# PaCkAgE DaTaStReAm
LNFopenldap-client 1 4860
# end of header
0707010001e6fc000081a4000017820000044e0000000148d0f14b0000035c0000022d0000016a00000000000000000000001b00000000LNFopenldap-client/pkginfo PKG=LNFopenldap-client
ARCH=i386
VERSION=2.3.36
MAXINST=1000
SERIALNUM=001
NAME=OpenLDAP Client
CATEGORY=network,utils,application
EMAIL=developers@linofee.org
VENDOR=LINOFEE, http://www.linofee.org
BASEDIR=/usr
DESC=This package contains an OpenLDAP client. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP.
LICINFO=Open LDAP License (BSD)
LICURL=http://www.openldap.org/doc/admin22/license.html
LICFILE=openldap.txt
PSTAMP=idev20080917140011
CLASSES=none
0707010001e6fb000081a4000017820000044e0000000148d0f14c000031250000022d0000016a00000000000000000000001a00000000LNFopenldap-client/pkgmap : 1 4860
1 d none bin ? ? ?
1 s none bin/ldapadd=ldapmodify
1 f none bin/ldapcompare 0755 bin bin 60540 22362 1221652765
1 f none bin/ldapdelete 0755 bin bin 67996 20155 1221652764
1 f none bin/ldapmodify 0755 bin bin 72568 36214 1221652764
1 f none bin/ldapmodrdn 0755 bin bin 61764 623 1221652765
1 f none bin/ldappasswd 0755 bin bin 63372 54892 1221652765
1 f none bin/ldapsearch 0755 bin bin 82472 20659 1221652764
1 f none bin/ldapwhoami 0755 bin bin 60844 48661 1221652765
1 i depend 152 12822 1180047046
1 d none include ? ? ?
1 f none include/lber.h 0644 bin bin 13734 21918 1221652758
1 f none include/lber_types.h 0644 bin bin 1541 58268 1221652758
1 f none include/ldap.h 0644 bin bin 54281 44107 1221652758
1 f none include/ldap_cdefs.h 0644 bin bin 9673 27671 1221652758
1 f none include/ldap_features.h 0644 bin bin 1969 26725 1221652759
1 f none include/ldap_schema.h 0644 bin bin 9523 20182 1221652758
1 f none include/ldap_utf8.h 0644 bin bin 3539 16359 1221652759
1 f none include/slapi-plugin.h 0644 bin bin 37582 10094 1221652759
1 d none lib ? ? ?
1 s none lib/liblber-2.3.so.0=liblber-2.3.so.0.2.31
1 f none lib/liblber-2.3.so.0.2.31 0755 bin bin 79360 10506 1221652807
1 s none lib/liblber.so=liblber-2.3.so.0.2.31
1 s none lib/libldap-2.3.so.0=libldap-2.3.so.0.2.31
1 f none lib/libldap-2.3.so.0.2.31 0755 bin bin 447888 51265 1221652807
1 s none lib/libldap.so=libldap-2.3.so.0.2.31
1 s none lib/libldap_r-2.3.so.0=libldap_r-2.3.so.0.2.31
1 f none lib/libldap_r-2.3.so.0.2.31 0755 bin bin 482940 53925 1221652807
1 s none lib/libldap_r.so=libldap_r-2.3.so.0.2.31
1 s none lib/libslapi-2.3.so.0=libslapi-2.3.so.0.2.31
1 f none lib/libslapi-2.3.so.0.2.31 0755 bin bin 170560 31452 1221652807
1 s none lib/libslapi.so=libslapi-2.3.so.0.2.31
1 i pkginfo 860 9875 1221652811
1 i postinstall 1109 18851 1221652807
1 i postremove 989 8487 1221652807
1 d none share ? ? ?
1 d none share/man ? ? ?
1 d none share/man/man1 ? ? ?
1 s none share/man/man1/ldapadd.1=ldapmodify.1
1 f none share/man/man1/ldapcompare.1 0644 bin bin 4705 3447 1221652793
1 f none share/man/man1/ldapdelete.1 0644 bin bin 5094 35937 1221652793
1 f none share/man/man1/ldapmodify.1 0644 bin bin 8260 35169 1221652793
1 f none share/man/man1/ldapmodrdn.1 0644 bin bin 5472 352 1221652793
1 f none share/man/man1/ldappasswd.1 0644 bin bin 4540 55171 1221652793
1 f none share/man/man1/ldapsearch.1 0644 bin bin 12467 10140 1221652793
1 f none share/man/man1/ldapwhoami.1 0644 bin bin 3654 43430 1221652793
1 d none share/man/man3 ? ? ?
1 s none share/man/man3/ber_alloc_t.3=lber-encode.3
1 s none share/man/man3/ber_bvarray_add.3=lber-types.3
1 s none share/man/man3/ber_bvarray_free.3=lber-types.3
1 s none share/man/man3/ber_bvdup.3=lber-types.3
1 s none share/man/man3/ber_bvecadd.3=lber-types.3
1 s none share/man/man3/ber_bvecfree.3=lber-types.3
1 s none share/man/man3/ber_bvfree.3=lber-types.3
1 s none share/man/man3/ber_bvstr.3=lber-types.3
1 s none share/man/man3/ber_bvstrdup.3=lber-types.3
1 s none share/man/man3/ber_dupbv.3=lber-types.3
1 s none share/man/man3/ber_first_element.3=lber-decode.3
1 s none share/man/man3/ber_flush.3=lber-encode.3
1 s none share/man/man3/ber_free.3=lber-types.3
1 s none share/man/man3/ber_get_bitstring.3=lber-decode.3
1 s none share/man/man3/ber_get_boolean.3=lber-decode.3
1 s none share/man/man3/ber_get_enum.3=lber-decode.3
1 s none share/man/man3/ber_get_int.3=lber-decode.3
1 s none share/man/man3/ber_get_next.3=lber-decode.3
1 s none share/man/man3/ber_get_null.3=lber-decode.3
1 s none share/man/man3/ber_get_stringa.3=lber-decode.3
1 s none share/man/man3/ber_get_stringb.3=lber-decode.3
1 s none share/man/man3/ber_next_element.3=lber-decode.3
1 s none share/man/man3/ber_peek_tag.3=lber-decode.3
1 s none share/man/man3/ber_printf.3=lber-encode.3
1 s none share/man/man3/ber_put_enum.3=lber-encode.3
1 s none share/man/man3/ber_put_int.3=lber-encode.3
1 s none share/man/man3/ber_put_null.3=lber-encode.3
1 s none share/man/man3/ber_put_ostring.3=lber-encode.3
1 s none share/man/man3/ber_put_seq.3=lber-encode.3
1 s none share/man/man3/ber_put_set.3=lber-encode.3
1 s none share/man/man3/ber_put_string.3=lber-encode.3
1 s none share/man/man3/ber_scanf.3=lber-decode.3
1 s none share/man/man3/ber_skip_tag.3=lber-decode.3
1 s none share/man/man3/ber_start_set.3=lber-encode.3
1 s none share/man/man3/ber_str2bv.3=lber-types.3
1 f none share/man/man3/lber-decode.3 0644 bin bin 12275 64386 1221652793
1 f none share/man/man3/lber-encode.3 0644 bin bin 8528 51078 1221652794
1 f none share/man/man3/lber-memory.3 0644 bin bin 1522 57464 1221652795
1 f none share/man/man3/lber-types.3 0644 bin bin 5722 31610 1221652795
1 s none share/man/man3/ld_errno.3=ldap_error.3
1 f none share/man/man3/ldap.3 0644 bin bin 7946 38986 1221652796
1 f none share/man/man3/ldap_abandon.3 0644 bin bin 1929 28150 1221652796
1 s none share/man/man3/ldap_abandon_ext.3=ldap_abandon.3
1 f none share/man/man3/ldap_add.3 0644 bin bin 2931 47800 1221652796
1 s none share/man/man3/ldap_add_ext.3=ldap_add.3
1 s none share/man/man3/ldap_add_ext_s.3=ldap_add.3
1 s none share/man/man3/ldap_add_s.3=ldap_add.3
1 s none share/man/man3/ldap_attributetype2name.3=ldap_schema.3
1 s none share/man/man3/ldap_attributetype2str.3=ldap_schema.3
1 s none share/man/man3/ldap_attributetype_free.3=ldap_schema.3
1 f none share/man/man3/ldap_bind.3 0644 bin bin 6468 19428 1221652797
1 s none share/man/man3/ldap_bind_s.3=ldap_bind.3
1 f none share/man/man3/ldap_compare.3 0644 bin bin 1955 33409 1221652797
1 s none share/man/man3/ldap_compare_ext.3=ldap_compare.3
1 s none share/man/man3/ldap_compare_ext_s.3=ldap_compare.3
1 s none share/man/man3/ldap_compare_s.3=ldap_compare.3
1 s none share/man/man3/ldap_count_entries.3=ldap_first_entry.3
1 s none share/man/man3/ldap_count_messages.3=ldap_first_message.3
1 s none share/man/man3/ldap_count_references.3=ldap_first_reference.3
1 s none share/man/man3/ldap_count_values.3=ldap_get_values.3
1 s none share/man/man3/ldap_count_values_len.3=ldap_get_values.3
1 s none share/man/man3/ldap_dcedn2dn.3=ldap_get_dn.3
1 f none share/man/man3/ldap_delete.3 0644 bin bin 1590 965 1221652798
1 s none share/man/man3/ldap_delete_ext.3=ldap_delete.3
1 s none share/man/man3/ldap_delete_ext_s.3=ldap_delete.3
1 s none share/man/man3/ldap_delete_s.3=ldap_delete.3
1 s none share/man/man3/ldap_dn2ad_canonical.3=ldap_get_dn.3
1 s none share/man/man3/ldap_dn2dcedn.3=ldap_get_dn.3
1 s none share/man/man3/ldap_dn2str.3=ldap_get_dn.3
1 s none share/man/man3/ldap_dn2ufn.3=ldap_get_dn.3
1 s none share/man/man3/ldap_err2string.3=ldap_error.3
1 s none share/man/man3/ldap_errlist.3=ldap_error.3
1 f none share/man/man3/ldap_error.3 0644 bin bin 5687 18739 1221652798
1 s none share/man/man3/ldap_explode_dn.3=ldap_get_dn.3
1 s none share/man/man3/ldap_explode_rdn.3=ldap_get_dn.3
1 f none share/man/man3/ldap_first_attribute.3 0644 bin bin 2339 4302 1221652798
1 f none share/man/man3/ldap_first_entry.3 0644 bin bin 2382 4711 1221652799
1 f none share/man/man3/ldap_first_message.3 0644 bin bin 2612 25749 1221652799
1 f none share/man/man3/ldap_first_reference.3 0644 bin bin 2324 2325 1221652799
1 s none share/man/man3/ldap_free_urldesc.3=ldap_url.3
1 f none share/man/man3/ldap_get_dn.3 0644 bin bin 6571 28459 1221652799
1 f none share/man/man3/ldap_get_values.3 0644 bin bin 2742 38474 1221652800
1 s none share/man/man3/ldap_get_values_len.3=ldap_get_values.3
1 s none share/man/man3/ldap_init.3=ldap_open.3
1 s none share/man/man3/ldap_is_ldap_url.3=ldap_url.3
1 s none share/man/man3/ldap_matchingrule2name.3=ldap_schema.3
1 s none share/man/man3/ldap_matchingrule2str.3=ldap_schema.3
1 s none share/man/man3/ldap_matchingrule_free.3=ldap_schema.3
1 f none share/man/man3/ldap_modify.3 0644 bin bin 3699 52930 1221652800
1 s none share/man/man3/ldap_modify_ext.3=ldap_modify.3
1 s none share/man/man3/ldap_modify_ext_s.3=ldap_modify.3
1 s none share/man/man3/ldap_modify_s.3=ldap_modify.3
1 f none share/man/man3/ldap_modrdn.3 0644 bin bin 2286 60423 1221652801
1 s none share/man/man3/ldap_modrdn2.3=ldap_modrdn.3
1 s none share/man/man3/ldap_modrdn2_s.3=ldap_modrdn.3
1 s none share/man/man3/ldap_modrdn_s.3=ldap_modrdn.3
1 s none share/man/man3/ldap_mods_free.3=ldap_modify.3
1 s none share/man/man3/ldap_msgfree.3=ldap_result.3
1 s none share/man/man3/ldap_msgid.3=ldap_result.3
1 s none share/man/man3/ldap_msgtype.3=ldap_result.3
1 s none share/man/man3/ldap_next_attribute.3=ldap_first_attribute.3
1 s none share/man/man3/ldap_next_entry.3=ldap_first_entry.3
1 s none share/man/man3/ldap_next_message.3=ldap_first_message.3
1 s none share/man/man3/ldap_next_reference.3=ldap_first_reference.3
1 s none share/man/man3/ldap_objectclass2name.3=ldap_schema.3
1 s none share/man/man3/ldap_objectclass2str.3=ldap_schema.3
1 s none share/man/man3/ldap_objectclass_free.3=ldap_schema.3
1 f none share/man/man3/ldap_open.3 0644 bin bin 3904 2081 1221652801
1 s none share/man/man3/ldap_parse_extended_result.3=ldap_parse_result.3
1 f none share/man/man3/ldap_parse_reference.3 0644 bin bin 2327 2808 1221652801
1 f none share/man/man3/ldap_parse_result.3 0644 bin bin 3984 20096 1221652801
1 s none share/man/man3/ldap_parse_sasl_bind_result.3=ldap_parse_result.3
1 s none share/man/man3/ldap_perror.3=ldap_error.3
1 f none share/man/man3/ldap_result.3 0644 bin bin 4164 28272 1221652802
1 s none share/man/man3/ldap_result2error.3=ldap_error.3
1 s none share/man/man3/ldap_sasl_bind.3=ldap_bind.3
1 s none share/man/man3/ldap_sasl_bind_s.3=ldap_bind.3
1 f none share/man/man3/ldap_schema.3 0644 bin bin 8961 45645 1221652802
1 s none share/man/man3/ldap_scherr2str.3=ldap_schema.3
1 f none share/man/man3/ldap_search.3 0644 bin bin 4512 58003 1221652803
1 s none share/man/man3/ldap_search_ext.3=ldap_search.3
1 s none share/man/man3/ldap_search_ext_s.3=ldap_search.3
1 s none share/man/man3/ldap_search_s.3=ldap_search.3
1 s none share/man/man3/ldap_search_st.3=ldap_search.3
1 s none share/man/man3/ldap_simple_bind.3=ldap_bind.3
1 s none share/man/man3/ldap_simple_bind_s.3=ldap_bind.3
1 f none share/man/man3/ldap_sort.3 0644 bin bin 3529 41169 1221652803
1 s none share/man/man3/ldap_sort_entries.3=ldap_sort.3
1 s none share/man/man3/ldap_sort_strcasecmp.3=ldap_sort.3
1 s none share/man/man3/ldap_sort_values.3=ldap_sort.3
1 s none share/man/man3/ldap_str2attributetype.3=ldap_schema.3
1 s none share/man/man3/ldap_str2dn.3=ldap_get_dn.3
1 s none share/man/man3/ldap_str2matchingrule.3=ldap_schema.3
1 s none share/man/man3/ldap_str2objectclass.3=ldap_schema.3
1 s none share/man/man3/ldap_str2syntax.3=ldap_schema.3
1 s none share/man/man3/ldap_syntax2name.3=ldap_schema.3
1 s none share/man/man3/ldap_syntax2str.3=ldap_schema.3
1 s none share/man/man3/ldap_syntax_free.3=ldap_schema.3
1 s none share/man/man3/ldap_unbind.3=ldap_bind.3
1 s none share/man/man3/ldap_unbind_ext.3=ldap_bind.3
1 s none share/man/man3/ldap_unbind_ext_s.3=ldap_bind.3
1 s none share/man/man3/ldap_unbind_s.3=ldap_bind.3
1 f none share/man/man3/ldap_url.3 0644 bin bin 3063 53418 1221652804
1 s none share/man/man3/ldap_url_parse.3=ldap_url.3
1 s none share/man/man3/ldap_value_free.3=ldap_get_values.3
1 s none share/man/man3/ldap_value_free_len.3=ldap_get_values.3
1 d none share/man/man5 ? ? ?
1 f none share/man/man5/ldif.5 0644 bin bin 5863 34486 1221652804
1 d none share/openldap 0755 bin bin
1 d none share/openldap/schema 0755 bin bin
1 f none share/openldap/schema/README 0444 bin bin 2968 56352 1221652791
1 f none share/openldap/schema/autofs.schema.default 0644 bin bin 748 56497 1108025299
1 f none share/openldap/schema/corba.schema.default 0444 bin bin 8231 51056 1221652791
1 f none share/openldap/schema/core.ldif 0444 bin bin 20591 28681 1221652791
1 f none share/openldap/schema/core.schema.default 0444 bin bin 19762 32292 1221652791
1 f none share/openldap/schema/cosine.schema.default 0444 bin bin 74080 347 1221652791
1 f none share/openldap/schema/dyngroup.schema.default 0444 bin bin 1553 801 1221652792
1 f none share/openldap/schema/inetorgperson.schema.default 0444 bin bin 6360 65231 1221652792
1 f none share/openldap/schema/java.schema.default 0444 bin bin 13984 16210 1221652792
1 f none share/openldap/schema/misc.schema.default 0444 bin bin 2471 54836 1221652792
1 f none share/openldap/schema/nis.schema.default 0444 bin bin 7723 58087 1221652792
1 f none share/openldap/schema/openldap.ldif 0444 bin bin 3391 24615 1221652791
1 f none share/openldap/schema/openldap.schema.default 0444 bin bin 1601 2343 1221652792
1 f none share/openldap/schema/ppolicy.schema.default 0444 bin bin 19689 58013 1221652792
07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000b00000000TRAILER!!! 0707010001e6fc000081a4000017820000044e0000000148d0f14b0000035c0000022d0000016a00000000000000000000000800000000pkginfo PKG=LNFopenldap-client
ARCH=i386
VERSION=2.3.36
MAXINST=1000
SERIALNUM=001
NAME=OpenLDAP Client
CATEGORY=network,utils,application
EMAIL=developers@linofee.org
VENDOR=LINOFEE, http://www.linofee.org
BASEDIR=/usr
DESC=This package contains an OpenLDAP client. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP.
LICINFO=Open LDAP License (BSD)
LICURL=http://www.openldap.org/doc/admin22/license.html
LICFILE=openldap.txt
PSTAMP=idev20080917140011
CLASSES=none
0707010001e6fb000081a4000017820000044e0000000148d0f14c000031250000022d0000016a00000000000000000000000700000000pkgmap : 1 4860
1 d none bin ? ? ?
1 s none bin/ldapadd=ldapmodify
1 f none bin/ldapcompare 0755 bin bin 60540 22362 1221652765
1 f none bin/ldapdelete 0755 bin bin 67996 20155 1221652764
1 f none bin/ldapmodify 0755 bin bin 72568 36214 1221652764
1 f none bin/ldapmodrdn 0755 bin bin 61764 623 1221652765
1 f none bin/ldappasswd 0755 bin bin 63372 54892 1221652765
1 f none bin/ldapsearch 0755 bin bin 82472 20659 1221652764
1 f none bin/ldapwhoami 0755 bin bin 60844 48661 1221652765
1 i depend 152 12822 1180047046
1 d none include ? ? ?
1 f none include/lber.h 0644 bin bin 13734 21918 1221652758
1 f none include/lber_types.h 0644 bin bin 1541 58268 1221652758
1 f none include/ldap.h 0644 bin bin 54281 44107 1221652758
1 f none include/ldap_cdefs.h 0644 bin bin 9673 27671 1221652758
1 f none include/ldap_features.h 0644 bin bin 1969 26725 1221652759
1 f none include/ldap_schema.h 0644 bin bin 9523 20182 1221652758
1 f none include/ldap_utf8.h 0644 bin bin 3539 16359 1221652759
1 f none include/slapi-plugin.h 0644 bin bin 37582 10094 1221652759
1 d none lib ? ? ?
1 s none lib/liblber-2.3.so.0=liblber-2.3.so.0.2.31
1 f none lib/liblber-2.3.so.0.2.31 0755 bin bin 79360 10506 1221652807
1 s none lib/liblber.so=liblber-2.3.so.0.2.31
1 s none lib/libldap-2.3.so.0=libldap-2.3.so.0.2.31
1 f none lib/libldap-2.3.so.0.2.31 0755 bin bin 447888 51265 1221652807
1 s none lib/libldap.so=libldap-2.3.so.0.2.31
1 s none lib/libldap_r-2.3.so.0=libldap_r-2.3.so.0.2.31
1 f none lib/libldap_r-2.3.so.0.2.31 0755 bin bin 482940 53925 1221652807
1 s none lib/libldap_r.so=libldap_r-2.3.so.0.2.31
1 s none lib/libslapi-2.3.so.0=libslapi-2.3.so.0.2.31
1 f none lib/libslapi-2.3.so.0.2.31 0755 bin bin 170560 31452 1221652807
1 s none lib/libslapi.so=libslapi-2.3.so.0.2.31
1 i pkginfo 860 9875 1221652811
1 i postinstall 1109 18851 1221652807
1 i postremove 989 8487 1221652807
1 d none share ? ? ?
1 d none share/man ? ? ?
1 d none share/man/man1 ? ? ?
1 s none share/man/man1/ldapadd.1=ldapmodify.1
1 f none share/man/man1/ldapcompare.1 0644 bin bin 4705 3447 1221652793
1 f none share/man/man1/ldapdelete.1 0644 bin bin 5094 35937 1221652793
1 f none share/man/man1/ldapmodify.1 0644 bin bin 8260 35169 1221652793
1 f none share/man/man1/ldapmodrdn.1 0644 bin bin 5472 352 1221652793
1 f none share/man/man1/ldappasswd.1 0644 bin bin 4540 55171 1221652793
1 f none share/man/man1/ldapsearch.1 0644 bin bin 12467 10140 1221652793
1 f none share/man/man1/ldapwhoami.1 0644 bin bin 3654 43430 1221652793
1 d none share/man/man3 ? ? ?
