timestamp' EQUALITY generalizedTimeMatch ORDERING gener + alizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X + -ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.209 NAME 'vlvFilter' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Nets + cape Directory Server' ) +attributeTypes: ( nsErrorLog-oid NAME 'nsErrorLog' DESC 'Netscape defined at + tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record' DESC 'A6 Record T + ype, RFC 2874' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113730.3.1.88 NAME 'cirUpdateFailedat' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI + N 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC 'Base6 + 4 encoded user parameter string' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.250 NAME 'nsValueDefault' DESC 'Nets + cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape servers - value item' ) +attributeTypes: ( 2.5.4.37 NAME 'cACertificate' DESC 'X.509 CA certificate' + EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RF + C 4523' ) +attributeTypes: ( 1.3.6.1.4.1.6981.11.3.2 NAME 'FTPQuotaMBytes' DESC 'Quota + (in megabytes) for an FTP user' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.14 NAME 'serviceSearchDescriptor' D + ESC 'Specifies search descriptors required, used, or supported by a particu + lar service or agent' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'RFC4876' 'user defined' + ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2105 NAME 'autoMemberTargetGroup' DE + SC 'Auto Membership target group' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SING + LE-VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.803 NAME 'nsBackendSuffix' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE di + rectoryOperation X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2217 NAME 'nsslapd-allow-anonymous-a + ccess' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.53 NAME 'replicaBindMethod' DESC 'Ne + tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI + N 'Netscape Directory Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.4 NAME 'info' EQUALITY caseIgnore + Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.71 NAME 'ipk11AlwaysAuthenticat + e' DESC 'User has to authenticate for each use with this key' EQUALITY bool + eanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v + 4.1' 'user defined' ) ) +attributeTypes: ( nsSSLSupportedCiphers-oid NAME 'nsSSLSupportedCiphers' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- + ORIGIN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2287 NAME 'nsslapd-force-sasl-extern + al' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2065 NAME 'nsSaslMapBaseDNTemplate' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.5.4.5 NAME 'serialNumber' EQUALITY caseIgnoreMatch SUBS + TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 X-ORIGIN + 'RFC 4519' ) +attributeTypes: ( p12Expiration-oid NAME 'p12Expiration' DESC 'CMS defined a + ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenUserID-oid NAME 'tokenUserID' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.197 NAME 'replicaHost' DESC 'Netscap + e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne + tscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold' DESC + 'Lockout users after bad logon attempts (default: 0 => off)' EQUALITY integ + erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( tokenReason-oid NAME 'tokenReason' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.5.4.15 NAME 'businessCategory' EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR + IGIN 'RFC 4519' ) +attributeTypes: ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' EQUALITY c + aseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( 2.16.840.1.113730.3.1.107 NAME 'passwordResetDuration' DES + C 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' DESC 'Standard LD + AP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIG + IN 'RFC 2307' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2235 NAME 'nsslapd-ldapientrysearchb + ase' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( tokenAppletID-oid NAME 'tokenAppletID' DESC 'CMS defined a + ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( extensions-oid NAME 'extensions' DESC 'CMS defined attribu + te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( nsInstalledLocation-oid NAME 'nsInstalledLocation' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN 'Netscape' ) +attributeTypes: ( 2.16.840.1.113730.3.1.573 NAME 'nsIdleTimeout' DESC 'Binde + r-based connection idle timeout (seconds)' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Ser + ver' ) +attributeTypes: ( 2.16.840.1.113730.3.8.19.2.1 NAME 'ipaDomainLevel' DESC 'D + omain Level value' EQUALITY numericStringMatch ORDERING numericStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE X-ORIGIN ( 'IPA v4' 'user + defined' ) ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.4 NAME 'UnknownRecord' DESC 'unknown D + NS record, RFC 3597' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr + ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'use + r defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.75 NAME 'adminUrl' DESC 'Netscape de + fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netsca + pe Administration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.1.245 NAME 'nsValueTel' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'Net + scape servers - value item' ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.42 NAME 'preferredLocale' DESC 'p + referred locale for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Ne + tscape' ) +attributeTypes: ( nsNYR-oid NAME 'nsNYR' DESC 'Netscape defined attribute ty + pe' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration + Services' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2172 NAME 'nsslapd-accesslog-maxlogs + ize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.5 NAME 'memberUser' DESC 'Referenc + e to a principal that performs an action (usually user).' SUP distinguished + Name EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X + -ORIGIN 'IPA v2' ) +attributeTypes: ( userMessages-oid NAME 'userMessages' DESC 'CMS defined att + ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.18.0.2.4.1131 NAME 'printer-charset-supported' DESC 'S + et of charsets supported for the attribute values of syntax DirectoryString + for this directory entry.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.15 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.22 NAME 'ipatokenTOTPwatermark' + DESC 'TOTP watermark' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.4 NAME 'bindTimeLimit' DESC 'Maximu + m time an agent or service allows for a bind operation to complete' EQUALIT + Y integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.27 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.21.1.6 NAME 'ipaCaId' DESC 'Dogtag A + uthority ID' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBS + TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + ( 'IPA v4.4 Lightweight CAs' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.24 NAME 'idnsSecKeyZone' DESC 'DNS + KEY ZONE flag (equivalent to bit 7): RFC 4035' EQUALITY booleanMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defi + ned' ) ) +attributeTypes: ( archivedBy-oid NAME 'archivedBy' DESC 'CMS defined attribu + te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.53.1 NAME 'krbPrincContainerRef' + EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'numeri + cally identifies an employee within an organization' EQUALITY caseIgnoreMat + ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE X-ORIGIN 'RFC 2798' ) +attributeTypes: ( 2.16.840.1.113730.3.1.551 NAME 'cosspecifier' DESC 'Netsca + pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALU + E X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.97 NAME ( 'passwordMaxAge' 'pwdMaxAg + e' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.5322.21.2.4 NAME 'krbAllowedToDelegateTo' EQU + ALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' DESC + 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier' SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.51 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.8 NAME 'ipaSudoRunAsUserCategory' + DESC 'Additional classification for users' SUP userCategory EQUALITY caseIg + noreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2099 NAME 'autoMemberExclusiveRegex' + DESC 'Auto Membership exclusive regex rule' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord' DESC 'text strin + g, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'Standard LDAP attribute + type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2307 + ' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC 'Next + NT rid to give our for users' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.2222 NAME 'nsslapd-localuser' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2180 NAME 'nsslapd-auditlog-logrotat + ionsynchour' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2309 NAME 'nsds5ReplicaPreciseTombst + onePurging' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( tokenOrigin-oid NAME 'tokenOrigin' DESC 'CMS defined attri + bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2292 NAME 'nsslapd-disk-monitoring-l + ogging-critical' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2070 NAME 'pamIDMapMethod' DESC 'How + to map BIND DN to PAM identity' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Red Hat Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.408 NAME 'replicaLastRelevantChange' + DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 7 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.76 NAME 'sambaTrustAuthIncoming' DESC + 'Authentication information for the incoming portion of a trust' EQUALITY + caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' + 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2269 NAME 'nsslapd-errorlog-list' DE + SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X + -ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.18.0.2.4.1124 NAME 'printer-number-up-supported' DESC + 'The possible numbers of print-stream pages to impose upon a single side of + an instance of a selected medium.' EQUALITY integerMatch ORDERING integerO + rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'rfc3712' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.9 NAME 'ipatokenOTPalgorithm' D + ESC 'OTP Token Algorithm' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( allowPinReset-oid NAME 'allowPinReset' DESC 'CMS defined a + ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.5.21.7 NAME 'nameForms' EQUALITY objectIdentifierFirstC + omponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation + X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.8.16.1.17 NAME 'ipatokenRadiusSecret' + DESC 'Server Secret' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.40 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) +attributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' EQUALITY octetStr + ingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 1274' ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.36.1 NAME 'krbPwdPolicyReference + ' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SIN + GLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.28 NAME 'nisPublickey' DESC 'nisPublickey' E + QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( + 'RFC2307bis' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.29 NAME 'mgrpMsgRejectText' DESC 'Ne + tscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2136 NAME 'nsds5ReplicaCleanRUVNotif + ied' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.27 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.11 NAME 'idnsAllowQuery' DESC 'BIN + D9 allow-query ACL element' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v2' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.231 NAME 'nsslapd-pluginEnabled' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( nsWellKnownJarfiles-oid NAME 'nsWellKnownJarfiles' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG + IN 'Netscape Administration Services' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord' DESC 'non-exista + nt, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' EQUALITY + objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 US + AGE directoryOperation X-ORIGIN 'RFC 4512' ) +attributeTypes: ( nsAdminAccessHosts-oid NAME 'nsAdminAccessHosts' DESC 'Net + scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape Administration Services' ) +attributeTypes: ( 2.16.840.1.113730.3.1.328 NAME 'nsMatchingRule' DESC 'Nets + cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN + 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.6 NAME 'eduPersonPrincipalName' DES + C 'Principal Name' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIG + IN 'http://middleware.internet2.edu/eduperson/' ) +attributeTypes: ( 2.16.840.1.113730.3.1.80 NAME 'cirHost' DESC 'Netscape def + ined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscap + e Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.15 NAME 'ipaNTTrustAuthOutgoing' + DESC 'Authentication information for the outgoing portion of a trust' EQUAL + ITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.11 NAME 'javaReferenceAddress' DES + C 'Addresses associated with a JNDI Reference' EQUALITY caseExactMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2713' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.16 NAME 'ipk11Trusted' DESC 'Ca + n be trusted by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2086 NAME 'mepManagedBy' DESC 'Manag + ed Entries backpointer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN '389 + Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.3.19 NAME 'serviceCategory' DESC 'Ad + ditional classification for services' EQUALITY caseIgnoreMatch ORDERING cas + eIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.684 NAME 'nsds5ReplicaChangeCount' D + ESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.1.1 NAME 'ipaUserSearchFields' EQUA + LITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113730.3.8.20.2.3 NAME 'ipaReplTopoSegmentLeftN + ode' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN ( 'FreeIPA' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.1101 NAME 'nsRoleScopeDN' DESC 'Scop + e of a role' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN '38 + 9 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.17.1.69 NAME 'ipk11WrapWithTrusted' + DESC 'Key can only be wrapped with a trusted wrapping key' EQUALITY boolean + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1 + ' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.41.1 NAME 'krbSubTrees' EQUALIT + Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.52 NAME 'TLSARecord' DESC 'DNS-Based + Authentication of Named Entities - Transport Layer Security Protocol, RFC + 6698' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) +attributeTypes: ( 1.3.1.1.4.1.453.16.2.103 NAME 'numSubordinates' DESC 'coun + t of immediate subordinates' EQUALITY integerMatch ORDERING integerOrdering + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATIO + N USAGE directoryOperation X-ORIGIN 'numSubordinates Internet Draft' ) +attributeTypes: ( 1.3.6.1.4.1.13769.3.6 NAME 'mozillaHomeCountryName' SUP n + ame EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2144 NAME 'rootdn-open-time' DESC 'N + etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.11.33 NAME 'ipaBaseID' DESC 'First v + alue of a Posix ID range' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2256 NAME 'passwordLegacyPolicy' DES + C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.9999999 NAME 'nsds5debugreplicatimeo + ut' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' EQUALITY + caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.15 X-ORIGIN 'RFC 4524' ) +attributeTypes: ( SubsystemName-oid NAME 'SubsystemName' SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation X-ORIGIN 'RFC 4512' ) +attributeTypes: ( 2.16.840.1.113730.3.1.12 NAME 'mailAccessDomain' DESC 'Net + scape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2123 NAME 'dnaSharedCfgDN' DESC 'DNA + shared configuration entry DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE + -VALUE X-ORIGIN '389 Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.226 NAME 'nsslapd-pluginType' DESC ' + Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC 'Time + stamp of when the user will be logged off automatically' EQUALITY integerMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.44 NAME 'generationQualifier' SUP name EQUALITY cas + eIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 X-ORIGIN 'RFC 4519' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2193 NAME 'nsslapd-accesslog-logminf + reediskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.7.14 NAME 'ipaSudoRunAsExtUserGroup' + DESC 'Multivalue string attribute that allows storing groups of users that + are not managed by IPA the command can be run as' EQUALITY caseIgnoreMatch + ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) +attributeTypes: ( 2.16.840.1.113730.3.1.2314 NAME 'nsslapd-changelogcompactd + b-interval' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.4 NAME 'idnsSOArName' DESC 'SOA ro + ot Name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.1.612 NAME 'generation' DESC 'Netscape + defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Net + scape Directory Server' ) +cn: schema +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5String' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'DirectoryString' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'DN' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'Facsimile Telephone Numb + er' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.23 DESC 'FAX' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.24 DESC 'GeneralizedTime' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.27 DESC 'INTEGER' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional UID' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'OctetString' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'TelephoneNumber' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'Teletex Terminal Identif + ier' ) +ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' ) +matchingRules: ( 2.5.13.17 NAME 'octetStringMatch' DESC 'The octetStringMatc + h rule compares an assertion value of the Octet String syntax to an attribu + te value of a syntax (e.g., the Octet String or JPEG syntax) whose correspo + nding ASN.1 type is the OCTET STRING ASN.1 type. The rule evaluates to TRU + E if and only if the attribute value and the assertion value are the same l + ength and corresponding octets (by position) are the same.' SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.40 ) +matchingRules: ( 2.5.13.18 NAME 'octetStringOrderingMatch' DESC 'The octetSt + ringOrderingMatch rule compares an assertion value of the Octet String synt + ax to an attribute value of a syntax (e.g., the Octet String or JPEG syntax + ) whose corresponding ASN.1 type is the OCTET STRING ASN.1 type. The rule + evaluates to TRUE if and only if the attribute value appears earlier in the + collation order than the assertion value. The rule compares octet strings + from the first octet to the last octet, and from the most significant bit + to the least significant bit within the octet. The first occurrence of a d + ifferent bit determines the ordering of the strings. A zero bit precedes a + one bit. If the strings contain different numbers of octets but the longe + r string is identical to the shorter string up to the length of the shorter + string, then the shorter string precedes the longer string.' SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.40 ) +matchingRules: ( 2.5.13.16 NAME 'bitStringMatch' DESC 'The bitStringMatch ru + le compares an assertion value of the Bit String syntax to an attribute val + ue of a syntax (e.g., the Bit String syntax) whose corresponding ASN.1 type + is BIT STRING. If the corresponding ASN.1 type of the attribute syntax do + es not have a named bit list [ASN.1] (which is the case for the Bit String + syntax), then the rule evaluates to TRUE if and only if the attribute value + has the same number of bits as the assertion value and the bits match on a + bitwise basis. If the corresponding ASN.1 type does have a named bit list + , then bitStringMatch operates as above, except that trailing zero bits in + the attribute and assertion values are treated as absent.' SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.6 ) +matchingRules: ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' DESC 'T + he caseExactIA5Match rule compares an assertion value of the IA5 String syn + tax to an attribute value of a syntax (e.g., the IA5 String syntax) whose c + orresponding ASN.1 type is IA5String. The rule evaluates to TRUE if and onl + y if the prepared attribute value character string and the prepared asserti + on value character string have the same number of characters and correspond + ing characters have the same code point. In preparing the attribute value a + nd assertion value for comparison, characters are not case folded in the Ma + p preparation step, and only Insignificant Space Handling is applied in the + Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 26 ) +matchingRules: ( 2.5.13.5 NAME 'caseExactMatch' DESC 'The caseExactMatch rul + e compares an assertion value of the Directory String syntax to an attribut + e value of a syntax (e.g., the Directory String, Printable String, Country + String, or Telephone Number syntax) whose corresponding ASN.1 type is Direc + toryString or one of the alternative string types of DirectoryString, such + as PrintableString (the other alternatives do not correspond to any syntax + defined in this document). The rule evaluates to TRUE if and only if the pr + epared attribute value character string and the prepared assertion value ch + aracter string have the same number of characters and corresponding charact + ers have the same code point. In preparing the attribute value and assertio + n value for comparison, characters are not case folded in the Map preparati + on step, and only Insignificant Space Handling is applied in the Insignific + ant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.5.13.6 NAME 'caseExactOrderingMatch' DESC 'The caseExactO + rderingMatch rule compares an assertion value of the Directory String synta + x to an attribute value of a syntax (e.g., the Directory String, Printable + String, Country String, or Telephone Number syntax) whose corresponding ASN + .1 type is DirectoryString or one of its alternative string types. The rule + evaluates to TRUE if and only if, in the code point collation order, the p + repared attribute value character string appears earlier than the prepared + assertion value character string; i.e., the attribute value is "less than" + the assertion value. In preparing the attribute value and assertion value f + or comparison, characters are not case folded in the Map preparation step, + and only Insignificant Space Handling is applied in the Insignificant Chara + cter Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.5.13.7 NAME 'caseExactSubstringsMatch' DESC 'The caseExac + tSubstringsMatch rule compares an assertion value of the Substring Assertio + n syntax to an attribute value of a syntax (e.g., the Directory String, Pri + ntable String, Country String, or Telephone Number syntax) whose correspond + ing ASN.1 type is DirectoryString or one of its alternative string types. T + he rule evaluates to TRUE if and only if (1) the prepared substrings of the + assertion value match disjoint portions of the prepared attribute value ch + aracter string in the order of the substrings in the assertion value, (2) a + n substring, if present, matches the beginning of the prepared at + tribute value character string, and (3) a substring, if present, ma + tches the end of the prepared attribute value character string. A prepared + substring matches a portion of the prepared attribute value character stri + ng if corresponding characters have the same code point. In preparing the a + ttribute value and assertion value substrings for comparison, characters ar + e not case folded in the Map preparation step, and only Insignificant Space + Handling is applied in the Insignificant Character Handling step.' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.58 ) +matchingRules: ( 2.16.840.1.113730.3.3.1 NAME 'caseExactIA5SubstringsMatch' + DESC 'The caseExactIA5SubstringsMatch rule compares an assertion value of t + he Substring Assertion syntax to an attribute value of a syntax (e.g., the + IA5 syntax) whose corresponding ASN.1 type is IA5 String or one of its alte + rnative string types. The rule evaluates to TRUE if and only if (1) the pre + pared substrings of the assertion value match disjoint portions of the prep + ared attribute value character string in the order of the substrings in the + assertion value, (2) an substring, if present, matches the begin + ning of the prepared attribute value character string, and (3) a su + bstring, if present, matches the end of the prepared attribute value charac + ter string. A prepared substring matches a portion of the prepared attribu + te value character string if corresponding characters have the same code po + int. In preparing the attribute value and assertion value substrings for co + mparison, characters are not case folded in the Map preparation step, and o + nly Insignificant Space Handling is applied in the Insignificant Character + Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) +matchingRules: ( 2.5.13.27 NAME 'generalizedTimeMatch' DESC 'The rule evalua + tes to TRUE if and only if the attribute value represents the same universa + l coordinated time as the assertion value.' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.24 ) +matchingRules: ( 2.5.13.28 NAME 'generalizedTimeOrderingMatch' DESC 'The rul + e evaluates to TRUE if and only if the attribute value represents a univers + al coordinated time that is earlier than the universal coordinated time rep + resented by the assertion value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) +matchingRules: ( 2.5.13.13 NAME 'booleanMatch' DESC 'The booleanMatch rule c + ompares an assertion value of the Boolean syntax to an attribute value of a + syntax (e.g., the Boolean syntax) whose corresponding ASN.1 type is BOOLEA + N. The rule evaluates to TRUE if and only if the attribute value and the a + ssertion value are both TRUE or both FALSE.' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.7 ) +matchingRules: ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' DESC ' + The caseIgnoreIA5Match rule compares an assertion value of the IA5 String s + yntax to an attribute value of a syntax (e.g., the IA5 String syntax) whose + corresponding ASN.1 type is IA5String. The rule evaluates to TRUE if and + only if the prepared attribute value character string and the prepared asse + rtion value character string have the same number of characters and corresp + onding characters have the same code point. In preparing the attribute val + ue and assertion value for comparison, characters are case folded in the Ma + p preparation step, and only Insignificant Space Handling is applied in the + Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 26 ) +matchingRules: ( 1.3.6.1.4.1.1466.109.114.3 NAME 'caseIgnoreIA5SubstringsMat + ch' DESC 'The caseIgnoreIA5SubstringsMatch rule compares an assertion value + of the Substring Assertion syntax to an attribute value of a syntax (e.g., + the IA5 String syntax) whose corresponding ASN.1 type is IA5String. The r + ule evaluates to TRUE if and only if (1) the prepared substrings of the ass + ertion value match disjoint portions of the prepared attribute value charac + ter string in the order of the substrings in the assertion value, (2) an substring, if present, matches the beginning of the prepared attrib + ute value character string, and (3) a substring, if present, matche + s the end of the prepared attribute value character string. A prepared sub + string matches a portion of the prepared attribute value character string i + f corresponding characters have the same code point. In preparing the attr + ibute value and assertion value substrings for comparison, characters are c + ase folded in the Map preparation step, and only Insignificant Space Handli + ng is applied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.58 ) +matchingRules: ( 2.5.13.2 NAME 'caseIgnoreMatch' DESC 'The caseIgnoreMatch r + ule compares an assertion value of the Directory String syntax to an attrib + ute value of a syntax (e.g., the Directory String, Printable String, Countr + y String, or Telephone Number syntax) whose corresponding ASN.1 type is Dir + ectoryString or one of its alternative string types. The rule evaluates to + TRUE if and only if the prepared attribute value character string and the + prepared assertion value character string have the same number of character + s and corresponding characters have the same code point. In preparing the a + ttribute value and assertion value for comparison, characters are case fold + ed in the Map preparation step, and only Insignificant Space Handling is ap + plied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.15 ) +matchingRules: ( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' DESC 'The caseIgnor + eOrderingMatch rule compares an assertion value of the Directory String syn + tax to an attribute value of a syntax (e.g., the Directory String, Printabl + e String, Country String, or Telephone Number syntax) whose corresponding A + SN.1 type is DirectoryString or one of its alternative string types. The ru + le evaluates to TRUE if and only if, in the code point collation order, the + prepared attribute value character string appears earlier than the prepare + d assertion value character string; i.e., the attribute value is "less than + " the assertion value. In preparing the attribute value and assertion value + for comparison, characters are case folded in the Map preparation step, an + d only Insignificant Space Handling is applied in the Insignificant Charact + er Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' DESC 'The caseIgn + oreSubstringsMatch rule compares an assertion value of the Substring Assert + ion syntax to an attribute value of a syntax (e.g., the Directory String, P + rintable String, Country String, or Telephone Number syntax) whose correspo + nding ASN.1 type is DirectoryString or one of its alternative string types. + The rule evaluates to TRUE if and only if (1) the prepared substrings of t + he assertion value match disjoint portions of the prepared attribute value + character string in the order of the substrings in the assertion value, (2) + an substring, if present, matches the beginning of the prepared + attribute value character string, and (3) a substring, if present, + matches the end of the prepared attribute value character string. A prepar + ed substring matches a portion of the prepared attribute value character st + ring if corresponding characters have the same code point. In preparing the + attribute value and assertion value substrings for comparison, characters + are case folded in the Map preparation step, and only Insignificant Space H + andling is applied in the Insignificant Character Handling step.' SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.58 ) +matchingRules: ( 2.5.13.11 NAME 'caseIgnoreListMatch' DESC 'The caseIgnoreLi + stMatch rule compares an assertion value that is a sequence of strings to a + n attribute value of a syntax (e.g., the Postal Address syntax) whose corre + sponding ASN.1 type is a SEQUENCE OF the DirectoryString ASN.1 type. The ru + le evaluates to TRUE if and only if the attribute value and the assertion v + alue have the same number of strings and corresponding strings (by position + ) match according to the caseIgnoreMatch matching rule. In [X.520], the ass + ertion syntax for this matching rule is defined to be: SEQUENCE OF Di + rectoryString {ub-match} That is, it is different from the corresponding ty + pe for the Postal Address syntax. The choice of the Postal Address syntax + for the assertion syntax of the caseIgnoreListMatch in LDAP should not be s + een as limiting the matching rule to apply only to attributes with the Post + al Address syntax.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) +matchingRules: ( 2.5.13.12 NAME 'caseIgnoreListSubstringsMatch' DESC 'The ca + seIgnoreListSubstringsMatch rule compares an assertion value of the Substri + ng Assertion syntax to an attribute value of a syntax (e.g., the Postal Add + ress syntax) whose corresponding ASN.1 type is a SEQUENCE OF the DirectoryS + tring ASN.1 type. The rule evaluates to TRUE if and only if the assertion v + alue matches, per the caseIgnoreSubstringsMatch rule, the character string + formed by concatenating the strings of the attribute value, except that non + e of the , , or substrings of the assertion value are + considered to match a substring of the concatenated string which spans mor + e than one of the original strings of the attribute value. Note that, in te + rms of the LDAP-specific encoding of the Postal Address syntax, the concate + nated string omits the line separator and the escaping of "\" and + "$" characters.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) +matchingRules: ( 2.5.13.0 NAME 'objectIdentifierMatch' DESC 'The objectIdent + ifierMatch rule compares an assertion value of the OID syntax to an attribu + te value of a syntax (e.g., the OID syntax) whose corresponding ASN.1 type + is OBJECT IDENTIFIER. The rule evaluates to TRUE if and only if the asserti + on value and the attribute value represent the same object identifier; that + is, the same sequence of integers, whether represented explicitly in the < + numericoid> form of or implicitly in the form (see [RFC4512]) + . If an LDAP client supplies an assertion value in the form and the + chosen descriptor is not recognized by the server, then the objectIdentifi + erMatch rule evaluates to Undefined.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 + ) +matchingRules: ( 2.5.13.31 NAME 'directoryStringFirstComponentMatch' DESC 'T + he directoryStringFirstComponentMatch rule compares an assertion value of t + he Directory String syntax to an attribute value of a syntax whose correspo + nding ASN.1 type is a SEQUENCE with a mandatory first component of the Dire + ctoryString ASN.1 type. Note that the assertion syntax of this matching rul + e differs from the attribute syntax of attributes for which this is the equ + ality matching rule. The rule evaluates to TRUE if and only if the assertio + n value matches the first component of the attribute value using the rules + of caseIgnoreMatch.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' DESC ' + The objectIdentifierFirstComponentMatch rule compares an assertion value of + the OID syntax to an attribute value of a syntax (e.g., the Attribute Type + Description, DIT Content Rule Description, LDAP Syntax Description, Matchi + ng Rule Description, Matching Rule Use Description, Name Form Description, + or Object Class Description syntax) whose corresponding ASN.1 type is a SEQ + UENCE with a mandatory first component of the OBJECT IDENTIFIER ASN.1 type. + Note that the assertion syntax of this matching rule differs from the attr + ibute syntax of attributes for which this is the equality matching rule. Th + e rule evaluates to TRUE if and only if the assertion value matches the fir + st component of the attribute value using the rules of objectIdentifierMatc + h.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +matchingRules: ( 2.5.13.1 NAME 'distinguishedNameMatch' DESC 'The distinguis + hedNameMatch rule compares an assertion value of the DN syntax to an attrib + ute value of a syntax (e.g., the DN syntax) whose corresponding ASN.1 type + is DistinguishedName. The rule evaluates to TRUE if and only if the attribu + te value and the assertion value have the same number of relative distingui + shed names and corresponding relative distinguished names (by position) are + the same. A relative distinguished name (RDN) of the assertion value is t + he same as an RDN of the attribute value if and only if they have the same + number of attribute value assertions and each attribute value assertion (AV + A) of the first RDN is the same as the AVA of the second RDN with the same + attribute type. The order of the AVAs is not significant. Also note that + a particular attribute type may appear in at most one AVA in an RDN. Two A + VAs with the same attribute type are the same if their values are equal acc + ording to the equality matching rule of the attribute type. If one or more + of the AVA comparisons evaluate to Undefined and the remaining AVA compari + sons return TRUE then the distinguishedNameMatch rule evaluates to Undefine + d.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +matchingRules: ( 2.5.13.14 NAME 'integerMatch' DESC 'The rule evaluates to T + RUE if and only if the attribute value and the assertion value are the same + integer value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +matchingRules: ( 2.5.13.15 NAME 'integerOrderingMatch' DESC 'The rule evalua + tes to TRUE if and only if the integer value of the attribute value is less + than the integer value of the assertion value.' SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.27 ) +matchingRules: ( 2.5.13.29 NAME 'integerFirstComponentMatch' DESC 'The integ + erFirstComponentMatch rule compares an assertion value of the Integer synta + x to an attribute value of a syntax (e.g., the DIT Structure Rule Descripti + on syntax) whose corresponding ASN.1 type is a SEQUENCE with a mandatory fi + rst component of the INTEGER ASN.1 type. Note that the assertion syntax of + this matching rule differs from the attribute syntax of attributes for whi + ch this is the equality matching rule. The rule evaluates to TRUE if and o + nly if the assertion value and the first component of the attribute value a + re the same integer value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.0.1 NAME 'caseIgnoreOrderingMatch-d + efault' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.0.1.6 NAME 'caseIgnoreSubstringMatc + h-default' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.1.1 NAME 'caseIgnoreOrderingMatch-a + r' DESC 'ar' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.1.1.6 NAME 'caseIgnoreSubstringMatc + h-ar' DESC 'ar' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.2.1 NAME 'caseIgnoreOrderingMatch-b + e' DESC 'be' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.2.1.6 NAME 'caseIgnoreSubstringMatc + h-be' DESC 'be' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.3.1 NAME 'caseIgnoreOrderingMatch-b + g' DESC 'bg' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.3.1.6 NAME 'caseIgnoreSubstringMatc + h-bg' DESC 'bg' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.4.1 NAME 'caseIgnoreOrderingMatch-c + a' DESC 'ca' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.4.1.6 NAME 'caseIgnoreSubstringMatc + h-ca' DESC 'ca' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.5.1 NAME 'caseIgnoreOrderingMatch-c + s' DESC 'cs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.5.1.6 NAME 'caseIgnoreSubstringMatc + h-cs' DESC 'cs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.6.1 NAME 'caseIgnoreOrderingMatch-d + a' DESC 'da' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.6.1.6 NAME 'caseIgnoreSubstringMatc + h-da' DESC 'da' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.7.1 NAME 'caseIgnoreOrderingMatch-d + e' DESC 'de' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.7.1.6 NAME 'caseIgnoreSubstringMatc + h-de' DESC 'de' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.8.1 NAME 'caseIgnoreOrderingMatch-d + e-AT' DESC 'de-AT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.8.1.6 NAME 'caseIgnoreSubstringMatc + h-de-AT' DESC 'de-AT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.9.1 NAME 'caseIgnoreOrderingMatch-d + e-CH' DESC 'de-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.9.1.6 NAME 'caseIgnoreSubstringMatc + h-de-CH' DESC 'de-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.10.1 NAME 'caseIgnoreOrderingMatch- + el' DESC 'el' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.10.1.6 NAME 'caseIgnoreSubstringMat + ch-el' DESC 'el' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.11.1 NAME 'caseIgnoreOrderingMatch- + en' DESC 'en' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.11.1.6 NAME 'caseIgnoreSubstringMat + ch-en' DESC 'en' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.12.1 NAME 'caseIgnoreOrderingMatch- + en-CA' DESC 'en-CA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.12.1.6 NAME 'caseIgnoreSubstringMat + ch-en-CA' DESC 'en-CA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.13.1 NAME 'caseIgnoreOrderingMatch- + en-GB' DESC 'en-GB' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.13.1.6 NAME 'caseIgnoreSubstringMat + ch-en-GB' DESC 'en-GB' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.14.1 NAME 'caseIgnoreOrderingMatch- + en-IE' DESC 'en-IE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.14.1.6 NAME 'caseIgnoreSubstringMat + ch-en-IE' DESC 'en-IE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.15.1 NAME 'caseIgnoreOrderingMatch- + es' DESC 'es' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.15.1.6 NAME 'caseIgnoreSubstringMat + ch-es' DESC 'es' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.16.1 NAME 'caseIgnoreOrderingMatch- + et' DESC 'et' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.16.1.6 NAME 'caseIgnoreSubstringMat + ch-et' DESC 'et' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.17.1 NAME 'caseIgnoreOrderingMatch- + fi' DESC 'fi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.17.1.6 NAME 'caseIgnoreSubstringMat + ch-fi' DESC 'fi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.18.1 NAME 'caseIgnoreOrderingMatch- + fr' DESC 'fr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.18.1.6 NAME 'caseIgnoreSubstringMat + ch-fr' DESC 'fr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.19.1 NAME 'caseIgnoreOrderingMatch- + fr-BE' DESC 'fr-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.19.1.6 NAME 'caseIgnoreSubstringMat + ch-fr-BE' DESC 'fr-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.20.1 NAME 'caseIgnoreOrderingMatch- + fr-CA' DESC 'fr-CA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.20.1.6 NAME 'caseIgnoreSubstringMat + ch-fr-CA' DESC 'fr-CA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.21.1 NAME 'caseIgnoreOrderingMatch- + fr-CH' DESC 'fr-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.21.1.6 NAME 'caseIgnoreSubstringMat + ch-fr-CH' DESC 'fr-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.22.1 NAME 'caseIgnoreOrderingMatch- + hr' DESC 'hr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.22.1.6 NAME 'caseIgnoreSubstringMat + ch-hr' DESC 'hr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.23.1 NAME 'caseIgnoreOrderingMatch- + hu' DESC 'hu' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.23.1.6 NAME 'caseIgnoreSubstringMat + ch-hu' DESC 'hu' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.24.1 NAME 'caseIgnoreOrderingMatch- + is' DESC 'is' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.24.1.6 NAME 'caseIgnoreSubstringMat + ch-is' DESC 'is' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.25.1 NAME 'caseIgnoreOrderingMatch- + it' DESC 'it' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.25.1.6 NAME 'caseIgnoreSubstringMat + ch-it' DESC 'it' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.26.1 NAME 'caseIgnoreOrderingMatch- + it-CH' DESC 'it-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.26.1.6 NAME 'caseIgnoreSubstringMat + ch-it-CH' DESC 'it-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.27.1 NAME 'caseIgnoreOrderingMatch- + iw' DESC 'iw' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.27.1.6 NAME 'caseIgnoreSubstringMat + ch-iw' DESC 'iw' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.28.1 NAME 'caseIgnoreOrderingMatch- + ja' DESC 'ja' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.28.1.6 NAME 'caseIgnoreSubstringMat + ch-ja' DESC 'ja' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.29.1 NAME 'caseIgnoreOrderingMatch- + ko' DESC 'ko' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.29.1.6 NAME 'caseIgnoreSubstringMat + ch-ko' DESC 'ko' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.30.1 NAME 'caseIgnoreOrderingMatch- + lt' DESC 'lt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.30.1.6 NAME 'caseIgnoreSubstringMat + ch-lt' DESC 'lt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.31.1 NAME 'caseIgnoreOrderingMatch- + lv' DESC 'lv' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.31.1.6 NAME 'caseIgnoreSubstringMat + ch-lv' DESC 'lv' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.32.1 NAME 'caseIgnoreOrderingMatch- + mk' DESC 'mk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.32.1.6 NAME 'caseIgnoreSubstringMat + ch-mk' DESC 'mk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.33.1 NAME 'caseIgnoreOrderingMatch- + nl' DESC 'nl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.33.1.6 NAME 'caseIgnoreSubstringMat + ch-nl' DESC 'nl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.34.1 NAME 'caseIgnoreOrderingMatch- + nl-BE' DESC 'nl-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.34.1.6 NAME 'caseIgnoreSubstringMat + ch-nl-BE' DESC 'nl-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.35.1 NAME 'caseIgnoreOrderingMatch- + no' DESC 'no' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.35.1.6 NAME 'caseIgnoreSubstringMat + ch-no' DESC 'no' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.36.1 NAME 'caseIgnoreOrderingMatch- + no-NO-B' DESC 'no-NO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.36.1.6 NAME 'caseIgnoreSubstringMat + ch-no-NO-B' DESC 'no-NO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.37.1 NAME 'caseIgnoreOrderingMatch- + no-NO-NY' DESC 'no-NO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.37.1.6 NAME 'caseIgnoreSubstringMat + ch-no-NO-NY' DESC 'no-NO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.38.1 NAME 'caseIgnoreOrderingMatch- + pl' DESC 'pl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.38.1.6 NAME 'caseIgnoreSubstringMat + ch-pl' DESC 'pl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.39.1 NAME 'caseIgnoreOrderingMatch- + ro' DESC 'ro' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.39.1.6 NAME 'caseIgnoreSubstringMat + ch-ro' DESC 'ro' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.40.1 NAME 'caseIgnoreOrderingMatch- + ru' DESC 'ru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.40.1.6 NAME 'caseIgnoreSubstringMat + ch-ru' DESC 'ru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.41.1 NAME 'caseIgnoreOrderingMatch- + sh' DESC 'sh' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.41.1.6 NAME 'caseIgnoreSubstringMat + ch-sh' DESC 'sh' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.42.1 NAME 'caseIgnoreOrderingMatch- + sk' DESC 'sk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.42.1.6 NAME 'caseIgnoreSubstringMat + ch-sk' DESC 'sk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.43.1 NAME 'caseIgnoreOrderingMatch- + sl' DESC 'sl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.43.1.6 NAME 'caseIgnoreSubstringMat + ch-sl' DESC 'sl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.44.1 NAME 'caseIgnoreOrderingMatch- + sq' DESC 'sq' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.44.1.6 NAME 'caseIgnoreSubstringMat + ch-sq' DESC 'sq' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.45.1 NAME 'caseIgnoreOrderingMatch- + sr' DESC 'sr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.45.1.6 NAME 'caseIgnoreSubstringMat + ch-sr' DESC 'sr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.46.1 NAME 'caseIgnoreOrderingMatch- + sv' DESC 'sv' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.46.1.6 NAME 'caseIgnoreSubstringMat + ch-sv' DESC 'sv' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.47.1 NAME 'caseIgnoreOrderingMatch- + tr' DESC 'tr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.47.1.6 NAME 'caseIgnoreSubstringMat + ch-tr' DESC 'tr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.48.1 NAME 'caseIgnoreOrderingMatch- + uk' DESC 'uk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.48.1.6 NAME 'caseIgnoreSubstringMat + ch-uk' DESC 'uk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.49.1 NAME 'caseIgnoreOrderingMatch- + zh' DESC 'zh' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.49.1.6 NAME 'caseIgnoreSubstringMat + ch-zh' DESC 'zh' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.50.1 NAME 'caseIgnoreOrderingMatch- + zh-TW' DESC 'zh-TW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.50.1.6 NAME 'caseIgnoreSubstringMat + ch-zh-TW' DESC 'zh-TW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.51.1 NAME 'caseIgnoreOrderingMatch- + af' DESC 'af' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.51.1.6 NAME 'caseIgnoreSubstringMat + ch-af' DESC 'af' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.52.1 NAME 'caseIgnoreOrderingMatch- + af-NA' DESC 'af-NA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.52.1.6 NAME 'caseIgnoreSubstringMat + ch-af-NA' DESC 'af-NA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.53.1 NAME 'caseIgnoreOrderingMatch- + af-ZA' DESC 'af-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.53.1.6 NAME 'caseIgnoreSubstringMat + ch-af-ZA' DESC 'af-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.54.1 NAME 'caseIgnoreOrderingMatch- + ar-AE' DESC 'ar-AE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.54.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-AE' DESC 'ar-AE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.55.1 NAME 'caseIgnoreOrderingMatch- + ar-BH' DESC 'ar-BH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.55.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-BH' DESC 'ar-BH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.56.1 NAME 'caseIgnoreOrderingMatch- + ar-DZ' DESC 'ar-DZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.56.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-DZ' DESC 'ar-DZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.57.1 NAME 'caseIgnoreOrderingMatch- + ar-EG' DESC 'ar-EG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.57.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-EG' DESC 'ar-EG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.58.1 NAME 'caseIgnoreOrderingMatch- + ar-IQ' DESC 'ar-IQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.58.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-IQ' DESC 'ar-IQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.59.1 NAME 'caseIgnoreOrderingMatch- + ar-JO' DESC 'ar-JO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.59.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-JO' DESC 'ar-JO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.60.1 NAME 'caseIgnoreOrderingMatch- + ar-KW' DESC 'ar-KW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.60.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-KW' DESC 'ar-KW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.61.1 NAME 'caseIgnoreOrderingMatch- + ar-LB' DESC 'ar-LB' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.61.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-LB' DESC 'ar-LB' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.62.1 NAME 'caseIgnoreOrderingMatch- + ar-LY' DESC 'ar-LY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.62.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-LY' DESC 'ar-LY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.63.1 NAME 'caseIgnoreOrderingMatch- + ar-MA' DESC 'ar-MA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.63.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-MA' DESC 'ar-MA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.64.1 NAME 'caseIgnoreOrderingMatch- + ar-OM' DESC 'ar-OM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.64.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-OM' DESC 'ar-OM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.65.1 NAME 'caseIgnoreOrderingMatch- + ar-QA' DESC 'ar-QA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.65.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-QA' DESC 'ar-QA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.66.1 NAME 'caseIgnoreOrderingMatch- + ar-SA' DESC 'ar-SA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.66.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-SA' DESC 'ar-SA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.67.1 NAME 'caseIgnoreOrderingMatch- + ar-SD' DESC 'ar-SD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.67.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-SD' DESC 'ar-SD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.68.1 NAME 'caseIgnoreOrderingMatch- + ar-SY' DESC 'ar-SY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.68.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-SY' DESC 'ar-SY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.69.1 NAME 'caseIgnoreOrderingMatch- + ar-TN' DESC 'ar-TN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.69.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-TN' DESC 'ar-TN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.70.1 NAME 'caseIgnoreOrderingMatch- + ar-YE' DESC 'ar-YE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.70.1.6 NAME 'caseIgnoreSubstringMat + ch-ar-YE' DESC 'ar-YE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.71.1 NAME 'caseIgnoreOrderingMatch- + as' DESC 'as' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.71.1.6 NAME 'caseIgnoreSubstringMat + ch-as' DESC 'as' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.72.1 NAME 'caseIgnoreOrderingMatch- + as-IN' DESC 'as-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.72.1.6 NAME 'caseIgnoreSubstringMat + ch-as-IN' DESC 'as-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.73.1 NAME 'caseIgnoreOrderingMatch- + az' DESC 'az' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.73.1.6 NAME 'caseIgnoreSubstringMat + ch-az' DESC 'az' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.74.1 NAME 'caseIgnoreOrderingMatch- + az-Latn' DESC 'az-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.74.1.6 NAME 'caseIgnoreSubstringMat + ch-az-Latn' DESC 'az-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.75.1 NAME 'caseIgnoreOrderingMatch- + az-Latn-AZ' DESC 'az-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.75.1.6 NAME 'caseIgnoreSubstringMat + ch-az-Latn-AZ' DESC 'az-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.76.1 NAME 'caseIgnoreOrderingMatch- + bn' DESC 'bn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.76.1.6 NAME 'caseIgnoreSubstringMat + ch-bn' DESC 'bn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.77.1 NAME 'caseIgnoreOrderingMatch- + bn-BD' DESC 'bn-BD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.77.1.6 NAME 'caseIgnoreSubstringMat + ch-bn-BD' DESC 'bn-BD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.78.1 NAME 'caseIgnoreOrderingMatch- + bn-IN' DESC 'bn-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.78.1.6 NAME 'caseIgnoreSubstringMat + ch-bn-IN' DESC 'bn-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.79.1 NAME 'caseIgnoreOrderingMatch- + bs' DESC 'bs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.79.1.6 NAME 'caseIgnoreSubstringMat + ch-bs' DESC 'bs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.80.1 NAME 'caseIgnoreOrderingMatch- + chr' DESC 'chr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.80.1.6 NAME 'caseIgnoreSubstringMat + ch-chr' DESC 'chr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.81.1 NAME 'caseIgnoreOrderingMatch- + chr-US' DESC 'chr-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.81.1.6 NAME 'caseIgnoreSubstringMat + ch-chr-US' DESC 'chr-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.82.1 NAME 'caseIgnoreOrderingMatch- + cy' DESC 'cy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.82.1.6 NAME 'caseIgnoreSubstringMat + ch-cy' DESC 'cy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.83.1 NAME 'caseIgnoreOrderingMatch- + de-BE' DESC 'de-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.83.1.6 NAME 'caseIgnoreSubstringMat + ch-de-BE' DESC 'de-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.84.1 NAME 'caseIgnoreOrderingMatch- + de-LI' DESC 'de-LI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.84.1.6 NAME 'caseIgnoreSubstringMat + ch-de-LI' DESC 'de-LI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.85.1 NAME 'caseIgnoreOrderingMatch- + de-LU' DESC 'de-LU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.85.1.6 NAME 'caseIgnoreSubstringMat + ch-de-LU' DESC 'de-LU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.86.1 NAME 'caseIgnoreOrderingMatch- + el-CY' DESC 'el-CY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.86.1.6 NAME 'caseIgnoreSubstringMat + ch-el-CY' DESC 'el-CY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.87.1 NAME 'caseIgnoreOrderingMatch- + el-GR' DESC 'el-GR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.87.1.6 NAME 'caseIgnoreSubstringMat + ch-el-GR' DESC 'el-GR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.88.1 NAME 'caseIgnoreOrderingMatch- + en-AS' DESC 'en-AS' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.88.1.6 NAME 'caseIgnoreSubstringMat + ch-en-AS' DESC 'en-AS' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.89.1 NAME 'caseIgnoreOrderingMatch- + en-AU' DESC 'en-AU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.89.1.6 NAME 'caseIgnoreSubstringMat + ch-en-AU' DESC 'en-AU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.90.1 NAME 'caseIgnoreOrderingMatch- + en-BE' DESC 'en-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.90.1.6 NAME 'caseIgnoreSubstringMat + ch-en-BE' DESC 'en-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.91.1 NAME 'caseIgnoreOrderingMatch- + en-BW' DESC 'en-BW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.91.1.6 NAME 'caseIgnoreSubstringMat + ch-en-BW' DESC 'en-BW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.92.1 NAME 'caseIgnoreOrderingMatch- + en-BZ' DESC 'en-BZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.92.1.6 NAME 'caseIgnoreSubstringMat + ch-en-BZ' DESC 'en-BZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.93.1 NAME 'caseIgnoreOrderingMatch- + en-GU' DESC 'en-GU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.93.1.6 NAME 'caseIgnoreSubstringMat + ch-en-GU' DESC 'en-GU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.94.1 NAME 'caseIgnoreOrderingMatch- + en-GY' DESC 'en-GY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.94.1.6 NAME 'caseIgnoreSubstringMat + ch-en-GY' DESC 'en-GY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.95.1 NAME 'caseIgnoreOrderingMatch- + en-HK' DESC 'en-HK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.95.1.6 NAME 'caseIgnoreSubstringMat + ch-en-HK' DESC 'en-HK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.96.1 NAME 'caseIgnoreOrderingMatch- + en-IN' DESC 'en-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.96.1.6 NAME 'caseIgnoreSubstringMat + ch-en-IN' DESC 'en-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.97.1 NAME 'caseIgnoreOrderingMatch- + en-JM' DESC 'en-JM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.97.1.6 NAME 'caseIgnoreSubstringMat + ch-en-JM' DESC 'en-JM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.98.1 NAME 'caseIgnoreOrderingMatch- + en-MH' DESC 'en-MH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.98.1.6 NAME 'caseIgnoreSubstringMat + ch-en-MH' DESC 'en-MH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.99.1 NAME 'caseIgnoreOrderingMatch- + en-MP' DESC 'en-MP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.99.1.6 NAME 'caseIgnoreSubstringMat + ch-en-MP' DESC 'en-MP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.100.1 NAME 'caseIgnoreOrderingMatch + -en-MT' DESC 'en-MT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.100.1.6 NAME 'caseIgnoreSubstringMa + tch-en-MT' DESC 'en-MT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.101.1 NAME 'caseIgnoreOrderingMatch + -en-MU' DESC 'en-MU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.101.1.6 NAME 'caseIgnoreSubstringMa + tch-en-MU' DESC 'en-MU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.102.1 NAME 'caseIgnoreOrderingMatch + -en-NA' DESC 'en-NA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.102.1.6 NAME 'caseIgnoreSubstringMa + tch-en-NA' DESC 'en-NA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.103.1 NAME 'caseIgnoreOrderingMatch + -en-NZ' DESC 'en-NZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.103.1.6 NAME 'caseIgnoreSubstringMa + tch-en-NZ' DESC 'en-NZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.104.1 NAME 'caseIgnoreOrderingMatch + -en-PH' DESC 'en-PH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.104.1.6 NAME 'caseIgnoreSubstringMa + tch-en-PH' DESC 'en-PH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.105.1 NAME 'caseIgnoreOrderingMatch + -en-PK' DESC 'en-PK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.105.1.6 NAME 'caseIgnoreSubstringMa + tch-en-PK' DESC 'en-PK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.106.1 NAME 'caseIgnoreOrderingMatch + -en-SG' DESC 'en-SG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.106.1.6 NAME 'caseIgnoreSubstringMa + tch-en-SG' DESC 'en-SG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.107.1 NAME 'caseIgnoreOrderingMatch + -en-TT' DESC 'en-TT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.107.1.6 NAME 'caseIgnoreSubstringMa + tch-en-TT' DESC 'en-TT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.108.1 NAME 'caseIgnoreOrderingMatch + -en-UM' DESC 'en-UM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.108.1.6 NAME 'caseIgnoreSubstringMa + tch-en-UM' DESC 'en-UM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.109.1 NAME 'caseIgnoreOrderingMatch + -en-US' DESC 'en-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.109.1.6 NAME 'caseIgnoreSubstringMa + tch-en-US' DESC 'en-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.110.1 NAME 'caseIgnoreOrderingMatch + -en-US-POSIX' DESC 'en-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.110.1.6 NAME 'caseIgnoreSubstringMa + tch-en-US-POSIX' DESC 'en-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.111.1 NAME 'caseIgnoreOrderingMatch + -en-VI' DESC 'en-VI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.111.1.6 NAME 'caseIgnoreSubstringMa + tch-en-VI' DESC 'en-VI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.112.1 NAME 'caseIgnoreOrderingMatch + -en-ZA' DESC 'en-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.112.1.6 NAME 'caseIgnoreSubstringMa + tch-en-ZA' DESC 'en-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.113.1 NAME 'caseIgnoreOrderingMatch + -en-ZW' DESC 'en-ZW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.113.1.6 NAME 'caseIgnoreSubstringMa + tch-en-ZW' DESC 'en-ZW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.114.1 NAME 'caseIgnoreOrderingMatch + -es-AR' DESC 'es-AR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.114.1.6 NAME 'caseIgnoreSubstringMa + tch-es-AR' DESC 'es-AR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.115.1 NAME 'caseIgnoreOrderingMatch + -es-BO' DESC 'es-BO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.115.1.6 NAME 'caseIgnoreSubstringMa + tch-es-BO' DESC 'es-BO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.116.1 NAME 'caseIgnoreOrderingMatch + -es-CL' DESC 'es-CL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.116.1.6 NAME 'caseIgnoreSubstringMa + tch-es-CL' DESC 'es-CL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.117.1 NAME 'caseIgnoreOrderingMatch + -es-CO' DESC 'es-CO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.117.1.6 NAME 'caseIgnoreSubstringMa + tch-es-CO' DESC 'es-CO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.118.1 NAME 'caseIgnoreOrderingMatch + -es-CR' DESC 'es-CR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.118.1.6 NAME 'caseIgnoreSubstringMa + tch-es-CR' DESC 'es-CR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.119.1 NAME 'caseIgnoreOrderingMatch + -es-DO' DESC 'es-DO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.119.1.6 NAME 'caseIgnoreSubstringMa + tch-es-DO' DESC 'es-DO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.120.1 NAME 'caseIgnoreOrderingMatch + -es-EC' DESC 'es-EC' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.120.1.6 NAME 'caseIgnoreSubstringMa + tch-es-EC' DESC 'es-EC' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.121.1 NAME 'caseIgnoreOrderingMatch + -es-ES' DESC 'es-ES' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.121.1.6 NAME 'caseIgnoreSubstringMa + tch-es-ES' DESC 'es-ES' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.122.1 NAME 'caseIgnoreOrderingMatch + -es-GQ' DESC 'es-GQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.122.1.6 NAME 'caseIgnoreSubstringMa + tch-es-GQ' DESC 'es-GQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.123.1 NAME 'caseIgnoreOrderingMatch + -es-GT' DESC 'es-GT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.123.1.6 NAME 'caseIgnoreSubstringMa + tch-es-GT' DESC 'es-GT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.124.1 NAME 'caseIgnoreOrderingMatch + -es-HN' DESC 'es-HN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.124.1.6 NAME 'caseIgnoreSubstringMa + tch-es-HN' DESC 'es-HN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.125.1 NAME 'caseIgnoreOrderingMatch + -es-MX' DESC 'es-MX' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.125.1.6 NAME 'caseIgnoreSubstringMa + tch-es-MX' DESC 'es-MX' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.126.1 NAME 'caseIgnoreOrderingMatch + -es-NI' DESC 'es-NI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.126.1.6 NAME 'caseIgnoreSubstringMa + tch-es-NI' DESC 'es-NI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.127.1 NAME 'caseIgnoreOrderingMatch + -es-PA' DESC 'es-PA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.127.1.6 NAME 'caseIgnoreSubstringMa + tch-es-PA' DESC 'es-PA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.128.1 NAME 'caseIgnoreOrderingMatch + -es-PE' DESC 'es-PE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.128.1.6 NAME 'caseIgnoreSubstringMa + tch-es-PE' DESC 'es-PE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.129.1 NAME 'caseIgnoreOrderingMatch + -es-PR' DESC 'es-PR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.129.1.6 NAME 'caseIgnoreSubstringMa + tch-es-PR' DESC 'es-PR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.130.1 NAME 'caseIgnoreOrderingMatch + -es-PY' DESC 'es-PY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.130.1.6 NAME 'caseIgnoreSubstringMa + tch-es-PY' DESC 'es-PY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.131.1 NAME 'caseIgnoreOrderingMatch + -es-SV' DESC 'es-SV' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.131.1.6 NAME 'caseIgnoreSubstringMa + tch-es-SV' DESC 'es-SV' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.132.1 NAME 'caseIgnoreOrderingMatch + -es-US' DESC 'es-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.132.1.6 NAME 'caseIgnoreSubstringMa + tch-es-US' DESC 'es-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.133.1 NAME 'caseIgnoreOrderingMatch + -es-UY' DESC 'es-UY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.133.1.6 NAME 'caseIgnoreSubstringMa + tch-es-UY' DESC 'es-UY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.134.1 NAME 'caseIgnoreOrderingMatch + -es-VE' DESC 'es-VE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.134.1.6 NAME 'caseIgnoreSubstringMa + tch-es-VE' DESC 'es-VE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.135.1 NAME 'caseIgnoreOrderingMatch + -fa' DESC 'fa' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.135.1.6 NAME 'caseIgnoreSubstringMa + tch-fa' DESC 'fa' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.136.1 NAME 'caseIgnoreOrderingMatch + -fil' DESC 'fil' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.136.1.6 NAME 'caseIgnoreSubstringMa + tch-fil' DESC 'fil' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.137.1 NAME 'caseIgnoreOrderingMatch + -fo' DESC 'fo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.137.1.6 NAME 'caseIgnoreSubstringMa + tch-fo' DESC 'fo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.138.1 NAME 'caseIgnoreOrderingMatch + -fr-BF' DESC 'fr-BF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.138.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-BF' DESC 'fr-BF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.139.1 NAME 'caseIgnoreOrderingMatch + -fr-BI' DESC 'fr-BI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.139.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-BI' DESC 'fr-BI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.140.1 NAME 'caseIgnoreOrderingMatch + -fr-BJ' DESC 'fr-BJ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.140.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-BJ' DESC 'fr-BJ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.141.1 NAME 'caseIgnoreOrderingMatch + -fr-BL' DESC 'fr-BL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.141.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-BL' DESC 'fr-BL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.142.1 NAME 'caseIgnoreOrderingMatch + -fr-CD' DESC 'fr-CD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.142.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-CD' DESC 'fr-CD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.143.1 NAME 'caseIgnoreOrderingMatch + -fr-CF' DESC 'fr-CF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.143.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-CF' DESC 'fr-CF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.144.1 NAME 'caseIgnoreOrderingMatch + -fr-CG' DESC 'fr-CG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.144.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-CG' DESC 'fr-CG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.145.1 NAME 'caseIgnoreOrderingMatch + -fr-CI' DESC 'fr-CI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.145.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-CI' DESC 'fr-CI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.146.1 NAME 'caseIgnoreOrderingMatch + -fr-CM' DESC 'fr-CM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.146.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-CM' DESC 'fr-CM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.147.1 NAME 'caseIgnoreOrderingMatch + -fr-DJ' DESC 'fr-DJ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.147.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-DJ' DESC 'fr-DJ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.148.1 NAME 'caseIgnoreOrderingMatch + -fr-GA' DESC 'fr-GA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.148.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-GA' DESC 'fr-GA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.149.1 NAME 'caseIgnoreOrderingMatch + -fr-GN' DESC 'fr-GN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.149.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-GN' DESC 'fr-GN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.150.1 NAME 'caseIgnoreOrderingMatch + -fr-GP' DESC 'fr-GP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.150.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-GP' DESC 'fr-GP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.151.1 NAME 'caseIgnoreOrderingMatch + -fr-GQ' DESC 'fr-GQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.151.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-GQ' DESC 'fr-GQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.152.1 NAME 'caseIgnoreOrderingMatch + -fr-KM' DESC 'fr-KM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.152.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-KM' DESC 'fr-KM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.153.1 NAME 'caseIgnoreOrderingMatch + -fr-LU' DESC 'fr-LU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.153.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-LU' DESC 'fr-LU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.154.1 NAME 'caseIgnoreOrderingMatch + -fr-MC' DESC 'fr-MC' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.154.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-MC' DESC 'fr-MC' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.155.1 NAME 'caseIgnoreOrderingMatch + -fr-MF' DESC 'fr-MF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.155.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-MF' DESC 'fr-MF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.156.1 NAME 'caseIgnoreOrderingMatch + -fr-MG' DESC 'fr-MG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.156.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-MG' DESC 'fr-MG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.157.1 NAME 'caseIgnoreOrderingMatch + -fr-ML' DESC 'fr-ML' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.157.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-ML' DESC 'fr-ML' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.158.1 NAME 'caseIgnoreOrderingMatch + -fr-MQ' DESC 'fr-MQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.158.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-MQ' DESC 'fr-MQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.159.1 NAME 'caseIgnoreOrderingMatch + -fr-NE' DESC 'fr-NE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.159.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-NE' DESC 'fr-NE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.160.1 NAME 'caseIgnoreOrderingMatch + -fr-RE' DESC 'fr-RE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.160.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-RE' DESC 'fr-RE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.161.1 NAME 'caseIgnoreOrderingMatch + -fr-RW' DESC 'fr-RW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.161.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-RW' DESC 'fr-RW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.162.1 NAME 'caseIgnoreOrderingMatch + -fr-SN' DESC 'fr-SN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.162.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-SN' DESC 'fr-SN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.163.1 NAME 'caseIgnoreOrderingMatch + -fr-TD' DESC 'fr-TD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.163.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-TD' DESC 'fr-TD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.164.1 NAME 'caseIgnoreOrderingMatch + -fr-TG' DESC 'fr-TG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.164.1.6 NAME 'caseIgnoreSubstringMa + tch-fr-TG' DESC 'fr-TG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.165.1 NAME 'caseIgnoreOrderingMatch + -ga' DESC 'ga' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.165.1.6 NAME 'caseIgnoreSubstringMa + tch-ga' DESC 'ga' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.166.1 NAME 'caseIgnoreOrderingMatch + -ga-IE' DESC 'ga-IE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.166.1.6 NAME 'caseIgnoreSubstringMa + tch-ga-IE' DESC 'ga-IE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.167.1 NAME 'caseIgnoreOrderingMatch + -ga-IN' DESC 'ga-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.167.1.6 NAME 'caseIgnoreSubstringMa + tch-ga-IN' DESC 'ga-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.168.1 NAME 'caseIgnoreOrderingMatch + -ha' DESC 'ha' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.168.1.6 NAME 'caseIgnoreSubstringMa + tch-ha' DESC 'ha' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.169.1 NAME 'caseIgnoreOrderingMatch + -ha-Latn' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.169.1.6 NAME 'caseIgnoreSubstringMa + tch-ha-Latn' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.170.1 NAME 'caseIgnoreOrderingMatch + -ha-Latn-GH' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.170.1.6 NAME 'caseIgnoreSubstringMa + tch-ha-Latn-GH' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.171.1 NAME 'caseIgnoreOrderingMatch + -ha-Latn-NE' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.171.1.6 NAME 'caseIgnoreSubstringMa + tch-ha-Latn-NE' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.172.1 NAME 'caseIgnoreOrderingMatch + -ha-Latn-NG' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.172.1.6 NAME 'caseIgnoreSubstringMa + tch-ha-Latn-NG' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.173.1 NAME 'caseIgnoreOrderingMatch + -he' DESC 'he' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.173.1.6 NAME 'caseIgnoreSubstringMa + tch-he' DESC 'he' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.174.1 NAME 'caseIgnoreOrderingMatch + -hi' DESC 'hi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.174.1.6 NAME 'caseIgnoreSubstringMa + tch-hi' DESC 'hi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.175.1 NAME 'caseIgnoreOrderingMatch + -hy' DESC 'hy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.175.1.6 NAME 'caseIgnoreSubstringMa + tch-hy' DESC 'hy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.176.1 NAME 'caseIgnoreOrderingMatch + -id' DESC 'id' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.176.1.6 NAME 'caseIgnoreSubstringMa + tch-id' DESC 'id' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.177.1 NAME 'caseIgnoreOrderingMatch + -ig' DESC 'ig' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.177.1.6 NAME 'caseIgnoreSubstringMa + tch-ig' DESC 'ig' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.178.1 NAME 'caseIgnoreOrderingMatch + -it-IT' DESC 'it-IT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.178.1.6 NAME 'caseIgnoreSubstringMa + tch-it-IT' DESC 'it-IT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.179.1 NAME 'caseIgnoreOrderingMatch + -ka' DESC 'ka' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.179.1.6 NAME 'caseIgnoreSubstringMa + tch-ka' DESC 'ka' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.180.1 NAME 'caseIgnoreOrderingMatch + -ka-GE' DESC 'ka-GE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.180.1.6 NAME 'caseIgnoreSubstringMa + tch-ka-GE' DESC 'ka-GE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.181.1 NAME 'caseIgnoreOrderingMatch + -kk' DESC 'kk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.181.1.6 NAME 'caseIgnoreSubstringMa + tch-kk' DESC 'kk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.182.1 NAME 'caseIgnoreOrderingMatch + -kl' DESC 'kl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.182.1.6 NAME 'caseIgnoreSubstringMa + tch-kl' DESC 'kl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.183.1 NAME 'caseIgnoreOrderingMatch + -kn' DESC 'kn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.183.1.6 NAME 'caseIgnoreSubstringMa + tch-kn' DESC 'kn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.184.1 NAME 'caseIgnoreOrderingMatch + -kok' DESC 'kok' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.184.1.6 NAME 'caseIgnoreSubstringMa + tch-kok' DESC 'kok' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.185.1 NAME 'caseIgnoreOrderingMatch + -ml' DESC 'ml' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.185.1.6 NAME 'caseIgnoreSubstringMa + tch-ml' DESC 'ml' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.186.1 NAME 'caseIgnoreOrderingMatch + -ms' DESC 'ms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.186.1.6 NAME 'caseIgnoreSubstringMa + tch-ms' DESC 'ms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.187.1 NAME 'caseIgnoreOrderingMatch + -ms-BN' DESC 'ms-BN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.187.1.6 NAME 'caseIgnoreSubstringMa + tch-ms-BN' DESC 'ms-BN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.188.1 NAME 'caseIgnoreOrderingMatch + -ms-MY' DESC 'ms-MY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.188.1.6 NAME 'caseIgnoreSubstringMa + tch-ms-MY' DESC 'ms-MY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.189.1 NAME 'caseIgnoreOrderingMatch + -mt' DESC 'mt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.189.1.6 NAME 'caseIgnoreSubstringMa + tch-mt' DESC 'mt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.190.1 NAME 'caseIgnoreOrderingMatch + -nl-NL' DESC 'nl-NL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.190.1.6 NAME 'caseIgnoreSubstringMa + tch-nl-NL' DESC 'nl-NL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.191.1 NAME 'caseIgnoreOrderingMatch + -nn' DESC 'nn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.191.1.6 NAME 'caseIgnoreSubstringMa + tch-nn' DESC 'nn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.192.1 NAME 'caseIgnoreOrderingMatch + -om' DESC 'om' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.192.1.6 NAME 'caseIgnoreSubstringMa + tch-om' DESC 'om' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.193.1 NAME 'caseIgnoreOrderingMatch + -om-ET' DESC 'om-ET' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.193.1.6 NAME 'caseIgnoreSubstringMa + tch-om-ET' DESC 'om-ET' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.194.1 NAME 'caseIgnoreOrderingMatch + -om-KE' DESC 'om-KE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.194.1.6 NAME 'caseIgnoreSubstringMa + tch-om-KE' DESC 'om-KE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.195.1 NAME 'caseIgnoreOrderingMatch + -or' DESC 'or' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.195.1.6 NAME 'caseIgnoreSubstringMa + tch-or' DESC 'or' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.196.1 NAME 'caseIgnoreOrderingMatch + -pa' DESC 'pa' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.196.1.6 NAME 'caseIgnoreSubstringMa + tch-pa' DESC 'pa' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.197.1 NAME 'caseIgnoreOrderingMatch + -pa-Arab' DESC 'pa-Arab' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.197.1.6 NAME 'caseIgnoreSubstringMa + tch-pa-Arab' DESC 'pa-Arab' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.198.1 NAME 'caseIgnoreOrderingMatch + -pa-Arab-PK' DESC 'pa-Arab' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.198.1.6 NAME 'caseIgnoreSubstringMa + tch-pa-Arab-PK' DESC 'pa-Arab' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.199.1 NAME 'caseIgnoreOrderingMatch + -pa-Guru' DESC 'pa-Guru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.199.1.6 NAME 'caseIgnoreSubstringMa + tch-pa-Guru' DESC 'pa-Guru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.200.1 NAME 'caseIgnoreOrderingMatch + -pa-Guru-IN' DESC 'pa-Guru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.200.1.6 NAME 'caseIgnoreSubstringMa + tch-pa-Guru-IN' DESC 'pa-Guru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.201.1 NAME 'caseIgnoreOrderingMatch + -ps' DESC 'ps' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.201.1.6 NAME 'caseIgnoreSubstringMa + tch-ps' DESC 'ps' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.202.1 NAME 'caseIgnoreOrderingMatch + -pt' DESC 'pt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.202.1.6 NAME 'caseIgnoreSubstringMa + tch-pt' DESC 'pt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.203.1 NAME 'caseIgnoreOrderingMatch + -pt-BR' DESC 'pt-BR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.203.1.6 NAME 'caseIgnoreSubstringMa + tch-pt-BR' DESC 'pt-BR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.204.1 NAME 'caseIgnoreOrderingMatch + -pt-PT' DESC 'pt-PT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.204.1.6 NAME 'caseIgnoreSubstringMa + tch-pt-PT' DESC 'pt-PT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.205.1 NAME 'caseIgnoreOrderingMatch + -ro-MD' DESC 'ro-MD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.205.1.6 NAME 'caseIgnoreSubstringMa + tch-ro-MD' DESC 'ro-MD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.206.1 NAME 'caseIgnoreOrderingMatch + -ro-RO' DESC 'ro-RO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.206.1.6 NAME 'caseIgnoreSubstringMa + tch-ro-RO' DESC 'ro-RO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.207.1 NAME 'caseIgnoreOrderingMatch + -ru-MD' DESC 'ru-MD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.207.1.6 NAME 'caseIgnoreSubstringMa + tch-ru-MD' DESC 'ru-MD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.208.1 NAME 'caseIgnoreOrderingMatch + -ru-RU' DESC 'ru-RU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.208.1.6 NAME 'caseIgnoreSubstringMa + tch-ru-RU' DESC 'ru-RU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.209.1 NAME 'caseIgnoreOrderingMatch + -ru-UA' DESC 'ru-UA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.209.1.6 NAME 'caseIgnoreSubstringMa + tch-ru-UA' DESC 'ru-UA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.210.1 NAME 'caseIgnoreOrderingMatch + -si' DESC 'si' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.210.1.6 NAME 'caseIgnoreSubstringMa + tch-si' DESC 'si' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.211.1 NAME 'caseIgnoreOrderingMatch + -sk-SK' DESC 'sk-SK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.211.1.6 NAME 'caseIgnoreSubstringMa + tch-sk-SK' DESC 'sk-SK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.212.1 NAME 'caseIgnoreOrderingMatch + -sl-SI' DESC 'sl-SI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.212.1.6 NAME 'caseIgnoreSubstringMa + tch-sl-SI' DESC 'sl-SI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.213.1 NAME 'caseIgnoreOrderingMatch + -sq-AL' DESC 'sq-AL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.213.1.6 NAME 'caseIgnoreSubstringMa + tch-sq-AL' DESC 'sq-AL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.214.1 NAME 'caseIgnoreOrderingMatch + -sr-Cyrl' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.214.1.6 NAME 'caseIgnoreSubstringMa + tch-sr-Cyrl' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.215.1 NAME 'caseIgnoreOrderingMatch + -sr-Cyrl-BA' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.215.1.6 NAME 'caseIgnoreSubstringMa + tch-sr-Cyrl-BA' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.216.1 NAME 'caseIgnoreOrderingMatch + -sr-Cyrl-ME' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.216.1.6 NAME 'caseIgnoreSubstringMa + tch-sr-Cyrl-ME' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.217.1 NAME 'caseIgnoreOrderingMatch + -sr-Cyrl-RS' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.217.1.6 NAME 'caseIgnoreSubstringMa + tch-sr-Cyrl-RS' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.218.1 NAME 'caseIgnoreOrderingMatch + -sr-Latn' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.218.1.6 NAME 'caseIgnoreSubstringMa + tch-sr-Latn' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.219.1 NAME 'caseIgnoreOrderingMatch + -sr-Latn-BA' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.219.1.6 NAME 'caseIgnoreSubstringMa + tch-sr-Latn-BA' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.220.1 NAME 'caseIgnoreOrderingMatch + -sr-Latn-ME' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.220.1.6 NAME 'caseIgnoreSubstringMa + tch-sr-Latn-ME' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.221.1 NAME 'caseIgnoreOrderingMatch + -sr-Latn-RS' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.221.1.6 NAME 'caseIgnoreSubstringMa + tch-sr-Latn-RS' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.222.1 NAME 'caseIgnoreOrderingMatch + -sv-FI' DESC 'sv-FI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.222.1.6 NAME 'caseIgnoreSubstringMa + tch-sv-FI' DESC 'sv-FI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.223.1 NAME 'caseIgnoreOrderingMatch + -sv-SE' DESC 'sv-SE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.223.1.6 NAME 'caseIgnoreSubstringMa + tch-sv-SE' DESC 'sv-SE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.224.1 NAME 'caseIgnoreOrderingMatch + -sw' DESC 'sw' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.224.1.6 NAME 'caseIgnoreSubstringMa + tch-sw' DESC 'sw' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.225.1 NAME 'caseIgnoreOrderingMatch + -sw-KE' DESC 'sw-KE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.225.1.6 NAME 'caseIgnoreSubstringMa + tch-sw-KE' DESC 'sw-KE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.226.1 NAME 'caseIgnoreOrderingMatch + -sw-TZ' DESC 'sw-TZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.226.1.6 NAME 'caseIgnoreSubstringMa + tch-sw-TZ' DESC 'sw-TZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.227.1 NAME 'caseIgnoreOrderingMatch + -ta' DESC 'ta' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.227.1.6 NAME 'caseIgnoreSubstringMa + tch-ta' DESC 'ta' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.228.1 NAME 'caseIgnoreOrderingMatch + -ta-IN' DESC 'ta-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.228.1.6 NAME 'caseIgnoreSubstringMa + tch-ta-IN' DESC 'ta-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.229.1 NAME 'caseIgnoreOrderingMatch + -ta-LK' DESC 'ta-LK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.229.1.6 NAME 'caseIgnoreSubstringMa + tch-ta-LK' DESC 'ta-LK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.230.1 NAME 'caseIgnoreOrderingMatch + -te' DESC 'te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.230.1.6 NAME 'caseIgnoreSubstringMa + tch-te' DESC 'te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.231.1 NAME 'caseIgnoreOrderingMatch + -th' DESC 'th' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.231.1.6 NAME 'caseIgnoreSubstringMa + tch-th' DESC 'th' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.232.1 NAME 'caseIgnoreOrderingMatch + -ur' DESC 'ur' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.232.1.6 NAME 'caseIgnoreSubstringMa + tch-ur' DESC 'ur' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.233.1 NAME 'caseIgnoreOrderingMatch + -ur-IN' DESC 'ur-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.233.1.6 NAME 'caseIgnoreSubstringMa + tch-ur-IN' DESC 'ur-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.234.1 NAME 'caseIgnoreOrderingMatch + -ur-PK' DESC 'ur-PK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.234.1.6 NAME 'caseIgnoreSubstringMa + tch-ur-PK' DESC 'ur-PK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.235.1 NAME 'caseIgnoreOrderingMatch + -vi' DESC 'vi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.235.1.6 NAME 'caseIgnoreSubstringMa + tch-vi' DESC 'vi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.236.1 NAME 'caseIgnoreOrderingMatch + -yo' DESC 'yo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.236.1.6 NAME 'caseIgnoreSubstringMa + tch-yo' DESC 'yo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.237.1 NAME 'caseIgnoreOrderingMatch + -zh-Hans' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.237.1.6 NAME 'caseIgnoreSubstringMa + tch-zh-Hans' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.238.1 NAME 'caseIgnoreOrderingMatch + -zh-Hans-CN' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.238.1.6 NAME 'caseIgnoreSubstringMa + tch-zh-Hans-CN' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.239.1 NAME 'caseIgnoreOrderingMatch + -zh-Hans-SG' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.239.1.6 NAME 'caseIgnoreSubstringMa + tch-zh-Hans-SG' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.240.1 NAME 'caseIgnoreOrderingMatch + -zh-Hant-HK' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.240.1.6 NAME 'caseIgnoreSubstringMa + tch-zh-Hant-HK' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.241.1 NAME 'caseIgnoreOrderingMatch + -zh-Hant-MO' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.241.1.6 NAME 'caseIgnoreSubstringMa + tch-zh-Hant-MO' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.242.1 NAME 'caseIgnoreOrderingMatch + -zh-Hant-TW' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.242.1.6 NAME 'caseIgnoreSubstringMa + tch-zh-Hant-TW' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.243.1 NAME 'caseIgnoreOrderingMatch + -zu' DESC 'zu' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.243.1.6 NAME 'caseIgnoreSubstringMa + tch-zu' DESC 'zu' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.244.1 NAME 'caseIgnoreOrderingMatch + -zu-ZA' DESC 'zu-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.244.1.6 NAME 'caseIgnoreSubstringMa + tch-zu-ZA' DESC 'zu-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.0.3 SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.0.3.6 SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.11.3 NAME 'caseExactOrderingMatch-e + n' DESC 'en' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.16.840.1.113730.3.3.2.11.3.6 NAME 'caseExactSubstringMatc + h-en' DESC 'en' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +matchingRules: ( 2.5.13.23 NAME 'uniqueMemberMatch' DESC 'The uniqueMemberMa + tch rule compares an assertion value of the Name And Optional UID syntax to + an attribute value of a syntax (e.g., the Name And Optional UID syntax) wh + ose corresponding ASN.1 type is NameAndOptionalUID. The rule evaluates to + TRUE if and only if the components of the assertion val + ue and attribute value match according to the distinguishedNameMatch rule a + nd either, (1) the component is absent from both the attribute + value and assertion value, or (2) the component is present in b + oth the attribute value and the assertion value and the compone + nt of the assertion value matches the component of the attribut + e value according to the bitStringMatch rule. Note that this matching rule + has been altered from its description in X.520 [X.520] in order to make th + e matching rule commutative. Server implementors should consider using the + original X.520 semantics (where the matching was less exact) for approxima + te matching of attributes with uniqueMemberMatch as the equality matching r + ule.