1 s none share/man/man3/ber_alloc_t.3=lber-encode.3
1 s none share/man/man3/ber_bvarray_add.3=lber-types.3
1 s none share/man/man3/ber_bvarray_free.3=lber-types.3
1 s none share/man/man3/ber_bvdup.3=lber-types.3
1 s none share/man/man3/ber_bvecadd.3=lber-types.3
1 s none share/man/man3/ber_bvecfree.3=lber-types.3
1 s none share/man/man3/ber_bvfree.3=lber-types.3
1 s none share/man/man3/ber_bvstr.3=lber-types.3
1 s none share/man/man3/ber_bvstrdup.3=lber-types.3
1 s none share/man/man3/ber_dupbv.3=lber-types.3
1 s none share/man/man3/ber_first_element.3=lber-decode.3
1 s none share/man/man3/ber_flush.3=lber-encode.3
1 s none share/man/man3/ber_free.3=lber-types.3
1 s none share/man/man3/ber_get_bitstring.3=lber-decode.3
1 s none share/man/man3/ber_get_boolean.3=lber-decode.3
1 s none share/man/man3/ber_get_enum.3=lber-decode.3
1 s none share/man/man3/ber_get_int.3=lber-decode.3
1 s none share/man/man3/ber_get_next.3=lber-decode.3
1 s none share/man/man3/ber_get_null.3=lber-decode.3
1 s none share/man/man3/ber_get_stringa.3=lber-decode.3
1 s none share/man/man3/ber_get_stringb.3=lber-decode.3
1 s none share/man/man3/ber_next_element.3=lber-decode.3
1 s none share/man/man3/ber_peek_tag.3=lber-decode.3
1 s none share/man/man3/ber_printf.3=lber-encode.3
1 s none share/man/man3/ber_put_enum.3=lber-encode.3
1 s none share/man/man3/ber_put_int.3=lber-encode.3
1 s none share/man/man3/ber_put_null.3=lber-encode.3
1 s none share/man/man3/ber_put_ostring.3=lber-encode.3
1 s none share/man/man3/ber_put_seq.3=lber-encode.3
1 s none share/man/man3/ber_put_set.3=lber-encode.3
1 s none share/man/man3/ber_put_string.3=lber-encode.3
1 s none share/man/man3/ber_scanf.3=lber-decode.3
1 s none share/man/man3/ber_skip_tag.3=lber-decode.3
1 s none share/man/man3/ber_start_set.3=lber-encode.3
1 s none share/man/man3/ber_str2bv.3=lber-types.3
1 f none share/man/man3/lber-decode.3 0644 bin bin 12275 64386 1221652793
1 f none share/man/man3/lber-encode.3 0644 bin bin 8528 51078 1221652794
1 f none share/man/man3/lber-memory.3 0644 bin bin 1522 57464 1221652795
1 f none share/man/man3/lber-types.3 0644 bin bin 5722 31610 1221652795
1 s none share/man/man3/ld_errno.3=ldap_error.3
1 f none share/man/man3/ldap.3 0644 bin bin 7946 38986 1221652796
1 f none share/man/man3/ldap_abandon.3 0644 bin bin 1929 28150 1221652796
1 s none share/man/man3/ldap_abandon_ext.3=ldap_abandon.3
1 f none share/man/man3/ldap_add.3 0644 bin bin 2931 47800 1221652796
1 s none share/man/man3/ldap_add_ext.3=ldap_add.3
1 s none share/man/man3/ldap_add_ext_s.3=ldap_add.3
1 s none share/man/man3/ldap_add_s.3=ldap_add.3
1 s none share/man/man3/ldap_attributetype2name.3=ldap_schema.3
1 s none share/man/man3/ldap_attributetype2str.3=ldap_schema.3
1 s none share/man/man3/ldap_attributetype_free.3=ldap_schema.3
1 f none share/man/man3/ldap_bind.3 0644 bin bin 6468 19428 1221652797
1 s none share/man/man3/ldap_bind_s.3=ldap_bind.3
1 f none share/man/man3/ldap_compare.3 0644 bin bin 1955 33409 1221652797
1 s none share/man/man3/ldap_compare_ext.3=ldap_compare.3
1 s none share/man/man3/ldap_compare_ext_s.3=ldap_compare.3
1 s none share/man/man3/ldap_compare_s.3=ldap_compare.3
1 s none share/man/man3/ldap_count_entries.3=ldap_first_entry.3
1 s none share/man/man3/ldap_count_messages.3=ldap_first_message.3
1 s none share/man/man3/ldap_count_references.3=ldap_first_reference.3
1 s none share/man/man3/ldap_count_values.3=ldap_get_values.3
1 s none share/man/man3/ldap_count_values_len.3=ldap_get_values.3
1 s none share/man/man3/ldap_dcedn2dn.3=ldap_get_dn.3
1 f none share/man/man3/ldap_delete.3 0644 bin bin 1590 965 1221652798
1 s none share/man/man3/ldap_delete_ext.3=ldap_delete.3
1 s none share/man/man3/ldap_delete_ext_s.3=ldap_delete.3
1 s none share/man/man3/ldap_delete_s.3=ldap_delete.3
1 s none share/man/man3/ldap_dn2ad_canonical.3=ldap_get_dn.3
1 s none share/man/man3/ldap_dn2dcedn.3=ldap_get_dn.3
1 s none share/man/man3/ldap_dn2str.3=ldap_get_dn.3
1 s none share/man/man3/ldap_dn2ufn.3=ldap_get_dn.3
1 s none share/man/man3/ldap_err2string.3=ldap_error.3
1 s none share/man/man3/ldap_errlist.3=ldap_error.3
1 f none share/man/man3/ldap_error.3 0644 bin bin 5687 18739 1221652798
1 s none share/man/man3/ldap_explode_dn.3=ldap_get_dn.3
1 s none share/man/man3/ldap_explode_rdn.3=ldap_get_dn.3
1 f none share/man/man3/ldap_first_attribute.3 0644 bin bin 2339 4302 1221652798
1 f none share/man/man3/ldap_first_entry.3 0644 bin bin 2382 4711 1221652799
1 f none share/man/man3/ldap_first_message.3 0644 bin bin 2612 25749 1221652799
1 f none share/man/man3/ldap_first_reference.3 0644 bin bin 2324 2325 1221652799
1 s none share/man/man3/ldap_free_urldesc.3=ldap_url.3
1 f none share/man/man3/ldap_get_dn.3 0644 bin bin 6571 28459 1221652799
1 f none share/man/man3/ldap_get_values.3 0644 bin bin 2742 38474 1221652800
1 s none share/man/man3/ldap_get_values_len.3=ldap_get_values.3
1 s none share/man/man3/ldap_init.3=ldap_open.3
1 s none share/man/man3/ldap_is_ldap_url.3=ldap_url.3
1 s none share/man/man3/ldap_matchingrule2name.3=ldap_schema.3
1 s none share/man/man3/ldap_matchingrule2str.3=ldap_schema.3
1 s none share/man/man3/ldap_matchingrule_free.3=ldap_schema.3
1 f none share/man/man3/ldap_modify.3 0644 bin bin 3699 52930 1221652800
1 s none share/man/man3/ldap_modify_ext.3=ldap_modify.3
1 s none share/man/man3/ldap_modify_ext_s.3=ldap_modify.3
1 s none share/man/man3/ldap_modify_s.3=ldap_modify.3
1 f none share/man/man3/ldap_modrdn.3 0644 bin bin 2286 60423 1221652801
1 s none share/man/man3/ldap_modrdn2.3=ldap_modrdn.3
1 s none share/man/man3/ldap_modrdn2_s.3=ldap_modrdn.3
1 s none share/man/man3/ldap_modrdn_s.3=ldap_modrdn.3
1 s none share/man/man3/ldap_mods_free.3=ldap_modify.3
1 s none share/man/man3/ldap_msgfree.3=ldap_result.3
1 s none share/man/man3/ldap_msgid.3=ldap_result.3
1 s none share/man/man3/ldap_msgtype.3=ldap_result.3
1 s none share/man/man3/ldap_next_attribute.3=ldap_first_attribute.3
1 s none share/man/man3/ldap_next_entry.3=ldap_first_entry.3
1 s none share/man/man3/ldap_next_message.3=ldap_first_message.3
1 s none share/man/man3/ldap_next_reference.3=ldap_first_reference.3
1 s none share/man/man3/ldap_objectclass2name.3=ldap_schema.3
1 s none share/man/man3/ldap_objectclass2str.3=ldap_schema.3
1 s none share/man/man3/ldap_objectclass_free.3=ldap_schema.3
1 f none share/man/man3/ldap_open.3 0644 bin bin 3904 2081 1221652801
1 s none share/man/man3/ldap_parse_extended_result.3=ldap_parse_result.3
1 f none share/man/man3/ldap_parse_reference.3 0644 bin bin 2327 2808 1221652801
1 f none share/man/man3/ldap_parse_result.3 0644 bin bin 3984 20096 1221652801
1 s none share/man/man3/ldap_parse_sasl_bind_result.3=ldap_parse_result.3
1 s none share/man/man3/ldap_perror.3=ldap_error.3
1 f none share/man/man3/ldap_result.3 0644 bin bin 4164 28272 1221652802
1 s none share/man/man3/ldap_result2error.3=ldap_error.3
1 s none share/man/man3/ldap_sasl_bind.3=ldap_bind.3
1 s none share/man/man3/ldap_sasl_bind_s.3=ldap_bind.3
1 f none share/man/man3/ldap_schema.3 0644 bin bin 8961 45645 1221652802
1 s none share/man/man3/ldap_scherr2str.3=ldap_schema.3
1 f none share/man/man3/ldap_search.3 0644 bin bin 4512 58003 1221652803
1 s none share/man/man3/ldap_search_ext.3=ldap_search.3
1 s none share/man/man3/ldap_search_ext_s.3=ldap_search.3
1 s none share/man/man3/ldap_search_s.3=ldap_search.3
1 s none share/man/man3/ldap_search_st.3=ldap_search.3
1 s none share/man/man3/ldap_simple_bind.3=ldap_bind.3
1 s none share/man/man3/ldap_simple_bind_s.3=ldap_bind.3
1 f none share/man/man3/ldap_sort.3 0644 bin bin 3529 41169 1221652803
1 s none share/man/man3/ldap_sort_entries.3=ldap_sort.3
1 s none share/man/man3/ldap_sort_strcasecmp.3=ldap_sort.3
1 s none share/man/man3/ldap_sort_values.3=ldap_sort.3
1 s none share/man/man3/ldap_str2attributetype.3=ldap_schema.3
1 s none share/man/man3/ldap_str2dn.3=ldap_get_dn.3
1 s none share/man/man3/ldap_str2matchingrule.3=ldap_schema.3
1 s none share/man/man3/ldap_str2objectclass.3=ldap_schema.3
1 s none share/man/man3/ldap_str2syntax.3=ldap_schema.3
1 s none share/man/man3/ldap_syntax2name.3=ldap_schema.3
1 s none share/man/man3/ldap_syntax2str.3=ldap_schema.3
1 s none share/man/man3/ldap_syntax_free.3=ldap_schema.3
1 s none share/man/man3/ldap_unbind.3=ldap_bind.3
1 s none share/man/man3/ldap_unbind_ext.3=ldap_bind.3
1 s none share/man/man3/ldap_unbind_ext_s.3=ldap_bind.3
1 s none share/man/man3/ldap_unbind_s.3=ldap_bind.3
1 f none share/man/man3/ldap_url.3 0644 bin bin 3063 53418 1221652804
1 s none share/man/man3/ldap_url_parse.3=ldap_url.3
1 s none share/man/man3/ldap_value_free.3=ldap_get_values.3
1 s none share/man/man3/ldap_value_free_len.3=ldap_get_values.3
1 d none share/man/man5 ? ? ?
1 f none share/man/man5/ldif.5 0644 bin bin 5863 34486 1221652804
1 d none share/openldap 0755 bin bin
1 d none share/openldap/schema 0755 bin bin
1 f none share/openldap/schema/README 0444 bin bin 2968 56352 1221652791
1 f none share/openldap/schema/autofs.schema.default 0644 bin bin 748 56497 1108025299
1 f none share/openldap/schema/corba.schema.default 0444 bin bin 8231 51056 1221652791
1 f none share/openldap/schema/core.ldif 0444 bin bin 20591 28681 1221652791
1 f none share/openldap/schema/core.schema.default 0444 bin bin 19762 32292 1221652791
1 f none share/openldap/schema/cosine.schema.default 0444 bin bin 74080 347 1221652791
1 f none share/openldap/schema/dyngroup.schema.default 0444 bin bin 1553 801 1221652792
1 f none share/openldap/schema/inetorgperson.schema.default 0444 bin bin 6360 65231 1221652792
1 f none share/openldap/schema/java.schema.default 0444 bin bin 13984 16210 1221652792
1 f none share/openldap/schema/misc.schema.default 0444 bin bin 2471 54836 1221652792
1 f none share/openldap/schema/nis.schema.default 0444 bin bin 7723 58087 1221652792
1 f none share/openldap/schema/openldap.ldif 0444 bin bin 3391 24615 1221652791
1 f none share/openldap/schema/openldap.schema.default 0444 bin bin 1601 2343 1221652792
1 f none share/openldap/schema/ppolicy.schema.default 0444 bin bin 19689 58013 1221652792
0707010001e706000041ed000017820000044e0000000248d0f14c000000000000022d0000016a00000000000000000000000800000000install 0707010001e707000081a4000017820000044e00000001465616c6000000980000022d0000016a00000000000000000000000f00000000install/depend P SUNWcslr Core Solaris Libraries (Root)
P SUNWcsl Core Solaris, (Shared Libs)
P SUNWopenssl-libraries OpenSSL Libraries (Usr)
P SUNWlibsasl SASL v2
0707010001e717000081a4000017820000044e0000000148d0f147000003dd0000022d0000016a00000000000000000000001300000000install/postremove # $Id: postremove.client,v 1.1 2006/06/01 18:26:55 elkner Exp $
if [ -z "$PKG_INSTALL_ROOT" ]; then
BASE=$CLIENT_BASEDIR
else
BASE=${PKG_INSTALL_ROOT}$CLIENT_BASEDIR
fi
CF_DIRS="${BASE}/share/openldap/schema"
echo " "
echo "Only the default cschema files were deleted. In case you do"
echo "NOT need your working schema files in"
echo "$CF_DIRS"
echo "anymore, you should delete them."
echo " "
if [ "$CLIENT_BASEDIR" = "/usr" -o "$CLIENT_BASEDIR" = "/usr/local" ]; then
exit 0
fi
LIBS=""
for l in lib ; do
_TMP=`crle | awk '/Default Library Path/ { print ":" $5 ":" }' \
| egrep ":$CLIENT_BASEDIR/$l"`
if [ -n "$_TMP" ]; then
LIBS="$LIBS \n$_TMP"
fi
done
if [ -n "$LIBS" ]; then
echo " "
echo "NOTE: The following library path[s] are still listed in the systems"
echo " default library search path (You may remove it using the crle"
echo " tool in if they are not required anymore):"
echo " "
echo "$LIBS"
echo " "
fi
exit 0
0707010001e716000081a4000017820000044e0000000148d0f147000004550000022d0000016a00000000000000000000001400000000install/postinstall # $Id: postinstall.client,v 1.1 2006/06/01 18:26:55 elkner Exp $
if [ -z "$PKG_INSTALL_ROOT" ]; then
ROOT=""
BASE=$CLIENT_BASEDIR
else
ROOT=${PKG_INSTALL_ROOT}
BASE=${PKG_INSTALL_ROOT}$CLIENT_BASEDIR
fi
I_DIR=${INST_DATADIR}/${PKG}
echo "Checking for missing schemes in ${BASE}/share/openldap/schema/ ..."
for CF in ${I_DIR}/reloc/share/openldap/schema/*.default; do
SRC="${BASE}/"`echo $CF | sed -e "s,${I_DIR}/reloc/,,"`
DST=`echo $SRC | sed -e 's,.default$,,'`
if [ ! -r ${DST} ]; then
cp -p ${SRC} ${DST}
else
echo " Leaving ${DST} as is!"
fi
done
if [ "$CLIENT_BASEDIR" = "/usr" ]; then
exit 0
fi
echo " "
echo "You may add the following library[s] to the default library search path"
echo "of your system using the crle tool, so that other applications are able"
echo "to find the installed libraries automatically:"
echo " "
LP=""
for l in lib; do
if [ -n "$l" ]; then
if [ -z "$LP" ]; then
LP="$CLIENT_BASEDIR/$l"
else
LP="${LP}:$CLIENT_BASEDIR/$l"
fi
fi
done
echo " $LP"
echo " "
echo "E.g.:"
echo " crle -c /var/ld/ld.config -l /usr/lib:$LP"
echo " "
exit 0
0707010001e6fd000041ed000017820000044e0000000648d0f14c000000000000022d0000016a00000000000000000000000600000000reloc 0707010001e718000041ed000017820000044e0000000448d0f14d000000000000022d0000016a00000000000000000000000c00000000reloc/share 0707010001e740000041ed000017820000044e0000000348d0f14d000000000000022d0000016a00000000000000000000001500000000reloc/share/openldap 0707010001e741000041ed000017820000044e0000000248d0f14e000000000000022d0000016a00000000000000000000001c00000000reloc/share/openldap/schema 0707010001e74600008124000017820000044e0000000148d0f13700004d320000022d0000016a00000000000000000000003000000000reloc/share/openldap/schema/core.schema.default # OpenLDAP Core schema
# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.schema,v 1.79.2.9 2008/02/11 23:24:25 kurt Exp $