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) +matchingRules: ( 2.5.13.8 NAME 'numericStringMatch' DESC 'The rule evaluates + to TRUE if and only if the prepared attribute value character string and t + he prepared assertion value character string have the same number of charac + ters and corresponding characters have the same code point.' SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.36 ) +matchingRules: ( 2.5.13.9 NAME 'numericStringOrderingMatch' DESC 'The rule e + valuates to TRUE if and only if, in the code point collation order, the pre + pared attribute value character string appears earlier than the prepared as + sertion value character string; i.e., the attribute value is less than the + assertion value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 ) +matchingRules: ( 2.5.13.10 NAME 'numericStringSubstringsMatch' DESC 'The rul + e evaluates to TRUE if and only if (1) the prepared substrings of the asser + tion value match disjoint portions of the prepared attribute value, (2) an + initial substring, if present, matches the beginning of the prepared attrib + ute value character string, and (3) a final substring, if present, matches + the end of the prepared attribute value character string.' SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.58 ) +matchingRules: ( 2.5.13.20 NAME 'telephoneNumberMatch' DESC 'The telephoneNu + mberMatch rule compares an assertion value of the Telephone Number syntax t + o an attribute value of a syntax (e.g., the Telephone Number syntax) whose + corresponding ASN.1 type is a PrintableString representing a telephone numb + er. The rule evaluates to TRUE if and only if the prepared attribute value + character string and the prepared assertion value character string have the + same number of characters and corresponding characters have the same code + point. In preparing the attribute value and assertion value for comparison, + characters are case folded in the Map preparation step, and only telephone + Number Insignificant Character Handling is applied in the Insignificant Cha + racter Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) +matchingRules: ( 2.5.13.21 NAME 'telephoneNumberSubstringsMatch' DESC 'The t + elephoneNumberSubstringsMatch rule compares an assertion value of the Subst + ring Assertion syntax to an attribute value of a syntax (e.g., the Telephon + e Number syntax) whose corresponding ASN.1 type is a PrintableString repres + enting a telephone number. The rule evaluates to TRUE if and only if (1) th + e prepared substrings of the assertion value match disjoint portions of the + prepared attribute value character string in the order of the substrings i + n the assertion value, (2) an substring, if present, matches the + beginning of the prepared attribute value character string, and (3) a substring, if present, matches the end of the prepared attribute value c + haracter string. A prepared substring matches a portion of the prepared at + tribute value character string if corresponding characters have the same co + de point. In preparing the attribute value and assertion value substrings f + or comparison, characters are case folded in the Map preparation step, and + only telephoneNumber Insignificant Character Handling is applied in the Ins + ignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) +objectClass: top +objectClass: ldapSubentry +objectClass: subschema +objectClasses: ( 2.5.6.0 NAME 'top' ABSTRACT MUST objectClass X-ORIGIN 'RFC + 4512' ) +objectClasses: ( 2.5.6.1 NAME 'alias' SUP top STRUCTURAL MUST aliasedObjectN + ame X-ORIGIN 'RFC 4512' ) +objectClasses: ( 2.5.20.1 NAME 'subschema' AUXILIARY MAY ( dITStructureRules + $ nameForms $ dITContentRules $ objectClasses $ attributeTypes $ matchingR + ules $ matchingRuleUse ) X-ORIGIN 'RFC 4512' ) +objectClasses: ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject' SUP to + p AUXILIARY X-ORIGIN 'RFC 4512' ) +objectClasses: ( 2.5.6.11 NAME 'applicationProcess' SUP top STRUCTURAL MUST + cn MAY ( seeAlso $ ou $ l $ description ) X-ORIGIN 'RFC 4519' ) +objectClasses: ( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c MAY ( sear + chGuide $ description ) X-ORIGIN 'RFC 4519' ) +objectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'Standard LDAP ob + jectclass' SUP top AUXILIARY MUST dc X-ORIGIN ( 'IPA v4.4.2' 'user defined' + ) ) +objectClasses: ( 2.5.6.14 NAME 'device' SUP top STRUCTURAL MUST cn MAY ( ser + ialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) X-ORIGIN 'RFC 4519 + ' ) +objectClasses: ( 2.5.6.9 NAME 'groupOfNames' SUP top STRUCTURAL MUST cn MAY + ( member $ businessCategory $ seeAlso $ owner $ ou $ o $ description ) X-OR + IGIN 'RFC 4519' ) +objectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames' SUP top STRUCTURAL MUST + cn MAY ( uniqueMember $ businessCategory $ seeAlso $ owner $ ou $ o $ descr + iption ) X-ORIGIN 'RFC 4519' ) +objectClasses: ( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL MAY ( street $ s + eeAlso $ searchGuide $ st $ l $ description ) X-ORIGIN 'RFC 4519' ) +objectClasses: ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST o MAY ( + userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ re + gisteredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNum + ber $ teletexTerminalIdentifier $ telephoneNumber $ internationalISDNNumber + $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalA + ddress $ physicalDeliveryOfficeName $ st $ l $ description ) X-ORIGIN 'RFC + 4519' ) +objectClasses: ( 2.5.6.6 NAME 'person' SUP top STRUCTURAL MUST ( sn $ cn ) M + AY ( userPassword $ telephoneNumber $ seeAlso $ description ) X-ORIGIN 'RFC + 4519' ) +objectClasses: ( 2.5.6.7 NAME 'organizationalPerson' SUP person STRUCTURAL M + AY ( title $ x121Address $ registeredAddress $ destinationIndicator $ prefe + rredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ internationa + lISDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCod + e $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) X-ORIGIN 'RF + C 4519' ) +objectClasses: ( 2.5.6.8 NAME 'organizationalRole' SUP top STRUCTURAL MUST c + n MAY ( x121Address $ registeredAddress $ destinationIndicator $ preferredD + eliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ + internationalISDNNumber $ facsimileTelephoneNumber $ seeAlso $ roleOccupan + t $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryO + fficeName $ ou $ st $ l $ description ) X-ORIGIN 'RFC 4519' ) +objectClasses: ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST o + u MAY ( businessCategory $ description $ destinationIndicator $ facsimileTe + lephoneNumber $ internationalISDNNumber $ l $ physicalDeliveryOfficeName $ + postalAddress $ postalCode $ postOfficeBox $ preferredDeliveryMethod $ regi + steredAddress $ searchGuide $ seeAlso $ st $ street $ telephoneNumber $ tel + etexTerminalIdentifier $ telexNumber $ userPassword $ x121Address ) X-ORIGI + N 'RFC 4519' ) +objectClasses: ( 2.5.6.10 NAME 'residentialPerson' SUP person STRUCTURAL MUS + T l MAY ( businessCategory $ x121Address $ registeredAddress $ destinationI + ndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifie + r $ internationalISDNNumber $ facsimileTelephoneNumber $ street $ postOffic + eBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l ) X + -ORIGIN 'RFC 4519' ) +objectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject' SUP top AUXILIARY MUST uid X + -ORIGIN 'RFC 4519' ) +objectClasses: ( 2.16.840.1.113719.2.142.6.1.1 NAME 'ldapSubEntry' DESC 'LDA + P Subentry class, version 1' SUP top STRUCTURAL MAY cn X-ORIGIN 'LDAP Suben + try Internet Draft' ) +objectClasses: ( 2.16.840.1.113730.3.2.40 NAME 'directoryServerFeature' DESC + 'Netscape defined objectclass' SUP top STRUCTURAL MAY ( oid $ cn $ multiLi + neDescription ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.41 NAME 'nsslapdPlugin' DESC 'Netscap + e defined objectclass' SUP top STRUCTURAL MUST ( cn $ nsslapd-pluginPath $ + nsslapd-pluginInitfunc $ nsslapd-pluginType $ nsslapd-pluginId $ nsslapd-pl + uginVersion $ nsslapd-pluginVendor $ nsslapd-pluginDescription $ nsslapd-pl + uginEnabled ) MAY ( nsslapd-pluginConfigArea $ nsslapd-plugin-depends-on-ty + pe ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.44 NAME 'nsIndex' DESC 'Netscape defi + ned objectclass' SUP top STRUCTURAL MUST ( cn $ nsSystemIndex ) MAY ( descr + iption $ nsIndexType $ nsMatchingRule $ nsIndexIDListScanLimit ) X-ORIGIN ' + Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.109 NAME 'nsBackendInstance' DESC 'Ne + tscape defined objectclass' SUP top STRUCTURAL MUST cn X-ORIGIN 'Netscape D + irectory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.110 NAME 'nsMappingTree' DESC 'Netsca + pe defined objectclass' SUP top STRUCTURAL MUST cn X-ORIGIN 'Netscape Direc + tory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.104 NAME 'nsContainer' DESC 'Netscape + defined objectclass' SUP top STRUCTURAL MUST cn X-ORIGIN 'Netscape Directo + ry Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.108 NAME 'nsDS5Replica' DESC 'Netscap + e defined objectclass' SUP top STRUCTURAL MUST ( nsDS5ReplicaRoot $ nsDS5Re + plicaId ) MAY ( cn $ nsds5ReplicaPreciseTombstonePurging $ nsds5ReplicaClea + nRUV $ nsds5ReplicaAbortCleanRUV $ nsDS5ReplicaType $ nsDS5ReplicaBindDN $ + nsState $ nsDS5ReplicaName $ nsDS5Flags $ nsDS5Task $ nsDS5ReplicaReferral + $ nsDS5ReplicaAutoReferral $ nsds5ReplicaPurgeDelay $ nsds5ReplicaTombstone + PurgeInterval $ nsds5ReplicaChangeCount $ nsds5ReplicaLegacyConsumer $ nsds + 5ReplicaProtocolTimeout $ nsds5ReplicaBackoffMin $ nsds5ReplicaBackoffMax $ + nsds5ReplicaReleaseTimeout ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.113 NAME 'nsTombstone' DESC 'Netscape + defined objectclass' SUP top STRUCTURAL MAY ( nstombstonecsn $ nsParentUni + queId $ nscpEntryDN ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.103 NAME 'nsDS5ReplicationAgreement' + DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsds5R + eplicaCleanRUVNotified $ nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5Replica + TransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5Replica + BindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5Replica + tedAttributeListTotal $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefre + sh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5replicaTimeo + ut $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds + 5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdate + InProgress $ nsds5replicaLastInitEnd $ nsds5ReplicaEnabled $ nsds5replicaLa + stInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5 + replicaBusyWaitTime $ nsds5ReplicaStripAttrs $ nsds5replicaSessionPauseTime + $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaFlowControlWindow $ nsds5Repli + caFlowControlPause $ nsDS5ReplicaWaitForAsyncResults ) X-ORIGIN 'Netscape D + irectory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.39 NAME 'nsslapdConfig' DESC 'Netscap + e defined objectclass' SUP top STRUCTURAL MAY cn X-ORIGIN 'Netscape Directo + ry Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.317 NAME 'nsSaslMapping' DESC 'Netsca + pe defined objectclass' SUP top STRUCTURAL MUST ( cn $ nsSaslMapRegexString + $ nsSaslMapBaseDNTemplate $ nsSaslMapFilterTemplate ) MAY nsSaslMapPriorit + y X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.43 NAME 'nsSNMP' DESC 'Netscape defin + ed objectclass' SUP top STRUCTURAL MUST ( cn $ nsSNMPEnabled ) MAY ( nsSNMP + Organization $ nsSNMPLocation $ nsSNMPContact $ nsSNMPDescription $ nsSNMPN + ame $ nsSNMPMasterHost $ nsSNMPMasterPort ) X-ORIGIN 'Netscape Directory Se + rver' ) +objectClasses: ( nsEncryptionConfig-oid NAME 'nsEncryptionConfig' DESC 'Nets + cape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsCertfile $ nsK + eyfile $ nsSSL2 $ nsSSL3 $ nsTLS1 $ sslVersionMin $ sslVersionMax $ nsSSLSe + ssionTimeout $ nsSSL3SessionTimeout $ nsSSLClientAuth $ nsSSL2Ciphers $ nsS + SL3Ciphers $ nsSSLSupportedCiphers $ allowWeakCipher $ CACertExtractFile $ + allowWeakDHParam ) X-ORIGIN 'Netscape' ) +objectClasses: ( nsEncryptionModule-oid NAME 'nsEncryptionModule' DESC 'Nets + cape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsSSLToken $ nsS + SLPersonalitySSL $ nsSSLActivation $ ServerKeyExtractFile $ ServerCertExtra + ctFile ) X-ORIGIN 'Netscape' ) +objectClasses: ( 2.16.840.1.113730.3.2.327 NAME 'rootDNPluginConfig' DESC 'N + etscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( rootdn-open-t + ime $ rootdn-close-time $ rootdn-days-allowed $ rootdn-allow-host $ rootdn- + deny-host $ rootdn-allow-ip $ rootdn-deny-ip ) X-ORIGIN 'Netscape' ) +objectClasses: ( 2.16.840.1.113730.3.2.328 NAME 'nsSchemaPolicy' DESC 'Netsc + ape defined objectclass' SUP top STRUCTURAL MAY ( cn $ schemaUpdateObjectcl + assAccept $ schemaUpdateObjectclassReject $ schemaUpdateAttributeAccept $ s + chemaUpdateAttributeReject ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.31 NAME 'groupOfCertificates' DESC 'N + etscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( memberCertifi + cateDescription $ businessCategory $ description $ o $ ou $ owner $ seeAlso + ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.33 NAME 'groupOfURLs' DESC 'Netscape + defined objectclass' SUP top STRUCTURAL MUST cn MAY ( memberURL $ businessC + ategory $ description $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Direc + tory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.35 NAME 'LDAPServer' DESC 'Netscape d + efined objectclass' SUP top STRUCTURAL MUST cn MAY ( description $ l $ ou $ + seeAlso $ generation $ changeLogMaximumAge $ changeLogMaximumSize ) X-ORIG + IN 'Netscape Directory Server' ) +objectClasses: ( 1.3.6.1.4.1.250.3.18 NAME 'cacheObject' DESC 'object that c + ontains the TTL (time to live) attribute type' SUP top STRUCTURAL MAY ttl X + -ORIGIN 'LDAP Caching Internet Draft' ) +objectClasses: ( 2.16.840.1.113730.3.2.10 NAME 'netscapeServer' DESC 'Netsca + pe defined objectclass' SUP top STRUCTURAL MUST cn MAY ( description $ serv + erRoot $ serverProductName $ serverVersionNumber $ installationTimeStamp $ + administratorContactInfo $ userPassword $ adminUrl $ serverHostName ) X-ORI + GIN 'Netscape Administration Services' ) +objectClasses: ( 2.16.840.1.113730.3.2.7 NAME 'nsLicenseUser' DESC 'Netscape + defined objectclass' SUP top STRUCTURAL MAY ( nsLicensedFor $ nsLicenseSta + rtTime $ nsLicenseEndTime ) X-ORIGIN 'Netscape Administration Services' ) +objectClasses: ( 2.16.840.1.113730.3.2.1 NAME 'changeLogEntry' DESC 'LDAP ch + angelog objectclass' SUP top STRUCTURAL MUST ( targetDn $ changeTime $ chan + geNumber $ changeType ) MAY ( changes $ newRdn $ deleteOldRdn $ newSuperior + ) X-ORIGIN 'Changelog Internet Draft' ) +objectClasses: ( 2.16.840.1.113730.3.2.6 NAME 'referral' DESC 'LDAP referral + s objectclass' SUP top STRUCTURAL MAY ref X-ORIGIN 'LDAPv3 referrals Intern + et Draft' ) +objectClasses: ( 2.16.840.1.113730.3.2.12 NAME 'passwordObject' DESC 'Netsca + pe defined password policy objectclass' SUP top STRUCTURAL MAY ( pwdpolicys + ubentry $ passwordExpirationTime $ passwordExpWarned $ passwordRetryCount $ + retryCountResetTime $ accountUnlockTime $ passwordHistory $ passwordAllowC + hangeTime $ passwordGraceUserTime ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.13 NAME 'passwordPolicy' DESC 'Netsca + pe defined password policy objectclass' SUP top STRUCTURAL MAY ( passwordMa + xAge $ passwordExp $ passwordMinLength $ passwordKeepHistory $ passwordInHi + story $ passwordChange $ passwordWarning $ passwordLockout $ passwordMaxFai + lure $ passwordResetDuration $ passwordUnlock $ passwordLockoutDuration $ p + asswordCheckSyntax $ passwordMustChange $ passwordStorageScheme $ passwordM + inAge $ passwordResetFailureCount $ passwordGraceLimit $ passwordMinDigits + $ passwordMinAlphas $ passwordMinUppers $ passwordMinLowers $ passwordMinSp + ecials $ passwordMin8bit $ passwordMaxRepeats $ passwordMinCategories $ pas + swordMinTokenLength $ passwordTrackUpdateTime $ passwordAdminDN ) X-ORIGIN + 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.30 NAME 'glue' DESC 'Netscape defined + objectclass' SUP top STRUCTURAL X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.32 NAME 'netscapeMachineData' DESC 'N + etscape defined objectclass' SUP top STRUCTURAL X-ORIGIN 'Netscape Director + y Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.38 NAME 'vlvSearch' DESC 'Netscape de + fined objectclass' SUP top STRUCTURAL MUST ( cn $ vlvBase $ vlvScope $ vlvF + ilter ) MAY multiLineDescription X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.42 NAME 'vlvIndex' DESC 'Netscape def + ined objectclass' SUP top STRUCTURAL MUST ( cn $ vlvSort ) MAY ( vlvEnabled + $ vlvUses ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.84 NAME 'cosDefinition' DESC 'Netscap + e defined objectclass' SUP top STRUCTURAL MAY ( costargettree $ costemplate + dn $ cosspecifier $ cosAttribute $ aci $ cn $ uid ) X-ORIGIN 'Netscape Dire + ctory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.93 NAME 'nsRoleDefinition' DESC 'Nets + cape defined objectclass' SUP ldapSubEntry STRUCTURAL MAY ( description $ n + sRoleScopeDN ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.94 NAME 'nsSimpleRoleDefinition' DESC + 'Netscape defined objectclass' SUP nsRoleDefinition STRUCTURAL X-ORIGIN 'N + etscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.95 NAME 'nsComplexRoleDefinition' DES + C 'Netscape defined objectclass' SUP nsRoleDefinition STRUCTURAL X-ORIGIN ' + Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.96 NAME 'nsManagedRoleDefinition' DES + C 'Netscape defined objectclass' SUP nsSimpleRoleDefinition STRUCTURAL X-OR + IGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.97 NAME 'nsFilteredRoleDefinition' DE + SC 'Netscape defined objectclass' SUP nsComplexRoleDefinition STRUCTURAL MU + ST nsRoleFilter X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.98 NAME 'nsNestedRoleDefinition' DESC + 'Netscape defined objectclass' SUP nsComplexRoleDefinition STRUCTURAL MUST + nsRoleDN X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.99 NAME 'cosSuperDefinition' DESC 'Ne + tscape defined objectclass' SUP ldapSubEntry STRUCTURAL MUST cosAttribute M + AY description X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.100 NAME 'cosClassicDefinition' DESC + 'Netscape defined objectclass' SUP cosSuperDefinition STRUCTURAL MAY ( cost + emplatedn $ cosspecifier ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.101 NAME 'cosPointerDefinition' DESC + 'Netscape defined objectclass' SUP cosSuperDefinition STRUCTURAL MAY costem + platedn X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.102 NAME 'cosIndirectDefinition' DESC + 'Netscape defined objectclass' SUP cosSuperDefinition STRUCTURAL MAY cosIn + directSpecifier X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.503 NAME 'nsDSWindowsReplicationAgree + ment' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( + nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5Repl + icaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5Replica + Root $ nsDS5ReplicatedAttributeList $ nsDS5ReplicaUpdateSchedule $ nsds5Beg + inReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsd + s5replicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUp + dateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds + 5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5replicaLastInitSt + art $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaB + usyWaitTime $ nsds5replicaSessionPauseTime $ nsds7WindowsReplicaSubtree $ n + sds7DirectoryReplicaSubtree $ nsds7NewWinUserSyncEnabled $ nsds7NewWinGroup + SyncEnabled $ nsds7WindowsDomain $ nsds7DirsyncCookie $ winSyncInterval $ o + neWaySync $ winSyncMoveAction $ nsds5ReplicaEnabled $ winSyncDirectoryFilte + r $ winSyncWindowsFilter $ winSyncSubtreePair ) X-ORIGIN 'Netscape Director + y Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.128 NAME 'costemplate' DESC 'Netscape + defined objectclass' SUP top STRUCTURAL MAY ( cn $ cosPriority ) X-ORIGIN + 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.304 NAME 'nsView' DESC 'Netscape defi + ned objectclass' SUP top AUXILIARY MAY ( nsViewFilter $ description ) X-ORI + GIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.316 NAME 'nsAttributeEncryption' DESC + 'Netscape defined objectclass' SUP top STRUCTURAL MUST ( cn $ nsEncryption + Algorithm ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.5.6.21 NAME 'pkiUser' DESC 'X.509 PKI User' SUP top AUXIL + IARY MAY userCertificate X-ORIGIN 'RFC 4523' ) +objectClasses: ( 2.5.6.22 NAME 'pkiCA' DESC 'X.509 PKI Certificate Authority + ' SUP top AUXILIARY MAY ( cACertificate $ certificateRevocationList $ autho + rityRevocationList $ crossCertificatePair ) X-ORIGIN 'RFC 4523' ) +objectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint' DESC 'X.509 CRL distri + bution point' SUP top STRUCTURAL MUST cn MAY ( certificateRevocationList $ + authorityRevocationList $ deltaRevocationList ) X-ORIGIN 'RFC 4523' ) +objectClasses: ( 2.5.6.23 NAME 'deltaCRL' DESC 'X.509 delta CRL' SUP top AUX + ILIARY MAY deltaRevocationList X-ORIGIN 'RFC 4523' ) +objectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser' DESC 'X.521 strong + authentication user' SUP top AUXILIARY MUST userCertificate X-ORIGIN 'RFC + 4523' ) +objectClasses: ( 2.5.6.18 NAME 'userSecurityInformation' DESC 'X.521 user se + curity information' SUP top AUXILIARY MAY supportedAlgorithms X-ORIGIN 'RFC + 4523' ) +objectClasses: ( 2.5.6.16 NAME 'certificationAuthority' DESC 'X.509 certific + ate authority' SUP top AUXILIARY MUST ( authorityRevocationList $ certifica + teRevocationList $ cACertificate ) MAY crossCertificatePair X-ORIGIN 'RFC 4 + 523' ) +objectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2' DESC 'X.509 cer + tificate authority, version 2' SUP certificationAuthority AUXILIARY MAY del + taRevocationList X-ORIGIN 'RFC 4523' ) +objectClasses: ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCTURAL + MUST uid MAY ( description $ seeAlso $ l $ o $ ou $ host ) X-ORIGIN 'RFC 4 + 524' ) +objectClasses: ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUCTURA + L MUST documentIdentifier MAY ( cn $ description $ seeAlso $ l $ o $ ou $ d + ocumentTitle $ documentVersion $ documentAuthor $ documentLocation $ docume + ntPublisher ) X-ORIGIN 'RFC 4524' ) +objectClasses: ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top STR + UCTURAL MUST cn MAY ( description $ l $ o $ ou $ seeAlso $ telephoneNumber + ) X-ORIGIN 'RFC 4524' ) +objectClasses: ( 0.9.2342.19200300.100.4.13 NAME 'domain' DESC 'Standard LDA + P objectclass' SUP top STRUCTURAL MUST dc MAY ( associatedName $ businessCa + tegory $ description $ destinationIndicator $ facsimileTelephoneNumber $ in + ternationalISDNNumber $ l $ o $ physicalDeliveryOfficeName $ postOfficeBox + $ postalAddress $ postalCode $ preferredDeliveryMethod $ registeredAddress + $ searchGuide $ seeAlso $ st $ street $ telephoneNumber $ teletexTerminalId + entifier $ telexNumber $ userPassword $ x121Address ) X-ORIGIN ( 'IPA v4.4. + 2' 'user defined' ) ) +objectClasses: ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' SUP t + op AUXILIARY MUST associatedDomain X-ORIGIN 'RFC 4524' ) +objectClasses: ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP count + ry STRUCTURAL MUST co X-ORIGIN 'RFC 4524' ) +objectClasses: ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' DESC 'Pil + ot objectclass' SUP domain STRUCTURAL MAY ( cn $ sn ) X-ORIGIN ( 'IPA v4.4. + 2' 'user defined' ) ) +objectClasses: ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURAL MU + ST cn MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) X-ORIGIN + 'RFC 4524' ) +objectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' SUP + top AUXILIARY MUST userPassword X-ORIGIN 'RFC 4524' ) +objectClasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' SUP organizati + onalPerson STRUCTURAL MAY ( audio $ businessCategory $ carLicense $ departm + entNumber $ displayName $ employeeNumber $ employeeType $ givenName $ homeP + hone $ homePostalAddress $ initials $ jpegPhoto $ labeledURI $ mail $ manag + er $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid $ userCertif + icate $ x500UniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ u + serPKCS12 ) X-ORIGIN 'RFC 2798' ) +objectClasses: ( 2.16.840.1.113730.3.2.322 NAME 'autoMemberDefinition' DESC + 'Auto Membership Config Definition Entry' SUP top STRUCTURAL MUST ( cn $ au + toMemberScope $ autoMemberFilter $ autoMemberGroupingAttr ) MAY ( autoMembe + rDefaultGroup $ autoMemberDisabled ) X-ORIGIN '389 Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.323 NAME 'autoMemberRegexRule' DESC ' + Auto Membership Regex Rule Entry' SUP top STRUCTURAL MUST ( cn $ autoMember + TargetGroup ) MAY ( autoMemberExclusiveRegex $ autoMemberInclusiveRegex $ d + escription ) X-ORIGIN '389 Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.324 NAME 'dnaPluginConfig' DESC 'DNA + plugin configuration' SUP top AUXILIARY MAY ( dnaType $ dnaPrefix $ dnaNext + Value $ dnaMaxValue $ dnaInterval $ dnaMagicRegen $ dnaFilter $ dnaScope $ + dnaExcludeScope $ dnaSharedCfgDN $ dnaThreshold $ dnaNextRange $ dnaRangeRe + questTimeout $ dnaRemoteBindDN $ dnaRemoteBindCred $ cn ) X-ORIGIN '389 Dir + ectory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.325 NAME 'dnaSharedConfig' DESC 'DNA + Shared Configuration' SUP top AUXILIARY MAY ( dnaHostname $ dnaPortNum $ dn + aSecurePortNum $ dnaRemoteBindMethod $ dnaRemoteConnProtocol $ dnaRemaining + Values ) X-ORIGIN '389 Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.319 NAME 'mepManagedEntry' DESC 'Mana + ged Entries Managed Entry' SUP top AUXILIARY MAY mepManagedBy X-ORIGIN '389 + Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.320 NAME 'mepOriginEntry' DESC 'Manag + ed Entries Origin Entry' SUP top AUXILIARY MAY mepManagedEntry X-ORIGIN '38 + 9 Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.321 NAME 'mepTemplateEntry' DESC 'Man + aged Entries Template Entry' SUP top AUXILIARY MAY ( cn $ mepStaticAttr $ m + epMappedAttr $ mepRDNAttr ) X-ORIGIN '389 Directory Server' ) +objectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Standard LDAP obj + ectclass' SUP top AUXILIARY MUST ( cn $ uid $ uidNumber $ gidNumber $ homeD + irectory ) MAY ( userPassword $ loginShell $ gecos $ description ) X-ORIGIN + 'RFC 2307' ) +objectClasses: ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Standard LDAP ob + jectclass' SUP top AUXILIARY MUST uid MAY ( userPassword $ shadowLastChange + $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ + shadowFlag $ description ) X-ORIGIN 'RFC 2307' ) +objectClasses: ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Standard LDAP objec + tclass' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPassword $ mem + berUid $ description ) X-ORIGIN 'RFC 2307' ) +objectClasses: ( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Standard LDAP object + class' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipServiceProtocol ) M + AY description X-ORIGIN 'RFC 2307' ) +objectClasses: ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Standard LDAP objec + tclass' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber ) MAY description X + -ORIGIN 'RFC 2307' ) +objectClasses: ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Standard LDAP objectcla + ss' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber ) MAY description X-ORIGIN + 'RFC 2307' ) +objectClasses: ( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Standard LDAP objectcla + ss' SUP top AUXILIARY MUST ( ipHostNumber $ cn ) MAY ( manager $ descriptio + n $ l $ o $ ou $ owner $ seeAlso $ serialNumber ) X-ORIGIN 'RFC 2307' ) +objectClasses: ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Standard LDAP object + class' SUP top STRUCTURAL MUST ( ipNetworkNumber $ cn ) MAY ( ipNetmaskNumb + er $ manager $ l $ description ) X-ORIGIN 'RFC 2307' ) +objectClasses: ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Standard LDAP obje + ctclass' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNetg + roup $ description ) X-ORIGIN 'RFC 2307' ) +objectClasses: ( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'Standard LDAP objec + tclass' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY descr + iption X-ORIGIN 'RFC 2307' ) +objectClasses: ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'Standard LDAP o + bjectclass' SUP top AUXILIARY MUST cn MAY ( macAddress $ description $ l $ + o $ ou $ owner $ seeAlso $ serialNumber ) X-ORIGIN 'RFC 2307' ) +objectClasses: ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'Standard LDAP + objectclass' SUP top AUXILIARY MUST cn MAY ( bootFile $ bootParameter $ des + cription $ l $ o $ ou $ owner $ seeAlso $ serialNumber ) X-ORIGIN 'RFC 2307 + ' ) +objectClasses: ( 1.3.6.1.1.1.2.13 NAME 'nisMap' DESC 'Standard LDAP objectcl + ass' SUP top STRUCTURAL MUST nisMapName MAY description X-ORIGIN 'RFC 2307' + ) +objectClasses: ( 2.16.840.1.113730.3.2.129 NAME 'inetDomain' DESC 'Auxiliary + class for virtual domain nodes' SUP top AUXILIARY MAY ( inetDomainBaseDN $ + inetDomainStatus ) X-ORIGIN 'Netscape subscriber interoperability' ) +objectClasses: ( 2.16.840.1.113730.3.2.130 NAME 'inetUser' DESC 'Auxiliary c + lass which must be present in an entry for delivery of subscriber services' + SUP top AUXILIARY MAY ( uid $ inetUserStatus $ inetUserHttpURL $ userPassw + ord $ memberOf ) X-ORIGIN 'Netscape subscriber interoperability' ) +objectClasses: ( 1.3.6.1.4.1.1466.101.120.141 NAME 'NetscapeLinkedOrganizati + on' AUXILIARY MAY parentOrganization X-ORIGIN 'Netscape' ) +objectClasses: ( 1.3.6.1.4.1.1466.101.120.142 NAME 'NetscapePreferences' AUX + ILIARY MAY ( preferredLanguage $ preferredLocale $ preferredTimeZone ) X-OR + IGIN 'Netscape' ) +objectClasses: ( 2.16.840.1.113730.3.2.134 NAME 'inetSubscriber' SUP top AUX + ILIARY MAY ( inetSubscriberAccountId $ inetSubscriberChallenge $ inetSubscr + iberResponse ) X-ORIGIN 'Netscape subscriber interoperability' ) +objectClasses: ( 2.16.840.1.113730.3.2.112 NAME 'inetAdmin' DESC 'Marker for + an administrative group or user' SUP top AUXILIARY MAY ( aci $ memberOf $ + adminRole ) X-ORIGIN 'Netscape Delegated Administrator' ) +objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.1 NAME 'javaContainer' DESC 'Contai + ner for a Java object' SUP top STRUCTURAL MUST cn X-ORIGIN 'RFC 2713' ) +objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.4 NAME 'javaObject' DESC 'Java obje + ct representation' SUP top ABSTRACT MUST javaClassName MAY ( javaClassNames + $ javaCodebase $ javaDoc $ description ) X-ORIGIN 'RFC 2713' ) +objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.5 NAME 'javaSerializedObject' DESC + 'Java serialized object' SUP javaObject AUXILIARY MUST javaSerializedData X + -ORIGIN 'RFC 2713' ) +objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.7 NAME 'javaNamingReference' DESC ' + JNDI reference' SUP javaObject AUXILIARY MAY ( javaReferenceAddress $ javaF + actory ) X-ORIGIN 'RFC 2713' ) +objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.8 NAME 'javaMarshalledObject' DESC + 'Java marshalled object' SUP javaObject AUXILIARY MUST javaSerializedData X + -ORIGIN 'RFC 2713' ) +objectClasses: ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject' DESC 'Standard + LDAP objectclass' SUP top STRUCTURAL MAY ( audio $ ditRedirect $ info $ jp + egPhoto $ lastModifiedBy $ lastModifiedTime $ manager $ photo $ uniqueIdent + ifier ) X-ORIGIN 'RFC 1274' ) +objectClasses: ( nsAdminDomain-oid NAME 'nsAdminDomain' DESC 'Netscape defin + ed objectclass' SUP organizationalUnit STRUCTURAL MAY nsAdminDomainName X-O + RIGIN 'Netscape' ) +objectClasses: ( nsHost-oid NAME 'nsHost' DESC 'Netscape defined objectclass + ' SUP top STRUCTURAL MUST cn MAY ( serverHostName $ description $ l $ nsHos + tLocation $ nsHardwarePlatform $ nsOsVersion ) X-ORIGIN 'Netscape' ) +objectClasses: ( nsAdminGroup-oid NAME 'nsAdminGroup' DESC 'Netscape defined + objectclass' SUP top STRUCTURAL MUST cn MAY ( nsAdminGroupName $ descripti + on $ nsConfigRoot $ nsAdminSIEDN ) X-ORIGIN 'Netscape' ) +objectClasses: ( nsApplication-oid NAME 'nsApplication' DESC 'Netscape defin + ed objectclass' SUP top STRUCTURAL MUST cn MAY ( nsVendor $ description $ n + sProductName $ nsNickName $ nsProductVersion $ nsBuildNumber $ nsRevisionNu + mber $ nsSerialNumber $ nsInstalledLocation $ installationTimeStamp $ nsExp + irationDate $ nsBuildSecurity $ nsLdapSchemaVersion $ nsServerMigrationClas + sname $ nsServerCreationClassname ) X-ORIGIN 'Netscape' ) +objectClasses: ( nsResourceRef-oid NAME 'nsResourceRef' DESC 'Netscape defin + ed objectclass' SUP top STRUCTURAL MUST cn MAY seeAlso X-ORIGIN 'Netscape' + ) +objectClasses: ( nsTask-oid NAME 'nsTask' DESC 'Netscape defined objectclass + ' SUP top STRUCTURAL MUST cn MAY ( nsTaskLabel $ nsHelpRef $ nsExecRef $ ns + LogSuppress ) X-ORIGIN 'Netscape' ) +objectClasses: ( nsTaskGroup-oid NAME 'nsTaskGroup' DESC 'Netscape defined o + bjectclass' SUP top STRUCTURAL MUST cn MAY nsTaskLabel X-ORIGIN 'Netscape' + ) +objectClasses: ( nsAdminObject-oid NAME 'nsAdminObject' DESC 'Netscape defin + ed objectclass' SUP top STRUCTURAL MUST cn MAY ( nsJarfilename $ nsClassnam + e ) X-ORIGIN 'Netscape' ) +objectClasses: ( nsConfig-oid NAME 'nsConfig' DESC 'Netscape defined objectc + lass' SUP top STRUCTURAL MUST cn MAY ( description $ nsServerPort $ nsServe + rAddress $ nsSuiteSpotUser $ nsErrorLog $ nsPidLog $ nsAccessLog $ nsDefaul + tAcceptLanguage $ nsServerSecurity ) X-ORIGIN 'Netscape' ) +objectClasses: ( nsDirectoryInfo-oid NAME 'nsDirectoryInfo' DESC 'Netscape d + efined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsBindDN $ nsBindPassw + ord $ nsDirectoryURL $ nsDirectoryFailoverList $ nsDirectoryInfoRef ) X-ORI + GIN 'Netscape' ) +objectClasses: ( nsAdminServer-oid NAME 'nsAdminServer' DESC 'Netscape defin + ed objectclass' SUP top STRUCTURAL MUST ( cn $ nsServerID ) MAY description + X-ORIGIN 'Netscape Administration Services' ) +objectClasses: ( nsAdminConfig-oid NAME 'nsAdminConfig' DESC 'Netscape defin + ed objectclass' SUP nsConfig STRUCTURAL MAY ( nsAdminCgiWaitPid $ nsAdminUs + ers $ nsAdminAccessHosts $ nsAdminAccessAddresses $ nsAdminOneACLDir $ nsAd + minEnableDSGW $ nsAdminEnableEnduser $ nsAdminCacheLifetime ) X-ORIGIN 'Net + scape Administration Services' ) +objectClasses: ( nsAdminResourceEditorExtension-oid NAME 'nsAdminResourceEdi + torExtension' DESC 'Netscape defined objectclass' SUP nsAdminObject STRUCTU + RAL MAY ( nsAdminAccountInfo $ nsDeleteclassname ) X-ORIGIN 'Netscape Admin + istration Services' ) +objectClasses: ( nsAdminGlobalParameters-oid NAME 'nsAdminGlobalParameters' + DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsAdmi + nEndUserHTMLIndex $ nsNickName ) X-ORIGIN 'Netscape Administration Services + ' ) +objectClasses: ( nsGlobalParameters-oid NAME 'nsGlobalParameters' DESC 'Nets + cape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsUniqueAttribut + e $ nsUserIDFormat $ nsUserRDNComponent $ nsGroupRDNComponent $ nsWellKnown + Jarfiles $ nsNYR ) X-ORIGIN 'Netscape Administration Services' ) +objectClasses: ( nsDefaultObjectClasses-oid NAME 'nsDefaultObjectClasses' DE + SC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY nsDefaultO + bjectClass X-ORIGIN 'Netscape Administration Services' ) +objectClasses: ( nsAdminConsoleUser-oid NAME 'nsAdminConsoleUser' DESC 'Nets + cape defined objectclass' SUP top STRUCTURAL MUST cn MAY nsPreference X-ORI + GIN 'Netscape Administration Services' ) +objectClasses: ( nsCustomView-oid NAME 'nsCustomView' DESC 'Netscape defined + objectclass' SUP nsAdminObject STRUCTURAL MAY nsDisplayName X-ORIGIN 'Nets + cape Administration Services' ) +objectClasses: ( nsTopologyCustomView-oid NAME 'nsTopologyCustomView' DESC ' + Netscape defined objectclass' SUP nsCustomView STRUCTURAL MAY nsViewConfigu + ration X-ORIGIN 'Netscape Administration Services' ) +objectClasses: ( nsTopologyPlugin-oid NAME 'nsTopologyPlugin' DESC 'Netscape + defined objectclass' SUP nsAdminObject STRUCTURAL X-ORIGIN 'Netscape Admin + istration Services' ) +objectClasses: ( 2.16.840.1.113730.3.2.18 NAME 'netscapeCertificateServer' D + ESC 'Netscape defined objectclass' SUP top STRUCTURAL X-ORIGIN 'Netscape Ce + rtificate Management System' ) +objectClasses: ( nsCertificateServer-oid NAME 'nsCertificateServer' DESC 'Ne + tscape defined objectclass' SUP top STRUCTURAL MUST nsServerID MAY ( server + HostName $ nsServerPort $ nsCertConfig ) X-ORIGIN 'Netscape Certificate Man + agement System' ) +objectClasses: ( 2.16.840.1.113730.3.2.23 NAME 'netscapeDirectoryServer' DES + C 'Netscape defined objectclass' SUP top STRUCTURAL X-ORIGIN 'Netscape Dire + ctory Server' ) +objectClasses: ( nsDirectoryServer-oid NAME 'nsDirectoryServer' DESC 'Netsca + pe defined objectclass' SUP top STRUCTURAL MUST nsServerID MAY ( serverHost + Name $ nsServerPort $ nsSecureServerPort $ nsBindPassword $ nsBindDN $ nsBa + seDN ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.8 NAME 'ntUser' DESC 'Netscape define + d objectclass' SUP top STRUCTURAL MUST ntUserDomainId MAY ( description $ l + $ ou $ seeAlso $ ntUserPriv $ ntUserHomeDir $ ntUserComment $ ntUserFlags + $ ntUserScriptPath $ ntUserAuthFlags $ ntUserUsrComment $ ntUserParms $ ntU + serWorkstations $ ntUserLastLogon $ ntUserLastLogoff $ ntUserAcctExpires $ + ntUserMaxStorage $ ntUserUnitsPerWeek $ ntUserLogonHours $ ntUserBadPwCount + $ ntUserNumLogons $ ntUserLogonServer $ ntUserCountryCode $ ntUserCodePage + $ ntUserUniqueId $ ntUserPrimaryGroupId $ ntUserProfile $ ntUserHomeDirDri + ve $ ntUserPasswordExpired $ ntUserCreateNewAccount $ ntUserDeleteAccount $ + ntUniqueId $ ntUserNtPassword ) X-ORIGIN 'Netscape NT Synchronization' ) +objectClasses: ( 2.16.840.1.113730.3.2.9 NAME 'ntGroup' DESC 'Netscape defin + ed objectclass' SUP top STRUCTURAL MUST ntUserDomainId MAY ( description $ + l $ ou $ seeAlso $ ntGroupId $ ntGroupAttributes $ ntGroupCreateNewGroup $ + ntGroupDeleteGroup $ ntGroupType $ ntUniqueId $ mail ) X-ORIGIN 'Netscape N + T Synchronization' ) +objectClasses: ( 2.16.840.1.113730.3.2.82 NAME 'nsChangelog4Config' DESC 'Ne + tscape defined objectclass' SUP top STRUCTURAL MAY cn X-ORIGIN 'Netscape Di + rectory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.114 NAME 'nsConsumer4Config' DESC 'Ne + tscape defined objectclass' SUP top STRUCTURAL MAY cn X-ORIGIN 'Netscape Di + rectory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.36 NAME 'LDAPReplica' DESC 'Netscape + defined objectclass' SUP top STRUCTURAL MUST cn MAY ( description $ l $ ou + $ seeAlso $ replicaRoot $ replicaHost $ replicaPort $ replicaBindDn $ repli + caCredentials $ replicaBindMethod $ replicaUseSSL $ replicaUpdateSchedule $ + replicaUpdateReplayed $ replicaUpdateFailedAt $ replicaBeginOrc $ replicaN + ickName $ replicaEntryFilter $ replicatedattributelist $ replicaCFUpdated $ + replicaAbandonedChanges $ replicaLastRelevantChange ) X-ORIGIN 'Netscape D + irectory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.11 NAME 'cirReplicaSource' DESC 'Nets + cape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( cirReplicaRoot $ + cirHost $ cirPort $ cirBindDn $ cirUsePersistentSearch $ cirUseSsl $ cirBi + ndCredentials $ cirLastUpdateApplied $ cirUpdateSchedule $ cirSyncInterval + $ cirUpdateFailedat $ cirBeginORC $ replicaNickName $ replicaEntryFilter $ + replicatedattributelist ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.3 NAME 'mailRecipient' DESC 'Netscape + Messaging Server 4.x defined objectclass' SUP top AUXILIARY MAY ( cn $ mai + l $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mailAccessDomain + $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForward + ingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ multi + LineDescription $ uid $ userPassword ) X-ORIGIN 'Netscape Messaging Server + 4.x' ) +objectClasses: ( 2.16.840.113730.3.2.37 NAME 'nsMessagingServerUser' DESC 'N + etscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MAY ( c + n $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDelivery + Option $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo + $ mailQuota $ nsmsgDisallowAccess $ nsmsgNumMsgQuota $ nswmExtendedUserPre + fs $ vacationstartdate $ vacationenddate ) X-ORIGIN 'Netscape Messaging Ser + ver 4.x' ) +objectClasses: ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' DESC 'mailGroup' S + UP top STRUCTURAL MUST mail MAY ( cn $ mgrpRFC822MailMember ) X-ORIGIN ( 'I + PA v4.4.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.2.5 NAME 'groupOfMailEnhancedUniqueName + s' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIA + RY MUST cn MAY ( businessCategory $ description $ mailEnhancedUniqueMember + $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Messaging Server 4.x' ) +objectClasses: ( 2.16.840.1.113730.3.2.24 NAME 'netscapeMailServer' DESC 'Ne + tscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY X-ORIGIN + 'Netscape Messaging Server 4.x' ) +objectClasses: ( 2.16.840.1.113730.3.2.45 NAME 'nsValueItem' DESC 'Netscape + defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsValueCIS $ nsValueC + ES $ nsValueTel $ nsValueInt $ nsValueBin $ nsValueDN $ nsValueType $ nsVal + ueSyntax $ nsValueDescription $ nsValueHelpURL $ nsValueFlags $ nsValueDefa + ult ) X-ORIGIN 'Netscape servers - value item' ) +objectClasses: ( 2.16.840.1.113730.3.2.29 NAME 'netscapeWebServer' DESC 'Net + scape defined objectclass' SUP top STRUCTURAL MUST ( cn $ nsServerID ) MAY + ( description $ nsServerPort ) X-ORIGIN 'Netscape Web Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.154 NAME 'netscapeReversiblePasswordO + bject' DESC 'object that contains an netscapeReversiblePassword' AUXILIARY + MAY netscapeReversiblePassword X-ORIGIN 'Netscape Web Server' ) +objectClasses: ( 1.3.6.1.4.1.11.1.3.2.2.1 NAME 'accountPolicy' DESC 'Account + policy entry' SUP top AUXILIARY MAY accountInactivityLimit X-ORIGIN 'Accou + nt Policy Plugin' ) +objectClasses: ( 1.3.6.1.1.1.2.17 NAME 'automount' DESC 'Automount informati + on' SUP top STRUCTURAL MUST ( automountKey $ automountInformation ) MAY des + cription X-ORIGIN ( 'RFC 2307bis' 'user defined' ) ) +objectClasses: ( 1.3.6.1.1.1.2.16 NAME 'automountMap' DESC 'Automount Map in + formation' SUP top STRUCTURAL MUST automountMapName MAY description X-ORIGI + N ( 'RFC 2307bis' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.4.1 NAME 'ipaHost' AUXILIARY MUST fqd + n MAY ( userPassword $ ipaClientVersion $ enrolledBy $ memberOf $ userClass + $ ipaAssignedIDView ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.4.12 NAME 'ipaObject' DESC 'IPA objec + tclass' AUXILIARY MUST ipaUniqueID X-ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.14 NAME 'ipaEntitlement' DESC 'IPA + Entitlement object' AUXILIARY MUST ipaEntitlementId MAY ( userPKCS12 $ user + Certificate ) X-ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.15 NAME 'ipaPermission' DESC 'IPA P + ermission objectclass' AUXILIARY MAY ipaPermissionType X-ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.2 NAME 'ipaService' DESC 'IPA servi + ce objectclass' AUXILIARY MAY ( memberOf $ managedBy $ ipaKrbAuthzData ) X- + ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.3 NAME 'nestedGroup' DESC 'Group th + at supports nesting' SUP groupOfNames STRUCTURAL MAY memberOf X-ORIGIN 'IPA + v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.4 NAME 'ipaUserGroup' DESC 'IPA use + r group object class' SUP nestedGroup STRUCTURAL X-ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.5 NAME 'ipaHostGroup' DESC 'IPA hos + t group object class' SUP nestedGroup STRUCTURAL X-ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.6 NAME 'ipaAssociation' ABSTRACT MU + ST ( ipaUniqueID $ cn ) MAY ( memberUser $ userCategory $ memberHost $ host + Category $ ipaEnabledFlag $ description ) X-ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.7 NAME 'ipaHBACRule' SUP ipaAssocia + tion STRUCTURAL MUST accessRuleType MAY ( sourceHost $ sourceHostCategory $ + serviceCategory $ memberService $ externalHost $ accessTime ) X-ORIGIN 'IP + A v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.8 NAME 'ipaNISNetgroup' DESC 'IPA v + ersion of NIS netgroup' SUP ipaAssociation STRUCTURAL MAY ( externalHost $ + nisDomainName $ member $ memberOf ) X-ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.9 NAME 'ipaCAaccess' STRUCTURAL MAY + ( member $ hostCApolicy ) X-ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.10 NAME 'ipaHBACService' STRUCTURAL + MUST cn MAY ( description $ memberOf ) X-ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.11 NAME 'ipaHBACServiceGroup' DESC + 'IPA HBAC service group object class' SUP groupOfNames STRUCTURAL X-ORIGIN + 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.12.1 NAME 'ipaExternalGroup' SUP top + STRUCTURAL MUST cn MAY ( ipaExternalMember $ memberOf $ description $ owner + ) X-ORIGIN ( 'IPA v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.2 NAME 'ipaNTUserAttrs' SUP top AU + XILIARY MUST ipaNTSecurityIdentifier MAY ( ipaNTHash $ ipaNTLogonScript $ i + paNTProfilePath $ ipaNTHomeDirectory $ ipaNTHomeDirectoryDrive ) X-ORIGIN ( + 'IPA v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.3 NAME 'ipaNTGroupAttrs' SUP top A + UXILIARY MUST ipaNTSecurityIdentifier X-ORIGIN ( 'IPA v3' 'user defined' ) + ) +objectClasses: ( 2.16.840.1.113730.3.8.12.4 NAME 'ipaNTDomainAttrs' SUP top + AUXILIARY MUST ( ipaNTSecurityIdentifier $ ipaNTFlatName $ ipaNTDomainGUID + ) MAY ipaNTFallbackPrimaryGroup X-ORIGIN ( 'IPA v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.5 NAME 'ipaNTTrustedDomain' DESC ' + Trusted Domain Object' SUP top STRUCTURAL MUST cn MAY ( ipaNTTrustType $ ip + aNTTrustAttributes $ ipaNTTrustDirection $ ipaNTTrustPartner $ ipaNTFlatNam + e $ ipaNTTrustAuthOutgoing $ ipaNTTrustAuthIncoming $ ipaNTTrustedDomainSID + $ ipaNTTrustForestTrustInfo $ ipaNTTrustPosixOffset $ ipaNTSupportedEncryp + tionTypes $ ipaNTSIDBlacklistIncoming $ ipaNTSIDBlacklistOutgoing $ ipaNTAd + ditionalSuffixes ) X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.6 NAME 'groupOfPrincipals' SUP top + AUXILIARY MUST cn MAY memberPrincipal X-ORIGIN ( 'IPA v3' 'user defined' ) + ) +objectClasses: ( 2.16.840.1.113730.3.8.12.7 NAME 'ipaKrb5DelegationACL' SUP + groupOfPrincipals STRUCTURAL MAY ( ipaAllowToImpersonate $ ipaAllowedTarget + ) X-ORIGIN ( 'IPA v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.10 NAME 'ipaSELinuxUserMap' SUP ip + aAssociation STRUCTURAL MUST ipaSELinuxUser MAY ( accessTime $ seeAlso ) X- + ORIGIN ( 'IPA v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.11 NAME 'ipaSshGroupOfPubKeys' ABS + TRACT MAY ipaSshPubKey X-ORIGIN ( 'IPA v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.12 NAME 'ipaSshUser' SUP ipaSshGro + upOfPubKeys AUXILIARY X-ORIGIN ( 'IPA v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.13 NAME 'ipaSshHost' SUP ipaSshGro + upOfPubKeys AUXILIARY X-ORIGIN ( 'IPA v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.14 NAME 'ipaIDobject' SUP top AUXI + LIARY MAY ( uidNumber $ gidNumber $ ipaNTSecurityIdentifier ) X-ORIGIN ( 'I + PA v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.15 NAME 'ipaIDrange' ABSTRACT MUST + ( cn $ ipaBaseID $ ipaIDRangeSize $ ipaRangeType ) X-ORIGIN ( 'IPA v3' 'us + er defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.16 NAME 'ipaDomainIDRange' SUP ipa + IDrange STRUCTURAL MAY ( ipaBaseRID $ ipaSecondaryBaseRID ) X-ORIGIN ( 'IPA + v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.17 NAME 'ipaTrustedADDomainRange' + SUP ipaIDrange STRUCTURAL MUST ( ipaBaseRID $ ipaNTTrustedDomainSID ) X-ORI + GIN ( 'IPA v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.19 NAME 'ipaUserAuthTypeClass' DES + C 'Class for authentication methods definition' SUP top AUXILIARY MAY ipaUs + erAuthType X-ORIGIN ( 'IPA v3' 'user defined' ) ) +objectClasses: ( 1.3.6.1.4.1.5923.1.1.2 NAME 'eduPerson' AUXILIARY MAY ( edu + PersonAffiliation $ eduPersonNickName $ eduPersonOrgDN $ eduPersonOrgUnitDN + $ eduPersonPrimaryAffiliation $ eduPersonPrincipalName $ eduPersonEntitlem + ent $ eduPersonPrimaryOrgUnitDN $ eduPersonScopedAffiliation ) X-ORIGIN 'ht + tp://middleware.internet2.edu/eduperson/' ) +objectClasses: ( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY + ( ipaUserSearchFields $ ipaGroupSearchFields $ ipaSearchTimeLimit $ ipaSea + rchRecordsLimit $ ipaCustomFields $ ipaHomesRootDir $ ipaDefaultLoginShell + $ ipaDefaultPrimaryGroup $ ipaMaxUsernameLength $ ipaPwdExpAdvNotify $ ipaU + serObjectClasses $ ipaGroupObjectClasses $ ipaDefaultEmailDomain $ ipaMigra + tionEnabled $ ipaCertificateSubjectBase $ ipaSELinuxUserMapDefault $ ipaSEL + inuxUserMapOrder $ ipaKrbAuthzData ) X-ORIGIN 'user defined' ) +objectClasses: ( 2.16.840.1.113730.3.8.4.13 NAME 'ipaConfigObject' DESC 'gen + eric config object for IPA' AUXILIARY MAY ipaConfigString X-ORIGIN 'IPA v2' + ) +objectClasses: ( 2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC 'dns Recor + d, usually a host' SUP top STRUCTURAL MUST idnsName MAY ( cn $ idnsAllowDyn + Update $ dNSTTL $ dNSClass $ aRecord $ aAAARecord $ a6Record $ nSRecord $ c + NAMERecord $ pTRRecord $ sRVRecord $ tXTRecord $ mXRecord $ mDRecord $ hInf + oRecord $ mInfoRecord $ aFSDBRecord $ SigRecord $ KeyRecord $ LocRecord $ n + XTRecord $ nAPTRRecord $ kXRecord $ certRecord $ dNameRecord $ dSRecord $ s + SHFPRecord $ rRSIGRecord $ nSECRecord $ DLVRecord $ TLSARecord $ UnknownRec + ord $ RPRecord $ APLRecord $ IPSECKEYRecord $ DHCIDRecord $ HIPRecord $ SPF + Record ) X-ORIGIN ( 'IPA v4.2.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' + SUP idnsRecord STRUCTURAL MUST ( idnsZoneActive $ idnsSOAmName $ idnsSOArN + ame $ idnsSOAserial $ idnsSOArefresh $ idnsSOAretry $ idnsSOAexpire $ idnsS + OAminimum ) MAY ( idnsUpdatePolicy $ idnsAllowQuery $ idnsAllowTransfer $ i + dnsAllowSyncPTR $ idnsForwardPolicy $ idnsForwarders $ idnsSecInlineSigning + $ nSEC3PARAMRecord $ dNSdefaultTTL ) X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user + defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.6.2 NAME 'idnsConfigObject' DESC 'DNS + global config options' STRUCTURAL MAY ( idnsForwardPolicy $ idnsForwarders + $ idnsAllowSyncPTR $ idnsZoneRefresh $ idnsPersistentSearch ) X-ORIGIN 'us + er defined' ) +objectClasses: ( 2.16.840.1.113730.3.8.12.18 NAME 'ipaDNSZone' SUP top AUXIL + IARY MUST idnsName MAY managedBy X-ORIGIN ( 'IPA v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113719.1.301.6.1.1 NAME 'krbContainer' SUP top S + TRUCTURAL MUST cn ) +objectClasses: ( 2.16.840.1.113719.1.301.6.2.1 NAME 'krbRealmContainer' SUP + top STRUCTURAL MUST cn MAY ( krbMKey $ krbUPEnabled $ krbSubTrees $ krbSear + chScope $ krbLdapServers $ krbSupportedEncSaltTypes $ krbDefaultEncSaltType + s $ krbTicketPolicyReference $ krbKdcServers $ krbPwdServers $ krbAdmServer + s $ krbPrincNamingAttr $ krbPwdPolicyReference $ krbPrincContainerRef ) ) +objectClasses: ( 2.16.840.1.113719.1.301.6.3.1 NAME 'krbService' SUP top ABS + TRACT MUST cn MAY ( krbHostServer $ krbRealmReferences ) ) +objectClasses: ( 2.16.840.1.113719.1.301.6.4.1 NAME 'krbKdcService' SUP krbS + ervice STRUCTURAL ) +objectClasses: ( 2.16.840.1.113719.1.301.6.5.1 NAME 'krbPwdService' SUP krbS + ervice STRUCTURAL ) +objectClasses: ( 2.16.840.1.113719.1.301.6.8.1 NAME 'krbPrincipalAux' AUXILI + ARY MAY ( krbPrincipalName $ krbCanonicalName $ krbUPEnabled $ krbPrincipal + Key $ krbTicketPolicyReference $ krbPrincipalExpiration $ krbPasswordExpira + tion $ krbPwdPolicyReference $ krbPrincipalType $ krbPwdHistory $ krbLastPw + dChange $ krbPrincipalAliases $ krbLastSuccessfulAuth $ krbLastFailedAuth $ + krbLoginFailedCount $ krbExtraData $ krbLastAdminUnlock $ krbAllowedToDele + gateTo $ krbPrincipalAuthInd ) X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined + ' ) ) +objectClasses: ( 2.16.840.1.113719.1.301.6.9.1 NAME 'krbPrincipal' SUP top S + TRUCTURAL MUST krbPrincipalName MAY krbObjectReferences ) +objectClasses: ( 2.16.840.1.113719.1.301.6.11.1 NAME 'krbPrincRefAux' SUP to + p AUXILIARY MAY krbPrincipalReferences ) +objectClasses: ( 2.16.840.1.113719.1.301.6.13.1 NAME 'krbAdmService' SUP krb + Service STRUCTURAL ) +objectClasses: ( 2.16.840.1.113719.1.301.6.14.1 NAME 'krbPwdPolicy' SUP top + STRUCTURAL MUST cn MAY ( krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars + $ krbPwdMinLength $ krbPwdHistoryLength $ krbPwdMaxFailure $ krbPwdFailure + CountInterval $ krbPwdLockoutDuration $ krbPwdAttributes $ krbPwdMaxLife $ + krbPwdMaxRenewableLife $ krbPwdAllowedKeysalts ) X-ORIGIN ( 'IPA v4.3.0' 'u + ser defined' ) ) +objectClasses: ( 2.16.840.1.113719.1.301.6.16.1 NAME 'krbTicketPolicyAux' AU + XILIARY MAY ( krbTicketFlags $ krbMaxTicketLife $ krbMaxRenewableAge ) ) +objectClasses: ( 2.16.840.1.113719.1.301.6.17.1 NAME 'krbTicketPolicy' SUP t + op STRUCTURAL MUST cn ) +objectClasses: ( 1.3.6.1.4.1.13769.9.1 NAME 'mozillaAbPersonAlpha' SUP top A + UXILIARY MUST cn MAY ( c $ description $ displayName $ facsimileTelephoneNu + mber $ givenName $ homePhone $ l $ mail $ mobile $ mozillaCustom1 $ mozilla + Custom2 $ mozillaCustom3 $ mozillaCustom4 $ mozillaHomeCountryName $ mozill + aHomeLocalityName $ mozillaHomePostalCode $ mozillaHomeState $ mozillaHomeS + treet $ mozillaHomeStreet2 $ mozillaHomeUrl $ mozillaNickname $ mozillaSeco + ndEmail $ mozillaUseHtmlMail $ mozillaWorkStreet2 $ mozillaWorkUrl $ nsAIMi + d $ o $ ou $ pager $ postalCode $ postOfficeBox $ sn $ st $ street $ teleph + oneNumber $ title ) X-ORIGIN 'Mozilla Address Book' ) +objectClasses: ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject' DESC + 'Auxiliary object class for adding authorizedService attribute' SUP top AU + XILIARY MAY authorizedService X-ORIGIN 'NSS LDAP schema' ) +objectClasses: ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject' DESC 'Auxiliary o + bject class for adding host attribute' SUP top AUXILIARY MAY host X-ORIGIN + 'NSS LDAP schema' ) +objectClasses: ( 2.16.840.1.113730.3.2.318 NAME 'pamConfig' DESC 'PAM plugin + configuration' SUP top AUXILIARY MAY ( cn $ pamMissingSuffix $ pamExcludeS + uffix $ pamIncludeSuffix $ pamIDAttr $ pamIDMapMethod $ pamFallback $ pamSe + cure $ pamService $ pamFilter ) X-ORIGIN 'Red Hat Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.326 NAME 'dynamicGroup' DESC 'Group c + ontaining internal dynamically-generated members' SUP posixGroup AUXILIARY + MAY dsOnlyMemberUid X-ORIGIN 'Red Hat Directory Server' ) +objectClasses: ( 1.3.6.1.4.1.6981.11.2.3 NAME 'PureFTPdUser' DESC 'PureFTPd + user with optional quota, throttling and ratio' STRUCTURAL MAY ( FTPStatus + $ FTPQuotaFiles $ FTPQuotaMBytes $ FTPUploadRatio $ FTPDownloadRatio $ FTPU + ploadBandwidth $ FTPDownloadBandwidth $ FTPuid $ FTPgid ) X-ORIGIN 'Pure-FT + Pd' ) +objectClasses: ( 1.2.840.113556.1.5.87 NAME 'calEntry' DESC 'RFC2739: Calend + ar Entry' SUP top AUXILIARY MAY ( calCalURI $ calFBURL $ calOtherCalURIs $ + calOtherFBURLs $ calCAPURI $ calOtherCAPURIs ) X-ORIGIN 'rfc2739' ) +objectClasses: ( 1.3.18.0.2.6.258 NAME 'printerAbstract' DESC 'Printer relat + ed information.' SUP top ABSTRACT MAY ( printer-name $ printer-natural-lang + uage-configured $ printer-location $ printer-info $ printer-more-info $ pri + nter-make-and-model $ printer-multiple-document-jobs-supported $ printer-ch + arset-configured $ printer-charset-supported $ printer-generated-natural-la + nguage-supported $ printer-document-format-supported $ printer-color-suppor + ted $ printer-compression-supported $ printer-pages-per-minute $ printer-pa + ges-per-minute-color $ printer-finishings-supported $ printer-number-up-sup + ported $ printer-sides-supported $ printer-media-supported $ printer-media- + local-supported $ printer-resolution-supported $ printer-print-quality-supp + orted $ printer-job-priority-supported $ printer-copies-supported $ printer + -job-k-octets-supported $ printer-current-operator $ printer-service-person + $ printer-delivery-orientation-supported $ printer-stacking-order-supporte + d $ printer-output-features-supported ) X-ORIGIN 'rfc3712' ) +objectClasses: ( 1.3.18.0.2.6.255 NAME 'printerService' DESC 'Printer inform + ation.' SUP printerAbstract STRUCTURAL MAY ( printer-uri $ printer-xri-supp + orted ) X-ORIGIN 'rfc3712' ) +objectClasses: ( 1.3.18.0.2.6.257 NAME 'printerServiceAuxClass' DESC 'Printe + r information.' SUP printerAbstract AUXILIARY MAY ( printer-uri $ printer-x + ri-supported ) X-ORIGIN 'rfc3712' ) +objectClasses: ( 1.3.18.0.2.6.256 NAME 'printerIPP' DESC 'Internet Printing + Protocol (IPP) information.' SUP top AUXILIARY MAY ( printer-ipp-versions-s + upported $ printer-multiple-document-jobs-supported ) X-ORIGIN 'rfc3712' ) +objectClasses: ( 1.3.18.0.2.6.253 NAME 'printerLPR' DESC 'LPR information.' + SUP top AUXILIARY MUST printer-name MAY printer-aliases X-ORIGIN 'rfc3712' + ) +objectClasses: ( 1.3.6.1.4.1.2312.4.3.4.1 NAME 'sabayonProfile' DESC 'sabayo + n profile' SUP top STRUCTURAL MUST cn MAY ( sabayonProfileURL $ description + ) X-ORIGIN 'Sabayon' ) +objectClasses: ( 1.3.6.1.4.1.2312.4.3.4.2 NAME 'sabayonProfileNameObject' DE + SC 'contains sabayon profile name' SUP top AUXILIARY MUST sabayonProfileNam + e X-ORIGIN 'Sabayon' ) +objectClasses: ( 1.3.6.1.4.1.2312.4.3.4.3 NAME 'sabayonProfileURLObject' DES + C 'contains sabayon profile' SUP top AUXILIARY MUST cn MAY sabayonProfileUR + L X-ORIGIN 'Sabayon' ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'Samba 3 + .0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MAY ( cn + $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ s + ambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange + $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogo + nScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPri + maryGroupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ + sambaBadPasswordTime $ sambaPasswordHistory $ sambaLogonHours ) ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' DESC 'Samba + Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $ sambaGroupT + ype ) MAY ( displayName $ description $ sambaSIDList ) ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' DESC 'Sam + ba Trust Password' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaNTPassw + ord $ sambaTrustFlags ) MAY ( sambaSID $ sambaPwdLastSet ) ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba Domai + n Information' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaSID ) MAY ( + sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidB + ase $ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $ samb + aMaxPwdAge $ sambaMinPwdAge $ sambaLockoutDuration $ sambaLockoutObservatio + nWindow $ sambaLockoutThreshold $ sambaForceLogoff $ sambaRefuseMachinePwdC + hange ) ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' DESC 'Pool fo + r allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gidNumber + ) ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' DESC 'Mapping + from a SID to an ID' SUP top AUXILIARY MUST sambaSID MAY ( uidNumber $ gid + Number ) ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' DESC 'Structura + l Class for a SID' SUP top STRUCTURAL MUST sambaSID ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' DESC 'Samba Conf + iguration Section' SUP top AUXILIARY MAY description ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' DESC 'Samba Share + Section' SUP top STRUCTURAL MUST sambaShareName MAY description ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' DESC 'Samb + a Configuration Option' SUP top STRUCTURAL MUST sambaOptionName MAY ( samba + BoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListOption + $ description ) ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' D + ESC 'Samba Trusted Domain Password' SUP top STRUCTURAL MUST ( sambaDomainNa + me $ sambaSID $ sambaClearTextPassword $ sambaPwdLastSet ) MAY sambaPreviou + sClearTextPassword ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' DESC 'Sam + ba Trusted Domain Object' SUP top STRUCTURAL MUST cn MAY ( sambaTrustType $ + sambaTrustAttributes $ sambaTrustDirection $ sambaTrustPartner $ sambaFlat + Name $ sambaTrustAuthOutgoing $ sambaTrustAuthIncoming $ sambaSecurityIdent + ifier $ sambaTrustForestTrustInfo $ sambaTrustPosixOffset $ sambaSupportedE + ncryptionTypes ) ) +objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' DESC 'Sudoer Entrie + s' SUP top STRUCTURAL MUST cn MAY ( sudoUser $ sudoHost $ sudoCommand $ sud + oRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ sudoNotBefore $ sudo + NotAfter $ sudoOrder $ description ) X-ORIGIN 'SUDO' ) +objectClasses: ( 5.3.6.1.1.1.2.0 NAME 'trustAccount' DESC 'Sets trust accoun + ts information' SUP top AUXILIARY MUST trustModel MAY accessTo X-ORIGIN 'ns + s_ldap/pam_ldap' ) +objectClasses: ( 2.16.840.1.113730.3.8.12.8 NAME 'ipaKrbPrincipal' SUP krbPr + incipalAux AUXILIARY MUST ( krbPrincipalName $ ipaKrbPrincipalAlias ) X-ORI + GIN ( 'IPA v3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.8.1 NAME 'ipaSudoRule' SUP ipaAssocia + tion STRUCTURAL MAY ( externalUser $ externalHost $ hostMask $ memberAllowC + md $ memberDenyCmd $ cmdCategory $ ipaSudoOpt $ ipaSudoRunAs $ ipaSudoRunAs + ExtUser $ ipaSudoRunAsUserCategory $ ipaSudoRunAsGroup $ ipaSudoRunAsExtGro + up $ ipaSudoRunAsGroupCategory $ sudoNotBefore $ sudoNotAfter $ sudoOrder $ + ipaSudoRunAsExtUserGroup ) X-ORIGIN ( 'IPA v4.0.0' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.8.2 NAME 'ipaSudoCmd' DESC 'IPA objec + t class for SUDO command' STRUCTURAL MUST ( ipaUniqueID $ sudoCmd ) MAY ( m + emberOf $ description ) X-ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.8.3 NAME 'ipaSudoCmdGrp' DESC 'IPA ob + ject class to store groups of SUDO commands' SUP groupOfNames STRUCTURAL MU + ST ipaUniqueID X-ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.16.2.1 NAME 'ipaToken' DESC 'Abstract + token class for tokens' SUP top ABSTRACT MUST ipatokenUniqueID MAY ( descr + iption $ managedBy $ ipatokenOwner $ ipatokenDisabled $ ipatokenNotBefore $ + ipatokenNotAfter $ ipatokenVendor $ ipatokenModel $ ipatokenSerial ) X-ORI + GIN ( 'IPA v4.0.0' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.16.2.2 NAME 'ipatokenTOTP' DESC 'TOTP + Token Type' SUP ipaToken STRUCTURAL MAY ( ipatokenOTPkey $ ipatokenOTPalgo + rithm $ ipatokenOTPdigits $ ipatokenTOTPclockOffset $ ipatokenTOTPtimeStep + $ ipatokenTOTPwatermark ) X-ORIGIN ( 'IPA v4.1.3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.16.2.3 NAME 'ipatokenRadiusProxyUser' + DESC 'Radius Proxy User' SUP top AUXILIARY MAY ( ipatokenRadiusConfigLink + $ ipatokenRadiusUserName ) X-ORIGIN ( 'IPA v4.0.0' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.16.2.4 NAME 'ipatokenRadiusConfigurat + ion' DESC 'Proxy Radius Configuration' SUP top STRUCTURAL MUST ( cn $ ipato + kenRadiusServer $ ipatokenRadiusSecret ) MAY ( description $ ipatokenRadius + Timeout $ ipatokenRadiusRetries $ ipatokenUserMapAttribute ) X-ORIGIN ( 'IP + A OTP' 'user defined' ) ) +objectClasses: ( cmsuser-oid NAME 'cmsuser' DESC 'CMS User' SUP top STRUCTUR + AL MUST usertype MAY userstate X-ORIGIN 'user defined' ) +objectClasses: ( CertACLS-oid NAME 'CertACLS' DESC 'CMS defined class' SUP t + op STRUCTURAL MUST cn MAY resourceACLS X-ORIGIN 'user defined' ) +objectClasses: ( repository-oid NAME 'repository' DESC 'CMS defined class' S + UP top STRUCTURAL MUST ou MAY ( serialno $ description $ nextRange $ publis + hingStatus ) X-ORIGIN 'user defined' ) +objectClasses: ( request-oid NAME 'request' DESC 'CMS defined class' SUP top + STRUCTURAL MUST cn MAY ( requestId $ dateOfCreate $ dateOfModify $ request + State $ requestResult $ requestOwner $ requestAgentGroup $ requestSourceId + $ requestType $ requestFlag $ requestError $ userMessages $ adminMessages ) + X-ORIGIN 'user defined' ) +objectClasses: ( transaction-oid NAME 'transaction' DESC 'CMS defined class' + SUP top STRUCTURAL MUST cn MAY ( transId $ description $ transName $ trans + Status $ transOps ) X-ORIGIN 'user defined' ) +objectClasses: ( crlIssuingPointRecord-oid NAME 'crlIssuingPointRecord' DESC + 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOf + Modify $ crlNumber $ crlSize $ thisUpdate $ nextUpdate $ deltaNumber $ delt + aSize $ firstUnsaved $ certificateRevocationList $ deltaRevocationList $ cr + lCache $ revokedCerts $ unrevokedCerts $ expiredCerts $ cACertificate ) X-O + RIGIN 'user defined' ) +objectClasses: ( certificateRecord-oid NAME 'certificateRecord' DESC 'CMS de + fined class' SUP top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dat + eOfModify $ certStatus $ autoRenew $ issueInfo $ metaInfo $ revInfo $ versi + on $ duration $ notAfter $ notBefore $ algorithmId $ subjectName $ signingA + lgorithmId $ userCertificate $ issuedBy $ revokedBy $ revokedOn $ extension + $ publicKeyData $ issuerName ) X-ORIGIN 'user defined' ) +objectClasses: ( userDetails-oid NAME 'userDetails' DESC 'CMS defined class' + SUP top STRUCTURAL MUST userDN MAY ( dateOfCreate $ dateOfModify $ passwor + d $ p12Expiration ) X-ORIGIN 'user defined' ) +objectClasses: ( keyRecord-oid NAME 'keyRecord' DESC 'CMS defined class' SUP + top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dateOfModify $ keyS + tate $ privateKeyData $ ownerName $ keySize $ metaInfo $ dateOfArchival $ d + ateOfRecovery $ algorithm $ publicKeyFormat $ publicKeyData $ archivedBy $ + clientId $ dataType $ status ) X-ORIGIN 'user defined' ) +objectClasses: ( pkiSecurityDomain-oid NAME 'pkiSecurityDomain' DESC 'CMS de + fined class' SUP top STRUCTURAL MUST ( ou $ name ) X-ORIGIN 'user defined' + ) +objectClasses: ( pkiSecurityGroup-oid NAME 'pkiSecurityGroup' DESC 'CMS defi + ned class' SUP top STRUCTURAL MUST cn X-ORIGIN 'user defined' ) +objectClasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined clas + s' SUP top STRUCTURAL MUST ( cn $ host $ SecurePort $ SubsystemName $ Clone + ) MAY ( DomainManager $ SecureAgentPort $ SecureAdminPort $ SecureEEClient + AuthPort $ UnSecurePort ) X-ORIGIN 'user defined' ) +objectClasses: ( pkiRange-oid NAME 'pkiRange' DESC 'CMS defined class' SUP t + op STRUCTURAL MUST ( cn $ beginRange $ endRange $ host $ SecurePort ) X-ORI + GIN 'user defined' ) +objectClasses: ( securityDomainSessionEntry-oid NAME 'securityDomainSessionE + ntry' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ host $ uid $ + cmsUserGroup $ dateOfCreate ) X-ORIGIN 'user defined' ) +objectClasses: ( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' DESC 'nisKeyObject' SU + P top STRUCTURAL MUST ( cn $ nisPublickey $ nisSecretkey ) MAY ( uidNumber + $ description ) X-ORIGIN 'user defined' ) +objectClasses: ( 1.3.1.6.1.1.1.2.15 NAME 'nisDomainObject' DESC 'nisDomainOb + ject' SUP top AUXILIARY MUST nisDomain X-ORIGIN 'user defined' ) +objectClasses: ( 1.3.6.1.4.1.42.2.27.1.2.6 NAME 'nisNetId' DESC 'nisNetId' S + UP top STRUCTURAL MUST cn MAY ( nisNetIdUser $ nisNetIdGroup $ nisNetIdHost + ) X-ORIGIN 'user defined' ) +objectClasses: ( 1.3.6.1.4.1.11.1.3.1.2.5 NAME 'DUAConfigProfile' DESC 'Abst + raction of a base configuration for a DUA' SUP top STRUCTURAL MUST cn MAY ( + defaultServerList $ preferredServerList $ defaultSearchBase $ defaultSearc + hScope $ searchTimeLimit $ bindTimeLimit $ credentialLevel $ authentication + Method $ followReferrals $ dereferenceAliases $ serviceSearchDescriptor $ s + erviceCredentialLevel $ serviceAuthenticationMethod $ objectclassMap $ attr + ibuteMap $ profileTTL ) X-ORIGIN ( 'RFC4876' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.22 NAME 'ipaAllowedOperations' DES + C 'Class to apply access controls to arbitrary operations' SUP top AUXILIAR + Y MAY ( ipaAllowedToPerform $ ipaProtectedOperation ) X-ORIGIN ( 'IPA v4.0. + 0' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.21 NAME 'ipaPermissionV2' DESC 'IP + A Permission objectclass, version 2' SUP ipaPermission AUXILIARY MUST ( ipa + PermBindRuleType $ ipaPermLocation ) MAY ( ipaPermDefaultAttr $ ipaPermIncl + udedAttr $ ipaPermExcludedAttr $ ipaPermRight $ ipaPermTargetFilter $ ipaPe + rmTarget $ ipaPermTargetTo $ ipaPermTargetFrom ) X-ORIGIN ( 'IPA v4.2.2' 'u + ser defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.20 NAME 'ipaUser' AUXILIARY MUST u + id MAY ( userClass $ ipaKrbAuthzData ) X-ORIGIN ( 'IPA v4.3.1' 'user define + d' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.6.3 NAME 'idnsForwardZone' DESC 'Forw + ard Zone class' SUP top STRUCTURAL MUST ( idnsName $ idnsZoneActive ) MAY ( + idnsForwarders $ idnsForwardPolicy ) X-ORIGIN ( 'IPA v4.0.0' 'user defined + ' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.16.2.5 NAME 'ipatokenHOTP' DESC 'HOTP + Token Type' SUP ipaToken STRUCTURAL MUST ( ipatokenOTPkey $ ipatokenOTPalg + orithm $ ipatokenOTPdigits $ ipatokenHOTPcounter ) X-ORIGIN ( 'IPA v4.0.0' + 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.25 NAME 'ipaPrivateKeyObject' DESC + 'Wrapped private keys' SUP top AUXILIARY MUST ( ipaPrivateKey $ ipaWrappin + gKey $ ipaWrappingMech ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.24 NAME 'ipaPublicKeyObject' DESC + 'Wrapped public keys' SUP top AUXILIARY MUST ipaPublicKey X-ORIGIN ( 'IPA v + 4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.34 NAME 'ipaSecretKeyRefObject' DE + SC 'Indirect storage for encoded key material' SUP top AUXILIARY MUST ipaSe + cretKeyRef X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.26 NAME 'ipaSecretKeyObject' DESC + 'Wrapped secret keys' SUP top AUXILIARY MUST ( ipaSecretKey $ ipaWrappingKe + y $ ipaWrappingMech ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.17.2.1 NAME 'ipk11Object' DESC 'Objec + t' SUP top STRUCTURAL MUST ipk11UniqueId X-ORIGIN ( 'IPA v4.1.2' 'user defi + ned' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.17.2.2 NAME 'ipk11StorageObject' DESC + 'Storage object' SUP top ABSTRACT MAY ( ipk11Private $ ipk11Modifiable $ i + pk11Label $ ipk11Copyable $ ipk11Destroyable ) X-ORIGIN ( 'IPA v4.1.2' 'use + r defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.17.2.5 NAME 'ipk11Key' DESC 'Key' SUP + ipk11StorageObject ABSTRACT MAY ( ipk11KeyType $ ipk11Id $ ipk11StartDate + $ ipk11EndDate $ ipk11Derive $ ipk11Local $ ipk11KeyGenMechanism $ ipk11All + owedMechanisms ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.17.2.7 NAME 'ipk11PrivateKey' DESC 'P + rivate key' SUP ipk11Key AUXILIARY MAY ( ipk11Subject $ ipk11Sensitive $ ip + k11Decrypt $ ipk11Sign $ ipk11SignRecover $ ipk11Unwrap $ ipk11Extractable + $ ipk11AlwaysSensitive $ ipk11NeverExtractable $ ipk11WrapWithTrusted $ ipk + 11UnwrapTemplate $ ipk11AlwaysAuthenticate $ ipk11PublicKeyInfo ) X-ORIGIN + ( 'IPA v4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.17.2.8 NAME 'ipk11SecretKey' DESC 'Se + cret key' SUP ipk11Key AUXILIARY MAY ( ipk11Sensitive $ ipk11Encrypt $ ipk1 + 1Decrypt $ ipk11Sign $ ipk11Verify $ ipk11Wrap $ ipk11Unwrap $ ipk11Extract + able $ ipk11AlwaysSensitive $ ipk11NeverExtractable $ ipk11CheckValue $ ipk + 11WrapWithTrusted $ ipk11Trusted $ ipk11WrapTemplate $ ipk11UnwrapTemplate + ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.17.2.6 NAME 'ipk11PublicKey' DESC 'Pu + blic key' SUP ipk11Key AUXILIARY MAY ( ipk11Subject $ ipk11Encrypt $ ipk11V + erify $ ipk11VerifyRecover $ ipk11Wrap $ ipk11Trusted $ ipk11WrapTemplate $ + ipk11Distrusted $ ipk11PublicKeyInfo ) X-ORIGIN ( 'IPA v4.1.2' 'user defin + ed' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.6.4 NAME 'idnsSecKey' DESC 'DNSSEC ke + y metadata' SUP top STRUCTURAL MUST ( idnsSecKeyRef $ idnsSecKeyCreated $ i + dnsSecAlgorithm ) MAY ( idnsSecKeyPublish $ idnsSecKeyActivate $ idnsSecKey + Inactive $ idnsSecKeyDelete $ idnsSecKeyZone $ idnsSecKeyRevoke $ idnsSecKe + ySep $ cn ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.27 NAME 'ipaCertificate' SUP top S + TRUCTURAL MUST ( cn $ ipaCertIssuerSerial $ ipaCertSubject $ ipaPublicKey ) + MAY ipaConfigString X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.28 NAME 'ipaKeyPolicy' SUP top AUX + ILIARY MAY ( ipaKeyTrust $ ipaKeyUsage $ ipaKeyExtUsage ) X-ORIGIN ( 'IPA v + 4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.29 NAME 'ipaIDView' SUP nsContaine + r STRUCTURAL MAY description X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.35 NAME 'ipaOverrideTarget' SUP to + p STRUCTURAL MUST ipaAnchorUUID X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.30 NAME 'ipaOverrideAnchor' SUP to + p STRUCTURAL MUST ipaAnchorUUID MAY description X-ORIGIN ( 'IPA v4.1.2' 'us + er defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.31 NAME 'ipaUserOverride' DESC 'Ov + erride for User Attributes' SUP ipaOverrideAnchor STRUCTURAL MAY ( uid $ ui + dNumber $ gidNumber $ homeDirectory $ loginShell $ gecos $ ipaOriginalUid $ + userCertificate ) X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.32 NAME 'ipaGroupOverride' DESC 'O + verride for Group Attributes' SUP ipaOverrideAnchor STRUCTURAL MAY ( gidNum + ber $ cn ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.16.2.6 NAME 'ipatokenOTPConfig' DESC + 'OTP Global Configuration' SUP top STRUCTURAL MUST cn MAY ( ipatokenTOTPaut + hWindow $ ipatokenTOTPsyncWindow $ ipatokenHOTPauthWindow $ ipatokenHOTPsyn + cWindow ) X-ORIGIN ( 'IPA v4.1.3' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.18.1.1 NAME 'ipaVault' DESC 'IPA vaul + t' SUP top STRUCTURAL MUST cn MAY ( description $ ipaVaultType $ ipaVaultSa + lt $ ipaVaultPublicKey $ owner $ member ) X-ORIGIN ( 'IPA v4.2.2' 'user def + ined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.18.1.2 NAME 'ipaVaultContainer' DESC + 'IPA vault container' SUP top STRUCTURAL MUST cn MAY ( description $ owner + ) X-ORIGIN ( 'IPA v4.2.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.21.2.1 NAME 'ipaCertProfile' SUP top + STRUCTURAL MUST ( cn $ description $ ipaCertProfileStoreIssued ) X-ORIGIN ( + 'IPA v4.2.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.21.2.2 NAME 'ipaCaAcl' SUP ipaAssocia + tion STRUCTURAL MAY ( ipaCaCategory $ ipaCertProfileCategory $ serviceCateg + ory $ ipaMemberCa $ ipaMemberCertProfile $ memberService ) X-ORIGIN ( 'IPA + v4.4.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.20.1.2 NAME 'ipaReplTopoSegment' DESC + 'IPA defined objectclass' SUP top STRUCTURAL MUST ( ipaReplTopoSegmentDire + ction $ ipaReplTopoSegmentLeftNode $ ipaReplTopoSegmentRightNode ) MAY ( cn + $ ipaReplTopoSegmentStatus $ ipaReplTopoSegmentGenerated $ nsDS5Replicated + AttributeList $ nsDS5ReplicatedAttributeListTotal $ nsds5BeginReplicaRefres + h $ description $ nsds5replicaTimeout $ nsds5ReplicaEnabled $ nsds5ReplicaS + tripAttrs $ nsds5replicaSessionPauseTime $ nsds5ReplicaProtocolTimeout ) X- + ORIGIN ( 'IPA v4.2.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.20.1.1 NAME 'ipaReplTopoConf' DESC 'I + PA defined objectclass' SUP top STRUCTURAL MUST ipaReplTopoConfRoot MAY ( c + n $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicatedAttrib + uteListTotal $ nsds5ReplicaStripAttrs ) X-ORIGIN ( 'IPA v4.3.0' 'user defin + ed' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.20.1.4 NAME 'ipaReplTopoManagedServer + ' DESC 'part of managed replication topology' SUP top AUXILIARY MAY ipaRepl + TopoManagedSuffix X-ORIGIN ( 'IPA v4.2.2' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.20.1.3 NAME 'ipaReplTopoManagedAgreem + ent' DESC 'marker objectclass for managed replication agreements' SUP top A + UXILIARY MAY ipaReplTopoManagedAgreementState X-ORIGIN ( 'IPA v4.2.2' 'user + defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.19.1.2 NAME 'ipaSupportedDomainLevelC + onfig' DESC 'Supported Domain Level Configuration' SUP ipaConfigObject AUXI + LIARY MUST ( ipaMinDomainLevel $ ipaMaxDomainLevel ) X-ORIGIN ( 'IPA v4.2.2 + ' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.19.1.1 NAME 'ipaDomainLevelConfig' DE + SC 'Domain Level Configuration' SUP ipaConfigObject AUXILIARY MUST ipaDomai + nLevel X-ORIGIN ( 'IPA v4.2.2' 'user defined' ) ) +objectClasses: ( certProfile-oid NAME 'certProfile' DESC 'Certificate profil + e' SUP top STRUCTURAL MUST cn MAY ( classId $ certProfileConfig ) X-ORIGIN + 'user defined' ) +objectClasses: ( tokenRecord-oid NAME 'tokenRecord' DESC 'CMS defined class' + SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ modified $ + tokenReason $ tokenUserID $ tokenStatus $ tokenAppletID $ keyInfo $ tokenPo + licy $ extensions $ numberOfResets $ numberOfEnrollments $ numberOfRenewals + $ numberOfRecoveries $ userCertificate $ tokenType ) X-ORIGIN 'user define + d' ) +objectClasses: ( tokenActivity-oid NAME 'tokenActivity' DESC 'CMS defined cl + ass' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ tokenOp + $ tokenIP $ tokenResult $ tokenID $ tokenUserID $ tokenMsg $ extensions $ + tokenType ) X-ORIGIN 'user defined' ) +objectClasses: ( tokenCert-oid NAME 'tokenCert' DESC 'CMS defined class' SUP + top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ userCertificate + $ tokenUserID $ tokenID $ tokenIssuer $ tokenOrigin $ tokenSubject $ token + Serial $ tokenStatus $ tokenType $ tokenKeyType $ tokenNotBefore $ tokenNot + After $ extensions ) X-ORIGIN 'user defined' ) +objectClasses: ( tpsProfileID-oid NAME 'tpsProfileID' DESC 'CMS defined clas + s' SUP top AUXILIARY MAY profileID X-ORIGIN ( 'user-defined' 'user defined' + ) ) +objectClasses: ( 2.16.840.1.113730.3.8.6.7 NAME 'ipaLocationObject' DESC 'Ob + ject for storing IPA server location' SUP top STRUCTURAL MUST idnsName MAY + description X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.12.36 NAME 'ipaDNSContainer' DESC 'IP + A DNS container' AUXILIARY MUST ipaDNSVersion X-ORIGIN ( 'IPA v4.4.0.alpha1 + ' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.6.6 NAME 'idnsServerConfigObject' DES + C 'DNS server configuration options' SUP top STRUCTURAL MUST idnsServerId M + AY ( idnsSubstitutionVariable $ idnsSOAmName $ idnsForwarders $ idnsForward + Policy ) X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.6.5 NAME 'idnsTemplateObject' DESC 'T + emplate object for dynamic DNS attribute generation' AUXILIARY MUST idnsTem + plateAttribute X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.6.8 NAME 'ipaLocationMember' DESC 'Me + mber object of IPA location' AUXILIARY MAY ( ipaLocation $ ipaServiceWeight + ) X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) +objectClasses: ( 2.16.840.1.113730.3.8.21.2.3 NAME 'ipaCa' SUP top STRUCTURA + L MUST ( cn $ ipaCaId $ ipaCaSubjectDN $ ipaCaIssuerDN ) MAY description X- + ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) +objectClasses: ( authority-oid NAME 'authority' DESC 'Certificate Authority' + SUP top STRUCTURAL MUST ( cn $ authorityID $ authorityKeyNickname $ author + ityEnabled $ authorityDN ) MAY ( authoritySerial $ authorityParentID $ auth + orityParentDN $ authorityKeyHost $ description ) X-ORIGIN ( 'IPA v4.4.0.alp + ha1' 'user defined' ) ) + diff --git a/Tests/data/subschema-openldap-all.ldif b/Tests/data/subschema-openldap-all.ldif new file mode 100644 index 0000000..3e930c6 --- /dev/null +++ b/Tests/data/subschema-openldap-all.ldif @@ -0,0 +1,8017 @@ +######################################################################## +# LDIF export by web2ldap 1.2.80, see http://www.web2ldap.de +# Date and time: Saturday, 2017-02-18 17:09:50 GMT +# Bind-DN: u'cn=Michael Str\xf6der+mail=michael@stroeder.com,ou=Private,dc=stroeder,dc=de' +# LDAP-URL of search: +# ldapi:///cn%3DSubschema?matchingRuleUse,ldapSyntaxes,nameForms,dITStructureRules,attributeTypes,matchingRules,dITContentRules,objectClasses,objectClass,cn?base?%28objectClass%3D%2A%29?x-saslmech=EXTERNAL +######################################################################## +version: 1 + +dn: cn=Subschema +attributeTypes: ( 2.5.4.0 NAME 'objectClass' DESC 'RFC4512: object classes o + f the entity' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.38 ) +attributeTypes: ( 2.5.21.9 NAME 'structuralObjectClass' DESC 'RFC4512: struc + tural object class of entry' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOper + ation ) +attributeTypes: ( 2.5.18.1 NAME 'createTimestamp' DESC 'RFC4512: time which + object was created' EQUALITY generalizedTimeMatch ORDERING generalizedTimeO + rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODI + FICATION USAGE directoryOperation ) +attributeTypes: ( 2.5.18.2 NAME 'modifyTimestamp' DESC 'RFC4512: time which + object was last modified' EQUALITY generalizedTimeMatch ORDERING generalize + dTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USE + R-MODIFICATION USAGE directoryOperation ) +attributeTypes: ( 2.5.18.3 NAME 'creatorsName' DESC 'RFC4512: name of creato + r' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SIN + GLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) +attributeTypes: ( 2.5.18.4 NAME 'modifiersName' DESC 'RFC4512: name of last + modifier' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) +attributeTypes: ( 2.5.18.9 NAME 'hasSubordinates' DESC 'X.501: entry has chi + ldren' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VAL + UE NO-USER-MODIFICATION USAGE directoryOperation ) +attributeTypes: ( 2.5.18.10 NAME 'subschemaSubentry' DESC 'RFC4512: name of + controlling subschema entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOpe + ration ) +attributeTypes: ( 2.5.18.12 NAME 'collectiveAttributeSubentries' DESC 'RFC36 + 71: collective attribute subentries' EQUALITY distinguishedNameMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE directoryOperatio + n ) +attributeTypes: ( 2.5.18.7 NAME 'collectiveExclusions' DESC 'RFC3671: collec + tive attribute exclusions' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.38 USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.1.20 NAME 'entryDN' DESC 'DN of the entry' EQUALIT + Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE + NO-USER-MODIFICATION USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC 'UUID of the entry' E + QUALITY UUIDMatch ORDERING UUIDOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-V + ALUE NO-USER-MODIFICATION USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN' DESC 'change sequ + ence number of the entry content' EQUALITY CSNMatch ORDERING CSNOrderingMat + ch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICATION + USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.13 NAME 'namingCSN' DESC 'change se + quence number of the entry naming (RDN)' EQUALITY CSNMatch ORDERING CSNOrde + ringMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIF + ICATION USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.23 NAME 'syncreplCookie' DESC 'sync + repl Cookie for shadow copy' EQUALITY octetStringMatch ORDERING octetString + OrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE NO-USER-MOD + IFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.25 NAME 'contextCSN' DESC 'the larg + est committed CSN of a context' EQUALITY CSNMatch ORDERING CSNOrderingMatch + SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} NO-USER-MODIFICATION USAGE dSAOpera + tion ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' DESC 'RFC4512: + alternative servers' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperati + on ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' DESC 'RFC + 4512: naming contexts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperat + ion ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' DESC ' + RFC4512: supported controls' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSA + Operation ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' DESC + 'RFC4512: supported extended operations' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 38 USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' DE + SC 'RFC4512: supported LDAP versions' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms' + DESC 'RFC4512: supported SASL mechanisms' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' DESC 'RFC4 + 512: features supported by the server' EQUALITY objectIdentifierMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.10 NAME 'monitorContext' DESC 'moni + tor context' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.1 NAME 'configContext' DESC 'confi + g context' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.1.4 NAME 'vendorName' DESC 'RFC3045: name of imple + mentation vendor' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.1.5 NAME 'vendorVersion' DESC 'RFC3045: version of + implementation' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 2.5.18.5 NAME 'administrativeRole' DESC 'RFC3672: administ + rative role' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.38 USAGE directoryOperation ) +attributeTypes: ( 2.5.18.6 NAME 'subtreeSpecification' DESC 'RFC3672: subtre + e specification' SYNTAX 1.3.6.1.4.1.1466.115.121.1.45 SINGLE-VALUE USAGE di + rectoryOperation ) +attributeTypes: ( 2.5.21.1 NAME 'dITStructureRules' DESC 'RFC4512: DIT struc + ture rules' EQUALITY integerFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.17 USAGE directoryOperation ) +attributeTypes: ( 2.5.21.2 NAME 'dITContentRules' DESC 'RFC4512: DIT content + rules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.16 USAGE directoryOperation ) +attributeTypes: ( 2.5.21.4 NAME 'matchingRules' DESC 'RFC4512: matching rule + s' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.30 USAGE directoryOperation ) +attributeTypes: ( 2.5.21.5 NAME 'attributeTypes' DESC 'RFC4512: attribute ty + pes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.3 USAGE directoryOperation ) +attributeTypes: ( 2.5.21.6 NAME 'objectClasses' DESC 'RFC4512: object classe + s' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.37 USAGE directoryOperation ) +attributeTypes: ( 2.5.21.7 NAME 'nameForms' DESC 'RFC4512: name forms ' EQUA + LITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 35 USAGE directoryOperation ) +attributeTypes: ( 2.5.21.8 NAME 'matchingRuleUse' DESC 'RFC4512: matching ru + le uses' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.31 USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' DESC 'RFC4 + 512: LDAP syntaxes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.54 USAGE directoryOperation ) +attributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) DE + SC 'RFC4512: name of aliased object' EQUALITY distinguishedNameMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'RFC3296: subordi + nate referral URL' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 USAGE distributedOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.3.1 NAME 'entry' DESC 'OpenLDAP ACL ent + ry pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE NO-USER-MOD + IFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.3.2 NAME 'children' DESC 'OpenLDAP ACL + children pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE NO-US + ER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.8 NAME ( 'authzTo' 'saslAuthzTo' ) + DESC 'proxy authorization targets' EQUALITY authzMatch SYNTAX 1.3.6.1.4.1.4 + 203.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.9 NAME ( 'authzFrom' 'saslAuthzFrom + ' ) DESC 'proxy authorization sources' EQUALITY authzMatch SYNTAX 1.3.6.1.4 + .1.4203.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' DESC 'RFC2589: + entry time-to-live' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-US + ER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.119.4 NAME 'dynamicSubtrees' DESC 'RF + C2589: dynamic subtrees' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIF + ICATION USAGE dSAOperation ) +attributeTypes: ( 2.5.4.49 NAME 'distinguishedName' DESC 'RFC4519: common su + pertype of DN attributes' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.12 ) +attributeTypes: ( 2.5.4.41 NAME 'name' DESC 'RFC4519: common supertype of na + me attributes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) +attributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) DESC 'RFC4519: common n + ame(s) for which the entity is known by' SUP name ) +attributeTypes: ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) DESC 'RF + C4519: user identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'RFC2307: An integer + uniquely identifying a user in an administrative domain' EQUALITY integerM + atch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN + GLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' DESC 'RFC2307: An integer + uniquely identifying a group in an administrative domain' EQUALITY integer + Match ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SI + NGLE-VALUE ) +attributeTypes: ( 2.5.4.35 NAME 'userPassword' DESC 'RFC4519/2307: password + of user' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128 + } ) +attributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' DESC 'RFC2079: Unif + orm Resource Identifier with optional label' EQUALITY caseExactMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.5.4.13 NAME 'description' DESC 'RFC4519: descriptive inf + ormation' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15{1024} ) +attributeTypes: ( 2.5.4.34 NAME 'seeAlso' DESC 'RFC4519: DN of related objec + t' SUP distinguishedName ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.78 NAME 'olcConfigFile' DESC ' + File for slapd configuration directives' EQUALITY caseIgnoreMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.79 NAME 'olcConfigDir' DESC 'D + irectory for slapd configuration backend' EQUALITY caseIgnoreMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.1 NAME 'olcAccess' DESC 'Acces + s Control List' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.86 NAME 'olcAddContentAcl' DES + C 'Check ACLs against content of Add ops' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.2 NAME 'olcAllows' DESC 'Allow + ed set of deprecated features' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.3 NAME 'olcArgsFile' DESC 'Fil + e for slapd command line options' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.5 NAME 'olcAttributeOptions' E + QUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.4 NAME 'olcAttributeTypes' DES + C 'OpenLDAP attributeTypes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.6 NAME 'olcAuthIDRewrite' EQUA + LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES + ' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.7 NAME 'olcAuthzPolicy' EQUALI + TY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.8 NAME 'olcAuthzRegexp' EQUALI + TY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' + ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.9 NAME 'olcBackend' DESC 'A ty + pe of backend' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 SINGLE-VALUE X-ORDERED 'SIBLINGS' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.10 NAME 'olcConcurrency' SYNTA + X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.11 NAME 'olcConnMaxPending' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.12 NAME 'olcConnMaxPendingAuth + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.13 NAME 'olcDatabase' DESC 'Th + e backend type for a database instance' SUP olcBackend SINGLE-VALUE X-ORDER + ED 'SIBLINGS' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.14 NAME 'olcDefaultSearchBase' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.15 NAME 'olcDisallows' EQUALIT + Y caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.16 NAME 'olcDitContentRules' D + ESC 'OpenLDAP DIT content rules' EQUALITY caseIgnoreMatch SUBSTR caseIgnore + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.20 NAME 'olcExtraAttrs' EQUA + LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.17 NAME 'olcGentleHUP' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.17 NAME 'olcHidden' SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.18 NAME 'olcIdleTimeout' SYNTA + X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.19 NAME 'olcInclude' SUP label + edURI ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.20 NAME 'olcIndexSubstrIfMinLe + n' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.21 NAME 'olcIndexSubstrIfMaxLe + n' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.22 NAME 'olcIndexSubstrAnyLen' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.23 NAME 'olcIndexSubstrAnyStep + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.84 NAME 'olcIndexIntLen' SYNTA + X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.4 NAME 'olcLastMod' SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.85 NAME 'olcLdapSyntaxes' DESC + 'OpenLDAP ldapSyntax' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.5 NAME 'olcLimits' EQUALITY + caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.93 NAME 'olcListenerThreads' S + YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.26 NAME 'olcLocalSSF' SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.27 NAME 'olcLogFile' SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.28 NAME 'olcLogLevel' EQUALITY + caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.6 NAME 'olcMaxDerefDepth' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.16 NAME 'olcMirrorMode' SYNT + AX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.30 NAME 'olcModuleLoad' EQUALI + TY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' + ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.31 NAME 'olcModulePath' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.18 NAME 'olcMonitoring' SYNT + AX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.32 NAME 'olcObjectClasses' DES + C 'OpenLDAP object classes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.33 NAME 'olcObjectIdentifier' + EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.15 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.34 NAME 'olcOverlay' SUP olcDa + tabase SINGLE-VALUE X-ORDERED 'SIBLINGS' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.35 NAME 'olcPasswordCryptSaltF + ormat' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.36 NAME 'olcPasswordHash' EQUA + LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.37 NAME 'olcPidFile' SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.38 NAME 'olcPlugin' EQUALITY c + aseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.39 NAME 'olcPluginLogFile' SYN + TAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.40 NAME 'olcReadOnly' SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.41 NAME 'olcReferral' SUP labe + ledURI SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.7 NAME 'olcReplica' SUP labe + ledURI EQUALITY caseIgnoreMatch X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.43 NAME 'olcReplicaArgsFile' S + YNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.44 NAME 'olcReplicaPidFile' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.45 NAME 'olcReplicationInterva + l' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.46 NAME 'olcReplogFile' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.47 NAME 'olcRequires' EQUALITY + caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.48 NAME 'olcRestrict' EQUALITY + caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.49 NAME 'olcReverseLookup' SYN + TAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.8 NAME 'olcRootDN' EQUALITY + distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.51 NAME 'olcRootDSE' EQUALITY + caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.9 NAME 'olcRootPW' SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.89 NAME 'olcSaslAuxprops' SYNT + AX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.53 NAME 'olcSaslHost' SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.54 NAME 'olcSaslRealm' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.56 NAME 'olcSaslSecProps' SYNT + AX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.58 NAME 'olcSchemaDN' EQUALITY + distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.59 NAME 'olcSecurity' EQUALITY + caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.81 NAME 'olcServerID' EQUALITY + caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.60 NAME 'olcSizeLimit' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.61 NAME 'olcSockbufMaxIncoming + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.62 NAME 'olcSockbufMaxIncoming + Auth' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.83 NAME 'olcSortVals' DESC 'At + tributes whose values will always be sorted' EQUALITY caseIgnoreMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.15 NAME 'olcSubordinate' SYN + TAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.10 NAME 'olcSuffix' EQUALITY + distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.19 NAME 'olcSyncUseSubentry' + DESC 'Store sync context in a subentry' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.11 NAME 'olcSyncrepl' EQUALI + TY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' + ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.90 NAME 'olcTCPBuffer' DESC 'C + ustom TCP buffer size' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.66 NAME 'olcThreads' SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.67 NAME 'olcTimeLimit' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.68 NAME 'olcTLSCACertificateFi + le' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.69 NAME 'olcTLSCACertificatePa + th' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.70 NAME 'olcTLSCertificateFile + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.71 NAME 'olcTLSCertificateKeyF + ile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.72 NAME 'olcTLSCipherSuite' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.73 NAME 'olcTLSCRLCheck' SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.82 NAME 'olcTLSCRLFile' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.74 NAME 'olcTLSRandFile' SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.75 NAME 'olcTLSVerifyClient' S + YNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.77 NAME 'olcTLSDHParamFile' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.87 NAME 'olcTLSProtocolMin' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.80 NAME 'olcToolThreads' SYNTA + X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.12 NAME 'olcUpdateDN' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.13 NAME 'olcUpdateRef' SUP l + abeledURI EQUALITY caseIgnoreMatch ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.88 NAME 'olcWriteTimeout' SYNT + AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.1 NAME 'olcDbDirectory' DESC + 'Directory for database content' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.5 NAME 'OpenLDAPaci' DESC 'OpenLDAP + access control information (experimental)' EQUALITY OpenLDAPaciMatch SYNTA + X 1.3.6.1.4.1.4203.666.2.1 USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.2 NAME 'olcDbCheckpoint' DES + C 'Database checkpoint interval in kbytes and minutes' SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.4 NAME 'olcDbNoSync' DESC 'D + isable synchronous database writes' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SIN + GLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.12.3 NAME 'olcDbEnvFlags' DESC + 'Database environment flags' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.2 NAME 'olcDbIndex' DESC 'At + tribute index parameters' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.12.1 NAME 'olcDbMaxReaders' DE + SC 'Maximum number of threads that may access the DB concurrently' SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.12.2 NAME 'olcDbMaxSize' DESC + 'Maximum size of DB in bytes' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-V + ALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.3 NAME 'olcDbMode' DESC 'Uni + x permissions of database files' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.12.5 NAME 'olcDbRtxnSize' DESC + 'Number of entries to process in one read transaction' SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.9 NAME 'olcDbSearchStack' DE + SC 'Depth of search stack in