## This work is part of OpenLDAP Software .
##
## Copyright 1998-2008 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## .
#
## Portions Copyright (C) The Internet Society (1997-2003).
## All Rights Reserved.
##
## This document and translations of it may be copied and furnished to
## others, and derivative works that comment on or otherwise explain it
## or assist in its implementation may be prepared, copied, published
## and distributed, in whole or in part, without restriction of any
## kind, provided that the above copyright notice and this paragraph are
## included on all such copies and derivative works. However, this
## document itself may not be modified in any way, such as by removing
## the copyright notice or references to the Internet Society or other
## Internet organizations, except as needed for the purpose of
## developing Internet standards in which case the procedures for
## copyrights defined in the Internet Standards process must be
## followed, or as required to translate it into languages other than
## English.
##
## The limited permissions granted above are perpetual and will not be
## revoked by the Internet Society or its successors or assigns.
##
## This document and the information contained herein is provided on an
## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
#
#
# Includes LDAPv3 schema items from:
# RFC 2252/2256 (LDAPv3)
#
# Select standard track schema items:
# RFC 1274 (uid/dc)
# RFC 2079 (URI)
# RFC 2247 (dc/dcObject)
# RFC 2587 (PKI)
# RFC 2589 (Dynamic Directory Services)
#
# Select informational schema items:
# RFC 2377 (uidObject)
#
# Standard attribute types from RFC 2256
#
# system schema
#attributetype ( 2.5.4.0 NAME 'objectClass'
# DESC 'RFC2256: object classes of the entity'
# EQUALITY objectIdentifierMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
# system schema
#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
# DESC 'RFC2256: name of aliased object'
# EQUALITY distinguishedNameMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
attributetype ( 2.5.4.2 NAME 'knowledgeInformation'
DESC 'RFC2256: knowledge information'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
# system schema
#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
# DESC 'RFC2256: common name(s) for which the entity is known by'
# SUP name )
attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )
DESC 'RFC2256: last (family) name(s) for which the entity is known by'
SUP name )
attributetype ( 2.5.4.5 NAME 'serialNumber'
DESC 'RFC2256: serial number of the entity'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
DESC 'RFC2256: ISO-3166 country 2-letter code'
SUP name SINGLE-VALUE )
attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )
DESC 'RFC2256: locality which this object resides in'
SUP name )
attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
DESC 'RFC2256: state or province which this object resides in'
SUP name )
attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
DESC 'RFC2256: street address of this object'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' )
DESC 'RFC2256: organization this object belongs to'
SUP name )
attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
DESC 'RFC2256: organizational unit this object belongs to'
SUP name )
attributetype ( 2.5.4.12 NAME 'title'
DESC 'RFC2256: title associated with the entity'
SUP name )
# system schema
#attributetype ( 2.5.4.13 NAME 'description'
# DESC 'RFC2256: descriptive information'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
# Deprecated by enhancedSearchGuide
attributetype ( 2.5.4.14 NAME 'searchGuide'
DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
attributetype ( 2.5.4.15 NAME 'businessCategory'
DESC 'RFC2256: business category'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
attributetype ( 2.5.4.16 NAME 'postalAddress'
DESC 'RFC2256: postal address'
EQUALITY caseIgnoreListMatch
SUBSTR caseIgnoreListSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
attributetype ( 2.5.4.17 NAME 'postalCode'
DESC 'RFC2256: postal code'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
attributetype ( 2.5.4.18 NAME 'postOfficeBox'
DESC 'RFC2256: Post Office Box'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
DESC 'RFC2256: Physical Delivery Office Name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
attributetype ( 2.5.4.20 NAME 'telephoneNumber'
DESC 'RFC2256: Telephone Number'
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
attributetype ( 2.5.4.21 NAME 'telexNumber'
DESC 'RFC2256: Telex Number'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
DESC 'RFC2256: Teletex Terminal Identifier'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
DESC 'RFC2256: Facsimile (Fax) Telephone Number'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
attributetype ( 2.5.4.24 NAME 'x121Address'
DESC 'RFC2256: X.121 Address'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber'
DESC 'RFC2256: international ISDN number'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
attributetype ( 2.5.4.26 NAME 'registeredAddress'
DESC 'RFC2256: registered postal address'
SUP postalAddress
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
attributetype ( 2.5.4.27 NAME 'destinationIndicator'
DESC 'RFC2256: destination indicator'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'
DESC 'RFC2256: preferred delivery method'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
SINGLE-VALUE )
attributetype ( 2.5.4.29 NAME 'presentationAddress'
DESC 'RFC2256: presentation address'
EQUALITY presentationAddressMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
SINGLE-VALUE )
attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'
DESC 'RFC2256: supported application context'
EQUALITY objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
attributetype ( 2.5.4.31 NAME 'member'
DESC 'RFC2256: member of a group'
SUP distinguishedName )
attributetype ( 2.5.4.32 NAME 'owner'
DESC 'RFC2256: owner (of the object)'
SUP distinguishedName )
attributetype ( 2.5.4.33 NAME 'roleOccupant'
DESC 'RFC2256: occupant of role'
SUP distinguishedName )
# system schema
#attributetype ( 2.5.4.34 NAME 'seeAlso'
# DESC 'RFC2256: DN of related object'
# SUP distinguishedName )
# system schema
#attributetype ( 2.5.4.35 NAME 'userPassword'
# DESC 'RFC2256/2307: password of user'
# EQUALITY octetStringMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
# Must be transferred using ;binary
# with certificateExactMatch rule (per X.509)
attributetype ( 2.5.4.36 NAME 'userCertificate'
DESC 'RFC2256: X.509 user certificate, use ;binary'
EQUALITY certificateExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
# Must be transferred using ;binary
# with certificateExactMatch rule (per X.509)
attributetype ( 2.5.4.37 NAME 'cACertificate'
DESC 'RFC2256: X.509 CA certificate, use ;binary'
EQUALITY certificateExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
# Must be transferred using ;binary
attributetype ( 2.5.4.38 NAME 'authorityRevocationList'
DESC 'RFC2256: X.509 authority revocation list, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
# Must be transferred using ;binary
attributetype ( 2.5.4.39 NAME 'certificateRevocationList'
DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
# Must be stored and requested in the binary form
attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
# system schema
#attributetype ( 2.5.4.41 NAME 'name'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' )
DESC 'RFC2256: first name(s) for which the entity is known by'
SUP name )
attributetype ( 2.5.4.43 NAME 'initials'
DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
SUP name )
attributetype ( 2.5.4.44 NAME 'generationQualifier'
DESC 'RFC2256: name qualifier indicating a generation'
SUP name )
attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'
DESC 'RFC2256: X.500 unique identifier'
EQUALITY bitStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
attributetype ( 2.5.4.46 NAME 'dnQualifier'
DESC 'RFC2256: DN qualifier'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'
DESC 'RFC2256: enhanced search guide'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
attributetype ( 2.5.4.48 NAME 'protocolInformation'
DESC 'RFC2256: protocol information'
EQUALITY protocolInformationMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
# system schema
#attributetype ( 2.5.4.49 NAME 'distinguishedName'
# EQUALITY distinguishedNameMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.5.4.50 NAME 'uniqueMember'
DESC 'RFC2256: unique member of a group'
EQUALITY uniqueMemberMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
attributetype ( 2.5.4.51 NAME 'houseIdentifier'
DESC 'RFC2256: house identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
# Must be transferred using ;binary
attributetype ( 2.5.4.52 NAME 'supportedAlgorithms'
DESC 'RFC2256: supported algorithms'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
# Must be transferred using ;binary
attributetype ( 2.5.4.53 NAME 'deltaRevocationList'
DESC 'RFC2256: delta revocation list; use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
attributetype ( 2.5.4.54 NAME 'dmdName'
DESC 'RFC2256: name of DMD'
SUP name )
attributetype ( 2.5.4.65 NAME 'pseudonym'
DESC 'X.520(4th): pseudonym for the object'
SUP name )
# Standard object classes from RFC2256
# system schema
#objectclass ( 2.5.6.0 NAME 'top'
# DESC 'RFC2256: top of the superclass chain'
# ABSTRACT
# MUST objectClass )
# system schema
#objectclass ( 2.5.6.1 NAME 'alias'
# DESC 'RFC2256: an alias'
# SUP top STRUCTURAL
# MUST aliasedObjectName )
objectclass ( 2.5.6.2 NAME 'country'
DESC 'RFC2256: a country'
SUP top STRUCTURAL
MUST c
MAY ( searchGuide $ description ) )
objectclass ( 2.5.6.3 NAME 'locality'
DESC 'RFC2256: a locality'
SUP top STRUCTURAL
MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
objectclass ( 2.5.6.4 NAME 'organization'
DESC 'RFC2256: an organization'
SUP top STRUCTURAL
MUST o
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
objectclass ( 2.5.6.5 NAME 'organizationalUnit'
DESC 'RFC2256: an organizational unit'
SUP top STRUCTURAL
MUST ou
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
objectclass ( 2.5.6.6 NAME 'person'
DESC 'RFC2256: a person'
SUP top STRUCTURAL
MUST ( sn $ cn )
MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
objectclass ( 2.5.6.7 NAME 'organizationalPerson'
DESC 'RFC2256: an organizational person'
SUP person STRUCTURAL
MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
objectclass ( 2.5.6.8 NAME 'organizationalRole'
DESC 'RFC2256: an organizational role'
SUP top STRUCTURAL
MUST cn
MAY ( x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
objectclass ( 2.5.6.9 NAME 'groupOfNames'
DESC 'RFC2256: a group of names (DNs)'
SUP top STRUCTURAL
MUST ( member $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
objectclass ( 2.5.6.10 NAME 'residentialPerson'
DESC 'RFC2256: an residential person'
SUP person STRUCTURAL
MUST l
MAY ( businessCategory $ x121Address $ registeredAddress $
destinationIndicator $ preferredDeliveryMethod $ telexNumber $
teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l ) )
objectclass ( 2.5.6.11 NAME 'applicationProcess'
DESC 'RFC2256: an application process'
SUP top STRUCTURAL
MUST cn
MAY ( seeAlso $ ou $ l $ description ) )
objectclass ( 2.5.6.12 NAME 'applicationEntity'
DESC 'RFC2256: an application entity'
SUP top STRUCTURAL
MUST ( presentationAddress $ cn )
MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
description ) )
objectclass ( 2.5.6.13 NAME 'dSA'
DESC 'RFC2256: a directory system agent (a server)'
SUP applicationEntity STRUCTURAL
MAY knowledgeInformation )
objectclass ( 2.5.6.14 NAME 'device'
DESC 'RFC2256: a device'
SUP top STRUCTURAL
MUST cn
MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser'
DESC 'RFC2256: a strong authentication user'
SUP top AUXILIARY
MUST userCertificate )
objectclass ( 2.5.6.16 NAME 'certificationAuthority'
DESC 'RFC2256: a certificate authority'
SUP top AUXILIARY
MUST ( authorityRevocationList $ certificateRevocationList $
cACertificate ) MAY crossCertificatePair )
objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
SUP top STRUCTURAL
MUST ( uniqueMember $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
objectclass ( 2.5.6.18 NAME 'userSecurityInformation'
DESC 'RFC2256: a user security information'
SUP top AUXILIARY
MAY ( supportedAlgorithms ) )
objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
SUP certificationAuthority
AUXILIARY MAY ( deltaRevocationList ) )
objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'
SUP top STRUCTURAL
MUST ( cn )
MAY ( certificateRevocationList $ authorityRevocationList $
deltaRevocationList ) )
objectclass ( 2.5.6.20 NAME 'dmd'
SUP top STRUCTURAL
MUST ( dmdName )
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l $ description ) )
#
# Object Classes from RFC 2587
#
objectclass ( 2.5.6.21 NAME 'pkiUser'
DESC 'RFC2587: a PKI user'
SUP top AUXILIARY
MAY userCertificate )
objectclass ( 2.5.6.22 NAME 'pkiCA'
DESC 'RFC2587: PKI certificate authority'
SUP top AUXILIARY
MAY ( authorityRevocationList $ certificateRevocationList $
cACertificate $ crossCertificatePair ) )
objectclass ( 2.5.6.23 NAME 'deltaCRL'
DESC 'RFC2587: PKI user'
SUP top AUXILIARY
MAY deltaRevocationList )
#
# Standard Track URI label schema from RFC 2079
# system schema
#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
# DESC 'RFC2079: Uniform Resource Identifier with optional label'
# EQUALITY caseExactMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
DESC 'RFC2079: object that contains the URI attribute type'
SUP top AUXILIARY
MAY ( labeledURI ) )
#
# Derived from RFC 1274, but with new "short names"
#
#attributetype ( 0.9.2342.19200300.100.1.1
# NAME ( 'uid' 'userid' )
# DESC 'RFC1274: user identifier'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.3
NAME ( 'mail' 'rfc822Mailbox' )
DESC 'RFC1274: RFC822 Mailbox'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
DESC 'RFC1274: simple security object'
SUP top AUXILIARY
MUST userPassword )
# RFC 1274 + RFC 2247
attributetype ( 0.9.2342.19200300.100.1.25
NAME ( 'dc' 'domainComponent' )
DESC 'RFC1274/2247: domain component'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
# RFC 2247
objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
DESC 'RFC2247: domain component object'
SUP top AUXILIARY MUST dc )
# RFC 2377
objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
DESC 'RFC2377: uid object'
SUP top AUXILIARY MUST uid )
# From COSINE Pilot
attributetype ( 0.9.2342.19200300.100.1.37
NAME 'associatedDomain'
DESC 'RFC1274: domain associated with object'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
attributetype ( 1.2.840.113549.1.9.1
NAME ( 'email' 'emailAddress' 'pkcs9email' )
DESC 'RFC3280: legacy attribute for email addresses in DNs'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
0707010001e74500008124000017820000044e0000000148d0f1370000506f0000022d0000016a00000000000000000000002600000000reloc/share/openldap/schema/core.ldif # OpenLDAP Core schema
# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.ldif,v 1.1.2.6 2008/02/11 23:24:25 kurt Exp $
## This work is part of OpenLDAP Software .
##
## Copyright 1998-2008 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## .
#
## Portions Copyright (C) The Internet Society (1997-2003).
## All Rights Reserved.
##
## This document and translations of it may be copied and furnished to
## others, and derivative works that comment on or otherwise explain it
## or assist in its implementation may be prepared, copied, published
## and distributed, in whole or in part, without restriction of any
## kind, provided that the above copyright notice and this paragraph are
## included on all such copies and derivative works. However, this
## document itself may not be modified in any way, such as by removing
## the copyright notice or references to the Internet Society or other
## Internet organizations, except as needed for the purpose of
## developing Internet standards in which case the procedures for
## copyrights defined in the Internet Standards process must be
## followed, or as required to translate it into languages other than
## English.
##
## The limited permissions granted above are perpetual and will not be
## revoked by the Internet Society or its successors or assigns.
##
## This document and the information contained herein is provided on an
## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
#
#
#
# Includes LDAPv3 schema items from:
# RFC 2252/2256 (LDAPv3)
#
# Select standard track schema items:
# RFC 1274 (uid/dc)
# RFC 2079 (URI)
# RFC 2247 (dc/dcObject)
# RFC 2587 (PKI)
# RFC 2589 (Dynamic Directory Services)
#
# Select informational schema items:
# RFC 2377 (uidObject)
#
#
# Standard attribute types from RFC 2256
#
dn: cn=core,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: core
#
# system schema
#olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass'
# DESC 'RFC2256: object classes of the entity'
# EQUALITY objectIdentifierMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
#
# system schema
#olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
# DESC 'RFC2256: name of aliased object'
# EQUALITY distinguishedNameMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
#
olcAttributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation'
DESC 'RFC2256: knowledge information'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
#
# system schema
#olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' )
# DESC 'RFC2256: common name(s) for which the entity is known by'
# SUP name )
#
olcAttributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surname' )
DESC 'RFC2256: last (family) name(s) for which the entity is known by'
SUP name )
#
olcAttributeTypes: ( 2.5.4.5 NAME 'serialNumber'
DESC 'RFC2256: serial number of the entity'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
#
olcAttributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' )
DESC 'RFC2256: ISO-3166 country 2-letter code'
SUP name SINGLE-VALUE )
#
olcAttributeTypes: ( 2.5.4.7 NAME ( 'l' 'localityName' )
DESC 'RFC2256: locality which this object resides in'
SUP name )
#
olcAttributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
DESC 'RFC2256: state or province which this object resides in'
SUP name )
#
olcAttributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
DESC 'RFC2256: street address of this object'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
#
olcAttributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationName' )
DESC 'RFC2256: organization this object belongs to'
SUP name )
#
olcAttributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
DESC 'RFC2256: organizational unit this object belongs to'
SUP name )
#
olcAttributeTypes: ( 2.5.4.12 NAME 'title'
DESC 'RFC2256: title associated with the entity'
SUP name )
#
# system schema
#olcAttributeTypes: ( 2.5.4.13 NAME 'description'
# DESC 'RFC2256: descriptive information'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
#
# Deprecated by enhancedSearchGuide
olcAttributeTypes: ( 2.5.4.14 NAME 'searchGuide'
DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
#
olcAttributeTypes: ( 2.5.4.15 NAME 'businessCategory'
DESC 'RFC2256: business category'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
#
olcAttributeTypes: ( 2.5.4.16 NAME 'postalAddress'
DESC 'RFC2256: postal address'
EQUALITY caseIgnoreListMatch
SUBSTR caseIgnoreListSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
#
olcAttributeTypes: ( 2.5.4.17 NAME 'postalCode'
DESC 'RFC2256: postal code'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
#
olcAttributeTypes: ( 2.5.4.18 NAME 'postOfficeBox'
DESC 'RFC2256: Post Office Box'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
#
olcAttributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
DESC 'RFC2256: Physical Delivery Office Name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
#
olcAttributeTypes: ( 2.5.4.20 NAME 'telephoneNumber'
DESC 'RFC2256: Telephone Number'
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
#
olcAttributeTypes: ( 2.5.4.21 NAME 'telexNumber'
DESC 'RFC2256: Telex Number'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
#
olcAttributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
DESC 'RFC2256: Teletex Terminal Identifier'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
#
olcAttributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
DESC 'RFC2256: Facsimile (Fax) Telephone Number'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
#
olcAttributeTypes: ( 2.5.4.24 NAME 'x121Address'
DESC 'RFC2256: X.121 Address'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
#
olcAttributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber'
DESC 'RFC2256: international ISDN number'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
#
olcAttributeTypes: ( 2.5.4.26 NAME 'registeredAddress'
DESC 'RFC2256: registered postal address'
SUP postalAddress
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
#
olcAttributeTypes: ( 2.5.4.27 NAME 'destinationIndicator'
DESC 'RFC2256: destination indicator'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
#
olcAttributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod'
DESC 'RFC2256: preferred delivery method'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
SINGLE-VALUE )
#
olcAttributeTypes: ( 2.5.4.29 NAME 'presentationAddress'
DESC 'RFC2256: presentation address'
EQUALITY presentationAddressMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
SINGLE-VALUE )
#
olcAttributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext'
DESC 'RFC2256: supported application context'
EQUALITY objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
#
olcAttributeTypes: ( 2.5.4.31 NAME 'member'
DESC 'RFC2256: member of a group'
SUP distinguishedName )
#
olcAttributeTypes: ( 2.5.4.32 NAME 'owner'
DESC 'RFC2256: owner (of the object)'
SUP distinguishedName )
#
olcAttributeTypes: ( 2.5.4.33 NAME 'roleOccupant'
DESC 'RFC2256: occupant of role'
SUP distinguishedName )
#
# system schema
#olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso'
# DESC 'RFC2256: DN of related object'
# SUP distinguishedName )
#
# system schema
#olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword'
# DESC 'RFC2256/2307: password of user'
# EQUALITY octetStringMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
#
# Must be transferred using ;binary
# with certificateExactMatch rule (per X.509)
olcAttributeTypes: ( 2.5.4.36 NAME 'userCertificate'
DESC 'RFC2256: X.509 user certificate, use ;binary'
EQUALITY certificateExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
#
# Must be transferred using ;binary
# with certificateExactMatch rule (per X.509)
olcAttributeTypes: ( 2.5.4.37 NAME 'cACertificate'
DESC 'RFC2256: X.509 CA certificate, use ;binary'
EQUALITY certificateExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
#
# Must be transferred using ;binary
olcAttributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList'
DESC 'RFC2256: X.509 authority revocation list, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
#
# Must be transferred using ;binary
olcAttributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList'
DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
#
# Must be stored and requested in the binary form
olcAttributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair'
DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
#
# 2.5.4.41 is defined above as it's used for subtyping
#olcAttributeTypes: ( 2.5.4.41 NAME 'name'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
#
olcAttributeTypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' )
DESC 'RFC2256: first name(s) for which the entity is known by'
SUP name )
#
olcAttributeTypes: ( 2.5.4.43 NAME 'initials'
DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
SUP name )
#
olcAttributeTypes: ( 2.5.4.44 NAME 'generationQualifier'
DESC 'RFC2256: name qualifier indicating a generation'
SUP name )
#
olcAttributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier'
DESC 'RFC2256: X.500 unique identifier'
EQUALITY bitStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
#
olcAttributeTypes: ( 2.5.4.46 NAME 'dnQualifier'
DESC 'RFC2256: DN qualifier'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
#
olcAttributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide'
DESC 'RFC2256: enhanced search guide'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
#
olcAttributeTypes: ( 2.5.4.48 NAME 'protocolInformation'
DESC 'RFC2256: protocol information'
EQUALITY protocolInformationMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
#
# 2.5.4.49 is defined above as it's used for subtyping
#olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName'
# EQUALITY distinguishedNameMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
#
olcAttributeTypes: ( 2.5.4.50 NAME 'uniqueMember'
DESC 'RFC2256: unique member of a group'
EQUALITY uniqueMemberMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
#
olcAttributeTypes: ( 2.5.4.51 NAME 'houseIdentifier'
DESC 'RFC2256: house identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
#
# Must be transferred using ;binary
olcAttributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms'
DESC 'RFC2256: supported algorithms'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
#
# Must be transferred using ;binary
olcAttributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList'
DESC 'RFC2256: delta revocation list; use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
#
olcAttributeTypes: ( 2.5.4.54 NAME 'dmdName'
DESC 'RFC2256: name of DMD'
SUP name )
#
olcAttributeTypes: ( 2.5.4.65 NAME 'pseudonym'
DESC 'X.520(4th): pseudonym for the object'
SUP name )
#
# Standard object classes from RFC2256
#
# system schema
#olcObjectClasses: ( 2.5.6.1 NAME 'alias'
# DESC 'RFC2256: an alias'
# SUP top STRUCTURAL
# MUST aliasedObjectName )
#
olcObjectClasses: ( 2.5.6.2 NAME 'country'
DESC 'RFC2256: a country'
SUP top STRUCTURAL
MUST c
MAY ( searchGuide $ description ) )
#
olcObjectClasses: ( 2.5.6.3 NAME 'locality'
DESC 'RFC2256: a locality'
SUP top STRUCTURAL
MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
#
olcObjectClasses: ( 2.5.6.4 NAME 'organization'
DESC 'RFC2256: an organization'
SUP top STRUCTURAL
MUST o
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
#
olcObjectClasses: ( 2.5.6.5 NAME 'organizationalUnit'
DESC 'RFC2256: an organizational unit'
SUP top STRUCTURAL
MUST ou
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
#
olcObjectClasses: ( 2.5.6.6 NAME 'person'
DESC 'RFC2256: a person'
SUP top STRUCTURAL
MUST ( sn $ cn )
MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
#
olcObjectClasses: ( 2.5.6.7 NAME 'organizationalPerson'
DESC 'RFC2256: an organizational person'
SUP person STRUCTURAL
MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
#
olcObjectClasses: ( 2.5.6.8 NAME 'organizationalRole'
DESC 'RFC2256: an organizational role'
SUP top STRUCTURAL
MUST cn
MAY ( x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
#
olcObjectClasses: ( 2.5.6.9 NAME 'groupOfNames'
DESC 'RFC2256: a group of names (DNs)'
SUP top STRUCTURAL
MUST ( member $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
#
olcObjectClasses: ( 2.5.6.10 NAME 'residentialPerson'
DESC 'RFC2256: an residential person'
SUP person STRUCTURAL
MUST l
MAY ( businessCategory $ x121Address $ registeredAddress $
destinationIndicator $ preferredDeliveryMethod $ telexNumber $
teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l ) )
#
olcObjectClasses: ( 2.5.6.11 NAME 'applicationProcess'
DESC 'RFC2256: an application process'
SUP top STRUCTURAL
MUST cn
MAY ( seeAlso $ ou $ l $ description ) )
#
olcObjectClasses: ( 2.5.6.12 NAME 'applicationEntity'
DESC 'RFC2256: an application entity'
SUP top STRUCTURAL
MUST ( presentationAddress $ cn )
MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
description ) )
#
olcObjectClasses: ( 2.5.6.13 NAME 'dSA'
DESC 'RFC2256: a directory system agent (a server)'
SUP applicationEntity STRUCTURAL
MAY knowledgeInformation )
#
olcObjectClasses: ( 2.5.6.14 NAME 'device'
DESC 'RFC2256: a device'
SUP top STRUCTURAL
MUST cn
MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
#
olcObjectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser'
DESC 'RFC2256: a strong authentication user'
SUP top AUXILIARY
MUST userCertificate )
#
olcObjectClasses: ( 2.5.6.16 NAME 'certificationAuthority'
DESC 'RFC2256: a certificate authority'
SUP top AUXILIARY
MUST ( authorityRevocationList $ certificateRevocationList $
cACertificate ) MAY crossCertificatePair )
#
olcObjectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames'
DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
SUP top STRUCTURAL
MUST ( uniqueMember $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
#
olcObjectClasses: ( 2.5.6.18 NAME 'userSecurityInformation'
DESC 'RFC2256: a user security information'
SUP top AUXILIARY
MAY ( supportedAlgorithms ) )
#
olcObjectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
SUP certificationAuthority
AUXILIARY MAY ( deltaRevocationList ) )
#
olcObjectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint'
SUP top STRUCTURAL
MUST ( cn )
MAY ( certificateRevocationList $ authorityRevocationList $
deltaRevocationList ) )
#
olcObjectClasses: ( 2.5.6.20 NAME 'dmd'
SUP top STRUCTURAL
MUST ( dmdName )
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l $ description ) )
#
#
# Object Classes from RFC 2587
#
olcObjectClasses: ( 2.5.6.21 NAME 'pkiUser'
DESC 'RFC2587: a PKI user'
SUP top AUXILIARY
MAY userCertificate )
#
olcObjectClasses: ( 2.5.6.22 NAME 'pkiCA'
DESC 'RFC2587: PKI certificate authority'
SUP top AUXILIARY
MAY ( authorityRevocationList $ certificateRevocationList $
cACertificate $ crossCertificatePair ) )
#
olcObjectClasses: ( 2.5.6.23 NAME 'deltaCRL'
DESC 'RFC2587: PKI user'
SUP top AUXILIARY
MAY deltaRevocationList )
#
#
# Standard Track URI label schema from RFC 2079
# system schema
#olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
# DESC 'RFC2079: Uniform Resource Identifier with optional label'
# EQUALITY caseExactMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
#
olcObjectClasses: ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
DESC 'RFC2079: object that contains the URI attribute type'
MAY ( labeledURI )
SUP top AUXILIARY )
#
#
# Derived from RFC 1274, but with new "short names"
#
#olcAttributeTypes: ( 0.9.2342.19200300.100.1.1
# NAME ( 'uid' 'userid' )
# DESC 'RFC1274: user identifier'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
#
olcAttributeTypes: ( 0.9.2342.19200300.100.1.3
NAME ( 'mail' 'rfc822Mailbox' )
DESC 'RFC1274: RFC822 Mailbox'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
#
olcObjectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
DESC 'RFC1274: simple security object'
SUP top AUXILIARY
MUST userPassword )
#
# RFC 1274 + RFC 2247
olcAttributeTypes: ( 0.9.2342.19200300.100.1.25
NAME ( 'dc' 'domainComponent' )
DESC 'RFC1274/2247: domain component'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
#
# RFC 2247
olcObjectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
DESC 'RFC2247: domain component object'
SUP top AUXILIARY MUST dc )
#
# RFC 2377
olcObjectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject'
DESC 'RFC2377: uid object'
SUP top AUXILIARY MUST uid )
#
# From COSINE Pilot
olcAttributeTypes: ( 0.9.2342.19200300.100.1.37
NAME 'associatedDomain'
DESC 'RFC1274: domain associated with object'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
#
# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
olcAttributeTypes: ( 1.2.840.113549.1.9.1
NAME ( 'email' 'emailAddress' 'pkcs9email' )
DESC 'RFC3280: legacy attribute for email addresses in DNs'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
#
0707010001e74e00008124000017820000044e0000000148d0f138000006410000022d0000016a00000000000000000000003400000000reloc/share/openldap/schema/openldap.schema.default # $OpenLDAP: pkg/ldap/servers/slapd/schema/openldap.schema,v 1.19.2.5 2008/02/11 23:24:26 kurt Exp $