IDLs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN + GLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.11 NAME 'olcDbCacheFree' DES + C 'Number of extra entries to free when max is reached' SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.1 NAME 'olcDbCacheSize' DESC + 'Entry cache size in entries' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- + VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.16 NAME 'olcDbChecksum' DESC + 'Enable database checksum validation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.13 NAME 'olcDbCryptFile' DES + C 'Pathname of file containing the DB encryption key' SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.14 NAME 'olcDbCryptKey' DESC + 'DB encryption key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.3 NAME 'olcDbConfig' DESC 'B + erkeleyDB DB_CONFIG configuration directives' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.26 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.15 NAME 'olcDbPageSize' DESC + 'Page size of specified DB, in Kbytes' EQUALITY caseExactMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.5 NAME 'olcDbDirtyRead' DESC + 'Allow reads of uncommitted data' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SING + LE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.12 NAME 'olcDbDNcacheSize' D + ESC 'DN cache size' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.6 NAME 'olcDbIDLcacheSize' D + ESC 'IDL cache size in IDLs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VA + LUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.7 NAME 'olcDbLinearIndex' DE + SC 'Index attributes one at a time' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SIN + GLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.8 NAME 'olcDbLockDetect' DES + C 'Deadlock detection algorithm' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.10 NAME 'olcDbShmKey' DESC ' + Key for shared memory region' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-V + ALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.14 NAME 'olcDbURI' DESC 'URI + (list) for remote DSA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.1 NAME 'olcDbStartTLS' DESC + 'StartTLS' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.2 NAME 'olcDbACLAuthcDn' DES + C 'Remote ACL administrative identity' OBSOLETE SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.3 NAME 'olcDbACLPasswd' DESC + 'Remote ACL administrative identity credentials' OBSOLETE SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.4 NAME 'olcDbACLBind' DESC ' + Remote ACL administrative identity auth bind configuration' SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.5 NAME 'olcDbIDAssertAuthcDn + ' DESC 'Remote Identity Assertion administrative identity' OBSOLETE SYNTAX + 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.6 NAME 'olcDbIDAssertPasswd' + DESC 'Remote Identity Assertion administrative identity credentials' OBSOL + ETE SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.7 NAME 'olcDbIDAssertBind' D + ESC 'Remote Identity Assertion administrative identity auth bind configurat + ion' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.8 NAME 'olcDbIDAssertMode' D + ESC 'Remote Identity Assertion mode' OBSOLETE SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.9 NAME 'olcDbIDAssertAuthzFr + om' DESC 'Remote Identity Assertion authz rules' EQUALITY caseIgnoreMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.10 NAME 'olcDbRebindAsUser' + DESC 'Rebind as user' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.11 NAME 'olcDbChaseReferrals + ' DESC 'Chase referrals' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.12 NAME 'olcDbTFSupport' DES + C 'Absolute filters support' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA + LUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.13 NAME 'olcDbProxyWhoAmI' D + ESC 'Proxy whoAmI exop' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.14 NAME 'olcDbTimeout' DESC + 'Per-operation timeouts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.15 NAME 'olcDbIdleTimeout' D + ESC 'connection idle timeout' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.16 NAME 'olcDbConnTtl' DESC + 'connection ttl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.17 NAME 'olcDbNetworkTimeout + ' DESC 'connection network timeout' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.18 NAME 'olcDbProtocolVersio + n' DESC 'protocol version' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALU + E ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.19 NAME 'olcDbSingleConn' DE + SC 'cache a single connection per identity' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.20 NAME 'olcDbCancel' DESC ' + abandon/ignore/exop operations when appropriate' SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.21 NAME 'olcDbQuarantine' DE + SC 'Quarantine database if connection fails and retry according to rule' SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.22 NAME 'olcDbUseTemporaryCo + nn' DESC 'Use temporary connections if the cached one is busy' SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.23 NAME 'olcDbConnectionPool + Max' DESC 'Max size of privileged connections pool' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.24 NAME 'olcDbSessionTrackin + gRequest' DESC 'Add session tracking control to proxied requests' SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.25 NAME 'olcDbNoRefs' DESC ' + Do not return search reference responses' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.26 NAME 'olcDbNoUndefFilter' + DESC 'Do not propagate undefined search filters' SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.108 NAME 'olcDbOnErr' DESC ' + error handling' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.27 NAME 'olcDbIDAssertPassTh + ru' DESC 'Remote Identity Assertion passthru rules' EQUALITY caseIgnoreMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.29 NAME 'olcDbKeepalive' DES + C 'TCP keepalive' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.3.1 NAME 'olcChainingBehavior' + DESC 'Chaining behavior control parameters (draft-sermersheim-ldap-chainin + g)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.3.2 NAME 'olcChainCacheURI' DE + SC 'Enables caching of URIs not present in configuration' SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.3.3 NAME 'olcChainMaxReferralD + epth' DESC 'max referral depth' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.3.4 NAME 'olcChainReturnError' + DESC 'Errors are returned instead of the original referral' SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.101 NAME 'olcDbRewrite' DESC + 'DN rewriting rules' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.102 NAME 'olcDbMap' DESC 'Ma + p attribute and objectclass names' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.103 NAME 'olcDbSubtreeExclud + e' DESC 'DN of subtree to exclude from target' EQUALITY caseIgnoreMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.104 NAME 'olcDbSubtreeInclud + e' DESC 'DN of subtree to include in target' EQUALITY caseIgnoreMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.105 NAME 'olcDbDefaultTarget + ' DESC 'Specify the default target' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.106 NAME 'olcDbDnCacheTtl' D + ESC 'dncache ttl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.107 NAME 'olcDbBindTimeout' + DESC 'bind timeout' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.109 NAME 'olcDbPseudoRootBin + dDefer' DESC 'error handling' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VA + LUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.110 NAME 'olcDbNretries' DES + C 'retry handling' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.111 NAME 'olcDbClientPr' DES + C 'PagedResults handling' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.100 NAME 'olcMetaSub' DESC ' + Placeholder to name a Target entry' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.15 SINGLE-VALUE X-ORDERED 'SIBLINGS' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.112 NAME 'olcDbFilter' DESC + 'Filter regex pattern to include in target' EQUALITY caseExactMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.1 NAME 'monitoredInfo' DESC 'mon + itored info' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.15{32768} NO-USER-MODIFICATION USAGE dSAOpera + tion ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.2 NAME 'managedInfo' DESC 'monit + or managed info' SUP name ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.3 NAME 'monitorCounter' DESC 'mo + nitor counter' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.27 NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.4 NAME 'monitorOpCompleted' DESC + 'monitor completed operations' SUP monitorCounter NO-USER-MODIFICATION USA + GE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.5 NAME 'monitorOpInitiated' DESC + 'monitor initiated operations' SUP monitorCounter NO-USER-MODIFICATION USA + GE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.6 NAME 'monitorConnectionNumber' + DESC 'monitor connection number' SUP monitorCounter NO-USER-MODIFICATION U + SAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.7 NAME 'monitorConnectionAuthzDN + ' DESC 'monitor connection authorization DN' EQUALITY distinguishedNameMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE dSAOperat + ion ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.8 NAME 'monitorConnectionLocalAd + dress' DESC 'monitor connection local address' SUP monitoredInfo NO-USER-MO + DIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.9 NAME 'monitorConnectionPeerAdd + ress' DESC 'monitor connection peer address' SUP monitoredInfo NO-USER-MODI + FICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.10 NAME 'monitorTimestamp' DESC + 'monitor timestamp' EQUALITY generalizedTimeMatch ORDERING generalizedTimeO + rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODI + FICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.11 NAME 'monitorOverlay' DESC 'n + ame of overlays defined for a given database' SUP monitoredInfo NO-USER-MOD + IFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.12 NAME 'readOnly' DESC 'read/wr + ite status of a given database' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.7 SINGLE-VALUE USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.13 NAME 'restrictedOperation' DE + SC 'name of restricted operation for a given database' SUP managedInfo ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.14 NAME 'monitorConnectionProtoc + ol' DESC 'monitor connection protocol' SUP monitoredInfo NO-USER-MODIFICATI + ON USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.15 NAME 'monitorConnectionOpsRec + eived' DESC 'monitor number of operations received by the connection' SUP m + onitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.16 NAME 'monitorConnectionOpsExe + cuting' DESC 'monitor number of operations in execution within the connecti + on' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.17 NAME 'monitorConnectionOpsPen + ding' DESC 'monitor number of pending operations within the connection' SUP + monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.18 NAME 'monitorConnectionOpsCom + pleted' DESC 'monitor number of operations completed within the connection' + SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.19 NAME 'monitorConnectionGet' D + ESC 'number of times connection_get() was called so far' SUP monitorCounter + NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.20 NAME 'monitorConnectionRead' + DESC 'number of times connection_read() was called so far' SUP monitorCount + er NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.21 NAME 'monitorConnectionWrite' + DESC 'number of times connection_write() was called so far' SUP monitorCou + nter NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.22 NAME 'monitorConnectionMask' + DESC 'monitor connection mask' SUP monitoredInfo NO-USER-MODIFICATION USAGE + dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.23 NAME 'monitorConnectionListen + er' DESC 'monitor connection listener' SUP monitoredInfo NO-USER-MODIFICATI + ON USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.24 NAME 'monitorConnectionPeerDo + main' DESC 'monitor connection peer domain' SUP monitoredInfo NO-USER-MODIF + ICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.25 NAME 'monitorConnectionStartT + ime' DESC 'monitor connection start time' SUP monitorTimestamp SINGLE-VALUE + NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.26 NAME 'monitorConnectionActivi + tyTime' DESC 'monitor connection activity time' SUP monitorTimestamp SINGLE + -VALUE NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.27 NAME 'monitorIsShadow' DESC ' + TRUE if the database is shadow' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.7 SINGLE-VALUE USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.28 NAME 'monitorUpdateRef' DESC + 'update referral for shadow databases' SUP monitoredInfo SINGLE-VALUE USAGE + dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.29 NAME 'monitorRuntimeConfig' D + ESC 'TRUE if component allows runtime configuration' EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.30 NAME 'monitorSuperiorDN' DESC + 'monitor superior DN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.12 NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.5.1 NAME 'olcRelay' DESC 'Rela + y DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.15.1 NAME 'olcAuditlogFile' DE + SC 'Filename for auditlogging' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.1 NAME 'olcAccessLogDB' DESC + 'Suffix of database for log content' SUP distinguishedName SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.2 NAME 'olcAccessLogOps' DES + C 'Operation types to log' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.3 NAME 'olcAccessLogPurge' D + ESC 'Log cleanup parameters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA + LUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.4 NAME 'olcAccessLogSuccess' + DESC 'Log successful ops only' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE- + VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.5 NAME 'olcAccessLogOld' DES + C 'Log old values when modifying entries matching the filter' SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.6 NAME 'olcAccessLogOldAttr' + DESC 'Log old values of these attributes even if unmodified' EQUALITY case + IgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.7 NAME 'olcAccessLogBase' DE + SC 'Operation types to log under a specific branch' EQUALITY caseIgnoreMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.1 NAME 'reqDN' DESC 'Target DN + of request' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.2 NAME 'reqStart' DESC 'Start + time of request' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrde + ringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.3 NAME 'reqEnd' DESC 'End time + of request' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrdering + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.4 NAME 'reqType' DESC 'Type of + request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN + GLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.5 NAME 'reqSession' DESC 'Sess + ion ID of request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.6 NAME 'reqAuthzID' DESC 'Auth + orization ID of requestor' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.7 NAME 'reqResult' DESC 'Resul + t code of request' EQUALITY integerMatch ORDERING integerOrderingMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.8 NAME 'reqMessage' DESC 'Erro + r text of request' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.9 NAME 'reqReferral' DESC 'Ref + errals returned for request' SUP labeledURI ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.10 NAME 'reqControls' DESC 'Re + quest controls' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1 + .4.1.4203.666.11.5.3.1 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.11 NAME 'reqRespControls' DESC + 'Response controls of request' EQUALITY objectIdentifierFirstComponentMatc + h SYNTAX 1.3.6.1.4.1.4203.666.11.5.3.1 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.12 NAME 'reqId' DESC 'ID of Re + quest to Abandon' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.13 NAME 'reqVersion' DESC 'Pro + tocol version of Bind request' EQUALITY integerMatch ORDERING integerOrderi + ngMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.14 NAME 'reqMethod' DESC 'Bind + method of request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.15 NAME 'reqAssertion' DESC 'C + ompare Assertion of request' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA + LUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.16 NAME 'reqMod' DESC 'Modific + ations of request' EQUALITY octetStringMatch SUBSTR octetStringSubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.17 NAME 'reqOld' DESC 'Old val + ues of entry before request completed' EQUALITY octetStringMatch SUBSTR oct + etStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.18 NAME 'reqNewRDN' DESC 'New + RDN of request' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.19 NAME 'reqDeleteOldRDN' DESC + 'Delete old RDN' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.20 NAME 'reqNewSuperior' DESC + 'New superior DN of request' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.21 NAME 'reqScope' DESC 'Scope + of request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.22 NAME 'reqDerefAliases' DESC + 'Disposition of Aliases in request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.23 NAME 'reqAttrsOnly' DESC 'A + ttributes and values of request' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.24 NAME 'reqFilter' DESC 'Filt + er of request' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.25 NAME 'reqAttr' DESC 'Attrib + utes of request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.26 NAME 'reqSizeLimit' DESC 'S + ize limit of request' EQUALITY integerMatch ORDERING integerOrderingMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.27 NAME 'reqTimeLimit' DESC 'T + ime limit of request' EQUALITY integerMatch ORDERING integerOrderingMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.28 NAME 'reqEntries' DESC 'Num + ber of entries returned' EQUALITY integerMatch ORDERING integerOrderingMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.29 NAME 'reqData' DESC 'Data o + f extended request' EQUALITY octetStringMatch SUBSTR octetStringSubstringsM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.30 NAME 'auditContext' DESC 'D + N of auditContainer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-U + SER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.31 NAME 'reqEntryUUID' DESC 'U + UID of entry' EQUALITY UUIDMatch ORDERING UUIDOrderingMatch SYNTAX 1.3.6.1. + 1.16.1 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.19.1 NAME 'olcCollectInfo' DES + C 'DN of entry and attribute to distribute' EQUALITY caseIgnoreMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.8.1 NAME 'olcDlAttrSet' DESC ' + Dynamic list: , , ' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.11.1 NAME 'olcRefintAttribute' + DESC 'Attributes for referential integrity' EQUALITY caseIgnoreMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.11.2 NAME 'olcRefintNothing' D + ESC 'Replacement DN to supply when needed' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.11.3 NAME 'olcRefintModifiersN + ame' DESC 'The DN to use as modifiersName' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.12 SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.102 NAME 'memberOf' DESC 'Group that th + e entry belongs to' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.12 USAGE dSAOperation X-ORIGIN 'iPlanet Delegated Administrator' + ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.0 NAME 'olcMemberOfDN' DESC + 'DN to be used as modifiersName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SING + LE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.1 NAME 'olcMemberOfDangling + ' DESC 'Behavior with respect to dangling members, constrained to ignore, d + rop, error' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.2 NAME 'olcMemberOfRefInt' + DESC 'Take care of referential integrity' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.3 NAME 'olcMemberOfGroupOC' + DESC 'Group objectClass' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.4 NAME 'olcMemberOfMemberAD + ' DESC 'member attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.5 NAME 'olcMemberOfMemberOf + AD' DESC 'memberOf attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.7 NAME 'olcMemberOfDangling + Error' DESC 'Error code returned in case of dangling back reference' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.1.1 NAME 'olcSpCheckpoint' DES + C 'ContextCSN checkpoint interval in ops and minutes' SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.1.2 NAME 'olcSpSessionlog' DES + C 'Session log size in ops' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VAL + UE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.1.3 NAME 'olcSpNoPresent' DESC + 'Omit Present phase processing' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE + -VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.1.4 NAME 'olcSpReloadHint' DES + C 'Observe Reload Hint in Request control' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.14.1 NAME 'olcTranslucentStric + t' DESC 'Reveal attribute deletion constraint violations' SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.14.2 NAME 'olcTranslucentNoGlu + e' DESC 'Disable automatic glue records for ADD and MODRDN' SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.14.3 NAME 'olcTranslucentLocal + ' DESC 'Attributes to use in local search filter' SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.14.4 NAME 'olcTranslucentRemot + e' DESC 'Attributes to use in remote search filter' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.14.5 NAME 'olcTranslucentBindL + ocal' DESC 'Enable local bind' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-V + ALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.14.6 NAME 'olcTranslucentPwMod + Local' DESC 'Enable local RFC 3062 Password Modify extended operation' SYNT + AX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.10.1 NAME 'olcUniqueBase' DESC + 'Subtree for uniqueness searches' EQUALITY distinguishedNameMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.10.2 NAME 'olcUniqueIgnore' DE + SC 'Attributes for which uniqueness shall not be enforced' EQUALITY caseIgn + oreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.10.3 NAME 'olcUniqueAttribute' + DESC 'Attributes for which uniqueness shall be enforced' EQUALITY caseIgno + reMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.10.4 NAME 'olcUniqueStrict' DE + SC 'Enforce uniqueness of null values' EQUALITY booleanMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.10.5 NAME 'olcUniqueURI' DESC + 'List of keywords and LDAP URIs for a uniqueness domain' EQUALITY caseExact + Match ORDERING caseExactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.13.1 NAME 'olcConstraintAttrib + ute' DESC 'constraint for list of attributes' EQUALITY caseIgnoreMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.5.1 NAME 'olcValSortAttr' DESC + 'Sorting rule for attribute under given DN' EQUALITY caseIgnoreMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.21.1 NAME 'olcSssVlvMax' DESC + 'Maximum number of concurrent Sort requests' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.21.2 NAME 'olcSssVlvMaxKeys' D + ESC 'Maximum number of Keys in a Sort request' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.21.3 NAME 'olcSssVlvMaxPerConn + ' DESC 'Maximum number of concurrent paged search requests per connection' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.16 NAME 'pwdChangedTime' DESC 'The + time the password was last changed' EQUALITY generalizedTimeMatch ORDERING + generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-V + ALUE NO-USER-MODIFICATION USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.17 NAME 'pwdAccountLockedTime' DES + C 'The time an user account was locked' EQUALITY generalizedTimeMatch ORDER + ING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL + E-VALUE USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.19 NAME 'pwdFailureTime' DESC 'The + timestamps of the last consecutive authentication failures' EQUALITY gener + alizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.24 NO-USER-MODIFICATION USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.20 NAME 'pwdHistory' DESC 'The his + tory of users passwords' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.40 NO-USER-MODIFICATION USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.21 NAME 'pwdGraceUseTime' DESC 'Th + e timestamps of the grace login once the password has expired' EQUALITY gen + eralizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 NO-USER-MODIFICATION + USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.22 NAME 'pwdReset' DESC 'The indic + ation that the password has been reset' EQUALITY booleanMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE directoryOperation ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.23 NAME 'pwdPolicySubentry' DESC ' + The pwdPolicy subentry in effect for this object' EQUALITY distinguishedNam + eMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE USAGE directoryOpe + ration ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.12.1 NAME 'olcPPolicyDefault' + DESC 'DN of a pwdPolicy object for uncustomized objects' SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.12.2 NAME 'olcPPolicyHashClear + text' DESC 'Hash passwords on add or modify' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.12.4 NAME 'olcPPolicyForwardUp + dates' DESC 'Allow policy state updates to be forwarded via updateref' SYNT + AX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.12.3 NAME 'olcPPolicyUseLockou + t' DESC 'Warn clients with AccountLocked' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.57 NAME 'entryExpireTimestamp' DESC + 'RFC2589 OpenLDAP extension: expire time of a dynamic object, computed as + now + entryTtl' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrder + ingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICA + TION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.1 NAME 'olcDDSstate' DESC 'R + FC2589 Dynamic directory services state' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.2 NAME 'olcDDSmaxTtl' DESC ' + RFC2589 Dynamic directory services max TTL' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.3 NAME 'olcDDSminTtl' DESC ' + RFC2589 Dynamic directory services min TTL' SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.4 NAME 'olcDDSdefaultTtl' DE + SC 'RFC2589 Dynamic directory services default TTL' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.5 NAME 'olcDDSinterval' DESC + 'RFC2589 Dynamic directory services expiration task run interval' SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.6 NAME 'olcDDStolerance' DES + C 'RFC2589 Dynamic directory services additional TTL in expiration scheduli + ng' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.7 NAME 'olcDDSmaxDynamicObje + cts' DESC 'RFC2589 Dynamic directory services max number of dynamic objects + ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.453.16.2.188 NAME 'authTimestamp' DESC 'last s + uccessful authentication using any method/mech' EQUALITY generalizedTimeMat + ch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 24 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.4.5.1 NAME 'olcLastBindPrecision + ' DESC 'Precision of authTimestamp attribute' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.0.1.1 NAME 'olmDbDirectory' DESC + 'Path name of the directory where the database environment resides' SUP mo + nitoredInfo NO-USER-MODIFICATION USAGE dSAOperation ) +attributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: knowled + ge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15{32768} ) +attributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (famil + y) name(s) for which the entity is known by' SUP name ) +attributeTypes: ( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial number o + f the entity' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) +attributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC4519: two-lett + er ISO-3166 country code' SUP name SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 SIN + GLE-VALUE ) +attributeTypes: ( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256: localit + y which this object resides in' SUP name ) +attributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'RFC2256: + state or province which this object resides in' SUP name ) +attributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC 'RFC2256: s + treet address of this object' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +attributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC2256: or + ganization this object belongs to' SUP name ) +attributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC 'RFC2 + 256: organizational unit this object belongs to' SUP name ) +attributeTypes: ( 2.5.4.12 NAME 'title' DESC 'RFC2256: title associated with + the entity' SUP name ) +attributeTypes: ( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search guide, d + eprecated by enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) +attributeTypes: ( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256: business c + ategory' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.15{128} ) +attributeTypes: ( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256: postal addres + s' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.41 ) +attributeTypes: ( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal code' EQU + ALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15{40} ) +attributeTypes: ( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post Office B + ox' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.15{40} ) +attributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'RFC2256: + Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu + bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +attributeTypes: ( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256: Telephone N + umber' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) +attributeTypes: ( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex Number' S + YNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) +attributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'RFC2256: T + eletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) +attributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DESC 'R + FC2256: Facsimile (Fax) Telephone Number' SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .22 ) +attributeTypes: ( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121 Address' + EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.36{15} ) +attributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber' DESC 'RFC2256: int + ernational ISDN number' EQUALITY numericStringMatch SUBSTR numericStringSub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) +attributeTypes: ( 2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256: registere + d postal address' SUP postalAddress SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) +attributeTypes: ( 2.5.4.27 NAME 'destinationIndicator' DESC 'RFC2256: destin + ation indicator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) +attributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC 'RFC2256: pre + ferred delivery method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256: present + ation address' EQUALITY presentationAddressMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.43 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'RFC2256: + supported application context' EQUALITY objectIdentifierMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.38 ) +attributeTypes: ( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a group' S + UP distinguishedName ) +attributeTypes: ( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the object) + ' SUP distinguishedName ) +attributeTypes: ( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256: occupant of ro + le' SUP distinguishedName ) +attributeTypes: ( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256: X.509 user + certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.8 ) +attributeTypes: ( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256: X.509 CA cert + ificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.8 ) +attributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList' DESC 'RFC2256: X.5 + 09 authority revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.9 ) +attributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList' DESC 'RFC2256: X + .509 certificate revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.9 ) +attributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair' DESC 'RFC2256: X.509 + cross certificate pair, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 ) +attributeTypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: first na + me(s) for which the entity is known by' SUP name ) +attributeTypes: ( 2.5.4.43 NAME 'initials' DESC 'RFC2256: initials of some o + r all of names, but not the surname(s).' SUP name ) +attributeTypes: ( 2.5.4.44 NAME 'generationQualifier' DESC 'RFC2256: name qu + alifier indicating a generation' SUP name ) +attributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'RFC2256: X.500 + unique identifier' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.6 ) +attributeTypes: ( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN qualifier' E + QUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreS + ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) +attributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'RFC2256: enhance + d search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) +attributeTypes: ( 2.5.4.48 NAME 'protocolInformation' DESC 'RFC2256: protoco + l information' EQUALITY protocolInformationMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.42 ) +attributeTypes: ( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique member + of a group' EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 + ) +attributeTypes: ( 2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256: house ident + ifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.15{32768} ) +attributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'RFC2256: support + ed algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) +attributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList' DESC 'RFC2256: delta r + evocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) +attributeTypes: ( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name of DMD' SUP na + me ) +attributeTypes: ( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th): pseudonym for + the object' SUP name ) +attributeTypes: ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' ) + DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnor + eIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' ) + DESC 'RFC1274/2247: domain component' EQUALITY caseIgnoreIA5Match SUBSTR c + aseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VAL + UE ) +attributeTypes: ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' DESC 'R + FC1274: domain associated with object' EQUALITY caseIgnoreIA5Match SUBSTR c + aseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.840.113549.1.9.1 NAME ( 'email' 'emailAddress' 'pkcs9e + mail' ) DESC 'RFC3280: legacy attribute for email addresses in DNs' EQUALIT + Y caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.26{128} ) +attributeTypes: ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' EQUA + LITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: gener + al information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) +attributeTypes: ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDrink' + ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgnore + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1274: + room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274: phot + o (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) +attributeTypes: ( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC1274: + category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: host + computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC1274: D + N of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.12 ) +attributeTypes: ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' DESC + 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR ca + seIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC 'RFC1 + 274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DESC 'RF + C1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC 'RFC + 1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DESC 'R + FC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR case + IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTelepho + neNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumberM + atch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.50 ) +attributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC1274: + DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.12 ) +attributeTypes: ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.39 ) +attributeTypes: ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY caseIgn + oreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY caseIg + noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY caseIg + noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY caseIg + noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY caseI + gnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALITY cas + eIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC 'RFC + 1274: DN of entry associated with domain' EQUALITY distinguishedNameMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' DESC ' + RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIgnor + eListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) +attributeTypes: ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC 'RFC1 + 274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTelephon + eNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNumber + Match SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.50 ) +attributeTypes: ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelephoneN + umber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumberMat + ch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 50 ) +attributeTypes: ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCountryNam + e' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBSTR + caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DESC 'R + FC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus' DES + C 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseIgno + reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC 'RFC12 + 74: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrin + gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption' DES + C 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC 'RFC12 + 74: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RFC1274 + : DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ) +attributeTypes: ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' DESC + 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE + -VALUE ) +attributeTypes: ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality' DE + SC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 + SINGLE-VALUE ) +attributeTypes: ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality' DE + SC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 + SINGLE-VALUE ) +attributeTypes: ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' DESC ' + RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 + ) +attributeTypes: ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'RFC127 + 4: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.12 ) +attributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274: aud + io (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ) +attributeTypes: ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' DESC ' + RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS + ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC2798: v + ehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR caseI + gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC 'RFC2 + 798: identifies a department within an organization' EQUALITY caseIgnoreMat + ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC2798 + : preferred name to be used when displaying entries' EQUALITY caseIgnoreMat + ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RFC279 + 8: numerically identifies an employee within an organization' EQUALITY case + IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2798: + type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgnor + eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2798: + a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) +attributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC 'RF + C2798: preferred written or spoken language for a person' EQUALITY caseIgno + reMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' DESC + 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.5 ) +attributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2798: + personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.5 ) +attributeTypes: ( 2.16.840.1.113730.3.1.13 NAME 'mailLocalAddress' DESC 'RFC + 822 email address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.26{256} ) +attributeTypes: ( 2.16.840.1.113730.3.1.18 NAME 'mailHost' DESC 'FQDN of the + SMTP/MTA of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.26{256} SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.47 NAME 'mailRoutingAddress' DESC 'R + FC822 routing address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.2.1.15 NAME 'rfc822MailMember' DESC 'r + fc822 mail address of group member(s)' EQUALITY caseIgnoreIA5Match SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; the co + mmon name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolute pa + th to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to the lo + gin shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integerMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integerMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactIA5Mat + ch SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY caseExa + ctIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.26 ) +attributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgroup t + riple' SYNTAX 1.3.6.1.1.1.0.0 ) +attributeTypes: ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY integerMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name ) +attributeTypes: ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY integerM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP address' EQU + ALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) +attributeTypes: ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP network' + EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGL + E-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netmask' + EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGL + E-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address' EQUA + LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) +attributeTypes: ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootparamd + parameter' SYNTAX 1.3.6.1.1.1.0.1 ) +attributeTypes: ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image name' EQ + UALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name ) +attributeTypes: ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseExactIA5M + atch SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 6{1024} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.6 NAME 'javaClassName' DESC 'Fully + qualified name of distinguished Java class or interface' EQUALITY caseExac + tMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.7 NAME 'javaCodebase' DESC 'URL(s) + specifying the location of class definition' EQUALITY caseExactIA5Match SY + NTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.13 NAME 'javaClassNames' DESC 'Ful + ly qualified Java class or interface name' EQUALITY caseExactMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.8 NAME 'javaSerializedData' DESC ' + Serialized form of a Java object' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SING + LE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.10 NAME 'javaFactory' DESC 'Fully + qualified Java class name of a JNDI object factory' EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.11 NAME 'javaReferenceAddress' DES + C 'Addresses associated with a JNDI Reference' EQUALITY caseExactMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.12 NAME 'javaDoc' DESC 'The Java d + ocumentation for the class' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.14 NAME 'corbaIor' DESC 'Stringifi + ed interoperable object reference of a CORBA object' EQUALITY caseIgnoreIA5 + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.15 NAME 'corbaRepositoryId' DESC ' + Repository ids of interfaces implemented by a CORBA object' EQUALITY caseEx + actMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.16.840.1.113730.3.1.198 NAME 'memberURL' DESC 'Identifie + s an URL associated with each member of a group. Any type of labeled URL ca + n be used.' SUP labeledURI ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.8.1.1 NAME 'dgIdentity' DESC 'Iden + tity to use when processing the memberURL' SUP distinguishedName SINGLE-VAL + UE ) +attributeTypes: ( 1.3.6.1.4.1.4203.666.11.8.1.2 NAME 'dgAuthz' DESC 'Optiona + l authorization rules that determine who is allowed to assume the dgIdentit + y' EQUALITY authzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 X-ORDERED 'VALUES' ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.1 NAME 'pwdAttribute' EQUALITY obj + ectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.2 NAME 'pwdMinAge' EQUALITY intege + rMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S + INGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.3 NAME 'pwdMaxAge' EQUALITY intege + rMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S + INGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.4 NAME 'pwdInHistory' EQUALITY int + egerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.5 NAME 'pwdCheckQuality' EQUALITY + integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.6 NAME 'pwdMinLength' EQUALITY int + egerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.7 NAME 'pwdExpireWarning' EQUALITY + integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.8 NAME 'pwdGraceAuthNLimit' EQUALI + TY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.9 NAME 'pwdLockout' EQUALITY boole + anMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.10 NAME 'pwdLockoutDuration' EQUAL + ITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.11 NAME 'pwdMaxFailure' EQUALITY i + ntegerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.12 NAME 'pwdFailureCountInterval' + EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.13 NAME 'pwdMustChange' EQUALITY b + ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.14 NAME 'pwdAllowUserChange' EQUAL + ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.15 NAME 'pwdSafeModify' EQUALITY b + ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.30 NAME 'pwdMaxRecordedFailure' EQ + UALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.4754.1.99.1 NAME 'pwdCheckModule' DESC 'Loadab + le module that instantiates check_password() function' EQUALITY caseExactIA + 5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.5.4.72 NAME 'role' DESC 'X.509 Role attribute, use ;bina + ry' SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.6 ) +attributeTypes: ( 2.5.4.75 NAME 'xmlPrivilegeInfo' DESC 'X.509 XML privilege + information attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.5.4.58 NAME 'attributeCertificateAttribute' DESC 'X.509 + Attribute certificate attribute, use ;binary' EQUALITY attributeCertificate + ExactMatch SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.1 ) +attributeTypes: ( 2.5.4.61 