## This work is part of OpenLDAP Software .
##
## Copyright 1998-2008 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## .
#
# OpenLDAP Project's directory schema items
#
# depends upon:
# core.schema
# cosine.schema
# inetorgperson.schema
#
# These are provided for informational purposes only.
objectIdentifier OpenLDAProot 1.3.6.1.4.1.4203
objectIdentifier OpenLDAP OpenLDAProot:1
objectIdentifier OpenLDAPattributeType OpenLDAP:3
objectIdentifier OpenLDAPobjectClass OpenLDAP:4
objectClass ( OpenLDAPobjectClass:3
NAME 'OpenLDAPorg'
DESC 'OpenLDAP Organizational Object'
SUP organization
MAY ( buildingName $ displayName $ labeledURI ) )
objectClass ( OpenLDAPobjectClass:4
NAME 'OpenLDAPou'
DESC 'OpenLDAP Organizational Unit Object'
SUP organizationalUnit
MAY ( buildingName $ displayName $ labeledURI $ o ) )
objectClass ( OpenLDAPobjectClass:5
NAME 'OpenLDAPperson'
DESC 'OpenLDAP Person'
SUP ( pilotPerson $ inetOrgPerson )
MUST ( uid $ cn )
MAY ( givenName $ labeledURI $ o ) )
objectClass ( OpenLDAPobjectClass:6
NAME 'OpenLDAPdisplayableObject'
DESC 'OpenLDAP Displayable Object'
MAY displayName AUXILIARY )
0707010001e74c00008124000017820000044e0000000148d0f13800001e2b0000022d0000016a00000000000000000000002f00000000reloc/share/openldap/schema/nis.schema.default # $OpenLDAP: pkg/ldap/servers/slapd/schema/nis.schema,v 1.10.2.8 2008/02/11 23:24:26 kurt Exp $
## This work is part of OpenLDAP Software .
##
## Copyright 1998-2008 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## .
# Definitions from RFC2307 (Experimental)
# An Approach for Using LDAP as a Network Information Service
# Depends upon core.schema and cosine.schema
# Note: The definitions in RFC2307 are given in syntaxes closely related
# to those in RFC2252, however, some liberties are taken that are not
# supported by RFC2252. This file has been written following RFC2252
# strictly.
# OID Base is iso(1) org(3) dod(6) internet(1) directory(1) nisSchema(1).
# i.e. nisSchema in RFC2307 is 1.3.6.1.1.1
#
# Syntaxes are under 1.3.6.1.1.1.0 (two new syntaxes are defined)
# validaters for these syntaxes are incomplete, they only
# implement printable string validation (which is good as the
# common use of these syntaxes violates the specification).
# Attribute types are under 1.3.6.1.1.1.1
# Object classes are under 1.3.6.1.1.1.2
# Attribute Type Definitions
# builtin
#attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
# DESC 'An integer uniquely identifying a user in an administrative domain'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
# builtin
#attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber'
# DESC 'An integer uniquely identifying a group in an administrative domain'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos'
DESC 'The GECOS field; the common name'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
DESC 'The absolute path to the home directory'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
DESC 'The path to the login shell'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
DESC 'Netgroup triple'
SYNTAX 1.3.6.1.1.1.0.0 )
attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol'
SUP name )
attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber'
DESC 'IP address'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber'
DESC 'IP network'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber'
DESC 'IP netmask'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress'
DESC 'MAC address'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter'
DESC 'rpc.bootparamd parameter'
SYNTAX 1.3.6.1.1.1.0.1 )
attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile'
DESC 'Boot image name'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
SUP name )
attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} SINGLE-VALUE )
# Object Class Definitions
objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount'
DESC 'Abstraction of an account with POSIX attributes'
SUP top AUXILIARY
MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
MAY ( userPassword $ loginShell $ gecos $ description ) )
objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount'
DESC 'Additional attributes for shadow passwords'
SUP top AUXILIARY
MUST uid
MAY ( userPassword $ shadowLastChange $ shadowMin $
shadowMax $ shadowWarning $ shadowInactive $
shadowExpire $ shadowFlag $ description ) )
objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup'
DESC 'Abstraction of a group of accounts'
SUP top STRUCTURAL
MUST ( cn $ gidNumber )
MAY ( userPassword $ memberUid $ description ) )
objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService'
DESC 'Abstraction an Internet Protocol service'
SUP top STRUCTURAL
MUST ( cn $ ipServicePort $ ipServiceProtocol )
MAY ( description ) )
objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol'
DESC 'Abstraction of an IP protocol'
SUP top STRUCTURAL
MUST ( cn $ ipProtocolNumber $ description )
MAY description )
objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc'
DESC 'Abstraction of an ONC/RPC binding'
SUP top STRUCTURAL
MUST ( cn $ oncRpcNumber $ description )
MAY description )
objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost'
DESC 'Abstraction of a host, an IP device'
SUP top AUXILIARY
MUST ( cn $ ipHostNumber )
MAY ( l $ description $ manager ) )
objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork'
DESC 'Abstraction of an IP network'
SUP top STRUCTURAL
MUST ( cn $ ipNetworkNumber )
MAY ( ipNetmaskNumber $ l $ description $ manager ) )
objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup'
DESC 'Abstraction of a netgroup'
SUP top STRUCTURAL
MUST cn
MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap'
DESC 'A generic abstraction of a NIS map'
SUP top STRUCTURAL
MUST nisMapName
MAY description )
objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject'
DESC 'An entry in a NIS map'
SUP top STRUCTURAL
MUST ( cn $ nisMapEntry $ nisMapName )
MAY description )
objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device'
DESC 'A device with a MAC address'
SUP top AUXILIARY
MAY macAddress )
objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice'
DESC 'A device with boot parameters'
SUP top AUXILIARY
MAY ( bootFile $ bootParameter ) )
0707010001e74b00008124000017820000044e0000000148d0f138000009a70000022d0000016a00000000000000000000003000000000reloc/share/openldap/schema/misc.schema.default # misc.schema -- assorted schema definitions
# $OpenLDAP: pkg/ldap/servers/slapd/schema/misc.schema,v 1.27.2.4 2008/02/11 23:24:26 kurt Exp $
## This work is part of OpenLDAP Software .
##
## Copyright 1998-2008 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## .
#
# Assorted definitions from several sources, including
# ''works in progress''. Contents of this file are
# subject to change (including deletion) without notice.
#
# Not recommended for production use!
# Use with extreme caution!
#-----------------------------------------------------------
# draft-lachman-laser-ldap-mail-routing-02.txt !!!EXPIRED!!!
# (a work in progress)
#
attributetype ( 2.16.840.1.113730.3.1.13
NAME 'mailLocalAddress'
DESC 'RFC822 email address of this recipient'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 2.16.840.1.113730.3.1.18
NAME 'mailHost'
DESC 'FQDN of the SMTP/MTA of this recipient'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
SINGLE-VALUE )
attributetype ( 2.16.840.1.113730.3.1.47
NAME 'mailRoutingAddress'
DESC 'RFC822 routing address of this recipient'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
SINGLE-VALUE )
# I-D leaves this OID TBD.
# iPlanet uses 2.16.840.1.113.730.3.2.147 but that is an
# improperly delegated OID. A typo is likely.
objectclass ( 2.16.840.1.113730.3.2.147
NAME 'inetLocalMailRecipient'
DESC 'Internet local mail recipient'
SUP top AUXILIARY
MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )
#-----------------------------------------------------------
# draft-srivastava-ldap-mail-00.txt !!!EXPIRED!!!
# (a work in progress)
#
attributetype ( 1.3.6.1.4.1.42.2.27.2.1.15
NAME 'rfc822MailMember'
DESC 'rfc822 mail address of group member(s)'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
#-----------------------------------------------------------
# !!!no I-D!!!
# (a work in progress)
#
objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5
NAME 'nisMailAlias'
DESC 'NIS mail alias'
SUP top STRUCTURAL
MUST cn
MAY rfc822MailMember )
0707010001e74900008124000017820000044e0000000148d0f138000018d80000022d0000016a00000000000000000000003900000000reloc/share/openldap/schema/inetorgperson.schema.default # inetorgperson.schema -- InetOrgPerson (RFC2798)
# $OpenLDAP: pkg/ldap/servers/slapd/schema/inetorgperson.schema,v 1.16.2.4 2008/02/11 23:24:26 kurt Exp $
## This work is part of OpenLDAP Software .
##
## Copyright 1998-2008 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## .
#
# InetOrgPerson (RFC2798)
#
# Depends upon
# Definition of an X.500 Attribute Type and an Object Class to Hold
# Uniform Resource Identifiers (URIs) [RFC2079]
# (core.schema)
#
# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
# (core.schema)
#
# The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema)
# carLicense
# This multivalued field is used to record the values of the license or
# registration plate associated with an individual.
attributetype ( 2.16.840.1.113730.3.1.1
NAME 'carLicense'
DESC 'RFC2798: vehicle license or registration plate'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# departmentNumber
# Code for department to which a person belongs. This can also be
# strictly numeric (e.g., 1234) or alphanumeric (e.g., ABC/123).
attributetype ( 2.16.840.1.113730.3.1.2
NAME 'departmentNumber'
DESC 'RFC2798: identifies a department within an organization'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# displayName
# When displaying an entry, especially within a one-line summary list, it
# is useful to be able to identify a name to be used. Since other attri-
# bute types such as 'cn' are multivalued, an additional attribute type is
# needed. Display name is defined for this purpose.
attributetype ( 2.16.840.1.113730.3.1.241
NAME 'displayName'
DESC 'RFC2798: preferred name to be used when displaying entries'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# employeeNumber
# Numeric or alphanumeric identifier assigned to a person, typically based
# on order of hire or association with an organization. Single valued.
attributetype ( 2.16.840.1.113730.3.1.3
NAME 'employeeNumber'
DESC 'RFC2798: numerically identifies an employee within an organization'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# employeeType
# Used to identify the employer to employee relationship. Typical values
# used will be "Contractor", "Employee", "Intern", "Temp", "External", and
# "Unknown" but any value may be used.
attributetype ( 2.16.840.1.113730.3.1.4
NAME 'employeeType'
DESC 'RFC2798: type of employment for a person'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# jpegPhoto
# Used to store one or more images of a person using the JPEG File
# Interchange Format [JFIF].
# Note that the jpegPhoto attribute type was defined for use in the
# Internet X.500 pilots but no referencable definition for it could be
# located.
attributetype ( 0.9.2342.19200300.100.1.60
NAME 'jpegPhoto'
DESC 'RFC2798: a JPEG image'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
# preferredLanguage
# Used to indicate an individual's preferred written or spoken
# language. This is useful for international correspondence or human-
# computer interaction. Values for this attribute type MUST conform to
# the definition of the Accept-Language header field defined in
# [RFC2068] with one exception: the sequence "Accept-Language" ":"
# should be omitted. This is a single valued attribute type.
attributetype ( 2.16.840.1.113730.3.1.39
NAME 'preferredLanguage'
DESC 'RFC2798: preferred written or spoken language for a person'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# userSMIMECertificate
# A PKCS#7 [RFC2315] SignedData, where the content that is signed is
# ignored by consumers of userSMIMECertificate values. It is
# recommended that values have a `contentType' of data with an absent
# `content' field. Values of this attribute contain a person's entire
# certificate chain and an smimeCapabilities field [RFC2633] that at a
# minimum describes their SMIME algorithm capabilities. Values for
# this attribute are to be stored and requested in binary form, as
# 'userSMIMECertificate;binary'. If available, this attribute is
# preferred over the userCertificate attribute for S/MIME applications.
## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
attributetype ( 2.16.840.1.113730.3.1.40
NAME 'userSMIMECertificate'
DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
# userPKCS12
# PKCS #12 [PKCS12] provides a format for exchange of personal identity
# information. When such information is stored in a directory service,
# the userPKCS12 attribute should be used. This attribute is to be stored
# and requested in binary form, as 'userPKCS12;binary'. The attribute
# values are PFX PDUs stored as binary data.
## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
attributetype ( 2.16.840.1.113730.3.1.216
NAME 'userPKCS12'
DESC 'RFC2798: personal identity information, a PKCS #12 PFX'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
# inetOrgPerson
# The inetOrgPerson represents people who are associated with an
# organization in some way. It is a structural class and is derived
# from the organizationalPerson which is defined in X.521 [X521].
objectclass ( 2.16.840.1.113730.3.2.2
NAME 'inetOrgPerson'
DESC 'RFC2798: Internet Organizational Person'
SUP organizationalPerson
STRUCTURAL
MAY (
audio $ businessCategory $ carLicense $ departmentNumber $
displayName $ employeeNumber $ employeeType $ givenName $
homePhone $ homePostalAddress $ initials $ jpegPhoto $
labeledURI $ mail $ manager $ mobile $ o $ pager $
photo $ roomNumber $ secretary $ uid $ userCertificate $
x500uniqueIdentifier $ preferredLanguage $
userSMIMECertificate $ userPKCS12 )
)
0707010001e74a00008124000017820000044e0000000148d0f138000036a00000022d0000016a00000000000000000000003000000000reloc/share/openldap/schema/java.schema.default # java.schema -- Java Object Schema
# $OpenLDAP: pkg/ldap/servers/slapd/schema/java.schema,v 1.5.2.4 2008/02/11 23:24:26 kurt Exp $
## This work is part of OpenLDAP Software .
##
## Copyright 1998-2008 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## .
#
# Java Object Schema (defined in RFC 2713)
# depends upon core.schema
#
# Network Working Group V. Ryan
# Request for Comments: 2713 S. Seligman
# Category: Informational R. Lee
# Sun Microsystems, Inc.
# October 1999
#
#
# Schema for Representing Java(tm) Objects in an LDAP Directory
#
# Status of this Memo
#
# This memo provides information for the Internet community. It does
# not specify an Internet standard of any kind. Distribution of this
# memo is unlimited.
#
# Copyright Notice
#
# Copyright (C) The Internet Society (1999). All Rights Reserved.
#
# Abstract
#
# This document defines the schema for representing Java(tm) objects in
# an LDAP directory [LDAPv3]. It defines schema elements to represent
# a Java serialized object [Serial], a Java marshalled object [RMI], a
# Java remote object [RMI], and a JNDI reference [JNDI].
#
# [trimmed]
# 3 Attribute Type Definitions
#
# The following attribute types are defined in this document:
#
# javaClassName
# javaClassNames
# javaCodebase
# javaSerializedData
# javaFactory
# javaReferenceAddress
# javaDoc
#
# 3.1 javaClassName
#
# This attribute stores the fully qualified name of the Java object's
# "distinguished" class or interface (for example, "java.lang.String").
# It is a single-valued attribute. This attribute's syntax is '
# Directory String' and its case is significant.
#
# ( 1.3.6.1.4.1.42.2.27.4.1.6
# NAME 'javaClassName'
# DESC 'Fully qualified name of distinguished Java class or
# interface'
# EQUALITY caseExactMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
# SINGLE-VALUE
# )
#
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.6
NAME 'javaClassName'
DESC 'Fully qualified name of distinguished Java class or interface'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# 3.2 javaCodebase
#
# This attribute stores the Java class definition's locations. It
# specifies the locations from which to load the class definition for
# the class specified by the javaClassName attribute. Each value of
# the attribute contains an ordered list of URLs, separated by spaces.
# For example, a value of "url1 url2 url3" means that the three
# (possibly interdependent) URLs (url1, url2, and url3) form the
# codebase for loading in the Java class definition.
#
# If the javaCodebase attribute contains more than one value, each
# value is an independent codebase. That is, there is no relationship
# between the URLs in one value and those in another; each value can be
# viewed as an alternate source for loading the Java class definition.
# See [Java] for information regarding class loading.
#
# This attribute's syntax is 'IA5 String' and its case is significant.
#
# ( 1.3.6.1.4.1.42.2.27.4.1.7
# NAME 'javaCodebase'
# DESC 'URL(s) specifying the location of class definition'
# EQUALITY caseExactIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
# )
#
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.7
NAME 'javaCodebase'
DESC 'URL(s) specifying the location of class definition'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# 3.3 javaClassNames
#
# This attribute stores the Java object's fully qualified class or
# interface names (for example, "java.lang.String"). It is a
# multivalued attribute. When more than one value is present, each is
# the name of a class or interface, or ancestor class or interface, of
# this object.
#
# This attribute's syntax is 'Directory String' and its case is
# significant.
#
# ( 1.3.6.1.4.1.42.2.27.4.1.13
# NAME 'javaClassNames'
# DESC 'Fully qualified Java class or interface name'
# EQUALITY caseExactMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
# )
#
#
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.13
NAME 'javaClassNames'
DESC 'Fully qualified Java class or interface name'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# 3.4 javaSerializedData
#
# This attribute stores the serialized form of a Java object. The
# serialized form is described in [Serial].
#
# This attribute's syntax is 'Octet String'.
#
# ( 1.3.6.1.4.1.42.2.27.4.1.8
# NAME 'javaSerializedData
# DESC 'Serialized form of a Java object'
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
# SINGLE-VALUE
# )
#
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.8
NAME 'javaSerializedData'
DESC 'Serialized form of a Java object'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
SINGLE-VALUE )
# 3.5 javaFactory
#
# This attribute stores the fully qualified class name of the object
# factory (for example, "com.wiz.jndi.WizObjectFactory") that can be
# used to create an instance of the object identified by the
# javaClassName attribute.
#
# This attribute's syntax is 'Directory String' and its case is
# significant.
#
# ( 1.3.6.1.4.1.42.2.27.4.1.10
# NAME 'javaFactory'
# DESC 'Fully qualified Java class name of a JNDI object factory'
# EQUALITY caseExactMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
# SINGLE-VALUE
# )
#
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.10
NAME 'javaFactory'
DESC 'Fully qualified Java class name of a JNDI object factory'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# 3.6 javaReferenceAddress
#
# This attribute represents the sequence of addresses of a JNDI
# reference. Each of its values represents one address, a Java object
# of type javax.naming.RefAddr. Its value is a concatenation of the
# address type and address contents, preceded by a sequence number (the
# order of addresses in a JNDI reference is significant). For example:
#
# #0#TypeA#ValA
# #1#TypeB#ValB
# #2#TypeC##rO0ABXNyABpq...
#
# In more detail, the value is encoded as follows:
#
# The delimiter is the first character of the value. For readability
# the character '#' is recommended when it is not otherwise used
# anywhere in the value, but any character may be used subject to
# restrictions given below.
#
# The first delimiter is followed by the sequence number. The sequence
# number of an address is its position in the JNDI reference, with the
# first address being numbered 0. It is represented by its shortest
# string form, in decimal notation.
#
# The sequence number is followed by a delimiter, then by the address
# type, and then by another delimiter. If the address is of Java class
# javax.naming.StringRefAddr, then this delimiter is followed by the
# value of the address contents (which is a string). Otherwise, this
# delimiter is followed immediately by another delimiter, and then by
# the Base64 encoding of the serialized form of the entire address.
#
# The delimiter may be any character other than a digit or a character
# contained in the address type. In addition, if the address contents
# is a string, the delimiter may not be the first character of that
# string.
#
# This attribute's syntax is 'Directory String' and its case is
# significant. It can contain multiple values.
#
# ( 1.3.6.1.4.1.42.2.27.4.1.11
# NAME 'javaReferenceAddress'
# DESC 'Addresses associated with a JNDI Reference'
# EQUALITY caseExactMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
# )
#
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.11
NAME 'javaReferenceAddress'
DESC 'Addresses associated with a JNDI Reference'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# 3.7 javaDoc
#
# This attribute stores a pointer to the Java documentation for the
# class. It's value is a URL. For example, the following URL points to
# the specification of the java.lang.String class:
# http://java.sun.com/products/jdk/1.2/docs/api/java/lang/String.html
#
# This attribute's syntax is 'IA5 String' and its case is significant.
#
# ( 1.3.6.1.4.1.42.2.27.4.1.12
# NAME 'javaDoc'
# DESC 'The Java documentation for the class'
# EQUALITY caseExactIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
# )
#
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.12
NAME 'javaDoc'
DESC 'The Java documentation for the class'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# 4 Object Class Definitions
#
# The following object classes are defined in this document:
#
# javaContainer
# javaObject
# javaSerializedObject
# javaMarshalledObject
# javaNamingReference
#
# 4.1 javaContainer
#
# This structural object class represents a container for a Java
# object.
#
# ( 1.3.6.1.4.1.42.2.27.4.2.1
# NAME 'javaContainer'
# DESC 'Container for a Java object'
# SUP top
# STRUCTURAL
# MUST ( cn )
# )
#
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1
NAME 'javaContainer'
DESC 'Container for a Java object'
SUP top
STRUCTURAL
MUST cn )
# 4.2 javaObject
#
# This abstract object class represents a Java object. A javaObject
# cannot exist in the directory; only auxiliary or structural
# subclasses of it can exist in the directory.
#
# ( 1.3.6.1.4.1.42.2.27.4.2.4
# NAME 'javaObject'
# DESC 'Java object representation'
# SUP top
# ABSTRACT
# MUST ( javaClassName )
# MAY ( javaClassNames $
# javaCodebase $
# javaDoc $
# description )
# )
#
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.4
NAME 'javaObject'
DESC 'Java object representation'
SUP top
ABSTRACT
MUST javaClassName
MAY ( javaClassNames $ javaCodebase $
javaDoc $ description ) )
# 4.3 javaSerializedObject
#
# This auxiliary object class represents a Java serialized object. It
# must be mixed in with a structural object class.
#
# ( 1.3.6.1.4.1.42.2.27.4.2.5
# NAME 'javaSerializedObject'
# DESC 'Java serialized object'
# SUP javaObject
# AUXILIARY
# MUST ( javaSerializedData )
# )
#
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.5
NAME 'javaSerializedObject'
DESC 'Java serialized object'
SUP javaObject
AUXILIARY
MUST javaSerializedData )
# 4.4 javaMarshalledObject
#
# This auxiliary object class represents a Java marshalled object. It
# must be mixed in with a structural object class.
#
# ( 1.3.6.1.4.1.42.2.27.4.2.8
# NAME 'javaMarshalledObject'
# DESC 'Java marshalled object'
# SUP javaObject
# AUXILIARY
# MUST ( javaSerializedData )
# )
#
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.8
NAME 'javaMarshalledObject'
DESC 'Java marshalled object'
SUP javaObject
AUXILIARY
MUST javaSerializedData )
# 4.5 javaNamingReference
#
# This auxiliary object class represents a JNDI reference. It must be
# mixed in with a structural object class.
#
# ( 1.3.6.1.4.1.42.2.27.4.2.7
# NAME 'javaNamingReference'
# DESC 'JNDI reference'
# SUP javaObject
# AUXILIARY
# MAY ( javaReferenceAddress $
# javaFactory )
# )
#
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.7
NAME 'javaNamingReference'
DESC 'JNDI reference'
SUP javaObject
AUXILIARY
MAY ( javaReferenceAddress $ javaFactory ) )
# Full Copyright Statement
#
# Copyright (C) The Internet Society (1999). All Rights Reserved.
#
# This document and translations of it may be copied and furnished to
# others, and derivative works that comment on or otherwise explain it
# or assist in its implementation may be prepared, copied, published
# and distributed, in whole or in part, without restriction of any
# kind, provided that the above copyright notice and this paragraph are
# included on all such copies and derivative works. However, this
# document itself may not be modified in any way, such as by removing
# the copyright notice or references to the Internet Society or other
# Internet organizations, except as needed for the purpose of
# developing Internet standards in which case the procedures for
# copyrights defined in the Internet Standards process must be
# followed, or as required to translate it into languages other than
# English.
#
# The limited permissions granted above are perpetual and will not be
# revoked by the Internet Society or its successors or assigns.
#
# This document and the information contained herein is provided on an
# "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
# TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
# BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
# HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
# MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
0707010001e74200008124000017820000044e0000000148d0f13700000b980000022d0000016a00000000000000000000002300000000reloc/share/openldap/schema/README This directory contains user application schema definitions for use
with slapd(8).
File Description
---- -----------
corba.schema Corba Object
core.schema OpenLDAP "core"
cosine.schema COSINE Pilot
dyngroup.schema Dynamic Group (experimental)
inetorgperson.schema InetOrgPerson
java.schema Java Object
misc.schema Miscellaneous Schema (experimental)
nis.schema Network Information Service (experimental)
openldap.schema OpenLDAP Project (FYI)
ppolicy.schema Password Policy Schema (work in progress)
Additional "generally useful" schema definitions can be submitted
using the OpenLDAP Issue Tracking System .
Submissions should include a stable reference to a mature, open
technical specification (e.g., an RFC) for the schema.
---
This notice applies to all files in this directory.
Copyright 1998-2008 The OpenLDAP Foundation, Redwood City, California, USA
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
Public License. A copy of this license is available at
http://www.OpenLDAP.org/license.html or in file LICENSE in the
top-level directory of the distribution.
---
This notice applies to all schema in this directory which are derived
from RFCs and other IETF documents.
Portions Copyright 1991-2004, The Internet Society. All Rights Reserved.
This document and translations of it may be copied and furnished
to others, and derivative works that comment on or otherwise explain
it or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph
are included on all such copies and derivative works. However,
this document itself may not be modified in any way, such as by
removing the copyright notice or references to the Internet Society
or other Internet organizations, except as needed for the purpose
of developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not
be revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on
an "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE
INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY
IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE.
---
$OpenLDAP: pkg/ldap/servers/slapd/schema/README,v 1.23.2.7 2008/02/11 23:24:25 kurt Exp $
0707010001e74400008124000017820000044e0000000148d0f137000020270000022d0000016a00000000000000000000003100000000reloc/share/openldap/schema/corba.schema.default # corba.schema -- Corba Object Schema
# depends upon core.schema
# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.4 2008/02/11 23:24:25 kurt Exp $
# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.4 2008/02/11 23:24:25 kurt Exp $
## This work is part of OpenLDAP Software .
##
## Copyright 1998-2008 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## .
#
## Portions Copyright (C) The Internet Society (1999).
## Please see full copyright statement below.
# Network Working Group V. Ryan
# Request for Comments: 2714 R. Lee
# Category: Informational S. Seligman
# Sun Microsystems, Inc.
# October 1999
#
#
# Schema for Representing CORBA Object References in an LDAP Directory
#
# Status of this Memo
#
# This memo provides information for the Internet community. It does
# not specify an Internet standard of any kind. Distribution of this
# memo is unlimited.
#
# Copyright Notice
#
# Copyright (C) The Internet Society (1999). All Rights Reserved.
#
# Abstract
#
# CORBA [CORBA] is the Common Object Request Broker Architecture
# defined by the Object Management Group. This document defines the
# schema for representing CORBA object references in an LDAP directory
# [LDAPv3].
#
# [trimmed]
# 3. Attribute Type Definitions
#
# The following attribute types are defined in this document:
#
# corbaIor
# corbaRepositoryId
#
# 3.1 corbaIor
#
# This attribute stores the string representation of the interoperable
# object reference (IOR) for a CORBA object. An IOR is an opaque handle
# for the object which contains the information necessary to locate the
# object, even if the object is in another ORB.
#
# This attribute's syntax is 'IA5 String' and its case is
# insignificant.
#
# ( 1.3.6.1.4.1.42.2.27.4.1.14
# NAME 'corbaIor'
# DESC 'Stringified interoperable object reference of a CORBA object'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
# SINGLE-VALUE
# )
#
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.14
NAME 'corbaIor'
DESC 'Stringified interoperable object reference of a CORBA object'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
# 3.2 corbaRepositoryId
#
# Each CORBA interface has a unique "repository id" (also called "type
# id") that identifies the interface. A CORBA object has one or more
# repository ids, one for each interface that it implements.
#
# The format of a repository id can be any string, but the OMG
# specifies four standard formats:
#
# a. IDL-style
#
# IDL:Prefix/ModuleName/InterfaceName:VersionNumber
#
# For example, the repository id for the "NamingContext" in OMG's COS
# Naming module is: "IDL:omg.org/CosNaming/NamingContext:1.0".
#
# b. RMI-style
#
# RMI:ClassName:HashCode[:SUID]
#
# This format is used by RMI-IIOP remote objects [RMI-IIOP].
# "ClassName" is the fully qualified name of the class (for example,
# "java.lang.String"). "HashCode" is the object's hash code (that is,
# that obtained by invoking the "hashCode()" method). "SUID" is the
# "stream unique identifier", which is a 64-bit number that uniquely
# identifies the serialization version of the class; SUID is optional
# in the repository id.
#
# c. DCE-style
#
# DCE:UUID
#
# This format is used for DCE/CORBA interoperability [CORBA-DCE].
# "UUID" represents a DCE UUID.
#
# d. "local"
#
# This format is defined by the local Object Request Broker (ORB).
#
# The corbaRepositoryId attribute is a multivalued attribute; each
# value records a single repository id of an interface implemented by
# the CORBA object. This attribute need not contain a complete list of
# the interfaces implemented by the CORBA object.
#
# This attribute's syntax is 'Directory String' and its case is
# significant. The values of this attribute are encoded using UTF-8.
# Some values may require translation from their native representation
# in order to be correctly encoded using UTF-8.
#
# ( 1.3.6.1.4.1.42.2.27.4.1.15
# NAME 'corbaRepositoryId'
# DESC 'Repository ids of interfaces implemented by a CORBA object'
# EQUALITY caseExactMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
# )
#
#
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.15
NAME 'corbaRepositoryId'
DESC 'Repository ids of interfaces implemented by a CORBA object'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# 4. Object Class Definitions
#
# The following object classes are defined in this document:
#
# corbaContainer
# corbaObject
# corbaObjectReference
#
# 4.1 corbaContainer
#
# This structural object class represents a container for a CORBA
# object.
#
# ( 1.3.6.1.4.1.42.2.27.4.2.10
# NAME 'corbaContainer'
# DESC 'Container for a CORBA object'
# SUP top
# STRUCTURAL
# MUST ( cn )
# )
#
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.10
NAME 'corbaContainer'
DESC 'Container for a CORBA object'
SUP top
STRUCTURAL
MUST cn )
# 4.2 corbaObject
#
# This abstract object class is the root class for representing a CORBA
# object.
#
# ( 1.3.6.1.4.1.42.2.27.4.2.9
# NAME 'corbaObject'
# DESC 'CORBA object representation'
# SUP top
# ABSTRACT
# MAY ( corbaRepositoryId $ description )
# )
#
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.9
NAME 'corbaObject'
DESC 'CORBA object representation'
SUP top
ABSTRACT
MAY ( corbaRepositoryId $ description ) )
# 4.3 corbaObjectReference
#
# This auxiliary object class represents a CORBA object reference. It
# must be mixed in with a structural object class.
#
# ( 1.3.6.1.4.1.42.2.27.4.2.11
# NAME 'corbaObjectReference'
# DESC 'CORBA interoperable object reference'
# SUP corbaObject
# AUXILIARY
# MUST ( corbaIor )
# )
#
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.11
NAME 'corbaObjectReference'
DESC 'CORBA interoperable object reference'
SUP corbaObject
AUXILIARY
MUST corbaIor )
# 10. Full Copyright Statement
#
# Copyright (C) The Internet Society (1999). All Rights Reserved.
#
# This document and translations of it may be copied and furnished to
# others, and derivative works that comment on or otherwise explain it
# or assist in its implementation may be prepared, copied, published
# and distributed, in whole or in part, without restriction of any
# kind, provided that the above copyright notice and this paragraph are
# included on all such copies and derivative works. However, this
# document itself may not be modified in any way, such as by removing
# the copyright notice or references to the Internet Society or other
# Internet organizations, except as needed for the purpose of
# developing Internet standards in which case the procedures for
# copyrights defined in the Internet Standards process must be
# followed, or as required to translate it into languages other than
# English.
#
# The limited permissions granted above are perpetual and will not be
# revoked by the Internet Society or its successors or assigns.
#
# This document and the information contained herein is provided on an
# "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
# TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
# BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
# HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
# MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
0707010001e743000081a4000017820000044e00000001420b1fd3000002ec0000022d0000016a00000000000000000000003200000000reloc/share/openldap/schema/autofs.schema.default # Depends upon core.schema and cosine.schema
# OID Base is 1.3.6.1.4.1.2312.4
#
# Attribute types are under 1.3.6.1.4.1.2312.4.1
# Object classes are under 1.3.6.1.4.1.2312.4.2
# Syntaxes are under 1.3.6.1.4.1.2312.4.3
# Attribute Type Definitions
attributetype ( 1.3.6.1.1.1.1.25 NAME 'automountInformation'
DESC 'Information used by the autofs automounter'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
objectclass ( 1.3.6.1.1.1.1.13 NAME 'automount' SUP top STRUCTURAL
DESC 'An entry in an automounter map'
MUST ( cn $ automountInformation )
MAY ( description ) )
objectclass ( 1.3.6.1.4.1.2312.4.2.2 NAME 'automountMap' SUP top STRUCTURAL
DESC 'An group of related automount objects'
MUST ( ou ) )
0707010001e74d00008124000017820000044e0000000148d0f13700000d3f0000022d0000016a00000000000000000000002a00000000reloc/share/openldap/schema/openldap.ldif # $OpenLDAP: pkg/ldap/servers/slapd/schema/openldap.ldif,v 1.1.2.4 2008/02/11 23:24:26 kurt Exp $
## This work is part of OpenLDAP Software .
##
## Copyright 1998-2008 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## .
#
#
# OpenLDAP Project's directory schema items
#
# depends upon:
# core.schema
# cosine.schema
# inetorgperson.schema
#
# These are provided for informational purposes only.
#
# This openldap.ldif file is provided as a demonstration of how to
# convert a *.schema file into *.ldif format. The key points:
# In LDIF, a blank line terminates an entry. Blank lines in a *.schema
# file should be replaced with a single '#' to turn them into
# comments, or they should just be removed.
# In addition to the actual schema directives, the file needs a small
# header to make it a valid LDAP entry. This header must provide the
# dn of the entry, the objectClass, and the cn, as shown here:
#
dn: cn=openldap,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: openldap
#
# The schema directives need to be changed to LDAP Attributes.
# First a basic string substitution can be done on each of the keywords:
# objectIdentifier -> olcObjectIdentifier:
# objectClass -> olcObjectClasses:
# attributeType -> olcAttributeTypes:
# Then leading whitespace must be fixed. The slapd.conf format allows
# tabs or spaces to denote line continuation, while LDIF only allows
# the space character.
# Also slapd.conf preserves the continuation character, while LDIF strips
# it out. So a single TAB/SPACE in slapd.conf must be replaced with
# two SPACEs in LDIF, otherwise the continued text may get joined as
# a single word.
# The directives must be listed in a proper sequence:
# All olcObjectIdentifiers must be first, so they may be referenced by
# any following definitions.
# All olcAttributeTypes must be next, so they may be referenced by any
# following objectClass definitions.
# All olcObjectClasses must be after the olcAttributeTypes.
# And of course, any superior must occur before anything that inherits
# from it.
#
olcObjectIdentifier: OpenLDAProot 1.3.6.1.4.1.4203
#
olcObjectIdentifier: OpenLDAP OpenLDAProot:1
olcObjectIdentifier: OpenLDAPattributeType OpenLDAP:3
olcObjectIdentifier: OpenLDAPobjectClass OpenLDAP:4
#
olcObjectClasses: ( OpenLDAPobjectClass:3
NAME 'OpenLDAPorg'
DESC 'OpenLDAP Organizational Object'
SUP organization
MAY ( buildingName $ displayName $ labeledURI ) )
#
olcObjectClasses: ( OpenLDAPobjectClass:4
NAME 'OpenLDAPou'
DESC 'OpenLDAP Organizational Unit Object'
SUP organizationalUnit
MAY ( buildingName $ displayName $ labeledURI $ o ) )
#
olcObjectClasses: ( OpenLDAPobjectClass:5
NAME 'OpenLDAPperson'
DESC 'OpenLDAP Person'
SUP ( pilotPerson $ inetOrgPerson )
MUST ( uid $ cn )
MAY ( givenName $ labeledURI $ o ) )
#
olcObjectClasses: ( OpenLDAPobjectClass:6
NAME 'OpenLDAPdisplayableObject'
DESC 'OpenLDAP Displayable Object'
MAY displayName AUXILIARY )
0707010001e74f00008124000017820000044e0000000148d0f13800004ce90000022d0000016a00000000000000000000003300000000reloc/share/openldap/schema/ppolicy.schema.default # $OpenLDAP: pkg/ldap/servers/slapd/schema/ppolicy.schema,v 1.2.2.5 2008/02/11 23:24:26 kurt Exp $
## This work is part of OpenLDAP Software .
##
## Copyright 2004-2008 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## .
#
## Portions Copyright (C) The Internet Society (2004).
## Please see full copyright statement below.
# Definitions from Draft behera-ldap-password-policy-07 (a work in progress)
# Password Policy for LDAP Directories
# With extensions from Hewlett-Packard:
# pwdCheckModule etc.
# Contents of this file are subject to change (including deletion)
# without notice.
#
# Not recommended for production use!
# Use with extreme caution!
#Network Working Group J. Sermersheim
#Internet-Draft Novell, Inc
#Expires: April 24, 2005 L. Poitou
# Sun Microsystems
# October 24, 2004
#
#
# Password Policy for LDAP Directories
# draft-behera-ldap-password-policy-08.txt
#
#Status of this Memo
#
# This document is an Internet-Draft and is subject to all provisions
# of section 3 of RFC 3667. By submitting this Internet-Draft, each
# author represents that any applicable patent or other IPR claims of
# which he or she is aware have been or will be disclosed, and any of
# which he or she become aware will be disclosed, in accordance with
# RFC 3668.
#
# Internet-Drafts are working documents of the Internet Engineering
# Task Force (IETF), its areas, and its working groups. Note that
# other groups may also distribute working documents as
# Internet-Drafts.
#
# Internet-Drafts are draft documents valid for a maximum of six months
# and may be updated, replaced, or obsoleted by other documents at any
# time. It is inappropriate to use Internet-Drafts as reference
# material or to cite them other than as "work in progress."
#
# The list of current Internet-Drafts can be accessed at
# http://www.ietf.org/ietf/1id-abstracts.txt.
#
# The list of Internet-Draft Shadow Directories can be accessed at
# http://www.ietf.org/shadow.html.
#
# This Internet-Draft will expire on April 24, 2005.
#
#Copyright Notice
#
# Copyright (C) The Internet Society (2004).
#
#Abstract
#
# Password policy as described in this document is a set of rules that
# controls how passwords are used and administered in Lightweight
# Directory Access Protocol (LDAP) based directories. In order to
# improve the security of LDAP directories and make it difficult for
# password cracking programs to break into directories, it is desirable
# to enforce a set of rules on password usage. These rules are made to
#
# [trimmed]
#
#5. Schema used for Password Policy
#
# The schema elements defined here fall into two general categories. A
# password policy object class is defined which contains a set of
# administrative password policy attributes, and a set of operational
# attributes are defined that hold general password policy state
# information for each user.
#
#5.2 Attribute Types used in the pwdPolicy ObjectClass
#
# Following are the attribute types used by the pwdPolicy object class.
#
#5.2.1 pwdAttribute
#
# This holds the name of the attribute to which the password policy is
# applied. For example, the password policy may be applied to the
# userPassword attribute.
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.1
NAME 'pwdAttribute'