NAME 'aACertificate' DESC 'X.509 AA certificate a + ttribute, use ;binary' EQUALITY attributeCertificateExactMatch SYNTAX 1.3.6 + .1.4.1.4203.666.11.10.2.1 ) +attributeTypes: ( 2.5.4.62 NAME 'attributeDescriptorCertificate' DESC 'X.509 + Attribute descriptor certificate attribute, use ;binary' EQUALITY attribut + eCertificateExactMatch SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.1 ) +attributeTypes: ( 2.5.4.59 NAME 'attributeCertificateRevocationList' DESC 'X + .509 Attribute certificate revocation list attribute, use ;binary' SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.9 X-EQUALITY 'certificateListExactMatch, not impl + emented yet' ) +attributeTypes: ( 2.5.4.63 NAME 'attributeAuthorityRevocationList' DESC 'X.5 + 09 AA certificate revocation list attribute, use ;binary' SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.9 X-EQUALITY 'certificateListExactMatch, not implemented y + et' ) +attributeTypes: ( 2.5.4.73 NAME 'delegationPath' DESC 'X.509 Delegation path + attribute, use ;binary' SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.4 ) +attributeTypes: ( 2.5.4.71 NAME 'privPolicy' DESC 'X.509 Privilege policy at + tribute, use ;binary' SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.5 ) +attributeTypes: ( 2.5.4.74 NAME 'protPrivPolicy' DESC 'X.509 Protected privi + lege policy attribute, use ;binary' EQUALITY attributeCertificateExactMatch + SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.1 ) +attributeTypes: ( 2.5.4.76 NAME 'xmlPrivPolicy' DESC 'X.509 XML Protected pr + ivilege policy attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.5.4.7.1 NAME 'c-l' SUP l COLLECTIVE ) +attributeTypes: ( 2.5.4.8.1 NAME 'c-st' SUP st COLLECTIVE ) +attributeTypes: ( 2.5.4.9.1 NAME 'c-street' SUP street COLLECTIVE ) +attributeTypes: ( 2.5.4.10.1 NAME 'c-o' SUP o COLLECTIVE ) +attributeTypes: ( 2.5.4.11.1 NAME 'c-ou' SUP ou COLLECTIVE ) +attributeTypes: ( 2.5.4.16.1 NAME 'c-PostalAddress' SUP postalAddress COLLEC + TIVE ) +attributeTypes: ( 2.5.4.17.1 NAME 'c-PostalCode' SUP postalCode COLLECTIVE ) +attributeTypes: ( 2.5.4.18.1 NAME 'c-PostOfficeBox' SUP postOfficeBox COLLEC + TIVE ) +attributeTypes: ( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName' SUP physica + lDeliveryOfficeName COLLECTIVE ) +attributeTypes: ( 2.5.4.20.1 NAME 'c-TelephoneNumber' SUP telephoneNumber CO + LLECTIVE ) +attributeTypes: ( 2.5.4.21.1 NAME 'c-TelexNumber' SUP telexNumber COLLECTIVE + ) +attributeTypes: ( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber' SUP facsimile + TelephoneNumber COLLECTIVE ) +attributeTypes: ( 2.5.4.25.1 NAME 'c-InternationalISDNNumber' SUP internatio + nalISDNNumber COLLECTIVE ) +attributeTypes: ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' DESC 'IAN + A GSS-API authorized service name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.0 NAME 'defaultServerList' DESC 'De + fault LDAP server host address used by a DUA' EQUALITY caseIgnoreMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 NAME 'defaultSearchBase' DESC 'De + fault LDAP base DN used by a DUA' EQUALITY distinguishedNameMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 NAME 'preferredServerList' DESC ' + Preferred LDAP server host addresses to be used by a DUA' EQUALI + TY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.3 NAME 'searchTimeLimit' DESC 'Maxi + mum time in seconds a DUA should allow for a search to complete' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.4 NAME 'bindTimeLimit' DESC 'Maximu + m time in seconds a DUA should allow for the bind operation to c + omplete' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- + VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.5 NAME 'followReferrals' DESC 'Tell + s DUA if it should follow referrals returned by a DSA search res + ult' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.16 NAME 'dereferenceAliases' DESC ' + Tells DUA if it should dereference aliases' EQUALITY booleanMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 NAME 'authenticationMethod' DESC + 'A keystring which identifies the type of authentication method + used to contact the DSA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.7 NAME 'profileTTL' DESC 'Time to l + ive, in seconds, before a client DUA should re-read this configu + ration profile' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.14 NAME 'serviceSearchDescriptor' D + ESC 'LDAP search descriptor list used by a DUA' EQUALITY caseExactMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.9 NAME 'attributeMap' DESC 'Attribu + te mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.10 NAME 'credentialLevel' DESC 'Ide + ntifies type of credentials a DUA should use when binding to the + LDAP server' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.11 NAME 'objectclassMap' DESC 'Obje + ctclass mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.12 NAME 'defaultSearchScope' DESC ' + Default search scope used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.13 NAME 'serviceCredentialLevel' DE + SC 'Identifies type of credentials a DUA should use when binding + to the LDAP server for a specific service' EQUALITY caseIgnoreI + A5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.15 NAME 'serviceAuthenticationMetho + d' DESC 'Authentication method used by a service of the DUA' EQUALITY caseI + gnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.2.840.113533.7.68.10 NAME 'attributeCertificate' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.5 ) +attributeTypes: ( 1.2.840.113533.7.68.0 NAME 'entrustCAInfo' SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.5 ) +attributeTypes: ( 1.2.840.113533.7.68.30 NAME 'entrustPolicyCertificate' SYN + TAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.2.840.113533.7.68.22 NAME 'entrustRoamFileEncInfo' EQUAL + ITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.2.840.113533.7.79.0 NAME 'entrustRoamingCAPAB' EQUALITY + octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.2.840.113533.7.68.28 NAME 'entrustRoamingEOP' EQUALITY o + ctetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.2.840.113533.7.68.24 NAME 'entrustRoamingPAB' EQUALITY o + ctetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.2.840.113533.7.68.27 NAME 'entrustRoamingPRV' EQUALITY o + ctetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.2.840.113533.7.68.23 NAME 'entrustRoamingProfile' EQUALI + TY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.2.840.113533.7.68.25 NAME 'entrustRoamingRecipList' EQUA + LITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.2.840.113533.7.68.26 NAME 'entrustRoamingSLA' EQUALITY o + ctetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 2.16.840.1.114027.22.4 NAME 'entrustAttributeCertificate' + EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.2.840.113533.7.79.1 NAME 'entrustRoamingId' SUP uid ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.1 NAME 'eduPersonAffiliation' DESC + 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SUBSTR case + IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.2 NAME 'eduPersonNickname' DESC 'ed + uPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SUBSTR caseIgn + oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.3 NAME 'eduPersonOrgDN' DESC 'eduPe + rson per Internet2 and EDUCAUSE' EQUALITY distinguishedNameMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.4 NAME 'eduPersonOrgUnitDN' DESC 'e + duPerson per Internet2 and EDUCAUSE' EQUALITY distinguishedNameMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.5 NAME 'eduPersonPrimaryAffiliation + ' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SUBS + TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA + LUE ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.6 NAME 'eduPersonPrincipalName' DES + C 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SUBSTR ca + seIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.7 NAME 'eduPersonEntitlement' DESC + 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseExactMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.8 NAME 'eduPersonPrimaryOrgUnitDN' + DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.9 NAME 'eduPersonScopedAffiliation' + DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.2.1.2 NAME 'eduOrgHomePageURI' DESC 'ed + uOrg per Internet2 and EDUCAUSE' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.2.1.3 NAME 'eduOrgIdentityAuthNPolicyUR + I' DESC 'eduOrg per Internet2 and EDUCAUSE' EQUALITY caseExactIA5Match SYNT + AX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.2.1.4 NAME 'eduOrgLegalName' DESC 'eduO + rg per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.2.1.5 NAME 'eduOrgSuperiorURI' DESC 'ed + uOrg per Internet2 and EDUCAUSE' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.2.1.6 NAME 'eduOrgWhitePagesURI' DESC ' + eduOrg per Internet2 and EDUCAUSE' EQUALITY caseExactIA5Match SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.1 NAME 'schacMotherTongue' DESC 'RFC + 3066 code for prefered language of communication' EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.2 NAME 'schacGender' DESC 'Represent + ation of human sex (see ISO 5218)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.3 NAME 'schacDateOfBirth' DESC 'Date + of birth (format YYYYMMDD, only numeric chars)' EQUALITY numericStringMatc + h ORDERING numericStringOrderingMatch SUBSTR numericStringSubstringsMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.4 NAME 'schacPlaceOfBirth' DESC 'Bir + th place of a person' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingM + atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.5 NAME 'schacCountryOfCitizenship' D + ESC 'Country of citizenship of a person. Format two-letter acronym accordin + g to ISO 3166' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.6 NAME 'schacSn1' DESC 'First surnam + e of a person' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SU + BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.7 NAME 'schacSn2' DESC 'Second surna + me of a person' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch S + UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.8 NAME 'schacPersonalTitle' DESC 'RF + C1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.9 NAME 'schacHomeOrganization' DESC + 'Domain name of the home organization' EQUALITY caseIgnoreMatch SUBSTR case + IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.10 NAME 'schacHomeOrganizationType' + DESC 'Type of the home organization' EQUALITY caseIgnoreMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.11 NAME 'schacCountryOfResidence' DE + SC 'Country of citizenship of a person. Format two-letter acronym according + to ISO 3166' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.12 NAME 'schacUserPresenceID' DESC ' + Used to store a set of values related to the network presence' EQUALITY cas + eExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.13 NAME 'schacPersonalPosition' DESC + 'Position inside an institution' EQUALITY caseIgnoreMatch SUBSTR caseIgnor + eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.14 NAME 'schacPersonalUniqueCode' DE + SC 'unique code for the subject' EQUALITY caseIgnoreMatch ORDERING caseIgno + reOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.15 NAME 'schacPersonalUniqueID' DESC + 'Unique identifier for the subject' EQUALITY caseExactMatch ORDERING caseE + xactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.17 NAME 'schacExpiryDate' DESC 'Date + from which the set of data is to be considered invalid (format YYYYMMDDhhm + mssZ)' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.18 NAME 'schacUserPrivateAttribute' + DESC 'Set of denied access attributes' EQUALITY caseIgnoreIA5Match SUBSTR c + aseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.19 NAME 'schacUserStatus' DESC 'Used + to store a set of status of a person as user of services' EQUALITY caseIgn + oreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.20 NAME 'schacProjectMembership' DES + C 'Name of the project' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.2.21 NAME 'schacProjectSpecificRole' D + ESC 'Used to store a set of roles of a person inside a project' EQUALITY ca + seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.25178.1.0.2.3 NAME 'schacYearOfBirth' DESC 'Ye + ar of birth (format YYYY, only numeric chars)' EQUALITY numericStringMatch + ORDERING numericStringOrderingMatch SUBSTR numericStringSubstringsMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' DESC 'An integer den + oting time to live' EQUALITY integerMatch ORDERING integerOrderingMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' DESC 'The class of + a resource record' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.11 NAME 'wKSRecord' DESC 'a well kno + wn service description, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIg + noreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' DESC 'domain nam + e pointer, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr + ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord' DESC 'host inf + ormation, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substri + ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord' DESC 'mailbox + or mail list information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR case + IgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord' DESC 'text strin + g, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.17 NAME 'rPRecord' DESC 'for Respons + ible Person, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subs + tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord' DESC 'for AFS + Data Base location, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnore + IA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord' DESC 'Signature, + RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord' DESC 'Key, RFC 2 + 535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.27 NAME 'gPosRecord' DESC 'Geographi + cal Position, RFC 1712' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Sub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord' DESC 'IPv6 addr + ess, RFC 1886' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord' DESC 'Location, + RFC 1876' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord' DESC 'non-exista + nt, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord' DESC 'service lo + cation, RFC 2782' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord' DESC 'Naming A + uthority Pointer, RFC 2915' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA + 5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord' DESC 'Key Exchang + e Delegation, RFC 2230' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Sub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord' DESC 'certifica + te, RFC 2538' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record' DESC 'A6 Record T + ype, RFC 2874' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' DESC 'Non-Term + inal DNS Name Redirection, RFC 2672' EQUALITY caseIgnoreIA5Match SUBSTR cas + eIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.42 NAME 'aPLRecord' DESC 'Lists of A + ddress Prefixes, RFC 3123' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5 + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord' DESC 'Delegation + Signer, RFC 3658' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord' DESC 'SSH Key + Fingerprint, RFC 4255' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subs + tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.45 NAME 'iPSecKeyRecord' DESC 'SSH K + ey Fingerprint, RFC 4025' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5S + ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord' DESC 'RRSIG, R + FC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord' DESC 'NSEC, RFC + 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.48 NAME 'dNSKeyRecord' DESC 'DNSKEY, + RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.49 NAME 'dHCIDRecord' DESC 'DHCID, R + FC 4701' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.51 NAME 'nSec3ParamRecord' DESC 'par + ameters for NSEC3, RFC 5155' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreI + A5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.52 NAME 'TLSARecord' DESC 'DNS-Based + Authentication of Named Entities - Transport Layer Security Protocol, RFC + 6698' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.99 NAME 'sPFRecord' DESC 'Sender Pol + icy Framework, RFC 4408' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Su + bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.257 NAME 'CAARecord' DESC 'Certifica + tion Authority Authorization, RFC 6844' EQUALITY caseIgnoreIA5Match SUBSTR + caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.32769 NAME 'DLVRecord' DESC 'RFC 443 + 1: DNSSEC Lookaside Validation' EQUALITY caseIgnoreIA5Match SUBSTR caseIgno + reIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.1.1.1.28 NAME 'nisPublickey' DESC 'nisPublickey' E + QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.1.1.1.29 NAME 'nisSecretkey' DESC 'nisSecretkey' E + QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.1.1.1.30 NAME 'nisDomain' SUP name ) +attributeTypes: ( 2.16.840.1.113730.3.1.30 NAME 'mgrpRFC822MailMember' DESC + 'mgrpRFC822MailMember' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.12 NAME 'nisNetIdUser' DESC 'nisNe + tIdUser' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.13 NAME 'nisNetIdGroup' DESC 'nisN + etIdGroup' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.14 NAME 'nisNetIdHost' DESC 'nisNe + tIdHost' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.15 NAME 'SolarisLDAPServers' DESC + 'SolarisLDAPServers' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.16 NAME 'SolarisSearchBaseDN' DESC + 'SolarisSearchBaseDN' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.17 NAME 'SolarisCacheTTL' DESC 'So + larisCacheTTL' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S + INGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.18 NAME 'SolarisBindDN' DESC 'Sola + risBindDN' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.19 NAME 'SolarisBindPassword' DESC + 'SolarisBindPassword' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.20 NAME 'SolarisAuthMethod' DESC ' + SolarisAuthMethod' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.21 NAME 'SolarisTransportSecurity' + DESC 'SolarisTransportSecurity' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.24 NAME 'SolarisDataSearchDN' DESC + 'SolarisDataSearchDN' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.25 NAME 'SolarisSearchScope' DESC + 'SolarisSearchScope' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.26 NAME 'SolarisSearchTimeLimit' D + ESC 'SolarisSearchTimeLimit' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.27 NAME 'SolarisPreferedServer' DE + SC 'SolarisPreferedServer' SUP name ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.28 NAME 'SolarisPreferedServerOnly + ' DESC 'SolarisPreferedServerOnly' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.29 NAME 'SolarisSearchReferral' DE + SC 'SolarisSearchReferral' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.31 NAME 'homeFax' SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.22 ) +attributeTypes: ( 2.16.128.113533.1.1400.1 NAME 'thumbnailPhoto' SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.28 ) +attributeTypes: ( 2.16.128.113533.1.1400.2 NAME 'thumbnailLogo' SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.28 ) +attributeTypes: ( 1.3.6.1.4.1.1466.101.120.34 NAME 'middleName' SUP name ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.1 NAME ( 'xmozillanickname' 'mozilla + Nickname' ) SUP name ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.2 NAME ( 'xmozillausehtmlmail' 'mozi + llaUseHtmlMail' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.3 NAME 'mozillaSecondEmail' EQUALITY + caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.26{256} ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.4 NAME 'mozillaHomeLocalityName' EQU + ALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15{128} ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.5 NAME 'mozillaPostalAddress2' EQUAL + ITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.41 ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.6 NAME 'mozillaHomePostalAddress2' E + QUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.41 ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.7 NAME 'mozillaHomeState' SUP name ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.8 NAME 'mozillaHomePostalCode' EQUAL + ITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.15{40} ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.9 NAME 'mozillaHomeCountryName' SUP + name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.10 NAME 'mozillaHomeFriendlyCountryN + ame' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.11 NAME ( 'homeurl' 'mozillaHomeUrl' + ) EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.26{256} ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.12 NAME ( 'workurl' 'mozillaWorkUrl' + ) EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.26{256} ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.13 NAME 'nsAIMid' DESC 'AOL Instant + Messenger (AIM) Identity' EQUALITY telephoneNumberMatch SUBSTR telephoneNum + berSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.96 NAME ( 'custom1' 'mozillaCustom1' + ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.97 NAME ( 'custom2' 'mozillaCustom2' + ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.98 NAME ( 'custom3' 'mozillaCustom3' + ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.13769.2.1.99 NAME ( 'custom4' 'mozillaCustom4' + ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'LanMa + nager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.26{32} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 h + ash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.26{32} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Accoun + t Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1 + 6} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'Times + tamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC 'Tim + estamp of when the user is allowed to update the password' EQUALITY integer + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC 'Ti + mestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Timest + amp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'Times + tamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC 'Time + stamp of when the user will be logged off automatically' EQUALITY integerMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' DESC + 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' DESC ' + Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC 'Logon + Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42 + } SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'Driver + letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC 'Logo + n script path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5{255} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC 'Roam + ing profile path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15{255} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' DESC + 'List of user workstations the user is allowed to logon to' EQUALITY caseIg + noreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Home di + rectory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15{128} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC 'Windo + ws NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.15{128} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC 'Base6 + 4 encoded user parameter string' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.15{1050} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC ' + Concatenated MD5 hashes of the salted NT passwords used on this account' EQ + UALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' + EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' DESC ' + Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26{64} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' DESC 'Security + ID List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 64} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'NT Gro + up Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- + VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC 'Next + NT rid to give our for users' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC 'Nex + t NT rid to give out for groups' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Next NT + rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DES + C 'Base at which the samba RID generation algorithm should operate' EQUALIT + Y integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC 'Share + Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC 'Optio + n Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' DESC 'A boo + lean option' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SING + LE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' DESC 'An + integer option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' DESC 'A s + tring option' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' DESC + 'A string list option' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC 'Trust + Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' DESC 'Min + imal password length (default: 5)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength' DESC + 'Length of Password History Entries (default: 0 => off)' EQUALITY integerMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' DESC 'Fo + rce Users to logon for password change (default: 0 => off, 2 => on)' EQUALI + TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC 'Maximu + m password age, in seconds (default: -1 => never expire passwords)' EQUALIT + Y integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC 'Minimu + m password age, in seconds (default: 0 => allow immediate password change)' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' DESC ' + Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY integerM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindo + w' DESC 'Reset time after lockout in minutes (default: 30)' EQUALITY intege + rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold' DESC + 'Lockout users after bad logon attempts (default: 0 => off)' EQUALITY integ + erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DESC 'Disc + onnect Users outside logon hours (default: -1 => off, 0 => on)' EQUALITY in + tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange' + DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY integer + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword' DESC + 'Clear text password (used for trusted domain passwords)' EQUALITY octetSt + ringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPasswo + rd' DESC 'Previous clear text password (used for trusted domain passwords)' + EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.70 NAME 'sambaTrustType' DESC 'Type o + f trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- + VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.71 NAME 'sambaTrustAttributes' DESC ' + Trust attributes for a trusted domain' EQUALITY integerMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.72 NAME 'sambaTrustDirection' DESC 'D + irection of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.73 NAME 'sambaTrustPartner' DESC 'Ful + ly qualified name of the domain with which a trust exists' EQUALITY caseIgn + oreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.74 NAME 'sambaFlatName' DESC 'NetBIOS + name of a domain' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15{128} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.75 NAME 'sambaTrustAuthOutgoing' DESC + 'Authentication information for the outgoing portion of a trust' EQUALITY + caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.76 NAME 'sambaTrustAuthIncoming' DESC + 'Authentication information for the incoming portion of a trust' EQUALITY + caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.77 NAME 'sambaSecurityIdentifier' DES + C 'SID of a trusted domain' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5 + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.78 NAME 'sambaTrustForestTrustInfo' D + ESC 'Forest trust information for a trusted domain object' EQUALITY caseExa + ctMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.79 NAME 'sambaTrustPosixOffset' DESC + 'POSIX offset of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.80 NAME 'sambaSupportedEncryptionType + s' DESC 'Supported encryption types of a trust' EQUALITY integerMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5322.10.1.1 NAME 'krb5PrincipalName' DESC 'The + unparsed Kerberos principal name' EQUALITY caseExactIA5Match SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5322.10.1.2 NAME 'krb5KeyVersionNumber' EQUALI + TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5322.10.1.3 NAME 'krb5MaxLife' EQUALITY intege + rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5322.10.1.4 NAME 'krb5MaxRenew' EQUALITY integ + erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5322.10.1.5 NAME 'krb5KDCFlags' EQUALITY integ + erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5322.10.1.6 NAME 'krb5EncryptionType' EQUALITY + integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 1.3.6.1.4.1.5322.10.1.7 NAME 'krb5ValidStart' EQUALITY gen + eralizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5322.10.1.8 NAME 'krb5ValidEnd' EQUALITY gener + alizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5322.10.1.9 NAME 'krb5PasswordEnd' EQUALITY ge + neralizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5322.10.1.10 NAME 'krb5Key' DESC 'Encoded ASN1 + Key as an octet string' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) +attributeTypes: ( 1.3.6.1.4.1.5322.10.1.11 NAME 'krb5PrincipalRealm' DESC 'D + istinguished name of krb5Realm entry' SUP distinguishedName ) +attributeTypes: ( 1.3.6.1.4.1.5322.10.1.12 NAME 'krb5RealmName' EQUALITY oct + etStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.1.1 NAME 'krbPrincipalName' EQUA + LITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26 ) +attributeTypes: ( 1.2.840.113554.1.4.1.6.1 NAME 'krbCanonicalName' EQUALITY + caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.3.1 NAME 'krbPrincipalType' EQUA + LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.5.1 NAME 'krbUPEnabled' DESC 'Bo + olean' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.6.1 NAME 'krbPrincipalExpiration + ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE + -VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.8.1 NAME 'krbTicketFlags' EQUALI + TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.9.1 NAME 'krbMaxTicketLife' EQUA + LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.10.1 NAME 'krbMaxRenewableAge' E + QUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.14.1 NAME 'krbRealmReferences' E + QUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.15.1 NAME 'krbLdapServers' EQUAL + ITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.17.1 NAME 'krbKdcServers' EQUALI + TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.18.1 NAME 'krbPwdServers' EQUALI + TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.24.1 NAME 'krbHostServer' EQUALI + TY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.25.1 NAME 'krbSearchScope' EQUAL + ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.26.1 NAME 'krbPrincipalReference + s' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.28.1 NAME 'krbPrincNamingAttr' E + QUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.29.1 NAME 'krbAdmServers' EQUALI + TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.30.1 NAME 'krbMaxPwdLife' EQUALI + TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.31.1 NAME 'krbMinPwdLife' EQUALI + TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.32.1 NAME 'krbPwdMinDiffChars' E + QUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.33.1 NAME 'krbPwdMinLength' EQUA + LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.34.1 NAME 'krbPwdHistoryLength' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5322.21.2.1 NAME 'krbPwdMaxFailure' EQUALITY i + ntegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5322.21.2.2 NAME 'krbPwdFailureCountInterval' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5322.21.2.3 NAME 'krbPwdLockoutDuration' EQUAL + ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113554.1.4.1.6.2 NAME 'krbPwdAttributes' EQUALITY + integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113554.1.4.1.6.3 NAME 'krbPwdMaxLife' EQUALITY int + egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113554.1.4.1.6.4 NAME 'krbPwdMaxRenewableLife' EQU + ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113554.1.4.1.6.5 NAME 'krbPwdAllowedKeysalts' EQUA + LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.36.1 NAME 'krbPwdPolicyReference + ' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SING + LE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.37.1 NAME 'krbPasswordExpiration + ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE + -VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.39.1 NAME 'krbPrincipalKey' EQUA + LITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.40.1 NAME 'krbTicketPolicyRefere + nce' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 S + INGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.41.1 NAME 'krbSubTrees' EQUALITY + distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.42.1 NAME 'krbDefaultEncSaltType + s' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.43.1 NAME 'krbSupportedEncSaltTy + pes' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.44.1 NAME 'krbPwdHistory' EQUALI + TY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.45.1 NAME 'krbLastPwdChange' EQU + ALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALU + E ) +attributeTypes: ( 1.3.6.1.4.1.5322.21.2.5 NAME 'krbLastAdminUnlock' EQUALITY + generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.46.1 NAME 'krbMKey' EQUALITY oct + etStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.47.1 NAME 'krbPrincipalAliases' + EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.48.1 NAME 'krbLastSuccessfulAuth + ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE + -VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.49.1 NAME 'krbLastFailedAuth' EQ + UALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VAL + UE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.50.1 NAME 'krbLoginFailedCount' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.51.1 NAME 'krbExtraData' EQUALIT + Y octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.52.1 NAME 'krbObjectReferences' + EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.301.4.53.1 NAME 'krbPrincContainerRef' + EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113730.3.8.15.2.1 NAME 'krbPrincipalAuthInd' EQ + UALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.5322.21.2.4 NAME 'krbAllowedToDelegateTo' EQUA + LITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.1 NAME ( 'esgSid' 'esgStreamId' ) + DESC 'String uniquely identifying each stream' EQUALITY caseExactMatch SUBS + TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA + LUE ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.2 NAME ( 'esgSN' 'esgSessionName' + ) DESC 'Session name/title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.3 NAME ( 'esgInfo' 'esgInformation + ' ) DESC 'Short description' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs + tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.4 NAME 'esgInfoUri' DESC 'URI to m + ore Information' SUP labeledURI ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.4.1 NAME 'esgContact' DESC 'Other co + ntact Information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.4.2 NAME 'esgContactMail' DESC 'Emai + l-address to contact-person' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreI + A5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.4.3 NAME 'esgContactPhone' DESC 'Pho + ne number to contact-person' EQUALITY telephoneNumberMatch SUBSTR telephone + NumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.4.4 NAME 'esgContactDN' DESC 'LDAP D + N to contact-person' SUP distinguishedName ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.6 NAME ( 'esgCategory' 'esgCat' ) + DESC 'Meta-category: meeting, broadcast, test etc.' EQUALITY caseIgnoreMatc + h SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} + ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.7 NAME 'esgTool' DESC 'Tool that m + ade the announcement (SDP: a=tool:...)' EQUALITY caseIgnoreMatch SUBSTR cas + eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.8 NAME 'esgSource' DESC 'How the a + nnouncement entered the system' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS + ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.3.1 NAME 'esgFormat' DESC 'Media for + mat' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.3.10 NAME 'esgStreamUri' DESC 'Direc + t absolute url to stream' SUP labeledURI ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.3.11 NAME 'esgSdpUri' DESC 'Url to f + ile in sdp-format, if any' SUP labeledURI ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.1 NAME 'esgAlwaysOn' DESC 'Whether + the stream is permanent/on-demand or temporary/live' EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.2 NAME 'esgFirstShown' DESC 'When + the stream starts to be transmitted for the first time' EQUALITY generalize + dTimeMatch ORDERING generalizedTimeOrderingMatch SUBSTR caseIgnoreSubstring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.3 NAME 'esgFinalEnd' DESC 'When th + e stream will no longer be transmitted' EQUALITY generalizedTimeMatch ORDER + ING generalizedTimeOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.24 ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.4 NAME 'esgDuration' DESC 'Duratio + n of stream if temporary' EQUALITY numericStringMatch SUBSTR numericStringS + ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.5 NAME 'esgRepeatInterval' DESC 'F + rom SDP: r=repeatinterval duration offset [offset [offset ...]]' EQUALITY n + umericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.36 ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.6 NAME 'esgIntervalOffset' DESC 'F + rom SDP: r=repeatinterval duration offset [offset [offset ...]]' EQUALITY n + umericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.36 ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.8 NAME 'esgTotalDuration' DESC 'Le + ngth if on-demand stream, else: finalend - firsthown' EQUALITY numericStrin + gMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.36 ) +attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.255 NAME 'esgSdp' DESC 'File in sd + p-format, if any' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.1 NAME 'dhcpPrimaryDN' DESC 'The + DN of the dhcpServer which is the primary server for the configuration.' E + QUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE- + VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.2 NAME 'dhcpSecondaryDN' DESC 'T + he DN of dhcpServer(s) which provide backup service for the configuration.' + EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.3 NAME 'dhcpStatements' DESC 'Fl + exible storage for specific data depending on what object this exists in. L + ike conditional statements, server parameters, etc. This allows the standar + d to evolve without needing to adjust the schema.' EQUALITY caseIgnoreIA5Ma + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.4 NAME 'dhcpRange' DESC 'The sta + rting & ending IP Addresses in the range (inclusive), separated by a hyphen + ; if the range only contains one address, then just the address can be spec + ified with no hyphen. Each range is defined as a separate value.' EQUALITY + caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.5 NAME 'dhcpPermitList' DESC 'Th + is attribute contains the permit lists associated with a pool. Each permit + list is defined as a separate value.' EQUALITY caseIgnoreIA5Match SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.6 NAME 'dhcpNetMask' DESC 'The s + ubnet mask length for the subnet. The mask can be easily computed from thi + s length.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGL + E-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.7 NAME 'dhcpOption' DESC 'Encode + d option values to be sent to clients. Each value represents a single opti + on and contains (OptionTag, Length, OptionValue) encoded in the format used + by DHCP.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.8 NAME 'dhcpClassData' DESC 'Enc + oded text string or list of bytes expressed in hexadecimal, separated by co + lons. Clients match subclasses based on matching the class data with the r + esults of match or spawn with statements in the class name declarations.' E + QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALU + E ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.9 NAME 'dhcpOptionsDN' DESC 'The + distinguished name(s) of the dhcpOption objects containing the configurati + on options provided by the server.' EQUALITY distinguishedNameMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.10 NAME 'dhcpHostDN' DESC 'the d + istinguished name(s) of the dhcpHost objects.' EQUALITY distinguishedNameMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.11 NAME 'dhcpPoolDN' DESC 'The d + istinguished name(s) of pools.' EQUALITY distinguishedNameMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.12 NAME 'dhcpGroupDN' DESC 'The + distinguished name(s) of the groups.' EQUALITY distinguishedNameMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.13 NAME 'dhcpSubnetDN' DESC 'The + distinguished name(s) of the subnets.' EQUALITY distinguishedNameMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.14 NAME 'dhcpLeaseDN' DESC 'The + distinguished name of a client address.' EQUALITY distinguishedNameMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.15 NAME 'dhcpLeasesDN' DESC 'The + distinguished name(s) client addresses.' EQUALITY distinguishedNameMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.16 NAME 'dhcpClassesDN' DESC 'Th + e distinguished name(s) of a class(es) in a subclass.' EQUALITY distinguish + edNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.17 NAME 'dhcpSubclassesDN' DESC + 'The distinguished name(s) of subclass(es).' EQUALITY distinguishedNameMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.18 NAME 'dhcpSharedNetworkDN' DE + SC 'The distinguished name(s) of sharedNetworks.' EQUALITY distinguishedNam + eMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.19 NAME 'dhcpServiceDN' DESC 'Th + e DN of dhcpService object(s)which contain the configuration information. E + ach dhcpServer object has this attribute identifying the DHCP configuration + (s) that the server is associated with.' EQUALITY distinguishedNameMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.20 NAME 'dhcpVersion' DESC 'The + version attribute of this object.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.21 NAME 'dhcpImplementation' DES + C 'Description of the DHCP Server implementation e.g. DHCP Servers vendor.' + EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VA + LUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.22 NAME 'dhcpAddressState' DESC + 'This stores information about the current binding-status of an address. F + or dynamic addresses managed by DHCP, the values should be restricted to th + e following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET", "ABANDONED", + "BACKUP". For other addresses, it SHOULD be one of the following: "UNKNOW + N", "RESERVED" (an address that is managed by DHCP that is reserved for a s + pecific client), "RESERVED-ACTIVE" (same as reserved, but address is curren + tly in use), "ASSIGNED" (assigned manually or by some other mechanism), "UN + ASSIGNED", "NOTASSIGNABLE".' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.23 NAME 'dhcpExpirationTime' DES + C 'This is the time the current lease for an address expires.' EQUALITY gen + eralizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.24 NAME 'dhcpStartTimeOfState' D + ESC 'This is the time of the last state change for a leased address.' EQUAL + ITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE + ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.25 NAME 'dhcpLastTransactionTime + ' DESC 'This is the last time a valid DHCP packet was received from the cli + ent.' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SI + NGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.26 NAME 'dhcpBootpFlag' DESC 'Th + is indicates whether the address was assigned via BOOTP.' EQUALITY booleanM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.27 NAME 'dhcpDomainName' DESC 'T + his is the name of the domain sent to the client by the server. It is esse + ntially the same as the value for DHCP option 15 sent to the client, and re + presents only the domain - not the full FQDN. To obtain the full FQDN assi + gned to the client you must prepend the "dhcpAssignedHostName" to this valu + e with a ".".' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.28 NAME 'dhcpDnsStatus' DESC 'Th + is indicates the status of updating DNS resource records on behalf of the c + lient by the DHCP server for this address. The value is a 16-bit bitmask.' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.29 NAME 'dhcpRequestedHostName' + DESC 'This is the hostname that was requested by the client.' EQUALITY case + IgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.30 NAME 'dhcpAssignedHostName' D + ESC 'This is the actual hostname that was assigned to a client. It may not + be the name that was requested by the client. The fully qualified domain n + ame can be determined by appending the value of "dhcpDomainName" (with a do + t separator) to this name.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.31 NAME 'dhcpReservedForClient' + DESC 'The distinguished name of a "dhcpClient" that an address is reserved + for. This may not be the same as the "dhcpAssignedToClient" attribute if t + he address is being reassigned but the current lease has not yet expired.' + EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE + -VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.32 NAME 'dhcpAssignedToClient' D + ESC 'This is the distinguished name of a "dhcpClient" that an address is cu + rrently assigned to. This attribute is only present in the class when the + address is leased.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.33 NAME 'dhcpRelayAgentInfo' DES + C 'If the client request was received via a relay agent, this contains info + rmation about the relay agent that was available from the DHCP request. Th + is is a hex-encoded option value.' EQUALITY octetStringMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.34 NAME 'dhcpHWAddress' DESC 'Th + e clients hardware address that requested this IP address.' EQUALITY caseIg + noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.35 NAME 'dhcpHashBucketAssignmen + t' DESC 'HashBucketAssignment bit map for the DHCP Server, as defined in DH + C Load Balancing Algorithm [RFC 3074].' EQUALITY octetStringMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.36 NAME 'dhcpDelayedServiceParam + eter' DESC 'Delay in seconds corresponding to Delayed Service Parameter con + figuration, as defined in DHC Load Balancing Algorithm [RFC 3074]. ' EQUAL + ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.37 NAME 'dhcpMaxClientLeadTime' + DESC 'Maximum Client Lead Time configuration in seconds, as defined in DHCP + Failover Protocol [FAILOVR]' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.38 NAME 'dhcpFailOverEndpointSta + te' DESC 'Server (Failover Endpoint) state, as defined in DHCP Failover Pro + tocol [FAILOVR]' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.39 NAME 'dhcpErrorLog' DESC 'Gen + eric error log attribute that allows logging error conditions within a dhcp + Service or a dhcpSubnet, like no IP addresses available for lease.' EQUALIT + Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.40 NAME 'dhcpLocatorDN' DESC 'Th + e DN of dhcpLocator object which contain the DNs of all DHCP configuration + objects. There will be a single dhcpLocator object in the tree with links t + o all the DHCP objects in the tree' EQUALITY distinguishedNameMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.41 NAME 'dhcpKeyAlgorithm' DESC + 'Algorithm to generate TSIG Key' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.42 NAME 'dhcpKeySecret' DESC 'Se + cret to generate TSIG Key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.43 NAME 'dhcpDnsZoneServer' DESC + 'Master server of the DNS Zone' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.44 NAME 'dhcpKeyDN' DESC 'The DN + s of TSIG Key to use in secure dynamic updates. In case of locator object, + this will be list of TSIG keys. In case of DHCP Service, Shared Network, S + ubnet and DNS Zone, it will be a single key.' EQUALITY distinguishedNameMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.45 NAME 'dhcpZoneDN' DESC 'The D + Ns of DNS Zone. In case of locator object, this will be list of DNS Zones i + n the tree. In case of DHCP Service, Shared Network and Subnet, it will be + a single DNS Zone.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.46 NAME 'dhcpFailOverPrimaryServ + er' DESC 'IP address or DNS name of the server playing primary role in DHC + Load Balancing and Fail over.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.47 NAME 'dhcpFailOverSecondarySe + rver' DESC 'IP address or DNS name of the server playing secondary role in + DHC Load Balancing and Fail over.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.48 NAME 'dhcpFailOverPrimaryPort + ' DESC 'Port on which primary server listens for connections from its fail + over peer (secondary server)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.49 NAME 'dhcpFailOverSecondaryPo + rt' DESC 'Port on which secondary server listens for connections from its f + ail over peer (primary server)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.27 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.50 NAME 'dhcpFailOverResponseDel + ay' DESC 'Maximum response time in seconds, before Server assumes that conn + ection to fail over peer has failed' EQUALITY integerMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.27 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.51 NAME 'dhcpFailOverUnackedUpda + tes' DESC 'Number of BNDUPD messages that server can send before it receive + s BNDACK from its fail over peer' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.27 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.52 NAME 'dhcpFailOverSplit' DESC + 'Split between the primary and secondary servers for fail over purpose' EQ + UALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.53 NAME 'dhcpFailOverLoadBalance + Time' DESC 'Cutoff time in seconds, after which load balance is disabled' E + QUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.54 NAME 'dhcpFailOverPeerDN' DES + C 'The DNs of Fail over peers. In case of locator object, this will be list + of fail over peers in the tree. In case of Subnet and pool, it will be a s + ingle Fail Over Peer' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.55 NAME 'dhcpServerDN' DESC 'Lis + t of all DHCP Servers in the tree. Used by dhcpLocatorObject' EQUALITY dis + tinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.56 NAME 'dhcpComments' DESC 'Gen + eric attribute that allows coments within any DHCP object' EQUALITY caseIg + noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.10 NAME 'dlzZoneName' DESC 'DNS zone + name - domain name not including host name' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.20 NAME 'dlzHostName' DESC 'Host por + tion of a domain name' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.30 NAME 'dlzData' DESC 'Data for the + resource record' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.40 NAME 'dlzType' DESC 'DNS record t + ype - A, SOA, NS, MX, etc...' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.50 NAME 'dlzSerial' DESC 'SOA record + serial number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.60 NAME 'dlzRefresh' DESC 'SOA recor + d refresh time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.70 NAME 'dlzRetry' DESC 'SOA retry t + ime in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.80 NAME 'dlzExpire' DESC 'SOA expire + time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.90 NAME 'dlzMinimum' DESC 'SOA minim + um time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.100 NAME 'dlzAdminEmail' DESC 'E-mai + l address of person responsible for this zone - @ should be replaced with . + (period)' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.110 NAME 'dlzPrimaryNS' DESC 'Primar + y name server for this zone - should be host name not IP address' SUP name + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.120 NAME 'dlzIPAddr' DESC 'IP addres + s - IPV4 should be in dot notation xxx.xxx.xxx.xxx IPV6 should be in colon + notation xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx' EQUALITY caseExactIA5Matc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{40} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.130 NAME 'dlzCName' DESC 'DNS cname' + SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.140 NAME 'dlzPreference' DESC 'DNS M + X record preference. Lower numbers have higher preference' EQUALITY intege + rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.150 NAME 'dlzTTL' DESC 'DNS time to + live - how long this record can be cached by caching DNS servers' EQUALITY + integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.160 NAME 'dlzRecordID' DESC 'Unique + ID for each DLZ resource record' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'automount M + ap Name' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.32 NAME 'automountKey' DESC 'Automount Key v + alue' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC 'Automou + nt information' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.37 NAME 'x509CRLThisUpdate' DESC ' + Date at which this revocation list was issued - see RFC3280 5.1.2.4' EQUALI + TY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.38 NAME 'x509CRLNextUpdate' DESC ' + Date by which the next revocation list in this series will be issued, see + - RFC3280 5.1.2.5' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOr + deringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.102 NAME 'x509CRLNumber' DESC 'seq + uence number of issued CRL - see RFC3280 5.2.3' EQUALITY integerMatch ORDER + ING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE + ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.48 NAME 'x509CRLDPRfc822Name' DESC + 'Internet electronic mail address of the issuing distribution point, se + e RFC3280 5.2.5' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.49 NAME 'x509CRLDPDnsName' DESC 'I + nternet domain name of the issuing distribution point, see RFC3280 5.2.5' + EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.50 NAME 'x509CRLDPDN' DESC 'Distin + guished name of the issuing distribution point, see RFC3280 5.2.5' EQUALIT + Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.51 NAME 'x509CRLDPURI' DESC 'Unifo + rm Resource Identifier of the issuing distribution point, see RFC3280 5.2 + .5' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.52 NAME 'x509CRLDPIpAddress' DESC + 'Internet Protocol address, of the issuing distribution point, see RFC3280 + 5.2.5' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.53 NAME 'x509CRLDPRegisteredID' DE + SC 'Any registered OID of the certificate issuer, see RFC3280 5.2.5' EQUAL + ITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.54 NAME 'x509CRLDPOnlyUserCerts' D + ESC 'If true, the CRL only contains revocations for end-entity certs, see + RFC3280 5.2.5' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.55 NAME 'x509CRLDPOnlyCACerts' DES + C 'If true, the CRL only contains revocations for CA certs, see RFC3280 5. + 2.5' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.56 NAME 'x509CRLDPOnlySomeReasons' + DESC 'If true, the CRL only contains some revocation reason codes, see RF + C3280 5.2.5' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.57 NAME 'x509CRLDPOnlyAttCerts' DE + SC 'If true, the CRL only contains revocations for attribute certs, see RF + C3280 5.2.5' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.58 NAME 'x509CRLDPindirect' DESC ' + If true, the CRL is an indirect CRL, see RFC3280 5.2.5' EQUALITY booleanMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.59 NAME 'x509CRLDeltaIndicator' DE + SC 'Indicates this is a delta CRL, and the value points to the sequence nu + mber of the issued base CRL to which this is a delta - see RFC3280 5.2.4' + EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.27 SINGLE-VALUE ) +attributeTypes:: KCAxLjIuODI2LjAuMS4zMzQ0ODEwLjEuMS4zOSBOQU1FICd4NTA5Q1JMQ2V + ydFJldm9jYXRpb25EYXRlJyBERVNDICdEYXRlL3RpbWUgdGhlIENBIGFjdHVhbGx5IHJldm9rZW + QgdGhlIGNlcnRpZmljYXRlLCBzZWUg4oCTICAJUkZDMzI4MCA1LjEuMi42JyBFUVVBTElUWSBnZ + W5lcmFsaXplZFRpbWVNYXRjaCBPUkRFUklORyBnZW5lcmFsaXplZFRpbWVPcmRlcmluZ01hdGNo + IFNZTlRBWCAxLjMuNi4xLjQuMS4xNDY2LjExNS4xMjEuMS4yNCBTSU5HTEUtVkFMVUUgKQ== +attributeTypes: ( 1.2.826.0.1.3344810.1.1.40 NAME 'x509CRLCertInvalidityDate + ' DESC 'date at which it is known or suspected that the private key was co + mpromised, see RFC3280 5.3.3' EQUALITY generalizedTimeMatch ORDERING genera + lizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.41 NAME 'x509CRLCertIssuerRfc822Na + me' DESC 'Internet electronic mail address of the certificate issuer, see + RFC3280 5.3.4' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.42 NAME 'x509CRLCertIssuerDnsName' + DESC 'Internet domain name of the certificate issuer, see RFC3280 5.3.4' + EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.43 NAME 'x509CRLCertIssuerDN' DESC + 'Distinguished name of the certificate issuer, see RFC3280 5.3.4' EQUALIT + Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.44 NAME 'x509CRLCertIssuerURI' DES + C 'Uniform Resource Identifier of the certificate issuer, see RFC3280 5.3. + 4' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.45 NAME 'x509CRLCertIssuerIpAddres + s' DESC 'Internet Protocol address, of the certificate issuer, see RFC3280 + 5.3.4' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.46 NAME 'x509CRLCertIssuerRegister + edID' DESC 'Any registered OID of the certificate issuer, see RFC3280 5.3. + 4' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.47 NAME 'x509CRLCertReasonCode' DE + SC 'An integer code indicating the reason for the revocation, see RFC3280 + 5.3.1' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.27 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.103 NAME 'x509CRLCertHoldInstructi + onCode' DESC 'Any registered OID indicating a hold instruction, see RFC328 + 0 5.3.2' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 + 8 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.1 NAME 'x509version' DESC 'X.509 V + ersion of the certificate, or of the CRL' EQUALITY integerMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.2 NAME 'x509serialNumber' DESC 'Un + ique integer for each certificate issued by a particular CA' EQUALITY inte + gerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.3 NAME 'x509signatureAlgorithm' DE + SC 'OID of the algorithm used by the CA in signing the CRL or the certific + ate' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SI + NGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.4 NAME 'x509issuer' DESC 'Distingu + ished name of the entity who has signed and issued the certificate' EQUALI + TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.5 NAME 'x509validityNotBefore' DES + C 'Date on which the certificate validity period begins' EQUALITY generaliz + edTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.24 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.6 NAME 'x509validityNotAfter' DESC + 'Date on which the certificate validity period ends' EQUALITY generalizedT + imeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.24 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.7 NAME 'x509subject' DESC 'Disting + uished name of the entity associated with this public-key' EQUALITY distin + guishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.8 NAME 'x509subjectPublicKeyInfoAl + gorithm' DESC 'OID identifying the algorithm associated with the certified + public key' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.38 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.11 NAME 'x509authorityKeyIdentifie + r' DESC 'Key Identifier field of the Authority Key Identifier extension' E + QUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.12 NAME 'x509authorityCertIssuer' + DESC 'Authority Cert Issuer field of the Authority Key Identifier extensio + n' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SIN + GLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.13 NAME 'x509authorityCertSerialNu + mber' DESC 'Authority Cert Serial Number field of the Authority Key Identi + fier extension' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.14 NAME 'x509subjectKeyIdentifier' + DESC 'Key identifier which must be unique with respect to all key identif + iers for the subject' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.40 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.15 NAME 'x509keyUsage' DESC 'Purpo + se for which the certified public key is used' EQUALITY caseIgnoreMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.16 NAME 'x509policyInformationIden + tifier' DESC 'OID which indicates the policy under which the certificate h + as been issued and the purposes for which the certificate may be used' EQU + ALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VAL + UE ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.17 NAME 'x509subjectRfc822Name' DE + SC 'Internet electronic mail address of the entity associated with this pu + blic-key' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.18 NAME 'x509subjectDnsName' DESC + 'Internet domain name of the entity associated with this public-key' EQUAL + ITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.19 NAME 'x509subjectDirectoryName' + DESC 'Distinguished name of the entity associated with this public-key' E + QUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.20 NAME 'x509subjectUniformResourc + eIdentifier' DESC 'Uniform Resource Identifier for the World-Wide Web of t + he entity associated with this public-key' EQUALITY caseExactIA5Match SUBST + R caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.21 NAME 'x509subjectIpAddress' DES + C 'Internet Protocol address of the entity associated with this public-key + ' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.22 NAME 'x509subjectRegisteredID' + DESC 'OID of any registered object identifying the entity associated with + this public-key' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.38 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.23 NAME 'x509issuerRfc822Name' DES + C 'Internet electronic mail address of the entity who has signed and issue + d the certificate' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrin + gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.24 NAME 'x509issuerDnsName' DESC ' + Internet domain name of the entity who has signed and issued the certifica + te' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.25 NAME 'x509issuerDirectoryName' + DESC 'Distinguished name of the entity who has signed and issued the certi + ficate' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 2 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.26 NAME 'x509issuerUniformResource + Identifier' DESC 'Uniform Resource Identifier for the World-Wide Web of th + e entity who has signed and issued the certificate' EQUALITY caseExactIA5Ma + tch SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.27 NAME 'x509issuerIpAddress' DESC + 'Internet Protocol address of the entity who has signed and issued the ce + rtificate' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.28 NAME 'x509issuerRegisteredID' D + ESC 'OID of any registered object identifying the entity who has signed an + d issued the certificate' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.38 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.29 NAME 'x509basicConstraintsCa' D + ESC 'Identifies whether the subject of the certificate is a CA' EQUALITY b + ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.30 NAME 'x509extKeyUsage' DESC 'Pu + rposes for which the certified public key may be used, identified by an OI + D' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.32 NAME 'x509fullCRLDistributionPo + intURI' DESC 'URI type of DistributionPointName for the full CRL' EQUALITY + caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.4.74 NAME 'x509certLocation' DESC 'P + ointer to a x509certificate Entry' EQUALITY distinguishedNameMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.4.75 NAME 'x509certHolder' DESC 'Poi + nter to the directory entry of the end entity to which this certificate wa + s issued' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .12 ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.4.76 NAME 'x509userCert' DESC 'Compl + ete x.509 user certificate' SUP userCertificate SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.1.5.4.77 NAME 'x509caCert' DESC 'Complet + e x.509 CA certificate' SUP caCertificate SINGLE-VALUE ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.60 NAME 'x509issuerSerial' DESC 'U + sed to hold the RDN of a certificate entry, formed by concatenating the AC + serial number and issuer fields ' EQUALITY distinguishedNameMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.61 NAME 'x509ACHolderPKCSerialNumb + er' DESC 'The serial number of the PKC of the AC holder - see RFC3281 4.2. + 2' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.62 NAME 'x509ACHolderPKCissuerDN' + DESC 'Distinguished name of the issuer of the PKC belonging to the AC hold + er - see RFC3281 4.2.2' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.12 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.63 NAME 'x509ACHolderRfc822Name' D + ESC 'Internet electronic mail address of the AC holder - see RFC3281 4.2. + 2' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.64 NAME 'x509ACHolderDNSName' DESC + 'Internet domain name of the AC Holder, see RFC3281 4.2.2' EQUALITY caseI + gnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.65 NAME 'x509ACHolderDN' DESC 'Dis + tinguished name of the AC Holder, see RFC3281 4.2.2' EQUALITY distinguishe + dNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.66 NAME 'x509ACHolderURI' DESC 'Un + iform Resource Identifier of the AC Holder - see RFC3281 4.2.2' EQUALITY + caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.67 NAME 'x509ACHolderIPAddress' DE + SC 'Internet Protocol address of the AC Holder, see RFC3281 4.2.2' EQUALIT + Y caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.68 NAME 'x509ACHolderRegisteredID' + DESC 'Any registered OID of the AC holder, see RFC3281 4.2.2' EQUALITY ob + jectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +attributeTypes:: KCAxLjIuODI2LjAuMS4zMzQ0ODEwLjEuMS42OSBOQU1FICd4NTA5QUNPYmp + lY3REaWdlc3QnIERFU0MgJ0hvbGRzIHRoZSBoYXNoIHZhbHVlIG9mIHRoZSBvYmplY3QgaWRlbn + RpZmllZCBieSAJeDUwOUFDRGlnZXN0ZWRPYmplY3RUeXBlIOKAkyBzZWUgUkZDIDMyODEsIHNlY + 3Rpb24gNy4zJyBFUVVBTElUWSBiaXRTdHJpbmdNYXRjaCBTWU5UQVggMS4zLjYuMS40LjEuMTQ2 + Ni4xMTUuMTIxLjEuNiBTSU5HTEUtVkFMVUUgKQ== +attributeTypes: ( 1.2.826.0.1.3344810.1.1.70 NAME 'x509ACDigestAlgorithm' DE + SC 'OID of the hashing algorithm used to create the Object digest, see RFC + 3281, section 7.3' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.38 SINGLE-VALUE ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.71 NAME 'x509ACDigestedObjectType' + DESC 'Type of object being digested - see RFC3281, section 7.3' EQUALITY i + ntegerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .27 SINGLE-VALUE ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.72 NAME 'x509ACAuditID' DESC 'Iden + tity of holder used in audit trails - see RFC3281 4.3.1' EQUALITY octetStri + ngMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.73 NAME 'x509ACTargetRfc822Name' D + ESC 'Internet electronic mail address of the ACs Target - see RFC3281 4.3 + .2' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.74 NAME 'x509ACTargetDNSName' DESC + 'Internet domain name of the ACs Target, see RFC3281 4.3.2' EQUALITY case + IgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.75 NAME 'x509ACTargetDN' DESC 'Dis + tinguished name of the ACs Target, see RFC3281 4.3.2' EQUALITY distinguishe + dNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.76 NAME 'x509ACTargetURI' DESC 'Un + iform Resource Identifier of the ACs Target - see RFC3281 4.3.2' EQUALITY + caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.77 NAME 'x509ACTargetIPAddress' DE + SC 'Internet Protocol address of the ACs Target, see RFC3281 4.3.2' EQUALI + TY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.78 NAME 'x509ACTargetRegisteredID' + DESC 'Any registered OID of the ACs Target, see RFC3281 4.3.2' EQUALITY o + bjectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.79 NAME 'x509ACTargetGroupRfc822Na + me' DESC 'Internet electronic mail address of the ACs Target group - see + RFC3281 4.3.2' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.80 NAME 'x509ACTargetGroupDNSName' + DESC 'Internet domain name of the ACs Target group, see RFC3281 4.3.2' EQ + UALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.26 ) +attributeTypes:: KCAxLjIuODI2LjAuMS4zMzQ0ODEwLjEuMS44MSBOQU1FICd4NTA5QUNUYXJ + nZXRHcm91cEROJyBERVNDICdEaXN0aW5ndWlzaGVkIG5hbWUgb2YgdGhlIEFD4oCZcyBUYXJnZX + QgZ3JvdXAsIHNlZSAJUkZDMzI4MSA0LjMuMicgRVFVQUxJVFkgZGlzdGluZ3Vpc2hlZE5hbWVNY + XRjaCBTWU5UQVggMS4zLjYuMS40LjEuMTQ2Ni4xMTUuMTIxLjEuMTIgKQ== +attributeTypes:: KCAxLjIuODI2LjAuMS4zMzQ0ODEwLjEuMS44MiBOQU1FICd4NTA5QUNUYXJ + nZXRHcm91cFVSSScgREVTQyAnVW5pZm9ybSBSZXNvdXJjZSBJZGVudGlmaWVyIG9mIHRoZSBBQ+ + KAmXMgVGFyZ2V0IGdyb3VwICAJLSBzZWUgUkZDMzI4MSA0LjMuMicgRVFVQUxJVFkgY2FzZUV4Y + WN0SUE1TWF0Y2ggU1VCU1RSIGNhc2VFeGFjdElBNVN1YnN0cmluZ3NNYXRjaCBTWU5UQVggMS4z + LjYuMS40LjEuMTQ2Ni4xMTUuMTIxLjEuMjYgKQ== +attributeTypes: ( 1.2.826.0.1.3344810.1.1.83 NAME 'x509ACTargetGroupIPAddres + s' DESC 'Internet Protocol address of the ACs Target group, see RFC3281 4. + 3.2' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.84 NAME 'x509ACTargetGroupRegister + edID' DESC 'Any registered OID of the ACs Target group, see RFC3281 4.3.2' + EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.85 NAME 'x509ACNoRevocation' DESC + 'If true, the AC will never be revoked, see RFC3281 section 4.3.6' EQUALIT + Y booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.86 NAME 'x509DPRfc822Name' DESC 'I + nternet electronic mail address of the distribution point, see RFC3280 + section 4.2.1.14' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.87 NAME 'x509DPDNSName' DESC 'Inte + rnet domain name of the distribution point, see RFC3280 section 4.2.1.14' + EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.88 NAME 'x509DPDN' DESC 'Distingui + shed name of the distribution point, see RFC3280 section 4.2.1.14' EQUALIT + Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.89 NAME 'x509DPURI' DESC 'Uniform + Resource Identifier of the distribution point, see RFC3280 section 4.2.1. + 14' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.90 NAME 'x509DPIPAddress' DESC 'In + ternet Protocol address of the distribution point, see RFC3280 section 4.2 + .1.14' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.91 NAME 'x509DPRegisteredID' DESC + 'Any registered OID of the distribution point, see RFC3280 section 4.2.1.1 + 4' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.92 NAME 'x509DPrelativeToIssuer' D + ESC 'RDN of the distribution point, relative to the issuer, see RFC3280 s + ection 4.2.1.14' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.12 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.93 NAME 'x509DPissuerRfc822Name' D + ESC 'Internet electronic mail address of the distribution point CRL iss + uer, see RFC3280 section 4.2.1.14' EQUALITY caseIgnoreIA5Match SUBSTR caseI + gnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.94 NAME 'x509DPissuerDNSName' DESC + 'Internet domain name of the distribution point CRL issuer, see RFC3280 s + ection 4.2.1.14' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.95 NAME 'x509DPissuerDN' DESC 'Dis + tinguished name of the distribution point CRL issuer, see RFC3280 section + 4.2.1.14' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.12 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.96 NAME 'x509DPissuerURI' DESC 'Un + iform Resource Identifier of the distribution point CRL issuer, see RFC32 + 80 section 4.2.1.14' EQUALITY caseExactIA5Match SUBSTR caseExactIA5Substrin + gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.97 NAME 'x509DPissuerIPAddress' DE + SC 'Internet Protocol address of the distribution point CRL issuer, see RF + C3280 section 4.2.1.14' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Sub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.98 NAME 'x509DPissuerRegisteredID' + DESC 'Any registered OID of the distribution point CRL issuer, see RFC32 + 80 section 4.2.1.14' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.38 ) +attributeTypes: ( 1.2.826.0.1.3344810.1.1.99 NAME 'x509DPReasonCodes' DESC ' + The reason codes used by a DP, see RFC3280 section 4.2.1.14' EQUALITY bitS + tringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) +attributeTypes: ( 1.3.6.1.1.11.1.2.1 NAME 'vPIMTelephoneNumber' DESC 'draft- + ietf-vpim-vpimdir: The full E.164 form of the telephone number, including a + ny sub-addressing portion' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.44{20} ) +attributeTypes: ( 1.3.6.1.1.11.1.2.2 NAME 'vPIMRfc822Mailbox' DESC 'draft-ie + tf-vpim-vpimdir: stores the inter-domain SMTP address of the voice mailbox + associated with a given telephone number' EQUALITY caseIgnoreIA5Match SYNTA + X 1.3.6.1.4.1.1466.115.121.1.26{256} ) +attributeTypes: ( 1.3.6.1.1.11.1.2.3 NAME 'vPIMSpokenName' DESC 'draft-ietf- + vpim-vpimdir: the spoken name of the user in the voice of the user' EQUALIT + Y octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{20000} SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.1.11.1.2.4 NAME 'vPIMTextName' DESC 'draft-ietf-vp + im-vpimdir: consistent with the unstructured text name databases used for c + alling name delivery service of caller ID' EQUALITY caseIgnoreMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15{20} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.11.1.2.5 NAME 'vPIMSupportedAudioMediaTypes' DES + C 'draft-ietf-vpim-vpimdir: MIME audio subtype(s) of encodings that can be + received at the address specified in vPIMRfc822Mailbox' EQUALITY caseIgnore + IA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.1.11.1.2.6 NAME 'vPIMSupportedMessageContext' DESC + 'draft-ietf-vpim-vpimdir: provides guidance to the sender about the messag + e contexts the recipient is likely to accept' EQUALITY caseIgnoreIA5Match S + YNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.1.11.1.2.7 NAME 'vPIMExtendedAbsenceStatus' DESC ' + draft-ietf-vpim-vpimdir: indicates to the subscriber whether the recipient + is accepting messages during his absence' EQUALITY caseIgnoreIA5Match SYNTA + X 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.11.1.2.8 NAME 'vPIMSupportedUABehaviors' DESC 'd + raft-ietf-vpim-vpimdir: list of the attributes considered optional by VPIM + and other vendor-specific attributes maybe supported by the recipient' EQUA + LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.1.11.1.2.9 NAME 'vPIMMaxMessageSize' DESC 'draft-i + etf-vpim-vpimdir: maximum message length in seconds the receiving mailbox a + ccepts' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-V + ALUE ) +attributeTypes: ( 1.3.6.1.1.11.1.2.10 NAME 'vPIMSubMailboxes' DESC 'draft-ie + tf-vpim-vpimdir: indicates the presence of sub-mailboxes' EQUALITY numericS + tringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{4} ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.1 NAME 'AstContext' DESC 'Asterisk C + ontext' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.2 NAME 'AstExtension' DESC 'Asterisk + Extension' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.3 NAME 'AstPriority' DESC 'Asterisk + Priority' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.4 NAME 'AstApplication' DESC 'Asteri + sk Application' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.5 NAME 'AstApplicationData' DESC 'As + terisk Application Data' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin + gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.6 NAME 'AstAccountAMAFlags' DESC 'As + terisk Account AMA Flags' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri + ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.7 NAME 'AstAccountCallerID' DESC 'As + terisk Account CallerID' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin + gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.8 NAME 'AstAccountContext' DESC 'Ast + erisk Account Context' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.9 NAME 'AstAccountMailbox' DESC 'Ast + erisk Account Mailbox' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.10 NAME 'AstMD5secret' DESC 'Asteris + k Account MD5 Secret' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.11 NAME 'AstAccountDeny' DESC 'Aster + isk Account Deny' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.12 NAME 'AstAccountPermit' DESC 'Ast + erisk Account Permit' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.13 NAME 'AstAccountQualify' DESC 'As + terisk Account Qualify' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.14 NAME 'AstAccountType' DESC 'Aster + isk Account Type' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.15 NAME 'AstAccountDisallowedCodec' + DESC 'Asterisk Account Disallowed Codec' EQUALITY caseIgnoreMatch SUBSTR ca + seIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.16 NAME 'AstAccountExpirationTimesta + mp' DESC 'Asterisk Account Expiration Timestamp' EQUALITY caseIgnoreMatch S + UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.17 NAME 'AstAccountRegistrationConte + xt' DESC 'Asterisk Account Registration Context' EQUALITY caseIgnoreMatch S + UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.18 NAME 'AstAccountRegistrationExten + ' DESC 'Asterisk Account Registration Extension' EQUALITY caseIgnoreMatch S + UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.19 NAME 'AstAccountNoTransfer' DESC + 'Asterisk Account No Transfer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu + bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.20 NAME 'AstAccountCallGroup' DESC ' + Asterisk Account Call Group' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs + tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.21 NAME 'AstAccountCanReinvite' DESC + 'Asterisk Account Can Reinvite' EQUALITY caseIgnoreMatch SUBSTR caseIgnore + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.22 NAME 'AstAccountDTMFMode' DESC 'A + sterisk Account DTMF Flags' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.23 NAME 'AstAccountFromUser' DESC 'A + sterisk Account From User' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.24 NAME 'AstAccountFromDomain' DESC + 'Asterisk Account From Domain' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu + bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.25 NAME 'AstAccountFullContact' DESC + 'Asterisk Account Full Contact' EQUALITY caseIgnoreMatch SUBSTR caseIgnore + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.26 NAME 'AstAccountHost' DESC 'Aster + isk Account Host' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.27 NAME 'AstAccountInsecure' DESC 'A + sterisk Account Insecure' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri + ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.28 NAME 'AstAccountNAT' DESC 'Asteri + sk Account NAT' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.29 NAME 'AstAccountPickupGroup' DESC + 'Asterisk Account PickupGroup' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS + ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.30 NAME 'AstAccountPort' DESC 'Aster + isk Account Port' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.31 NAME 'AstAccountRestrictCID' DESC + 'Asterisk Account Restrict CallerID' EQUALITY caseIgnoreMatch SUBSTR caseI + gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.32 NAME 'AstAccountRTPTimeout' DESC + 'Asterisk Account RTP Timeout' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu + bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.33 NAME 'AstAccountRTPHoldTimeout' D + ESC 'Asterisk Account RTP Hold Timeout' EQUALITY caseIgnoreMatch SUBSTR cas + eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.34 NAME 'AstAccountRealmedPassword' + DESC 'Asterisk Account Realmed Password' EQUALITY caseIgnoreMatch SUBSTR ca + seIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.35 NAME 'AstAccountAllowedCodec' DES + C 'Asterisk Account Allowed Codec' EQUALITY caseIgnoreMatch SUBSTR caseIgno + reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.36 NAME 'AstAccountMusicOnHold' DESC + 'Asterisk Account Music On Hold' EQUALITY caseIgnoreMatch SUBSTR caseIgnor + eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.37 NAME 'AstAccountCanCallForward' D + ESC 'Asterisk Account Can Call Forward' EQUALITY caseIgnoreMatch SUBSTR cas + eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.38 NAME 'AstAccountSecret' DESC 'Ast + erisk Account Secret' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.39 NAME 'AstAccountName' DESC 'Aster + isk Account Username' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.40 NAME 'AstConfigFilename' DESC 'As + terisk LDAP Configuration Filename' EQUALITY caseIgnoreMatch SUBSTR caseIgn + oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.41 NAME 'AstConfigCategory' DESC 'As + terisk LDAP Configuration Category' EQUALITY caseIgnoreMatch SUBSTR caseIgn + oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.42 NAME 'AstConfigCategoryMetric' DE + SC 'Asterisk LDAP Configuration Category Metric' EQUALITY caseIgnoreMatch S + UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.43 NAME 'AstConfigVariableName' DESC + 'Asterisk LDAP Configuration Variable Name' EQUALITY caseIgnoreMatch SUBST + R caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.44 NAME 'AstConfigVariableValue' DES + C 'Asterisk LDAP Configuration Variable Value' EQUALITY caseIgnoreMatch SUB + STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.45 NAME 'AstConfigCommented' DESC 'A + sterisk LDAP Configuration Commented' EQUALITY caseIgnoreMatch SUBSTR caseI + gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.46 NAME 'AstAccountIPAddress' DESC ' + Asterisk Account IP Address' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs + tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.47 NAME 'AstAccountDefaultUser' DESC + 'Asterisk Account Default User' EQUALITY caseIgnoreMatch SUBSTR caseIgnore + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.48 NAME 'AstAccountRegistrationServe + r' DESC 'Asterisk Account Registration Server' EQUALITY caseIgnoreMatch SUB + STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.49 NAME 'AstAccountLastQualifyMillis + econds' DESC 'Asterisk Account Last Qualify Milliseconds' EQUALITY caseIgno + reMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.50 NAME 'AstAccountCallLimit' DESC ' + Asterisk Account Call Limit' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs + tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.51 NAME 'AstVoicemailMailbox' DESC ' + Asterisk voicemail mailbox' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.52 NAME 'AstVoicemailPassword' DESC + 'Asterisk voicemail password' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.53 NAME 'AstVoicemailFullname' DESC + 'Asterisk voicemail fullname' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.54 NAME 'AstVoicemailEmail' DESC 'As + terisk voicemail email' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.55 NAME 'AstVoicemailPager' DESC 'As + terisk voicemail pager' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.56 NAME 'AstVoicemailOptions' DESC ' + Asterisk voicemail options' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.57 NAME 'AstVoicemailTimestamp' DESC + 'Asterisk voicemail timestamp' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS + ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.58 NAME 'AstVoicemailContext' DESC ' + Asterisk voicemail context' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.59 NAME 'AstAccountSubscribeContext' + DESC 'Asterisk subscribe context' EQUALITY caseIgnoreMatch SUBSTR caseIgno + reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.61 NAME 'AstAccountUserAgent' DESC ' + Asterisk account user context' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu + bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.62 NAME 'AstAccountLanguage' DESC 'A + sterisk account user language' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu + bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.63 NAME 'AstAccountTransport' DESC ' + Asterisk account transport type' EQUALITY caseIgnoreMatch SUBSTR caseIgnore + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.64 NAME 'AstAccountPromiscRedir' DES + C 'Asterisk account promiscous redirects' EQUALITY caseIgnoreMatch SUBSTR c + aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.65 NAME 'AstAccountAccountCode' DESC + 'Asterisk account billing code' EQUALITY caseIgnoreMatch SUBSTR caseIgnore + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.66 NAME 'AstAccountSetVar' DESC 'Ast + erisk account setvar' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.67 NAME 'AstAccountAllowOverlap' DES + C 'Asterisk account allow overlap dialing' EQUALITY caseIgnoreMatch SUBSTR + caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.68 NAME 'AstAccountVideoSupport' DES + C 'Asterisk account video support' EQUALITY caseIgnoreMatch SUBSTR caseIgno + reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.69 NAME 'AstAccountIgnoreSDPVersion' + DESC 'Asterisk account ignore SDP version' EQUALITY caseIgnoreMatch SUBSTR + caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.22736.5.4.70 NAME 'AstAccountPathSupport' DESC + 'Asterisk account support Path RFC 3327' EQUALITY caseIgnoreMatch SUBSTR c + aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.8 NAME 'pgpBaseKeySpaceDN' DESC 'Poin + ts to DN of the object that will store the PGP keys.' SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.9 NAME 'pgpSoftware' DESC 'pgpSoftwar + e attribute for PGP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-OR + IGIN 'Pretty Good Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.10 NAME 'pgpVersion' DESC 'pgpVersion + attribute for PGP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORI + GIN 'Pretty Good Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.11 NAME 'pgpKey' DESC 'pgpKey attribu + te for PGP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Pre + tty Good Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.12 NAME 'pgpCertID' DESC 'pgpCertID a + ttribute for PGP' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Pr + ivacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.13 NAME 'pgpDisabled' DESC 'pgpDisabl + ed attribute for PGP' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.14 NAME 'pgpKeyID' DESC 'pgpKeyID att + ribute for PGP' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Priv + acy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.15 NAME 'pgpKeyType' DESC 'pgpKeyType + attribute for PGP' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good + Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.16 NAME 'pgpUserID' DESC 'User ID(s) + associated with the PGP key.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Pretty Good Pri + vacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.17 NAME 'pgpKeyCreateTime' DESC 'pgpK + eyCreateTime attribute for PGP' EQUALITY caseIgnoreMatch ORDERING caseIgnor + eOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.18 NAME 'pgpSignerID' DESC 'pgpSigner + ID attribute for PGP' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Pretty Good Privacy (PG + P)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.19 NAME 'pgpRevoked' DESC 'pgpRevoked + attribute for PGP' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.20 NAME 'pgpSubKeyID' DESC 'Sub-key I + D(s) of the PGP key.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Pretty Good Privacy (PG + P)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.21 NAME 'pgpKeySize' DESC 'pgpKeySize + attribute for PGP' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMat + ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- + ORIGIN 'Pretty Good Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.22 NAME 'pgpKeyExpireTime' DESC 'pgpK + eyExpireTime attribute for PGP' EQUALITY caseIgnoreMatch ORDERING caseIgnor + eOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.6 NAME 'pgpReconData' DESC 'PGP defin + ed attributed containing reconstruction data' SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.40 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.7 NAME 'pgpReconCertID' DESC 'PGP def + ined attribute containing the certID of the key' EQUALITY caseIgnoreMatch S + UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE + -VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.2 NAME 'pgpElementType' DESC 'PGP def + ined attribute containing the type of the pref object' EQUALITY caseIgnoreM + atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) +attributeTypes: ( 1.3.6.1.4.1.3401.8.2.3 NAME 'pgpData' DESC 'PGP defined at + tribute containing the admin pref data' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4 + 0 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) +attributeTypes: ( 1.2.840.113556.1.4.478 NAME 'calCalURI' DESC 'URI to a sna + pshot of the users entire default calendar' EQUALITY caseIgnoreMatch SUBSTR + caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALU + E ) +attributeTypes: ( 1.2.840.113556.1.4.479 NAME 'calFBURL' DESC 'URI to the us + ers default free/busy time data' EQUALITY caseIgnoreMatch SUBSTR caseIgnore + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.480 NAME 'calCAPURI' DESC 'URI used to + communicate with the users calendar' EQUALITY caseIgnoreMatch SUBSTR caseIg + noreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.481 NAME 'calCalAdrURI' DESC 'URI to wh + ich event requests should be sent for the user' EQUALITY caseIgnoreMatch SU + BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.482 NAME 'calOtherCalURIs' DESC 'URIs t + o snapshots of non-default calendars belonging to the user' EQUALITY caseIg + noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 ) +attributeTypes: ( 1.2.840.113556.1.4.483 NAME 'calOtherFBURLs' DESC 'URIs to + non-default free/busy data belonging to the user' EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.2.840.113556.1.4.484 NAME 'calOtherCAPURIs' DESC 'URIs t + o non-default calendars belonging to the user' EQUALITY caseIgnoreMatch SUB + STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.2.840.113556.1.4.485 NAME 'calOtherCalAdrURIs' DESC 'URI + s of destinations for event requests to non-default calendars' EQUALITY cas + eIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.13040.2.1.1 NAME 'hordePrefs' DESC 'Horde Pref + erences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1 + 024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.3.1.1 NAME 'impPrefs' DESC 'IMP Preferen + ces' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} + ) +attributeTypes: ( 1.3.6.1.4.1.13040.4.1.1 NAME 'turbaPrefs' DESC 'Turba Pref + erences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1 + 024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.4.1.2 NAME 'turbaType' DESC 'Turba Objec + t Type: Contact/List' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{8} ) +attributeTypes: ( 1.3.6.1.4.1.13040.4.1.3 NAME 'turbaMembers' DESC 'Encoded + members of a Turba list' SUP name ) +attributeTypes: ( 1.3.6.1.4.1.13040.4.1.4 NAME 'turbaPGPPublicKey' DESC 'PGP + /GPG Public Key' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.26{4000} ) +attributeTypes: ( 1.3.6.1.4.1.13040.5.1.1 NAME 'kronolithPrefs' DESC 'Kronol + ith Preferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.26{1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.6.1.1 NAME 'nagPrefs' DESC 'Nag Preferen + ces' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} + ) +attributeTypes: ( 1.3.6.1.4.1.13040.7.1.1 NAME 'gollemPrefs' DESC 'Gollem Pr + eferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + {1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.8.1.1 NAME 'choraPrefs' DESC 'Chora Pref + erences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1 + 024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.9.1.1 NAME 'mnemoPrefs' DESC 'Mnemo Pref + erences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1 + 024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.10.1.1 NAME 'trollPrefs' DESC 'Troll Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.11.1.1 NAME 'klutzPrefs' DESC 'Klutz Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.12.1.1 NAME 'jonahPrefs' DESC 'Jonah Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.13.1.1 NAME 'hermesPrefs' DESC 'Hermes P + references' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 6{1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.14.1.1 NAME 'junoPrefs' DESC 'Juno Prefe + rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 + 24} ) +attributeTypes: ( 1.3.6.1.4.1.13040.15.1.1 NAME 'treanPrefs' DESC 'Trean Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.16.1.1 NAME 'whupsPrefs' DESC 'Whups Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.17.1.1 NAME 'ingoPrefs' DESC 'Ingo Prefe + rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 + 24} ) +attributeTypes: ( 1.3.6.1.4.1.13040.18.1.1 NAME 'anselPrefs' DESC 'Ansel Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.19.1.1 NAME 'geniePrefs' DESC 'Genie Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.20.1.1 NAME 'scryPrefs' DESC 'Scry Prefe + rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 + 24} ) +attributeTypes: ( 1.3.6.1.4.1.13040.21.1.1 NAME 'wickedPrefs' DESC 'Wicked P + references' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 6{1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.22.1.1 NAME 'agoraPrefs' DESC 'Agora Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.24.1.1 NAME 'goopsPrefs' DESC 'Goops Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.25.1.1 NAME 'merkPrefs' DESC 'Merk Prefe + rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 + 24} ) +attributeTypes: ( 1.3.6.1.4.1.13040.26.1.1 NAME 'mimpPrefs' DESC 'MIMP Prefe + rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 + 24} ) +attributeTypes: ( 1.3.6.1.4.1.13040.27.1.1 NAME 'mottlePrefs' DESC 'Mottle P + references' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 6{1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.28.1.1 NAME 'nicPrefs' DESC 'NIC Prefere + nces' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024 + } ) +attributeTypes: ( 1.3.6.1.4.1.13040.29.1.1 NAME 'occamPrefs' DESC 'Occam Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.30.1.1 NAME 'odinPrefs' DESC 'Odin Prefe + rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 + 24} ) +attributeTypes: ( 1.3.6.1.4.1.13040.31.1.1 NAME 'rakimPrefs' DESC 'Rakim Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.32.1.1 NAME 'seshaPrefs' DESC 'Sesha Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.33.1.1 NAME 'swooshPrefs' DESC 'Swoosh P + references' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 6{1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.34.1.1 NAME 'thorPrefs' DESC 'Thor Prefe + rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 + 24} ) +attributeTypes: ( 1.3.6.1.4.1.13040.35.1.1 NAME 'ulaformPrefs' DESC 'Ulaform + Preferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .26{1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.36.1.1 NAME 'volosPrefs' DESC 'Volos Pre + ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ + 1024} ) +attributeTypes: ( 1.3.6.1.4.1.13040.37.1.1 NAME 'jetaPrefs' DESC 'Jeta Prefe + rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 + 24} ) +attributeTypes: ( 1.3.6.1.4.1.412.100.1.2.5 NAME 'arrayIndex' DESC 'the inde + x of this child' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .15 ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.101 NAME 'dlmIdentifyingDescriptio + n' DESC 'A free-form string providing explanation and details be + hind the entries in the dlmOtherIdentifyingInfo attribute.' EQUA + LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.112 NAME 'dlmOtherIdentifyingInfo' + DESC 'OtherIdentifyingInfo captures additional data, beyond tha + t of Tag information, that could be used to identify a Physical + Element. One example is bar code data associated with an Element + that also has an asset tag. Note that if only bar code data is + available and is unique/able to be used as an Element key, this + property would be NULL and the bar code data used as + the class key, in the Tag property.