EQUALITY objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
#5.2.2 pwdMinAge
#
# This attribute holds the number of seconds that must elapse between
# modifications to the password. If this attribute is not present, 0
# seconds is assumed.
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.2
NAME 'pwdMinAge'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
#5.2.3 pwdMaxAge
#
# This attribute holds the number of seconds after which a modified
# password will expire.
#
# If this attribute is not present, or if the value is 0 the password
# does not expire. If not 0, the value must be greater than or equal
# to the value of the pwdMinAge.
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.3
NAME 'pwdMaxAge'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
#5.2.4 pwdInHistory
#
# This attribute specifies the maximum number of used passwords stored
# in the pwdHistory attribute.
#
# If this attribute is not present, or if the value is 0, used
# passwords are not stored in the pwdHistory attribute and thus may be
# reused.
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.4
NAME 'pwdInHistory'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
#5.2.5 pwdCheckQuality
#
# {TODO: Consider changing the syntax to OID. Each OID will list a
# quality rule (like min len, # of special characters, etc). These
# rules can be specified outsid ethis document.}
#
# {TODO: Note that even though this is meant to be a check that happens
# during password modification, it may also be allowed to happen during
# authN. This is useful for situations where the password is encrypted
# when modified, but decrypted when used to authN.}
#
# This attribute indicates how the password quality will be verified
# while being modified or added. If this attribute is not present, or
# if the value is '0', quality checking will not be enforced. A value
# of '1' indicates that the server will check the quality, and if the
# server is unable to check it (due to a hashed password or other
# reasons) it will be accepted. A value of '2' indicates that the
# server will check the quality, and if the server is unable to verify
# it, it will return an error refusing the password.
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.5
NAME 'pwdCheckQuality'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
#5.2.6 pwdMinLength
#
# When quality checking is enabled, this attribute holds the minimum
# number of characters that must be used in a password. If this
# attribute is not present, no minimum password length will be
# enforced. If the server is unable to check the length (due to a
# hashed password or otherwise), the server will, depending on the
# value of the pwdCheckQuality attribute, either accept the password
# without checking it ('0' or '1') or refuse it ('2').
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.6
NAME 'pwdMinLength'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
#5.2.7 pwdExpireWarning
#
# This attribute specifies the maximum number of seconds before a
# password is due to expire that expiration warning messages will be
# returned to an authenticating user.
#
# If this attribute is not present, or if the value is 0 no warnings
# will be returned. If not 0, the value must be smaller than the value
# of the pwdMaxAge attribute.
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.7
NAME 'pwdExpireWarning'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
#5.2.8 pwdGraceAuthNLimit
#
# This attribute specifies the number of times an expired password can
# be used to authenticate. If this attribute is not present or if the
# value is 0, authentication will fail.
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.8
NAME 'pwdGraceAuthNLimit'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
#5.2.9 pwdLockout
#
# This attribute indicates, when its value is "TRUE", that the password
# may not be used to authenticate after a specified number of
# consecutive failed bind attempts. The maximum number of consecutive
# failed bind attempts is specified in pwdMaxFailure.
#
# If this attribute is not present, or if the value is "FALSE", the
# password may be used to authenticate when the number of failed bind
# attempts has been reached.
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.9
NAME 'pwdLockout'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
#5.2.10 pwdLockoutDuration
#
# This attribute holds the number of seconds that the password cannot
# be used to authenticate due to too many failed bind attempts. If
# this attribute is not present, or if the value is 0 the password
# cannot be used to authenticate until reset by a password
# administrator.
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.10
NAME 'pwdLockoutDuration'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
#5.2.11 pwdMaxFailure
#
# This attribute specifies the number of consecutive failed bind
# attempts after which the password may not be used to authenticate.
# If this attribute is not present, or if the value is 0, this policy
# is not checked, and the value of pwdLockout will be ignored.
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.11
NAME 'pwdMaxFailure'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
#5.2.12 pwdFailureCountInterval
#
# This attribute holds the number of seconds after which the password
# failures are purged from the failure counter, even though no
# successful authentication occurred.
#
# If this attribute is not present, or if its value is 0, the failure
# counter is only reset by a successful authentication.
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.12
NAME 'pwdFailureCountInterval'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
#5.2.13 pwdMustChange
#
# This attribute specifies with a value of "TRUE" that users must
# change their passwords when they first bind to the directory after a
# password is set or reset by a password administrator. If this
# attribute is not present, or if the value is "FALSE", users are not
# required to change their password upon binding after the password
# administrator sets or resets the password. This attribute is not set
# due to any actions specified by this document, it is typically set by
# a password administrator after resetting a user's password.
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.13
NAME 'pwdMustChange'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
#5.2.14 pwdAllowUserChange
#
# This attribute indicates whether users can change their own
# passwords, although the change operation is still subject to access
# control. If this attribute is not present, a value of "TRUE" is
# assumed. This attribute is intended to be used in the absense of an
# access control mechanism.
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.14
NAME 'pwdAllowUserChange'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
#5.2.15 pwdSafeModify
#
# This attribute specifies whether or not the existing password must be
# sent along with the new password when being changed. If this
# attribute is not present, a "FALSE" value is assumed.
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.15
NAME 'pwdSafeModify'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
# HP extensions
#
# pwdCheckModule
#
# This attribute names a user-defined loadable module that provides
# a check_password() function. If pwdCheckQuality is set to '1' or '2'
# this function will be called after all of the internal password
# quality checks have been passed. The function has this prototype:
#
# int check_password( char *password, char **errormessage, void *arg )
#
# The function should return LDAP_SUCCESS for a valid password.
attributetype ( 1.3.6.1.4.1.4754.1.99.1
NAME 'pwdCheckModule'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
DESC 'Loadable module that instantiates "check_password() function'
SINGLE-VALUE )
objectclass ( 1.3.6.1.4.1.4754.2.99.1
NAME 'pwdPolicyChecker'
SUP top
AUXILIARY
MAY ( pwdCheckModule ) )
#5.1 The pwdPolicy Object Class
#
# This object class contains the attributes defining a password policy
# in effect for a set of users. Section 10 describes the
# administration of this object, and the relationship between it and
# particular objects.
#
objectclass ( 1.3.6.1.4.1.42.2.27.8.2.1
NAME 'pwdPolicy'
SUP top
AUXILIARY
MUST ( pwdAttribute )
MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $
pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout
$ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $
pwdMustChange $ pwdAllowUserChange $ pwdSafeModify ) )
#5.3 Attribute Types for Password Policy State Information
#
# Password policy state information must be maintained for each user.
# The information is located in each user entry as a set of operational
# attributes. These operational attributes are: pwdChangedTime,
# pwdAccountLockedTime, pwdFailureTime, pwdHistory, pwdGraceUseTime,
# pwdReset, pwdPolicySubEntry.
#
#5.3.1 Password Policy State Attribute Option
#
# Since the password policy could apply to several attributes used to
# store passwords, each of the above operational attributes must have
# an option to specify which pwdAttribute it applies to. The password
# policy option is defined as the following:
#
# pwd-
#
# where passwordAttribute a string following the OID syntax
# (1.3.6.1.4.1.1466.115.121.1.38). The attribute type descriptor
# (short name) MUST be used.
#
# For example, if the pwdPolicy object has for pwdAttribute
# "userPassword" then the pwdChangedTime operational attribute, in a
# user entry, will be:
#
# pwdChangedTime;pwd-userPassword: 20000103121520Z
#
# This attribute option follows sub-typing semantics. If a client
# requests a password policy state attribute to be returned in a search
# operation, and does not specify an option, all subtypes of that
# policy state attribute are returned.
#
#5.3.2 pwdChangedTime
#
# This attribute specifies the last time the entry's password was
# changed. This is used by the password expiration policy. If this
# attribute does not exist, the password will never expire.
#
# ( 1.3.6.1.4.1.42.2.27.8.1.16
# NAME 'pwdChangedTime'
# DESC 'The time the password was last changed'
# EQUALITY generalizedTimeMatch
# ORDERING generalizedTimeOrderingMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
# SINGLE-VALUE
# USAGE directoryOperation )
#
#5.3.3 pwdAccountLockedTime
#
# This attribute holds the time that the user's account was locked. A
# locked account means that the password may no longer be used to
# authenticate. A 000001010000Z value means that the account has been
# locked permanently, and that only a password administrator can unlock
# the account.
#
# ( 1.3.6.1.4.1.42.2.27.8.1.17
# NAME 'pwdAccountLockedTime'
# DESC 'The time an user account was locked'
# EQUALITY generalizedTimeMatch
# ORDERING generalizedTimeOrderingMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
# SINGLE-VALUE
# USAGE directoryOperation )
#
#5.3.4 pwdFailureTime
#
# This attribute holds the timestamps of the consecutive authentication
# failures.
#
# ( 1.3.6.1.4.1.42.2.27.8.1.19
# NAME 'pwdFailureTime'
# DESC 'The timestamps of the last consecutive authentication
# failures'
# EQUALITY generalizedTimeMatch
# ORDERING generalizedTimeOrderingMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
# USAGE directoryOperation )
#
#5.3.5 pwdHistory
#
# This attribute holds a history of previously used passwords. Values
# of this attribute are transmitted in string format as given by the
# following ABNF:
#
# pwdHistory = time "#" syntaxOID "#" length "#" data
#
# time =
#
# syntaxOID = numericoid ; the string representation of the
# ; dotted-decimal OID that defines the
# ; syntax used to store the password.
# ; numericoid is described in 4.1
# ; of [RFC2252].
#
# length = numericstring ; the number of octets in data.
# ; numericstring is described in 4.1
# ; of [RFC2252].
#
# data = .
#
# This format allows the server to store, and transmit a history of
# passwords that have been used. In order for equality matching to
# function properly, the time field needs to adhere to a consistent
# format. For this purpose, the time field MUST be in GMT format.
#
# ( 1.3.6.1.4.1.42.2.27.8.1.20
# NAME 'pwdHistory'
# DESC 'The history of user s passwords'
# EQUALITY octetStringMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
# USAGE directoryOperation )
#
#5.3.6 pwdGraceUseTime
#
# This attribute holds the timestamps of grace authentications after a
# password has expired.
#
# ( 1.3.6.1.4.1.42.2.27.8.1.21
# NAME 'pwdGraceUseTime'
# DESC 'The timestamps of the grace authentication after the
# password has expired'
# EQUALITY generalizedTimeMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
#
#5.3.7 pwdReset
#
# This attribute holds a flag to indicate (when TRUE) that the password
# has been updated by the password administrator and must be changed by
# the user on first authentication.
#
# ( 1.3.6.1.4.1.42.2.27.8.1.22
# NAME 'pwdReset'
# DESC 'The indication that the password has been reset'
# EQUALITY booleanMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
# SINGLE-VALUE
# USAGE directoryOperation )
#
#5.3.8 pwdPolicySubentry
#
# This attribute points to the pwdPolicy subentry in effect for this
# object.
#
# ( 1.3.6.1.4.1.42.2.27.8.1.23
# NAME 'pwdPolicySubentry'
# DESC 'The pwdPolicy subentry in effect for this object'
# EQUALITY distinguishedNameMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
# SINGLE-VALUE
# USAGE directoryOperation )
#
#
#Disclaimer of Validity
#
# This document and the information contained herein are provided on an
# "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
# OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
# ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
# INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
# INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
# WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
#
#
#Copyright Statement
#
# Copyright (C) The Internet Society (2004). This document is subject
# to the rights, licenses and restrictions contained in BCP 78, and
# except as set forth therein, the authors retain all their rights.
0707010001e74800008124000017820000044e0000000148d0f138000006110000022d0000016a00000000000000000000003400000000reloc/share/openldap/schema/dyngroup.schema.default # dyngroup.schema -- Dynamic Group schema
# $OpenLDAP: pkg/ldap/servers/slapd/schema/dyngroup.schema,v 1.3.2.4 2008/02/11 23:24:25 kurt Exp $
## This work is part of OpenLDAP Software .
##
## Copyright 1998-2008 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## .
#
# Dynamic Group schema (experimental), as defined by Netscape. See
# http://enterprise.netscape.com/docs/enterprise/60/admin/esusrgrp.htm#1019520
# for details.
#
# depends upon:
# core.schema
#
# These definitions are considered experimental due to the lack of
# a formal specification (e.g., RFC).
#
# Not recommended for production use! Use with caution!
objectIdentifier NetscapeRoot 2.16.840.1.113730
objectIdentifier NetscapeLDAP NetscapeRoot:3
objectIdentifier NetscapeLDAPattributeType NetscapeLDAP:1
objectIdentifier NetscapeLDAPobjectClass NetscapeLDAP:2
attributetype ( NetscapeLDAPattributeType:198
NAME 'memberURL'
DESC 'Identifies an URL associated with each member of a group. Any type of labeled URL can be used.'
SUP labeledURI )
objectClass ( NetscapeLDAPobjectClass:33
NAME 'groupOfURLs'
SUP top STRUCTURAL
MUST cn
MAY ( memberURL $ businessCategory $ description $ o $ ou $
owner $ seeAlso ) )
0707010001e74700008124000017820000044e0000000148d0f137000121600000022d0000016a00000000000000000000003200000000reloc/share/openldap/schema/cosine.schema.default # RFC1274: Cosine and Internet X.500 schema
# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.schema,v 1.19.2.6 2008/02/11 23:24:25 kurt Exp $
## This work is part of OpenLDAP Software .
##
## Copyright 1998-2008 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## .
#
# RFC1274: Cosine and Internet X.500 schema
#
# This file contains LDAPv3 schema derived from X.500 COSINE "pilot"
# schema. As this schema was defined for X.500(89), some
# oddities were introduced in the mapping to LDAPv3. The
# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt
# (a work in progress)
#
# Note: It seems that the pilot schema evolved beyond what was
# described in RFC1274. However, this document attempts to describes
# RFC1274 as published.
#
# Depends on core.schema
# Network Working Group P. Barker
# Request for Comments: 1274 S. Kille
# University College London
# November 1991
#
# The COSINE and Internet X.500 Schema
#
# [trimmed]
#
# Abstract
#
# This document suggests an X.500 Directory Schema, or Naming
# Architecture, for use in the COSINE and Internet X.500 pilots. The
# schema is independent of any specific implementation. As well as
# indicating support for the standard object classes and attributes, a
# large number of generally useful object classes and attributes are
# also defined. An appendix to this document includes a machine
# processable version of the schema.
#
# [trimmed]
# 7. Object Identifiers
#
# Some additional object identifiers are defined for this schema.
# These are also reproduced in Appendix C.
#
# data OBJECT IDENTIFIER ::= {ccitt 9}
# pss OBJECT IDENTIFIER ::= {data 2342}
# ucl OBJECT IDENTIFIER ::= {pss 19200300}
# pilot OBJECT IDENTIFIER ::= {ucl 100}
#
# pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1}
# pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3}
# pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4}
# pilotGroups OBJECT IDENTIFIER ::= {pilot 10}
#
# iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4}
# caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::=
# {pilotAttributeSyntax 5}
#
# 8. Object Classes
# [relocated after 9]
#
# 9. Attribute Types
#
# 9.1. X.500 standard attribute types
#
# A number of generally useful attribute types are defined in X.520,
# and these are supported. Refer to that document for descriptions of
# the suggested usage of these attribute types. The ASN.1 for these
# attribute types is reproduced for completeness in Appendix C.
#
# 9.2. X.400 standard attribute types
#
# The standard X.400 attribute types are supported. See X.402 for full
# details. The ASN.1 for these attribute types is reproduced in
# Appendix C.
#
# 9.3. COSINE/Internet attribute types
#
# This section describes all the attribute types defined for use in the
# COSINE and Internet pilots. Descriptions are given as to the
# suggested usage of these attribute types. The ASN.1 for these
# attribute types is reproduced in Appendix C.
#
# 9.3.1. Userid
#
# The Userid attribute type specifies a computer system login name.
#
# userid ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-user-identifier))
# ::= {pilotAttributeType 1}
#
#(in core.schema)
##attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' )
## EQUALITY caseIgnoreMatch
## SUBSTR caseIgnoreSubstringsMatch
## SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.2. Text Encoded O/R Address
#
# The Text Encoded O/R Address attribute type specifies a text encoding
# of an X.400 O/R address, as specified in RFC 987. The use of this
# attribute is deprecated as the attribute is intended for interim use
# only. This attribute will be the first candidate for the attribute
# expiry mechanisms!
#
# textEncodedORAddress ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-text-encoded-or-address))
# ::= {pilotAttributeType 2}
#
attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.3. RFC 822 Mailbox
#
# The RFC822 Mailbox attribute type specifies an electronic mailbox
# attribute following the syntax specified in RFC 822. Note that this
# attribute should not be used for greybook or other non-Internet order
# mailboxes.
#
# rfc822Mailbox ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreIA5StringSyntax
# (SIZE (1 .. ub-rfc822-mailbox))
# ::= {pilotAttributeType 3}
#
#(in core.schema)
##attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' )
## EQUALITY caseIgnoreIA5Match
## SUBSTR caseIgnoreIA5SubstringsMatch
## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# 9.3.4. Information
#
# The Information attribute type specifies any general information
# pertinent to an object. It is recommended that specific usage of
# this attribute type is avoided, and that specific requirements are
# met by other (possibly additional) attribute types.
#
# info ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-information))
# ::= {pilotAttributeType 4}
#
attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info'
DESC 'RFC1274: general information'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
# 9.3.5. Favourite Drink
#
# The Favourite Drink attribute type specifies the favourite drink of
# an object (or person).
#
# favouriteDrink ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-favourite-drink))
# ::= {pilotAttributeType 5}
#
attributetype ( 0.9.2342.19200300.100.1.5
NAME ( 'drink' 'favouriteDrink' )
DESC 'RFC1274: favorite drink'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.6. Room Number
#
# The Room Number attribute type specifies the room number of an
# object. Note that the commonName attribute should be used for naming
# room objects.
#
# roomNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-room-number))
# ::= {pilotAttributeType 6}
#
attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber'
DESC 'RFC1274: room number'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.7. Photo
#
# The Photo attribute type specifies a "photograph" for an object.
# This should be encoded in G3 fax as explained in recommendation T.4,
# with an ASN.1 wrapper to make it compatible with an X.400 BodyPart as
# defined in X.420.
#
# IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules
# information-objects }
#
# photo ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# CHOICE {
# g3-facsimile [3] G3FacsimileBodyPart
# }
# (SIZE (1 .. ub-photo))
# ::= {pilotAttributeType 7}
#
attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo'
DESC 'RFC1274: photo (G3 fax)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
# 9.3.8. User Class
#
# The User Class attribute type specifies a category of computer user.
# The semantics placed on this attribute are for local interpretation.
# Examples of current usage od this attribute in academia are
# undergraduate student, researcher, lecturer, etc. Note that the
# organizationalStatus attribute may now often be preferred as it makes
# no distinction between computer users and others.
#
# userClass ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-user-class))
# ::= {pilotAttributeType 8}
#
attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
DESC 'RFC1274: category of user'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.9. Host
#
# The Host attribute type specifies a host computer.
#
# host ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-host))
# ::= {pilotAttributeType 9}
#
attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host'
DESC 'RFC1274: host computer'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.10. Manager
#
# The Manager attribute type specifies the manager of an object
# represented by an entry.
#
# manager ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# distinguishedNameSyntax
# ::= {pilotAttributeType 10}
#
attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager'
DESC 'RFC1274: DN of manager'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
# 9.3.11. Document Identifier
#
# The Document Identifier attribute type specifies a unique identifier
# for a document.
#
# documentIdentifier ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-document-identifier))
# ::= {pilotAttributeType 11}
#
attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
DESC 'RFC1274: unique identifier of document'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.12. Document Title
#
# The Document Title attribute type specifies the title of a document.
#
# documentTitle ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-document-title))
# ::= {pilotAttributeType 12}
#
attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
DESC 'RFC1274: title of document'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.13. Document Version
#
# The Document Version attribute type specifies the version number of a
# document.
#
# documentVersion ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-document-version))
# ::= {pilotAttributeType 13}
#
attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
DESC 'RFC1274: version of document'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.14. Document Author
#
# The Document Author attribute type specifies the distinguished name
# of the author of a document.
#
# documentAuthor ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# distinguishedNameSyntax
# ::= {pilotAttributeType 14}
#
attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
DESC 'RFC1274: DN of author of document'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
# 9.3.15. Document Location
#
# The Document Location attribute type specifies the location of the
# document original.
#
# documentLocation ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-document-location))
# ::= {pilotAttributeType 15}
#
attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
DESC 'RFC1274: location of document original'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.16. Home Telephone Number
#
# The Home Telephone Number attribute type specifies a home telephone
# number associated with a person. Attribute values should follow the
# agreed format for international telephone numbers: i.e., "+44 71 123
# 4567".
#
# homeTelephoneNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# telephoneNumberSyntax
# ::= {pilotAttributeType 20}
#
attributetype ( 0.9.2342.19200300.100.1.20
NAME ( 'homePhone' 'homeTelephoneNumber' )
DESC 'RFC1274: home telephone number'
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
# 9.3.17. Secretary
#
# The Secretary attribute type specifies the secretary of a person.
# The attribute value for Secretary is a distinguished name.
#
# secretary ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# distinguishedNameSyntax
# ::= {pilotAttributeType 21}
#
attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary'
DESC 'RFC1274: DN of secretary'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
# 9.3.18. Other Mailbox
#
# The Other Mailbox attribute type specifies values for electronic
# mailbox types other than X.400 and rfc822.
#
# otherMailbox ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# SEQUENCE {
# mailboxType PrintableString, -- e.g. Telemail
# mailbox IA5String -- e.g. X378:Joe
# }
# ::= {pilotAttributeType 22}
#
attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )
# 9.3.19. Last Modified Time
#
# The Last Modified Time attribute type specifies the last time, in UTC
# time, that an entry was modified. Ideally, this attribute should be
# maintained by the DSA.
#
# lastModifiedTime ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# uTCTimeSyntax
# ::= {pilotAttributeType 23}
#
## Deprecated in favor of modifyTimeStamp
#attributetype ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime'
# DESC 'RFC1274: time of last modify, replaced by modifyTimestamp'
# OBSOLETE
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
# USAGE directoryOperation )
# 9.3.20. Last Modified By
#
# The Last Modified By attribute specifies the distinguished name of
# the last user to modify the associated entry. Ideally, this
# attribute should be maintained by the DSA.
#
# lastModifiedBy ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# distinguishedNameSyntax
# ::= {pilotAttributeType 24}
#
## Deprecated in favor of modifiersName
#attributetype ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy'
# DESC 'RFC1274: last modifier, replaced by modifiersName'
# OBSOLETE
# EQUALITY distinguishedNameMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
# USAGE directoryOperation )
# 9.3.21. Domain Component
#
# The Domain Component attribute type specifies a DNS/NRS domain. For
# example, "uk" or "ac".
#
# domainComponent ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreIA5StringSyntax
# SINGLE VALUE
# ::= {pilotAttributeType 25}
#
##(in core.schema)
##attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' )
## EQUALITY caseIgnoreIA5Match
## SUBSTR caseIgnoreIA5SubstringsMatch
## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
# 9.3.22. DNS ARecord
#
# The A Record attribute type specifies a type A (Address) DNS resource
# record [6] [7].
#
# aRecord ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# DNSRecordSyntax
# ::= {pilotAttributeType 26}
#
## incorrect syntax?
attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
## missing from RFC1274
## incorrect syntax?
attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# 9.3.23. MX Record
#
# The MX Record attribute type specifies a type MX (Mail Exchange) DNS
# resource record [6] [7].
#
# mXRecord ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# DNSRecordSyntax
# ::= {pilotAttributeType 28}
#
## incorrect syntax!!
attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# 9.3.24. NS Record
#
# The NS Record attribute type specifies an NS (Name Server) DNS
# resource record [6] [7].
#
# nSRecord ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# DNSRecordSyntax
# ::= {pilotAttributeType 29}
#
## incorrect syntax!!
attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# 9.3.25. SOA Record
#
# The SOA Record attribute type specifies a type SOA (Start of
# Authority) DNS resorce record [6] [7].
#
# sOARecord ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# DNSRecordSyntax
# ::= {pilotAttributeType 30}
#
## incorrect syntax!!
attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# 9.3.26. CNAME Record
#
# The CNAME Record attribute type specifies a type CNAME (Canonical
# Name) DNS resource record [6] [7].
#
# cNAMERecord ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# iA5StringSyntax
# ::= {pilotAttributeType 31}
#
## incorrect syntax!!
attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# 9.3.27. Associated Domain
#
# The Associated Domain attribute type specifies a DNS or NRS domain
# which is associated with an object in the DIT. For example, the entry
# in the DIT with a distinguished name "C=GB, O=University College
# London" would have an associated domain of "UCL.AC.UK. Note that all
# domains should be represented in rfc822 order. See [3] for more
# details of usage of this attribute.
#
# associatedDomain ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreIA5StringSyntax
# ::= {pilotAttributeType 37}
#
#attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
# EQUALITY caseIgnoreIA5Match
# SUBSTR caseIgnoreIA5SubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# 9.3.28. Associated Name
#
# The Associated Name attribute type specifies an entry in the
# organisational DIT associated with a DNS/NRS domain. See [3] for
# more details of usage of this attribute.
#
# associatedName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# distinguishedNameSyntax
# ::= {pilotAttributeType 38}
#
attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
DESC 'RFC1274: DN of entry associated with domain'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
# 9.3.29. Home postal address
#
# The Home postal address attribute type specifies a home postal
# address for an object. This should be limited to up to 6 lines of 30
# characters each.
#
# homePostalAddress ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# postalAddress
# MATCHES FOR EQUALITY
# ::= {pilotAttributeType 39}
#
attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress'
DESC 'RFC1274: home postal address'
EQUALITY caseIgnoreListMatch
SUBSTR caseIgnoreListSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
# 9.3.30. Personal Title
#
# The Personal Title attribute type specifies a personal title for a
# person. Examples of personal titles are "Ms", "Dr", "Prof" and "Rev".
#
# personalTitle ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-personal-title))
# ::= {pilotAttributeType 40}
#
attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
DESC 'RFC1274: personal title'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.31. Mobile Telephone Number