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.1.2.1 NAME 'orderedCimKeys' DESC 'The + model path for the instance (without propagated keys). May be us + ed as an RDN' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.1.2.2 NAME 'orderedCimModelPath' DESC + 'The model path for the instance (with propagated keys). May be + used as an RDN' OBSOLETE EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.103 NAME 'dlmCaption' DESC 'The Ca + ption property is a short textual description (oneline string) o + f the object.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5{64} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.104 NAME 'dlmDescription' DESC 'Th + e Description property provides a textual description of the obje + ct.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.105 NAME 'dlmInstallDate' DESC 'A + datetime value indicating when the object was installed. A lack + of a value does not indicate that the object is not installed.' + EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-V + ALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.106 NAME 'dlmName' DESC 'The Name + property defines the label by which the object is known. When su + bclassed, the Name property can be overridden to be a Key proper + ty.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SIN + GLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.107 NAME 'dlmStatus' DESC 'A strin + g indicating the current status of the object. Various operation + al and non-operational statuses are defined. Operational statuse + s are "OK", "Degraded", "Stressed" and "Pred Fail". "Stressed" + indicates that the Element is functioning, but needs a + ttention. Examples of "Stressed" states are overload, overheate + d, etc. The condition "Pred Fail" (failure predicted) indicates + that an Element is functioning properly but predicting a failure + in the near future. An example is a SMART-enabled hard drive. + [...]' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15{10} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.108 NAME 'dlmCreationClassName' DE + SC 'CreationClassName indicates the name of the class or the su + bclass used in the creation of an instance. When used with the o + ther key properties of this class, this property allows all ins + tances of this class and its subclasses to be uniquely identifie + d.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SING + LE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.119 NAME 'dlmNameFormat' DESC 'The + System object and its derivatives are Top Level Objects of CIM. + They provide the scope for numerous components. Having unique S + ystem keys is required. A heuristic can be defined in individual + System subclasses to attempt to always generate the + same System Name Key. The NameFormat property identifies how the + System name was generated, using the subclass" heuristic.' EQUA + LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.120 NAME 'dlmPrimaryOwnerContact' + DESC 'A string that provides information on how the primary syst + em owner can be reached (e.g. phone number, email address, ...). + ' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE + -VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.121 NAME 'dlmPrimaryOwnerName' DES + C 'The name of the primary system owner.' EQUALITY caseIgnoreMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.15{64} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.122 NAME 'dlmRoles' DESC 'An array + (bag) of strings that specify the roles this System plays in th + e IT-environment. Subclasses of System may override this proper + ty to define explicit Roles values. Alternately, a Working Group + may describe the heuristics, conventions and guidelines + for specifying Roles. For example, for an instance of a netw + orking system, the Roles property might contain the string, "Swi + tch" or "Bridge".' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.123 NAME 'dlmDedicated' DESC 'Enum + eration indicating whether the ComputerSystem is a special-purp + ose System (ie, dedicated to a particular use), versus being "ge + neral purpose". For example, one could specify that the System i + s dedicated to "Print" (value=11) or acts as a "Hub" + (value=8). Values are 0="Not Dedicated", 1="Unknown", 2="Other" + , 3="Storage", 4="Router", 5="Switch", 6="Layer 3 Switch", 7="Ce + ntral Office Switch", 8="Hub", 9="Access Server", 10="Firewall", + 11="Print", 12="I/O", 13="Web Caching", 14="Manageme + nt"' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.136 NAME 'dlmStartMode' DESC 'Star + tMode is a string value indicating whether the Service is automa + tically started by a System, Operating System, etc. or only star + ted upon request. Value Mapping are "Automatic", "Manual"' EQUA + LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.137 NAME 'dlmStarted' DESC 'Starte + d is a boolean indicating whether the Service has been started ( + TRUE), or stopped (FALSE).' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALU + E ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.139 NAME 'dlmSettingID' DESC 'The + identifier by which the Setting object is known.' EQUALITY caseI + gnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.159 NAME 'dlmElementSettingElement + Ref' DESC 'The ManagedSystemElement. Values of this attribute po + int to entries of class dlmManagedSystemElement.' EQUALITY disti + nguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.160 NAME 'dlmElementSettingSetting + Ref' DESC 'The Setting object associated with the ManagedSystem + Element. Values of this attribute point to entries of class dlmS + etting.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 12 ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.186 NAME 'dlmMemberOfCollectionCol + lectionRef' DESC 'The Collection that aggregates members. Values of + this attribute point to entries of class dlmCollection.' EQUALITY dist + inguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.187 NAME 'dlmMemberOfCollectionMem + berRef' DESC 'The aggregated member of the collection. Values of + this attribute point to entries of class dlmManagedElement.' EQ + UALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.8 NAME 'dlm1FilterListDirection' + DESC 'This defines whether the FilterList is used for input, outp + ut, or both input and output filtering. All values are used with r + espect to the interface for which the FilterList applies. + "Not Applicable" (0) is used when there is no direction applicabl + e to the FilterList. "Input" (1) is used when the FilterList appli + es to packets that are inbound on the related interface. + "Output" (2) is used when the FilterList applies to packe + ts that are outbound on the related interface. "Both" (3) + is used to indicate that the direction is immaterial, e.g., to fi + lter on a source subnet regardless of whether the flow is + inbound or outbound. "Mirrored" (4) is also applicable to + both inbound and outbound flow processing, but indicates that th + e filter criteria are applied asymmetrically to traffic in both di + rections and, thus, specifies the reversal of source and + destination criteria (as opposed to the equality of these criteria + as indicated by "Both"). The match conditions in the aggregated + FilterEntryBase subclass instances are defined from the pe + rspective of outbound flows and applied to inbound flows as well b + y reversing the source and destination criteria. So, for example, + consider a FilterList with 3 FilterEntries indicating des + tination port = 80, and source and destination addresses of a and + b, respectively. Then, for the outbound direction, the filter + entries match as specified and the mirror (for the inbound di + rection) matches on source port = 80 and source and destination ad + dresses of b and a, respectively.), Values are "Not Appli + cable", "Input", "Output", "Both", "Mirrored"' EQUALITY caseIgnore + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.1 NAME 'dlm1FilterEntryBaseIsNeg + ated' DESC 'Boolean indicating that the match condition described + in the properties of the FilterEntryBase subclass should be negate + d.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.2 NAME 'dlmProtocolType' DESC 'P + rotocolType is an enumeration that provides additional information + that can be used to help categorize and classify different instan + ces of this class. Values are "Unknown", "Other", "IPv4", "IPv6", + "IPX", "AppleTalk", "DECnet", "SNA", "CONP", "CLNP", "VINES", + "XNS", "ATM", "Frame Relay", "Ethernet", "TokenRing", "FDDI", + "Infiniband", "Fibre Channel", "ISDN BRI Endpoint", "ISDN B Chann + el Endpoint", "ISDN D Channel Endpoint"' EQUALITY caseIgnoreMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.3 NAME 'dlmOtherTypeDescription' + DESC 'A string describing the type of ProtocolEndpoint that this + instance is when the Type property of this class (or any of its s + ubclasses) is set to "Other". The format of the string inserted in + this property should be similar in format to the values defined f + or the Type property. This property should be set to NULL when the + Type property is any value other than "Other".' EQUALITY caseIgno + reMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.4 NAME 'dlmIPAddress' DESC 'The + IP address that this ProtocolEndpoint represents, formatted accord + ing to the appropriate convention as defined in the AddressType pr + operty of this class (e.g., 171.79.6.40).' EQUALITY caseIgnoreMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.5 NAME 'dlmIPSubnetMask' DESC 'T + he mask for the IP address of this ProtocolEndpoint, formatted acc + ording to the appropriate convention as defined in the AddressType + property of this class (e.g., 255.255.252.0).' EQUALITY caseIgnor + eMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.6 NAME 'dlmIPAddressType' DESC ' + An enumeration that describes the format of the address property. + Whenever possible, IPv4-compatible addresses should be used instea + d of native IPv6 addresses (see RFC 2373, section 2.5.4). In order + to have a consistent format for IPv4 addresses in a mixed IPv4/v6 + environment, all IPv4 addresses and both IPv4-compatible IPv6 add + resses and IPv4-mapped IPv6 addresses, per RFC 2373, section + 2.5.4, should be formatted in standard IPv4 format. However, t + his (the 2.2) version of the Network Common Model will not explici + tly support mixed IPv4/IPv6 environments. This will be added in a + future release. Values are "Unknown", "IPv4", "IPv6".' EQUALITY ca + seIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.7 NAME 'dlmIPVersionSupport' DES + C 'It is not possible to tell from the address alone if a given IP + ProtocolEndpoint can support IPv4 and IPv6, or just one of these. + This property explicitly defines the support for different version + s of IP that this IPProtocolEndpoint has. More implementa + tion experience is needed in order to correctly model mixed IPv4/I + Pv6 networks; therefore, this version (2.2) of the Network Common + Model will not support mixed IPv4/IPv6 environments. This will be + looked at further in a future version. Values are "Unknow + n", "IPv4 Only", "IPv6 Only".' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.18 NAME 'dlmBiometric' DESC 'Biome + tric information used to identify a person. The property value + is left null or set to "N/A" for non-human user or a user not u + sing biometric information for authentication. Values are 0="N/ + A", 1="Other", 2="Facial", 3="Retina", 4="Mark", 5="F + inger", 6="Voice", 7="DNA-RNA", 8="EEG".' EQUALITY integerMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.19 NAME 'dlmElementID' DESC 'The E + lementID property uniquely specifies the ManagedElement object i + nstance that is the user represented by the UsersAccess object i + nstance. The ElementID is formatted similarly to a model path + except that the property-value pairs are ordered in al + phabetical order (US ASCII lexical order).' EQUALITY caseIgnoreMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.41 NAME 'dlmElementAsUserAnteceden + tRef' DESC 'The ManagedElement that has UsersAccess. The value + of this attribute points to an entry of class dlm1ManagedElement + .' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SIN + GLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.42 NAME 'dlmElementAsUserDependent + Ref' DESC 'The "owned" UsersAccess. Values of this attribute poi + nt to entries of class dlm1UsersAccess.' EQUALITY distinguishedNameMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.57 NAME 'dlmUsersCredentialAnteced + entRef' DESC 'The issued credential that may be used. Values of + this attribute point to entries of class dlm1Credential.' EQUALI + TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.58 NAME 'dlmUsersCredentialDepende + ntRef' DESC 'The UsersAccess that has use of a credential. Value + s of this attribute point to entries of class dlm1UsersAccess.' + EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.26 NAME 'dlmRemoteID' DESC 'Remote + ID is the name by which the user is known at the KDC security ser + vice.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} S + INGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.28 NAME 'dlmAlgorithm' DESC 'algor + ithm names the transformation algorithm, if any, used to protect + passwords before use in the protocol. For instance, Kerberos doe + sn"t store passwords as the shared secret, but rather, a hash of + the password.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.29 NAME 'dlmProtocol' DESC 'protoc + ol names the protocol with which the SharedSecret is used.' EQUAL + ITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.30 NAME 'dlmSecret' DESC 'secret i + s the secret known by the Users Access.' EQUALITY caseIgnoreMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.6.2.15 NAME 'pcimRoles' DESC 'RFC 3703: Each val + ue of this attribute represents a role-combination.' EQUALITY caseIgnoreMat + ch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.1.6.2.3 NAME 'pcimKeywords' DESC 'RFC 3703: A set + of keywords to assist directory clients in locating the policy objects appl + icable to them.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch + SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.1.6.2.4 NAME 'pcimGroupName' DESC 'RFC 3703: The u + ser-friendly name of this policy group.' EQUALITY caseIgnoreMatch ORDERING + caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.6.2.5 NAME 'pcimRuleName' DESC 'RFC 3703: The us + er-friendly name of this policy rule.' EQUALITY caseIgnoreMatch ORDERING ca + seIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.6.2.6 NAME 'pcimRuleEnabled' DESC 'RFC 3703: An + integer indicating whether a policy rule is administratively enabled (value + =1), disabled (value=2), or enabled for debug (value=3).' EQUALITY integerM + atch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN + GLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.6.2.11 NAME 'pcimRuleUsage' DESC 'RFC 3703: This + attribute is a free-form sting providing guidelines on how this policy sho + uld be used.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUB + STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V + ALUE ) +attributeTypes: ( 1.3.6.1.1.6.2.13 NAME 'pcimRuleMandatory' DESC 'RFC 3703: + If TRUE, indicates that for this policy rule, the evaluation of its conditi + ons and execution of its actions (if the condition is satisfied) is require + d.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.1.6.2.16 NAME 'pcimConditionGroupNumber' DESC 'RFC + 3703: The number of the group to which a policy condition belongs. This i + s used to form the DNF or CNF expression associated with a policy rule.' EQ + UALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.6.2.17 NAME 'pcimConditionNegated' DESC 'RFC 370 + 3: If TRUE (FALSE), it indicates that a policy condition IS (IS NOT) negate + d in the DNF or CNF expression associated with a policy rule.' EQUALITY boo + leanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.6.2.18 NAME 'pcimConditionName' DESC 'RFC 3703: + A user-friendly name for a policy condition.' EQUALITY caseIgnoreMatch ORDE + RING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.6.2.19 NAME 'pcimConditionDN' DESC 'RFC 3703: A + DN that references an instance of a reusable policy condition.' EQUALITY di + stinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.6.2.23 NAME 'pcimActionOrder' DESC 'RFC 3703: An + integer indicating the relative order of an action in the context of a pol + icy rule.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.6.2.22 NAME 'pcimActionName' DESC 'RFC 3703: A u + ser-friendly name for a policy action.' EQUALITY caseIgnoreMatch ORDERING c + aseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.6.2.24 NAME 'pcimActionDN' DESC 'RFC 3703: A DN + that references a reusable policy action.' EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.6.2.36 NAME 'pcimRepositoryName' DESC 'RFC 3703: + The user-friendly name of this policy repository.' EQUALITY caseIgnoreMatc + h ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.1 NAME 'pcelsPolicySetName' DESC 'RFC 4104: + User-friendly name of a policy set' EQUALITY caseIgnoreMatch ORDERING caseI + gnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.2 NAME 'pcelsDecisionStrategy' DESC 'RFC 410 + 4: Evaluation method for the components of a pcelsPolicySet' EQUALITY integ + erMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.3 NAME 'pcelsPolicySetList' DESC 'RFC 4104: + Unordered set of DNs of pcelsPolicySetAssociation entries' EQUALITY disting + uishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.1.9.2.4 NAME 'pcelsPriority' DESC 'RFC 4104: Prior + ity of a component' EQUALITY integerMatch ORDERING integerOrderingMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.5 NAME 'pcelsPolicySetDN' DESC 'RFC 4104: DN + of a pcelsPolicySet entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.62 NAME 'pcelsRuleValidityPeriodList' DESC ' + RFC 4104: Unordered set of DNs of pcimRuleValidityAssociation entries' EQUA + LITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.1.9.2.6 NAME 'pcelsConditionListType' DESC 'RFC 41 + 04: Indicates the type of condition aggregation' EQUALITY integerMatch ORDE + RING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.1.9.2.7 NAME 'pcelsConditionList' DESC 'RFC 4104: + Unordered set of DNs of pcelsConditionAssociation entries' EQUALITY disting + uishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.1.9.2.8 NAME 'pcelsActionList' DESC 'RFC 4104: Uno + rdered set of DNs of pcelsActionAssociation entries' EQUALITY distinguished + NameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.1.9.2.9 NAME 'pcelsSequencedActions' DESC 'RFC 410 + 4: Indicates the importance of action sequencing' EQUALITY integerMatch ORD + ERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALU + E ) +attributeTypes: ( 1.3.6.1.1.9.2.10 NAME 'pcelsExecutionStrategy' DESC 'RFC 4 + 104: Indicates the action execution strategy' EQUALITY integerMatch ORDERIN + G integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.11 NAME 'pcelsVariableDN' DESC 'RFC 4104: DN + of a pcelsVariable entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.12 NAME 'pcelsValueDN' DESC 'RFC 4104: DN of + a pcelsValueAuxClass entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.13 NAME 'pcelsIsMirrored' DESC 'RFC 4104: In + dicates whether the mirrored traffic matches' EQUALITY booleanMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.14 NAME 'pcelsVariableName' DESC 'RFC 4104: + The user-friendly name of a variable.' EQUALITY caseIgnoreMatch ORDERING ca + seIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.15 NAME 'pcelsExpectedValueList' DESC 'RFC 4 + 104: Unordered set of DNs of pcelsValueAuxClass entries representing + expected values for a policy variable' EQUALITY distinguishedNameMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.1.9.2.16 NAME 'pcelsVariableModelClass' DESC 'RFC + 4104: Identifies a CIM class' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.17 NAME 'pcelsVariableModelProperty' DESC 'R + FC 4104: Identifies the property of a CIM class.' EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.18 NAME 'pcelsExpectedValueTypes' DESC 'RFC + 4104: Identifies subclasses of pcelsValueAuxClass by name' EQUALITY caseIgn + oreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.1.9.2.19 NAME 'pcelsValueName' DESC 'RFC 4104: The + user-friendly name of a value' EQUALITY caseIgnoreMatch ORDERING caseIgnor + eOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.20 NAME 'pcelsIPv4AddrList' DESC 'RFC 4104: + Unordered set of IPv4 addresses, IPv4 address ranges or hosts' EQUAL + ITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.1.9.2.21 NAME 'pcelsIPv6AddrList' DESC 'RFC 4104: + Unordered set of IPv6 addresses, IPv6 address ranges or hosts' EQUAL + ITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.1.9.2.22 NAME 'pcelsMACAddrList' DESC 'RFC 4104: U + nordered set of MAC addresses or MAC address ranges' EQUALITY caseIgnoreMat + ch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.1.9.2.23 NAME 'pcelsStringList' DESC 'RFC 4104: Un + ordered set of strings with wildcards' EQUALITY caseIgnoreMatch ORDERING ca + seIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.1.9.2.24 NAME 'pcelsBitStringList' DESC 'RFC 4104: + Unordered set of bit strings or bit string ranges' EQUALITY caseIgnoreMatc + h ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.1.9.2.25 NAME 'pcelsIntegerList' DESC 'RFC 4104: U + nordered set of integers or integer ranges' EQUALITY caseIgnoreMatch ORDERI + NG caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.1.9.2.26 NAME 'pcelsBoolean' DESC 'RFC 4104: Boole + an value' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE- + VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.27 NAME 'pcelsReusableContainerName' DESC 'R + FC 4104: User-friendly name of a reusable policy container' EQUALITY caseIg + noreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.28 NAME 'pcelsReusableContainerList' DESC 'R + FC 4104: Unordered set of DNs of pcelsReusableContainer entries' EQUALITY d + istinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.1.9.2.29 NAME 'pcelsRole' DESC 'RFC 4104: String r + epresenting a role.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMa + tch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S + INGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.30 NAME 'pcelsRoleCollectionName' DESC 'RFC + 4104: User-friendly name of a role collection' EQUALITY caseIgnoreMatch ORD + ERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.31 NAME 'pcelsElementList' DESC 'RFC 4104: U + nordered set of managed elements' EQUALITY distinguishedNameMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.1.9.2.32 NAME 'pcelsFilterName' DESC 'RFC 4104: Us + er-friendly name of a filter entry' EQUALITY caseIgnoreMatch ORDERING caseI + gnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.33 NAME 'pcelsFilterIsNegated' DESC 'RFC 410 + 4: Indicates whether the filter is negated' EQUALITY booleanMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.34 NAME 'pcelsIPHdrVersion' DESC 'RFC 4104: + IP version' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.35 NAME 'pcelsIPHdrSourceAddress' DESC 'RFC + 4104: Source IP address' EQUALITY octetStringMatch ORDERING octetStringOrde + ringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.36 NAME 'pcelsIPHdrSourceAddressEndOfRange' + DESC 'RFC 4104: End of a range of source IP addresses' EQUALITY octetString + Match ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.4 + 0 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.37 NAME 'pcelsIPHdrSourceMask' DESC 'RFC 410 + 4: Mask to be used in comparing the source IP address' EQUALITY octetString + Match ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.4 + 0 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.38 NAME 'pcelsIPHdrDestAddress' DESC 'RFC 41 + 04: Destination IP address' EQUALITY octetStringMatch ORDERING octetStringO + rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.39 NAME 'pcelsIPHdrDestAddressEndOfRange' DE + SC 'RFC 4104: End of a range of destination IP addresses' EQUALITY octetStr + ingMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.40 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.40 NAME 'pcelsIPHdrDestMask' DESC 'RFC 4104: + Mask to be used in comparing the destination IP address' EQUALITY octetStr + ingMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.40 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.41 NAME 'pcelsIPHdrProtocolID' DESC 'RFC 410 + 4: IP protocol type' EQUALITY integerMatch ORDERING integerOrderingMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.42 NAME 'pcelsIPHdrSourcePortStart' DESC 'RF + C 4104: Lower end of a range of UDP or TCP source ports' EQUALITY integerMa + tch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING + LE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.43 NAME 'pcelsIPHdrSourcePortEnd' DESC 'RFC + 4104: Upper end of a range of UDP or TCP source ports' EQUALITY integerMatc + h ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE + -VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.44 NAME 'pcelsIPHdrDestPortStart' DESC 'RFC + 4104: Lower end of a range of UDP or TCP destination ports' EQUALITY intege + rMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S + INGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.45 NAME 'pcelsIPHdrDestPortEnd' DESC 'RFC 41 + 04: Upper end of a range of UDP or TCP destination ports' EQUALITY integerM + atch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN + GLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.46 NAME 'pcelsIPHdrDSCPList' DESC 'RFC 4104: + DSCP values' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 1.3.6.1.1.9.2.47 NAME 'pcelsIPHdrFlowLabel' DESC 'RFC 4104 + : IP flow label' EQUALITY octetStringMatch ORDERING octetStringOrderingMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.48 NAME 'pcels8021HdrSourceMACAddress' DESC + 'RFC 4104: Source MAC address' EQUALITY octetStringMatch ORDERING octetStri + ngOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.49 NAME 'pcels8021HdrSourceMACMask' DESC 'RF + C 4104: Source MAC address mask' EQUALITY octetStringMatch ORDERING octetSt + ringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.50 NAME 'pcels8021HdrDestMACAddress' DESC 'R + FC 4104: Destination MAC address' EQUALITY octetStringMatch ORDERING octetS + tringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.51 NAME 'pcels8021HdrDestMACMask' DESC 'RFC + 4104: Destination MAC address mask' EQUALITY octetStringMatch ORDERING octe + tStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.52 NAME 'pcels8021HdrProtocolID' DESC 'RFC 4 + 104: Ethernet protocol ID' EQUALITY integerMatch ORDERING integerOrderingMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 1.3.6.1.1.9.2.53 NAME 'pcels8021HdrPriority' DESC 'RFC 410 + 4: 802.1Q priority' EQUALITY integerMatch ORDERING integerOrderingMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 1.3.6.1.1.9.2.54 NAME 'pcels8021HdrVLANID' DESC 'RFC 4104: + 802.1Q VLAN ID' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 1.3.6.1.1.9.2.55 NAME 'pcelsFilterListName' DESC 'RFC 4104 + : User-friendly name of a FilterList' EQUALITY caseIgnoreMatch ORDERING cas + eIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.56 NAME 'pcelsFilterDirection' DESC 'RFC 410 + 4: Direction to which this filter is applied' EQUALITY integerMatch ORDERIN + G integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.57 NAME 'pcelsFilterEntryList' DESC 'RFC 410 + 4: Unordered set of DNs of pcelsFilterEntryBase entries' EQUALITY distingui + shedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.1.9.2.58 NAME 'pcelsVendorVariableData' DESC 'RFC + 4104: Mechanism for representing variables that have not been specif + ically modeled' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.3.6.1.1.9.2.59 NAME 'pcelsVendorVariableEncoding' DESC ' + RFC 4104: Identifies the format and semantics for policy variables' EQUALIT + Y objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.1.9.2.60 NAME 'pcelsVendorValueData' DESC 'RFC 410 + 4: Mechanism for representing values that have not been specifically + modeled' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.3.6.1.1.9.2.61 NAME 'pcelsVendorValueEncoding' DESC 'RFC + 4104: Identifies the format and semantics for policy values' EQUALITY obje + ctIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7924.2.1.1.1 NAME 'demailMaxAuthLevel' DESC 'd + escribes the maximum authentification the person is capable of (NORMAL/HIGH + /VERY HIGH)' SUP name SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who + may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who + may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s + ) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) imp + ersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) + followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) + impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group( + s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.8 NAME 'sudoNotBefore' DESC 'Start o + f time interval for which the entry is valid' EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.9 NAME 'sudoNotAfter' DESC 'End of t + ime interval for which the entry is valid' EQUALITY generalizedTimeMatch OR + DERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.10 NAME 'sudoOrder' DESC 'an integer + to order the sudoRole entries' EQUALITY integerMatch ORDERING integerOrder + ingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' DESC 'M + ANDATORY: OpenSSH Public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.40 ) +attributeTypes: ( 1.3.6.1.4.1.34380.1.1.3.10 NAME 'puppetClass' DESC 'Puppet + Node Class' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 26 ) +attributeTypes: ( 1.3.6.1.4.1.34380.1.1.3.9 NAME 'parentNode' DESC 'Puppet P + arent Node' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 6 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.34380.1.1.3.11 NAME 'environment' DESC 'Puppet + Node Environment' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.34380.1.1.3.12 NAME 'puppetVar' DESC 'A variab + le setting for puppet' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.29426.2.2.1.1 NAME 'DKIMSelector' DESC 'Select + or name associated with DKIM signing key' EQUALITY caseExactIA5Match SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.29426.2.2.1.2 NAME 'DKIMKey' DESC 'DKIM signin + g key' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SING + LE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.29426.2.2.1.3 NAME 'DKIMIdentity' DESC 'The Ag + ent or User Identifier (AUID)' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.29426.2.2.1.4 NAME 'DKIMDomain' DESC 'DKIM sen + der domain' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.19937.1.1.1 NAME 'quota' DESC 'Quotas (FileSys + tem:BlocksSoft,BlocksHard,InodesSoft,InodesHard)' EQUALITY caseIgnoreIA5Mat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} ) +attributeTypes: ( 1.3.6.1.3.1.1.1.1.2.1 NAME 'tacacsClient' DESC 'Valid clie + nt address range for this user, in CIDR notation' EQUALITY caseExactIA5Matc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{20} ) +attributeTypes: ( 1.3.6.1.3.1.1.1.1.2.2 NAME 'tacacsMember' DESC 'Tacacs gro + up membership' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .26{40} ) +attributeTypes: ( 1.3.6.1.3.1.1.1.1.2.3 NAME 'tacacsProfile' DESC 'Tacacs us + er profile' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + {1024} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.3.1.1.1.1.2.8 NAME 'tacacsFlag' DESC 'Arbitrary te + xt, may be used by LDAP filters' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.26{40} ) +attributeTypes: ( 1.3.6.1.4.1.3.8.1.1.1 NAME 'cmusaslsecretCRAM-MD5' DESC 'P + rehashed password as described in CRAM-MD5' EQUALITY octetStringMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.40{32} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.3.8.1.1.2 NAME 'cmusaslsecretDIGEST-MD5' DESC + 'Shared secret for DIGEST-MD5' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.40{16} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.3.8.1.1.3 NAME 'cmusaslsecretOTP' DESC 'OTP se + cret' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.3.6.1.4.1.3.8.1.1.4 NAME 'cmusaslsecretSRP' DESC 'base64 + encoded SRP secret' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.40 ) +attributeTypes: ( 1.3.6.1.4.1.3.8.1.1.5 NAME 'cmusaslsecretPLAIN' DESC 'PLAI + N secret' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.1 NAME 'fedfsUuid' DESC 'A UUID used b + y NSDB' EQUALITY uuidMatch ORDERING uuidOrderingMatch SYNTAX 1.3.6.1.1.16.1 + SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.4 NAME 'fedfsFsnUuid' DESC 'The FSN UU + ID component of an FSN' SUP fedfsUuid SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.11 NAME 'fedfsFsnTTL' DESC 'Time to li + ve of an FSN tree' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.14 NAME 'fedfsNceDN' DESC 'NCE Disting + uished Name' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.12 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.8 NAME 'fedfsFslUuid' DESC 'UUID of an + FSL' SUP fedfsUuid SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.12 NAME 'fedfsAnnotation' DESC 'Annota + tion of an object' SUP name ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.13 NAME 'fedfsDescr' DESC 'Description + of an object' SUP name ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.120 NAME 'fedfsNfsURI' DESC 'Location + of fileset' SUP labeledURI SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.103 NAME 'fedfsNfsCurrency' DESC 'up-t + o-date measure of the data' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.104 NAME 'fedfsNfsGenFlagWritable' DES + C 'Indicates if the file system is writable' EQUALITY booleanMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.105 NAME 'fedfsNfsGenFlagGoing' DESC ' + Indicates if the file system is going' EQUALITY booleanMatch SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.106 NAME 'fedfsNfsGenFlagSplit' DESC ' + Indicates if there are multiple file systems' EQUALITY booleanMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.107 NAME 'fedfsNfsTransFlagRdma' DESC + 'Indicates if the transport supports RDMA' EQUALITY booleanMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.108 NAME 'fedfsNfsClassSimul' DESC 'Th + e simultaneous-use class of the file system' EQUALITY integerMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.109 NAME 'fedfsNfsClassHandle' DESC 'T + he handle class of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.110 NAME 'fedfsNfsClassFileid' DESC 'T + he fileid class of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.111 NAME 'fedfsNfsClassWritever' DESC + 'The write-verifier class of the file system' EQUALITY integerMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.112 NAME 'fedfsNfsClassChange' DESC 'T + he change class of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.113 NAME 'fedfsNfsClassReaddir' DESC ' + The readdir class of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.114 NAME 'fedfsNfsReadRank' DESC 'The + read rank of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.115 NAME 'fedfsNfsReadOrder' DESC 'The + read order of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.116 NAME 'fedfsNfsWriteRank' DESC 'The + write rank of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.117 NAME 'fedfsNfsWriteOrder' DESC 'Th + e write order of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.118 NAME 'fedfsNfsVarSub' DESC 'Indica + tes if variable substitution is present' EQUALITY booleanMatch SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.31103.1.19 NAME 'fedfsNfsValidFor' DESC 'Valid + for time' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGL + E-VALUE ) +attributeTypes: ( 0.0.8.350.1.1.1.1.1 NAME 'commURI' DESC 'Labeled URI forma + t to point to the distinguished name of the commUniqueId' EQUALITY caseExac + tMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 0.0.8.350.1.1.2.1.1 NAME 'commUniqueId' DESC 'To hold the + endpoints unique Id' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr + ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 0.0.8.350.1.1.2.1.2 NAME 'commOwner' DESC 'Labeled URI to + point back to the original owner' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.15 ) +attributeTypes: ( 0.0.8.350.1.1.2.1.3 NAME 'commPrivate' DESC 'To decide whe + ther the entry is visible to world or not' SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.26 ) +attributeTypes: ( 0.0.8.350.1.1.6.1.1 NAME 'SIPIdentitySIPURI' DESC 'Univers + al Resource Indicator of the SIP UA' EQUALITY caseExactMatch SUBSTR caseExa + ctSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 0.0.8.350.1.1.6.1.2 NAME 'SIPIdentityRegistrarAddress' DES + C 'specifies the location of the registrar' EQUALITY caseIgnoreIA5Match SYN + TAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 0.0.8.350.1.1.6.1.3 NAME 'SIPIdentityProxyAddress' DESC 'S + pecifies the location of the SIP Proxy' EQUALITY caseIgnoreIA5Match SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 0.0.8.350.1.1.6.1.4 NAME 'SIPIdentityAddress' DESC 'IP add + ress of the UA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.26 ) +attributeTypes: ( 0.0.8.350.1.1.6.1.5 NAME 'SIPIdentityPassword' DESC 'The u + ser agent SIP password ' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.40 ) +attributeTypes: ( 0.0.8.350.1.1.6.1.6 NAME 'SIPIdentityUserName' DESC 'The u + ser agent user name.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 0.0.8.350.1.1.6.1.7 NAME 'SIPIdentityServiceLevel' DESC 'T + o define services that a user can belong to.' EQUALITY caseIgnoreIA5Match S + UBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.1 NAME 'radiusArapFeatures' EQUALI + TY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.2 NAME 'radiusArapSecurity' EQUALI + TY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.3 NAME 'radiusArapZoneAccess' EQUA + LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.44 NAME 'radiusAuthType' DESC 'con + trolItem: Auth-Type' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.4 NAME 'radiusCallbackId' DESC 're + plyItem: Callback-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.5 NAME 'radiusCallbackNumber' DESC + 'replyItem: Callback-Number' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.6 NAME 'radiusCalledStationId' DES + C 'controlItem: Called-Station-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.7 NAME 'radiusCallingStationId' DE + SC 'controlItem: Calling-Station-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.8 NAME 'radiusClass' DESC 'replyIt + em: Class' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.45 NAME 'radiusClientIPAddress' EQ + UALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.9 NAME 'radiusFilterId' DESC 'repl + yItem: Filter-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.10 NAME 'radiusFramedAppleTalkLink + ' DESC 'replyItem: Framed-AppleTalk-Link' EQUALITY caseIgnoreIA5Match SYNTA + X 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.11 NAME 'radiusFramedAppleTalkNetw + ork' DESC 'replyItem: Framed-AppleTalk-Network' EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.12 NAME 'radiusFramedAppleTalkZone + ' DESC 'replyItem: Framed-AppleTalk-Zone' EQUALITY caseIgnoreIA5Match SYNTA + X 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.13 NAME 'radiusFramedCompression' + DESC 'replyItem: Framed-Compression' EQUALITY caseIgnoreIA5Match SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.14 NAME 'radiusFramedIPAddress' DE + SC 'replyItem: Framed-IP-Address' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.15 NAME 'radiusFramedIPNetmask' DE + SC 'replyItem: Framed-IP-Netmask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.16 NAME 'radiusFramedIPXNetwork' D + ESC 'replyItem: Framed-IPX-Network' EQUALITY caseIgnoreIA5Match SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.17 NAME 'radiusFramedMTU' DESC 're + plyItem: Framed-MTU' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.18 NAME 'radiusFramedProtocol' DES + C 'replyItem: Framed-Protocol' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.19 NAME 'radiusFramedRoute' DESC ' + replyItem: Framed-Route' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.20 NAME 'radiusFramedRouting' DESC + 'replyItem: Framed-Routing' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.46 NAME 'radiusGroupName' EQUALITY + caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.47 NAME 'radiusHint' EQUALITY case + IgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.48 NAME 'radiusHuntgroupName' EQUA + LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.21 NAME 'radiusIdleTimeout' DESC ' + replyItem: Idle-Timeout' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.22 NAME 'radiusLoginIPHost' DESC ' + replyItem: Login-IP-Host' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.23 NAME 'radiusLoginLATGroup' DESC + 'replyItem: Login-LAT-Group' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.24 NAME 'radiusLoginLATNode' DESC + 'replyItem: Login-LAT-Node' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.25 NAME 'radiusLoginLATPort' DESC + 'replyItem: Login-LAT-Port' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.26 NAME 'radiusLoginLATService' DE + SC 'replyItem: Login-LAT-Service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.27 NAME 'radiusLoginService' DESC + 'replyItem: Login-Service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.28 NAME 'radiusLoginTCPPort' DESC + 'replyItem: Login-TCP-Port' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.29 NAME 'radiusPasswordRetry' EQUA + LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.30 NAME 'radiusPortLimit' DESC 're + plyItem: Port-Limit' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.49 NAME 'radiusProfileDN' EQUALITY + distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.31 NAME 'radiusPrompt' EQUALITY ca + seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.50 NAME 'radiusProxyToRealm' EQUAL + ITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.51 NAME 'radiusReplicateToRealm' D + ESC 'control:Replicate-To-Realm' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.52 NAME 'radiusRealm' EQUALITY cas + eIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.32 NAME 'radiusServiceType' DESC ' + replyItem: Service-Type' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.33 NAME 'radiusSessionTimeout' DES + C 'replyItem: Session-Timeout' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.34 NAME 'radiusTerminationAction' + DESC 'replyItem: Termination-Action' EQUALITY caseIgnoreIA5Match SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.35 NAME 'radiusTunnelAssignmentId' + EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.36 NAME 'radiusTunnelMediumType' E + QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.37 NAME 'radiusTunnelPassword' EQU + ALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE + ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.38 NAME 'radiusTunnelPreference' E + QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.39 NAME 'radiusTunnelPrivateGroupI + d' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.40 NAME 'radiusTunnelServerEndpoin + t' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.41 NAME 'radiusTunnelType' EQUALIT + Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.42 NAME 'radiusVSA' EQUALITY caseI + gnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.43 NAME 'radiusTunnelClientEndpoin + t' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.53 NAME 'radiusSimultaneousUse' DE + SC 'controlItem: Simultaneous-Use' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN + GLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.54 NAME 'radiusLoginTime' EQUALITY + caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.55 NAME 'radiusUserCategory' EQUAL + ITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.56 NAME 'radiusStripUserName' SYNT + AX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.57 NAME 'dialupAccess' EQUALITY ca + seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.58 NAME 'radiusExpiration' DESC 'c + ontrolItem: Expiration' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.59 NAME 'radiusAttribute' DESC 'co + ntrolItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.61 NAME 'radiusNASIpAddress' EQUAL + ITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.62 NAME 'radiusReplyMessage' DESC + 'replyItem: Reply-Message' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.63 NAME 'radiusControlAttribute' D + ESC 'controlItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.64 NAME 'radiusReplyAttribute' DES + C 'replyItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.65 NAME 'radiusRequestAttribute' D + ESC 'requestItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.26 ) +attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.1 NAME 'radiusClientIdentifier' + DESC 'Client Identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin + gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.2 NAME 'radiusClientSecret' DESC + 'Client Secret' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.3 NAME 'radiusClientShortname' D + ESC 'Client Shortname' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.4 NAME 'radiusClientVirtualServe + r' DESC 'VirtualServer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.5 NAME 'radiusClientType' DESC ' + Client Type' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.6 NAME 'radiusClientRequireMa' D + ESC 'Require Message Authenticator' EQUALITY booleanMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.7 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.7 NAME 'radiusClientComment' DES + C 'Client comment' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.2 NAME 'dateOfBirth' DESC 'Date o + f birth (format YYYY-MM-DD, see ISO 8601)' EQUALITY caseExactIA5Match SUBST + R caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10} SING + LE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.12 NAME 'birthPlace' DESC 'Place + of birth' SUP l SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.14 NAME 'birthName' DESC 'Last na + me at time of birth, e.g. maiden name' SUP sn SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.7 NAME 'gender' DESC 'Representat + ion of human sex (see ISO 5218)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.27{1} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.9 NAME 'businessTitle' DESC 'Busi + ness title describing the kind of job a person does' SUP title ) +attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.15 NAME 'academicTitle' DESC 'Aca + demic title a person is allowed to use' SUP title ) +attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.10 NAME 'nickName' DESC 'A nick n + ame of a person' SUP name ) +attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.11 NAME 'euVATId' DESC 'value add + ed tax ID of company within EU' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.26{20} ) +attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.13 NAME 'labeledBICandIBAN' DESC + 'international bank arrangement consisting of BIC, IBAN and optional label + (format: "BIC:,IBAN:#