#
# The Mobile Telephone Number attribute type specifies a mobile
# telephone number associated with a person. Attribute values should
# follow the agreed format for international telephone numbers: i.e.,
# "+44 71 123 4567".
#
# mobileTelephoneNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# telephoneNumberSyntax
# ::= {pilotAttributeType 41}
#
attributetype ( 0.9.2342.19200300.100.1.41
NAME ( 'mobile' 'mobileTelephoneNumber' )
DESC 'RFC1274: mobile telephone number'
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
# 9.3.32. Pager Telephone Number
#
# The Pager Telephone Number attribute type specifies a pager telephone
# number for an object. Attribute values should follow the agreed
# format for international telephone numbers: i.e., "+44 71 123 4567".
#
# pagerTelephoneNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# telephoneNumberSyntax
# ::= {pilotAttributeType 42}
#
attributetype ( 0.9.2342.19200300.100.1.42
NAME ( 'pager' 'pagerTelephoneNumber' )
DESC 'RFC1274: pager telephone number'
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
# 9.3.33. Friendly Country Name
#
# The Friendly Country Name attribute type specifies names of countries
# in human readable format. The standard attribute country name must
# be one of the two-letter codes defined in ISO 3166.
#
# friendlyCountryName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# ::= {pilotAttributeType 43}
#
attributetype ( 0.9.2342.19200300.100.1.43
NAME ( 'co' 'friendlyCountryName' )
DESC 'RFC1274: friendly country name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# 9.3.34. Unique Identifier
#
# The Unique Identifier attribute type specifies a "unique identifier"
# for an object represented in the Directory. The domain within which
# the identifier is unique, and the exact semantics of the identifier,
# are for local definition. For a person, this might be an
# institution-wide payroll number. For an organisational unit, it
# might be a department code.
#
# uniqueIdentifier ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-unique-identifier))
# ::= {pilotAttributeType 44}
#
attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
DESC 'RFC1274: unique identifer'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.35. Organisational Status
#
# The Organisational Status attribute type specifies a category by
# which a person is often referred to in an organisation. Examples of
# usage in academia might include undergraduate student, researcher,
# lecturer, etc.
#
# A Directory administrator should probably consider carefully the
# distinctions between this and the title and userClass attributes.
#
# organizationalStatus ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-organizational-status))
# ::= {pilotAttributeType 45}
#
attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus'
DESC 'RFC1274: organizational status'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.36. Janet Mailbox
#
# The Janet Mailbox attribute type specifies an electronic mailbox
# attribute following the syntax specified in the Grey Book of the
# Coloured Book series. This attribute is intended for the convenience
# of U.K users unfamiliar with rfc822 and little-endian mail addresses.
# Entries using this attribute MUST also include an rfc822Mailbox
# attribute.
#
# janetMailbox ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreIA5StringSyntax
# (SIZE (1 .. ub-janet-mailbox))
# ::= {pilotAttributeType 46}
#
attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox'
DESC 'RFC1274: Janet mailbox'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# 9.3.37. Mail Preference Option
#
# An attribute to allow users to indicate a preference for inclusion of
# their names on mailing lists (electronic or physical). The absence
# of such an attribute should be interpreted as if the attribute was
# present with value "no-list-inclusion". This attribute should be
# interpreted by anyone using the directory to derive mailing lists,
# and its value respected.
#
# mailPreferenceOption ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX ENUMERATED {
# no-list-inclusion(0),
# any-list-inclusion(1), -- may be added to any lists
# professional-list-inclusion(2)
# -- may be added to lists
# -- which the list provider
# -- views as related to the
# -- users professional inter-
# -- ests, perhaps evaluated
# -- from the business of the
# -- organisation or keywords
# -- in the entry.
# }
# ::= {pilotAttributeType 47}
#
attributetype ( 0.9.2342.19200300.100.1.47
NAME 'mailPreferenceOption'
DESC 'RFC1274: mail preference option'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
# 9.3.38. Building Name
#
# The Building Name attribute type specifies the name of the building
# where an organisation or organisational unit is based.
#
# buildingName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-building-name))
# ::= {pilotAttributeType 48}
#
attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
DESC 'RFC1274: name of building'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.39. DSA Quality
#
# The DSA Quality attribute type specifies the purported quality of a
# DSA. It allows a DSA manager to indicate the expected level of
# availability of the DSA. See [8] for details of the syntax.
#
# dSAQuality ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX DSAQualitySyntax
# SINGLE VALUE
# ::= {pilotAttributeType 49}
#
attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality'
DESC 'RFC1274: DSA Quality'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
# 9.3.40. Single Level Quality
#
# The Single Level Quality attribute type specifies the purported data
# quality at the level immediately below in the DIT. See [8] for
# details of the syntax.
#
# singleLevelQuality ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
# SINGLE VALUE
# ::= {pilotAttributeType 50}
#
attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
DESC 'RFC1274: Single Level Quality'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
# 9.3.41. Subtree Minimum Quality
#
# The Subtree Minimum Quality attribute type specifies the purported
# minimum data quality for a DIT subtree. See [8] for more discussion
# and details of the syntax.
#
# subtreeMinimumQuality ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
# SINGLE VALUE
# -- Defaults to singleLevelQuality
# ::= {pilotAttributeType 51}
#
attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality'
DESC 'RFC1274: Subtree Mininum Quality'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
# 9.3.42. Subtree Maximum Quality
#
# The Subtree Maximum Quality attribute type specifies the purported
# maximum data quality for a DIT subtree. See [8] for more discussion
# and details of the syntax.
#
# subtreeMaximumQuality ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
# SINGLE VALUE
# -- Defaults to singleLevelQuality
# ::= {pilotAttributeType 52}
#
attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality'
DESC 'RFC1274: Subtree Maximun Quality'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
# 9.3.43. Personal Signature
#
# The Personal Signature attribute type allows for a representation of
# a person's signature. This should be encoded in G3 fax as explained
# in recommendation T.4, with an ASN.1 wrapper to make it compatible
# with an X.400 BodyPart as defined in X.420.
#
# IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules
# information-objects }
#
# personalSignature ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# CHOICE {
# g3-facsimile [3] G3FacsimileBodyPart
# }
# (SIZE (1 .. ub-personal-signature))
# ::= {pilotAttributeType 53}
#
attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature'
DESC 'RFC1274: Personal Signature (G3 fax)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 )
# 9.3.44. DIT Redirect
#
# The DIT Redirect attribute type is used to indicate that the object
# described by one entry now has a newer entry in the DIT. The entry
# containing the redirection attribute should be expired after a
# suitable grace period. This attribute may be used when an individual
# changes his/her place of work, and thus acquires a new organisational
# DN.
#
# dITRedirect ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# distinguishedNameSyntax
# ::= {pilotAttributeType 54}
#
attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect'
DESC 'RFC1274: DIT Redirect'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
# 9.3.45. Audio
#
# The Audio attribute type allows the storing of sounds in the
# Directory. The attribute uses a u-law encoded sound file as used by
# the "play" utility on a Sun 4. This is an interim format.
#
# audio ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# Audio
# (SIZE (1 .. ub-audio))
# ::= {pilotAttributeType 55}
#
attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio'
DESC 'RFC1274: audio (u-law)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
# 9.3.46. Publisher of Document
#
#
# The Publisher of Document attribute is the person and/or organization
# that published a document.
#
# documentPublisher ATTRIBUTE
# WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax
# ::= {pilotAttributeType 56}
#
attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
DESC 'RFC1274: publisher of document'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# 9.4. Generally useful syntaxes
#
# caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX
# IA5String
# MATCHES FOR EQUALITY SUBSTRINGS
#
# iA5StringSyntax ATTRIBUTE-SYNTAX
# IA5String
# MATCHES FOR EQUALITY SUBSTRINGS
#
#
# -- Syntaxes to support the DNS attributes
#
# DNSRecordSyntax ATTRIBUTE-SYNTAX
# IA5String
# MATCHES FOR EQUALITY
#
#
# NRSInformationSyntax ATTRIBUTE-SYNTAX
# NRSInformation
# MATCHES FOR EQUALITY
#
#
# NRSInformation ::= SET {
# [0] Context,
# [1] Address-space-id,
# routes [2] SEQUENCE OF SEQUENCE {
# Route-cost,
# Addressing-info }
# }
#
#
# 9.5. Upper bounds on length of attribute values
#
#
# ub-document-identifier INTEGER ::= 256
#
# ub-document-location INTEGER ::= 256
#
# ub-document-title INTEGER ::= 256
#
# ub-document-version INTEGER ::= 256
#
# ub-favourite-drink INTEGER ::= 256
#
# ub-host INTEGER ::= 256
#
# ub-information INTEGER ::= 2048
#
# ub-unique-identifier INTEGER ::= 256
#
# ub-personal-title INTEGER ::= 256
#
# ub-photo INTEGER ::= 250000
#
# ub-rfc822-mailbox INTEGER ::= 256
#
# ub-room-number INTEGER ::= 256
#
# ub-text-or-address INTEGER ::= 256
#
# ub-user-class INTEGER ::= 256
#
# ub-user-identifier INTEGER ::= 256
#
# ub-organizational-status INTEGER ::= 256
#
# ub-janet-mailbox INTEGER ::= 256
#
# ub-building-name INTEGER ::= 256
#
# ub-personal-signature ::= 50000
#
# ub-audio INTEGER ::= 250000
#
# [back to 8]
# 8. Object Classes
#
# 8.1. X.500 standard object classes
#
# A number of generally useful object classes are defined in X.521, and
# these are supported. Refer to that document for descriptions of the
# suggested usage of these object classes. The ASN.1 for these object
# classes is reproduced for completeness in Appendix C.
#
# 8.2. X.400 standard object classes
#
# A number of object classes defined in X.400 are supported. Refer to
# X.402 for descriptions of the usage of these object classes. The
# ASN.1 for these object classes is reproduced for completeness in
# Appendix C.
#
# 8.3. COSINE/Internet object classes
#
# This section attempts to fuse together the object classes designed
# for use in the COSINE and Internet pilot activities. Descriptions
# are given of the suggested usage of these object classes. The ASN.1
# for these object classes is also reproduced in Appendix C.
#
# 8.3.1. Pilot Object
#
# The PilotObject object class is used as a sub-class to allow some
# common, useful attributes to be assigned to entries of all other
# object classes.
#
# pilotObject OBJECT-CLASS
# SUBCLASS OF top
# MAY CONTAIN {
# info,
# photo,
# manager,
# uniqueIdentifier,
# lastModifiedTime,
# lastModifiedBy,
# dITRedirect,
# audio}
# ::= {pilotObjectClass 3}
#
#objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject'
# DESC 'RFC1274: pilot object'
# SUP top AUXILIARY
# MAY ( info $ photo $ manager $ uniqueIdentifier $
# lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio )
# )
# 8.3.2. Pilot Person
#
# The PilotPerson object class is used as a sub-class of person, to
# allow the use of a number of additional attributes to be assigned to
# entries of object class person.
#
# pilotPerson OBJECT-CLASS
# SUBCLASS OF person
# MAY CONTAIN {
# userid,
# textEncodedORAddress,
# rfc822Mailbox,
# favouriteDrink,
# roomNumber,
# userClass,
# homeTelephoneNumber,
# homePostalAddress,
# secretary,
# personalTitle,
# preferredDeliveryMethod,
# businessCategory,
# janetMailbox,
# otherMailbox,
# mobileTelephoneNumber,
# pagerTelephoneNumber,
# organizationalStatus,
# mailPreferenceOption,
# personalSignature}
# ::= {pilotObjectClass 4}
#
objectclass ( 0.9.2342.19200300.100.4.4
NAME ( 'pilotPerson' 'newPilotPerson' )
SUP person STRUCTURAL
MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $
favouriteDrink $ roomNumber $ userClass $
homeTelephoneNumber $ homePostalAddress $ secretary $
personalTitle $ preferredDeliveryMethod $ businessCategory $
janetMailbox $ otherMailbox $ mobileTelephoneNumber $
pagerTelephoneNumber $ organizationalStatus $
mailPreferenceOption $ personalSignature )
)
# 8.3.3. Account
#
# The Account object class is used to define entries representing
# computer accounts. The userid attribute should be used for naming
# entries of this object class.
#
# account OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# userid}
# MAY CONTAIN {
# description,
# seeAlso,
# localityName,
# organizationName,
# organizationalUnitName,
# host}
# ::= {pilotObjectClass 5}
#
objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account'
SUP top STRUCTURAL
MUST userid
MAY ( description $ seeAlso $ localityName $
organizationName $ organizationalUnitName $ host )
)
# 8.3.4. Document
#
# The Document object class is used to define entries which represent
# documents.
#
# document OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# documentIdentifier}
# MAY CONTAIN {
# commonName,
# description,
# seeAlso,
# localityName,
# organizationName,
# organizationalUnitName,
# documentTitle,
# documentVersion,
# documentAuthor,
# documentLocation,
# documentPublisher}
# ::= {pilotObjectClass 6}
#
objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document'
SUP top STRUCTURAL
MUST documentIdentifier
MAY ( commonName $ description $ seeAlso $ localityName $
organizationName $ organizationalUnitName $
documentTitle $ documentVersion $ documentAuthor $
documentLocation $ documentPublisher )
)
# 8.3.5. Room
#
# The Room object class is used to define entries representing rooms.
# The commonName attribute should be used for naming pentries of this
# object class.
#
# room OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# commonName}
# MAY CONTAIN {
# roomNumber,
# description,
# seeAlso,
# telephoneNumber}
# ::= {pilotObjectClass 7}
#
objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room'
SUP top STRUCTURAL
MUST commonName
MAY ( roomNumber $ description $ seeAlso $ telephoneNumber )
)
# 8.3.6. Document Series
#
# The Document Series object class is used to define an entry which
# represents a series of documents (e.g., The Request For Comments
# papers).
#
# documentSeries OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# commonName}
# MAY CONTAIN {
# description,
# seeAlso,
# telephoneNumber,
# localityName,
# organizationName,
# organizationalUnitName}
# ::= {pilotObjectClass 9}
#
objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries'
SUP top STRUCTURAL
MUST commonName
MAY ( description $ seeAlso $ telephonenumber $
localityName $ organizationName $ organizationalUnitName )
)
# 8.3.7. Domain
#
# The Domain object class is used to define entries which represent DNS
# or NRS domains. The domainComponent attribute should be used for
# naming entries of this object class. The usage of this object class
# is described in more detail in [3].
#
# domain OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# domainComponent}
# MAY CONTAIN {
# associatedName,
# organizationName,
# organizationalAttributeSet}
# ::= {pilotObjectClass 13}
#
objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain'
SUP top STRUCTURAL
MUST domainComponent
MAY ( associatedName $ organizationName $ description $
businessCategory $ seeAlso $ searchGuide $ userPassword $
localityName $ stateOrProvinceName $ streetAddress $
physicalDeliveryOfficeName $ postalAddress $ postalCode $
postOfficeBox $ streetAddress $
facsimileTelephoneNumber $ internationalISDNNumber $
telephoneNumber $ teletexTerminalIdentifier $ telexNumber $
preferredDeliveryMethod $ destinationIndicator $
registeredAddress $ x121Address )
)
# 8.3.8. RFC822 Local Part
#
# The RFC822 Local Part object class is used to define entries which
# represent the local part of RFC822 mail addresses. This treats this
# part of an RFC822 address as a domain. The usage of this object
# class is described in more detail in [3].
#
# rFC822localPart OBJECT-CLASS
# SUBCLASS OF domain
# MAY CONTAIN {
# commonName,
# surname,
# description,
# seeAlso,
# telephoneNumber,
# postalAttributeSet,
# telecommunicationAttributeSet}
# ::= {pilotObjectClass 14}
#
objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart'
SUP domain STRUCTURAL
MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $
physicalDeliveryOfficeName $ postalAddress $ postalCode $
postOfficeBox $ streetAddress $
facsimileTelephoneNumber $ internationalISDNNumber $
telephoneNumber $ teletexTerminalIdentifier $
telexNumber $ preferredDeliveryMethod $ destinationIndicator $
registeredAddress $ x121Address )
)
# 8.3.9. DNS Domain
#
# The DNS Domain (Domain NameServer) object class is used to define
# entries for DNS domains. The usage of this object class is described
# in more detail in [3].
#
# dNSDomain OBJECT-CLASS
# SUBCLASS OF domain
# MAY CONTAIN {
# ARecord,
# MDRecord,
# MXRecord,
# NSRecord,
# SOARecord,
# CNAMERecord}
# ::= {pilotObjectClass 15}
#
objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain'
SUP domain STRUCTURAL
MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $
SOARecord $ CNAMERecord )
)
# 8.3.10. Domain Related Object
#
# The Domain Related Object object class is used to define entries
# which represent DNS/NRS domains which are "equivalent" to an X.500
# domain: e.g., an organisation or organisational unit. The usage of
# this object class is described in more detail in [3].
#
# domainRelatedObject OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# associatedDomain}
# ::= {pilotObjectClass 17}
#
objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
DESC 'RFC1274: an object related to an domain'
SUP top AUXILIARY
MUST associatedDomain )
# 8.3.11. Friendly Country
#
# The Friendly Country object class is used to define country entries
# in the DIT. The object class is used to allow friendlier naming of
# countries than that allowed by the object class country. The naming
# attribute of object class country, countryName, has to be a 2 letter
# string defined in ISO 3166.
#
# friendlyCountry OBJECT-CLASS
# SUBCLASS OF country
# MUST CONTAIN {
# friendlyCountryName}
# ::= {pilotObjectClass 18}
#
objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry'
SUP country STRUCTURAL
MUST friendlyCountryName )
# 8.3.12. Simple Security Object
#
# The Simple Security Object object class is used to allow an entry to
# have a userPassword attribute when an entry's principal object
# classes do not allow userPassword as an attribute type.
#
# simpleSecurityObject OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# userPassword }
# ::= {pilotObjectClass 19}
#
## (in core.schema)
## objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
## SUP top AUXILIARY
## MUST userPassword )
# 8.3.13. Pilot Organization
#
# The PilotOrganization object class is used as a sub-class of
# organization and organizationalUnit to allow a number of additional
# attributes to be assigned to entries of object classes organization
# and organizationalUnit.
#
# pilotOrganization OBJECT-CLASS
# SUBCLASS OF organization, organizationalUnit
# MAY CONTAIN {
# buildingName}
# ::= {pilotObjectClass 20}
#
objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
SUP ( organization $ organizationalUnit ) STRUCTURAL
MAY buildingName )
# 8.3.14. Pilot DSA
#
# The PilotDSA object class is used as a sub-class of the dsa object
# class to allow additional attributes to be assigned to entries for
# DSAs.
#
# pilotDSA OBJECT-CLASS
# SUBCLASS OF dsa
# MUST CONTAIN {
# dSAQuality}
# ::= {pilotObjectClass 21}
#
objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA'
SUP dsa STRUCTURAL
MAY dSAQuality )
# 8.3.15. Quality Labelled Data
#
# The Quality Labelled Data object class is used to allow the
# assignment of the data quality attributes to subtrees in the DIT.
#
# See [8] for more details.
#
# qualityLabelledData OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# dSAQuality}
# MAY CONTAIN {
# subtreeMinimumQuality,
# subtreeMaximumQuality}
# ::= {pilotObjectClass 22}
objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
SUP top AUXILIARY
MUST dsaQuality
MAY ( subtreeMinimumQuality $ subtreeMaximumQuality )
)
# References
#
# [1] CCITT/ISO, "X.500, The Directory - overview of concepts,
# models and services, CCITT /ISO IS 9594.
#
# [2] Kille, S., "The THORN and RARE X.500 Naming Architecture, in
# University College London, Department of Computer Science
# Research Note 89/48, May 1989.
#
# [3] Kille, S., "X.500 and Domains", RFC 1279, University College
# London, November 1991.
#
# [4] Rose, M., "PSI/NYSERNet White Pages Pilot Project: Status
# Report", Technical Report 90-09-10-1, published by NYSERNet
# Inc, 1990.
#
# [5] Craigie, J., "UK Academic Community Directory Service Pilot
# Project, pp. 305-310 in Computer Networks and ISDN Systems
# 17 (1989), published by North Holland.
#
# [6] Mockapetris, P., "Domain Names - Concepts and Facilities",
# RFC 1034, USC/Information Sciences Institute, November 1987.
#
# [7] Mockapetris, P., "Domain Names - Implementation and
# Specification, RFC 1035, USC/Information Sciences Institute,
# November 1987.
#
# [8] Kille, S., "Handling QOS (Quality of service) in the
# Directory," publication in process, March 1991.
#
#
# APPENDIX C - Summary of all Object Classes and Attribute Types
#
# -- Some Important Object Identifiers
#
# data OBJECT IDENTIFIER ::= {ccitt 9}
# pss OBJECT IDENTIFIER ::= {data 2342}
# ucl OBJECT IDENTIFIER ::= {pss 19200300}
# pilot OBJECT IDENTIFIER ::= {ucl 100}
#
# pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1}
# pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3}
# pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4}
# pilotGroups OBJECT IDENTIFIER ::= {pilot 10}
#
# iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4}
# caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::=
# {pilotAttributeSyntax 5}
#
# -- Standard Object Classes
#
# top OBJECT-CLASS
# MUST CONTAIN {
# objectClass}
# ::= {objectClass 0}
#
#
# alias OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# aliasedObjectName}
# ::= {objectClass 1}
#
#
# country OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# countryName}
# MAY CONTAIN {
# description,
# searchGuide}
# ::= {objectClass 2}
#
#
# locality OBJECT-CLASS
# SUBCLASS OF top
# MAY CONTAIN {
# description,
# localityName,
# stateOrProvinceName,
# searchGuide,
# seeAlso,
# streetAddress}
# ::= {objectClass 3}
#
#
# organization OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# organizationName}
# MAY CONTAIN {
# organizationalAttributeSet}
# ::= {objectClass 4}
#
#
# organizationalUnit OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# organizationalUnitName}
# MAY CONTAIN {
# organizationalAttributeSet}
# ::= {objectClass 5}
#
#
# person OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# commonName,
# surname}
# MAY CONTAIN {
# description,
# seeAlso,
# telephoneNumber,
# userPassword}
# ::= {objectClass 6}
#
#
# organizationalPerson OBJECT-CLASS
# SUBCLASS OF person
# MAY CONTAIN {
# localeAttributeSet,
# organizationalUnitName,
# postalAttributeSet,
# telecommunicationAttributeSet,
# title}
# ::= {objectClass 7}
#
#
# organizationalRole OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# commonName}
# MAY CONTAIN {
# description,
# localeAttributeSet,
# organizationalUnitName,
# postalAttributeSet,
# preferredDeliveryMethod,
# roleOccupant,
# seeAlso,
# telecommunicationAttributeSet}
# ::= {objectClass 8}
#
#
# groupOfNames OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# commonName,
# member}
# MAY CONTAIN {
# description,
# organizationName,
# organizationalUnitName,
# owner,
# seeAlso,
# businessCategory}
# ::= {objectClass 9}
#
#
# residentialPerson OBJECT-CLASS
# SUBCLASS OF person
# MUST CONTAIN {
# localityName}
# MAY CONTAIN {
# localeAttributeSet,
# postalAttributeSet,
# preferredDeliveryMethod,
# telecommunicationAttributeSet,
# businessCategory}
# ::= {objectClass 10}
#
#
# applicationProcess OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# commonName}
# MAY CONTAIN {
# description,
# localityName,
# organizationalUnitName,
# seeAlso}
# ::= {objectClass 11}
#
#
# applicationEntity OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# commonName,
# presentationAddress}
# MAY CONTAIN {
# description,
# localityName,
# organizationName,
# organizationalUnitName,
# seeAlso,
# supportedApplicationContext}
# ::= {objectClass 12}
#
#
# dSA OBJECT-CLASS
# SUBCLASS OF applicationEntity
# MAY CONTAIN {
# knowledgeInformation}
# ::= {objectClass 13}
#
#
# device OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# commonName}
# MAY CONTAIN {
# description,
# localityName,
# organizationName,
# organizationalUnitName,
# owner,
# seeAlso,
# serialNumber}
# ::= {objectClass 14}
#
#
# strongAuthenticationUser OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# userCertificate}
# ::= {objectClass 15}
#
#
# certificationAuthority OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# cACertificate,
# certificateRevocationList,
# authorityRevocationList}
# MAY CONTAIN {
# crossCertificatePair}
# ::= {objectClass 16}
#
# -- Standard MHS Object Classes
#
# mhsDistributionList OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# commonName,
# mhsDLSubmitPermissions,
# mhsORAddresses}
# MAY CONTAIN {
# description,
# organizationName,
# organizationalUnitName,
# owner,
# seeAlso,
# mhsDeliverableContentTypes,
# mhsdeliverableEits,
# mhsDLMembers,
# mhsPreferredDeliveryMethods}
# ::= {mhsObjectClass 0}
#
#
# mhsMessageStore OBJECT-CLASS
# SUBCLASS OF applicationEntity
# MAY CONTAIN {
# description,
# owner,
# mhsSupportedOptionalAttributes,
# mhsSupportedAutomaticActions,
# mhsSupportedContentTypes}
# ::= {mhsObjectClass 1}
#
#
# mhsMessageTransferAgent OBJECT-CLASS
# SUBCLASS OF applicationEntity
# MAY CONTAIN {
# description,
# owner,
# mhsDeliverableContentLength}
# ::= {mhsObjectClass 2}
#
#
# mhsOrganizationalUser OBJECT-CLASS
# SUBCLASS OF organizationalPerson
# MUST CONTAIN {
# mhsORAddresses}
# MAY CONTAIN {
# mhsDeliverableContentLength,
# mhsDeliverableContentTypes,
# mhsDeliverableEits,
# mhsMessageStoreName,
# mhsPreferredDeliveryMethods }
# ::= {mhsObjectClass 3}
#
#
# mhsResidentialUser OBJECT-CLASS
# SUBCLASS OF residentialPerson
# MUST CONTAIN {
# mhsORAddresses}
# MAY CONTAIN {
# mhsDeliverableContentLength,
# mhsDeliverableContentTypes,
# mhsDeliverableEits,
# mhsMessageStoreName,
# mhsPreferredDeliveryMethods }
# ::= {mhsObjectClass 4}
#
#
# mhsUserAgent OBJECT-CLASS
# SUBCLASS OF applicationEntity
# MAY CONTAIN {
# mhsDeliverableContentLength,
# mhsDeliverableContentTypes,
# mhsDeliverableEits,
# mhsORAddresses,
# owner}
# ::= {mhsObjectClass 5}
#
#
#
#
# -- Pilot Object Classes
#
# pilotObject OBJECT-CLASS
# SUBCLASS OF top
# MAY CONTAIN {
# info,
# photo,
# manager,
# uniqueIdentifier,
# lastModifiedTime,
# lastModifiedBy,
# dITRedirect,
# audio}
# ::= {pilotObjectClass 3}
# pilotPerson OBJECT-CLASS
# SUBCLASS OF person
# MAY CONTAIN {
# userid,
# textEncodedORAddress,
# rfc822Mailbox,
# favouriteDrink,
# roomNumber,
# userClass,
# homeTelephoneNumber,
# homePostalAddress,
# secretary,
# personalTitle,
# preferredDeliveryMethod,
# businessCategory,
# janetMailbox,
# otherMailbox,
# mobileTelephoneNumber,
# pagerTelephoneNumber,
# organizationalStatus,
# mailPreferenceOption,
# personalSignature}
# ::= {pilotObjectClass 4}
#
#
# account OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# userid}
# MAY CONTAIN {
# description,
# seeAlso,
# localityName,
# organizationName,
# organizationalUnitName,
# host}
# ::= {pilotObjectClass 5}
#
#
# document OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# documentIdentifier}
# MAY CONTAIN {
# commonName,
# description,
# seeAlso,
# localityName,
# organizationName,
# organizationalUnitName,
# documentTitle,
# documentVersion,
# documentAuthor,
# documentLocation,
# documentPublisher}
# ::= {pilotObjectClass 6}
#
#
# room OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# commonName}
# MAY CONTAIN {
# roomNumber,
# description,
# seeAlso,
# telephoneNumber}
# ::= {pilotObjectClass 7}
#
#
# documentSeries OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# commonName}
# MAY CONTAIN {
# description,
# seeAlso,
# telephoneNumber,
# localityName,
# organizationName,
# organizationalUnitName}
# ::= {pilotObjectClass 9}
#
#
# domain OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# domainComponent}
# MAY CONTAIN {
# associatedName,
# organizationName,
# organizationalAttributeSet}
# ::= {pilotObjectClass 13}
#
#
# rFC822localPart OBJECT-CLASS
# SUBCLASS OF domain
# MAY CONTAIN {
# commonName,
# surname,
# description,
# seeAlso,
# telephoneNumber,
# postalAttributeSet,
# telecommunicationAttributeSet}
# ::= {pilotObjectClass 14}
#
#
# dNSDomain OBJECT-CLASS
# SUBCLASS OF domain
# MAY CONTAIN {
# ARecord,
# MDRecord,
# MXRecord,
# NSRecord,
# SOARecord,
# CNAMERecord}
# ::= {pilotObjectClass 15}
#
#
# domainRelatedObject OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# associatedDomain}
# ::= {pilotObjectClass 17}
#
#
# friendlyCountry OBJECT-CLASS
# SUBCLASS OF country
# MUST CONTAIN {
# friendlyCountryName}
# ::= {pilotObjectClass 18}
#
#
# simpleSecurityObject OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# userPassword }
# ::= {pilotObjectClass 19}
#
#
# pilotOrganization OBJECT-CLASS
# SUBCLASS OF organization, organizationalUnit
# MAY CONTAIN {
# buildingName}
# ::= {pilotObjectClass 20}
#
#
# pilotDSA OBJECT-CLASS
# SUBCLASS OF dsa
# MUST CONTAIN {
# dSAQuality}
# ::= {pilotObjectClass 21}
#
#
# qualityLabelledData OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# dSAQuality}
# MAY CONTAIN {
# subtreeMinimumQuality,
# subtreeMaximumQuality}
# ::= {pilotObjectClass 22}
#
#
#
#
# -- Standard Attribute Types
#
# objectClass ObjectClass
# ::= {attributeType 0}
#
#
# aliasedObjectName AliasedObjectName
# ::= {attributeType 1}
#
#
# knowledgeInformation ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreString
# ::= {attributeType 2}
#
#
# commonName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-common-name))
# ::= {attributeType 3}
#
#
# surname ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-surname))
# ::= {attributeType 4}
#
#
# serialNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX printableStringSyntax
# (SIZE (1..ub-serial-number))
# ::= {attributeType 5}
#
#
# countryName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX PrintableString
# (SIZE (1..ub-country-code))
# SINGLE VALUE
# ::= {attributeType 6}
#
#
# localityName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-locality-name))
# ::= {attributeType 7}
#
#
# stateOrProvinceName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-state-name))
# ::= {attributeType 8}
#
#
# streetAddress ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-street-address))
# ::= {attributeType 9}
#
#
# organizationName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-organization-name))
# ::= {attributeType 10}
#
#
# organizationalUnitName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-organizational-unit-name))
# ::= {attributeType 11}
#
#
# title ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-title))
# ::= {attributeType 12}
#
#
# description ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-description))
# ::= {attributeType 13}
#
#
# searchGuide ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX Guide
# ::= {attributeType 14}
#
#
# businessCategory ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-business-category))
# ::= {attributeType 15}
#
#
# postalAddress ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX PostalAddress
# MATCHES FOR EQUALITY
# ::= {attributeType 16}
#
#
# postalCode ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-postal-code))
# ::= {attributeType 17}
#
#
# postOfficeBox ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-post-office-box))
# ::= {attributeType 18}
#
#
# physicalDeliveryOfficeName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-physical-office-name))
# ::= {attributeType 19}
#
#
# telephoneNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX telephoneNumberSyntax
# (SIZE (1..ub-telephone-number))
# ::= {attributeType 20}
#
#
# telexNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX TelexNumber
# (SIZE (1..ub-telex))
# ::= {attributeType 21}
#
#
# teletexTerminalIdentifier ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX TeletexTerminalIdentifier
# (SIZE (1..ub-teletex-terminal-id))
# ::= {attributeType 22}
#
#
# facsimileTelephoneNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX FacsimileTelephoneNumber
# ::= {attributeType 23}
#
#
# x121Address ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX NumericString
# (SIZE (1..ub-x121-address))
# ::= {attributeType 24}
#
#
# internationaliSDNNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX NumericString
# (SIZE (1..ub-isdn-address))
# ::= {attributeType 25}
#
#
# registeredAddress ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX PostalAddress
# ::= {attributeType 26}
#
#
# destinationIndicator ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX PrintableString
# (SIZE (1..ub-destination-indicator))
# MATCHES FOR EQUALITY SUBSTRINGS
# ::= {attributeType 27}
#
#
# preferredDeliveryMethod ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX deliveryMethod
# ::= {attributeType 28}
#
#
# presentationAddress ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX PresentationAddress
# MATCHES FOR EQUALITY
# ::= {attributeType 29}
#
#
# supportedApplicationContext ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX objectIdentifierSyntax
# ::= {attributeType 30}
#
#
# member ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
# ::= {attributeType 31}
#
#
# owner ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
# ::= {attributeType 32}
#
#
# roleOccupant ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
# ::= {attributeType 33}
#
#
# seeAlso ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
# ::= {attributeType 34}
#
#
# userPassword ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX Userpassword
# ::= {attributeType 35}
#
#
# userCertificate ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX UserCertificate
# ::= {attributeType 36}
#
#
# cACertificate ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX cACertificate
# ::= {attributeType 37}
#
#
# authorityRevocationList ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX AuthorityRevocationList
# ::= {attributeType 38}
#
#
# certificateRevocationList ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX CertificateRevocationList
# ::= {attributeType 39}
#
#
# crossCertificatePair ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX CrossCertificatePair
# ::= {attributeType 40}
#
#
#
#
# -- Standard MHS Attribute Types
#
# mhsDeliverableContentLength ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX integer
# ::= {mhsAttributeType 0}
#
#
# mhsDeliverableContentTypes ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX oID
# ::= {mhsAttributeType 1}
#
#
# mhsDeliverableEits ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX oID
# ::= {mhsAttributeType 2}
#
#
# mhsDLMembers ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX oRName
# ::= {mhsAttributeType 3}
#
#
# mhsDLSubmitPermissions ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX dLSubmitPermission
# ::= {mhsAttributeType 4}
#
#
# mhsMessageStoreName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX dN
# ::= {mhsAttributeType 5}
#
#
# mhsORAddresses ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX oRAddress
# ::= {mhsAttributeType 6}
#
#
# mhsPreferredDeliveryMethods ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX deliveryMethod
# ::= {mhsAttributeType 7}
#
#
# mhsSupportedAutomaticActions ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX oID
# ::= {mhsAttributeType 8}
#
#
# mhsSupportedContentTypes ATTRIBUTE
#
# WITH ATTRIBUTE-SYNTAX oID
# ::= {mhsAttributeType 9}
#
#
# mhsSupportedOptionalAttributes ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX oID
# ::= {mhsAttributeType 10}
#
#
#
#
# -- Pilot Attribute Types
#
# userid ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-user-identifier))
# ::= {pilotAttributeType 1}
#
#
# textEncodedORAddress ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-text-encoded-or-address))
# ::= {pilotAttributeType 2}
#
#
# rfc822Mailbox ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreIA5StringSyntax
# (SIZE (1 .. ub-rfc822-mailbox))
# ::= {pilotAttributeType 3}
#
#
# info ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-information))
# ::= {pilotAttributeType 4}
#
#
# favouriteDrink ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-favourite-drink))
# ::= {pilotAttributeType 5}
#
#
# roomNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-room-number))
# ::= {pilotAttributeType 6}
#
#
# photo ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# CHOICE {
# g3-facsimile [3] G3FacsimileBodyPart
# }
# (SIZE (1 .. ub-photo))
# ::= {pilotAttributeType 7}
#
#
# userClass ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-user-class))
# ::= {pilotAttributeType 8}
#
#
# host ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-host))
# ::= {pilotAttributeType 9}
#
#
# manager ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# distinguishedNameSyntax
# ::= {pilotAttributeType 10}
#
#
# documentIdentifier ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-document-identifier))
# ::= {pilotAttributeType 11}
#
#
# documentTitle ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-document-title))
# ::= {pilotAttributeType 12}
#
#
# documentVersion ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-document-version))
# ::= {pilotAttributeType 13}
#
#
# documentAuthor ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# distinguishedNameSyntax
# ::= {pilotAttributeType 14}
#
#
# documentLocation ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-document-location))
# ::= {pilotAttributeType 15}
#
#
# homeTelephoneNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# telephoneNumberSyntax
# ::= {pilotAttributeType 20}
#
#
# secretary ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# distinguishedNameSyntax
# ::= {pilotAttributeType 21}
#
#
# otherMailbox ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# SEQUENCE {
# mailboxType PrintableString, -- e.g. Telemail
# mailbox IA5String -- e.g. X378:Joe
# }
# ::= {pilotAttributeType 22}
#
#
# lastModifiedTime ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# uTCTimeSyntax
# ::= {pilotAttributeType 23}
#
#
# lastModifiedBy ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# distinguishedNameSyntax
# ::= {pilotAttributeType 24}
#
#
# domainComponent ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreIA5StringSyntax
# SINGLE VALUE
# ::= {pilotAttributeType 25}
#
#
# aRecord ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# DNSRecordSyntax
# ::= {pilotAttributeType 26}
#
#
# mXRecord ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# DNSRecordSyntax
# ::= {pilotAttributeType 28}
#
#
# nSRecord ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# DNSRecordSyntax
# ::= {pilotAttributeType 29}
#
# sOARecord ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# DNSRecordSyntax
# ::= {pilotAttributeType 30}
#
#
# cNAMERecord ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# iA5StringSyntax
# ::= {pilotAttributeType 31}
#
#
# associatedDomain ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreIA5StringSyntax
# ::= {pilotAttributeType 37}
#
#
# associatedName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# distinguishedNameSyntax
# ::= {pilotAttributeType 38}
#
#
# homePostalAddress ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# postalAddress
# MATCHES FOR EQUALITY
# ::= {pilotAttributeType 39}
#
#
# personalTitle ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-personal-title))
# ::= {pilotAttributeType 40}
#
#
# mobileTelephoneNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# telephoneNumberSyntax
# ::= {pilotAttributeType 41}
#
#
# pagerTelephoneNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# telephoneNumberSyntax
# ::= {pilotAttributeType 42}
#
#
# friendlyCountryName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# ::= {pilotAttributeType 43}
#
#
# uniqueIdentifier ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-unique-identifier))
# ::= {pilotAttributeType 44}
#
#
# organizationalStatus ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-organizational-status))
# ::= {pilotAttributeType 45}
#
#
# janetMailbox ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreIA5StringSyntax
# (SIZE (1 .. ub-janet-mailbox))
# ::= {pilotAttributeType 46}
#
#
# mailPreferenceOption ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX ENUMERATED {
# no-list-inclusion(0),
# any-list-inclusion(1), -- may be added to any lists
# professional-list-inclusion(2)
# -- may be added to lists
# -- which the list provider
# -- views as related to the
# -- users professional inter-
# -- ests, perhaps evaluated
# -- from the business of the
# -- organisation or keywords
# -- in the entry.
# }
# ::= {pilotAttributeType 47}
#
#
# buildingName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-building-name))
# ::= {pilotAttributeType 48}
#
#
# dSAQuality ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX DSAQualitySyntax
# SINGLE VALUE
# ::= {pilotAttributeType 49}
#
#
# singleLevelQuality ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
# SINGLE VALUE
#
#
# subtreeMinimumQuality ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
# SINGLE VALUE
# -- Defaults to singleLevelQuality
# ::= {pilotAttributeType 51}
#
#
# subtreeMaximumQuality ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
# SINGLE VALUE
# -- Defaults to singleLevelQuality
# ::= {pilotAttributeType 52}
#
#
# personalSignature ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# CHOICE {
# g3-facsimile [3] G3FacsimileBodyPart
# }
# (SIZE (1 .. ub-personal-signature))
# ::= {pilotAttributeType 53}
#
#
# dITRedirect ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# distinguishedNameSyntax
# ::= {pilotAttributeType 54}
#
#
# audio ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# Audio
# (SIZE (1 .. ub-audio))
# ::= {pilotAttributeType 55}
#
# documentPublisher ATTRIBUTE
# WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax
# ::= {pilotAttributeType 56}
#
#
#
# -- Generally useful syntaxes
#
#
# caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX
# IA5String
# MATCHES FOR EQUALITY SUBSTRINGS
#
#
# iA5StringSyntax ATTRIBUTE-SYNTAX
# IA5String
# MATCHES FOR EQUALITY SUBSTRINGS
#
#
# -- Syntaxes to support the DNS attributes
#
# DNSRecordSyntax ATTRIBUTE-SYNTAX
# IA5String
# MATCHES FOR EQUALITY
#
#
# NRSInformationSyntax ATTRIBUTE-SYNTAX
# NRSInformation
# MATCHES FOR EQUALITY
#
#
# NRSInformation ::= SET {
# [0] Context,
# [1] Address-space-id,
# routes [2] SEQUENCE OF SEQUENCE {
# Route-cost,
# Addressing-info }
# }
#
#
# -- Upper bounds on length of attribute values
#
#
# ub-document-identifier INTEGER ::= 256
#
# ub-document-location INTEGER ::= 256
#
# ub-document-title INTEGER ::= 256
#
# ub-document-version INTEGER ::= 256
#
# ub-favourite-drink INTEGER ::= 256
#
# ub-host INTEGER ::= 256
#
# ub-information INTEGER ::= 2048
#
# ub-unique-identifier INTEGER ::= 256
#
# ub-personal-title INTEGER ::= 256
#
# ub-photo INTEGER ::= 250000
#
# ub-rfc822-mailbox INTEGER ::= 256
#
# ub-room-number INTEGER ::= 256
#
# ub-text-or-address INTEGER ::= 256
#
# ub-user-class INTEGER ::= 256
#
# ub-user-identifier INTEGER ::= 256
#
# ub-organizational-status INTEGER ::= 256
#
# ub-janet-mailbox INTEGER ::= 256
#
# ub-building-name INTEGER ::= 256
#
# ub-personal-signature ::= 50000
#
# ub-audio INTEGER ::= 250000
#
# [remainder of memo trimmed]
0707010001e719000041ed000017820000044e0000000548d0f14d000000000000022d0000016a00000000000000000000001000000000reloc/share/man 0707010001e722000041ed000017820000044e0000000248d0f14d000000000000022d0000016a00000000000000000000001500000000reloc/share/man/man3 0707010001e72f000081a4000017820000044e0000000148d0f13f0000094e0000022d0000016a00000000000000000000002800000000reloc/share/man/man3/ldap_first_entry.3 .TH LDAP_FIRST_ENTRY 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_entry.3,v 1.14.2.5 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_entry, ldap_next_entry, ldap_count_entries \- LDAP result entry parsing and counting routines
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
.nf
.ft B
#include
.LP
.ft B
int ldap_count_entries( LDAP *ld, LDAPMessage *result )
.LP
.ft B
LDAPMessage *ldap_first_entry( LDAP *ld, LDAPMessage *result )
.LP
.ft B
LDAPMessage *ldap_next_entry( LDAP *ld, LDAPMessage *entry )
.SH DESCRIPTION
.LP
These routines are used to parse results received from
.BR ldap_result (3)
or the synchronous LDAP search operation routines
.BR ldap_search_s (3)
and
.BR ldap_search_st (3).
.LP
The
.B ldap_first_entry()
routine is used to retrieve the first entry in a chain
of search results. It takes the \fIresult\fP as returned by a call to
.BR ldap_result (3)
or
.BR ldap_search_s (3)
or
.BR ldap_search_st (3)
and returns a pointer to the first entry in the result.
.LP
This pointer should be supplied on a subsequent call to
.B ldap_next_entry()
to get the next entry, the result of which should be
supplied to the next call to
.BR ldap_next_entry() ,
etc.
.B ldap_next_entry()
will return NULL when there are no more entries. The entries returned
from these calls are used in calls to the routines described in
.BR ldap_get_dn (3),
.BR ldap_first_attribute (3),
.BR ldap_get_values (3),
etc.
.LP
A count of the number of entries in the search result can be obtained
by calling
.BR ldap_count_entries() .
.SH ERRORS
If an error occurs in
.B ldap_first_entry()
or
.BR ldap_next_entry() ,
NULL is returned and the ld_errno field in the \fIld\fP parameter
is set to indicate the error. If an error occurs in
.BR ldap_count_entries() ,
-1 is returned, and
.B ld_errno
is set appropriately. See
.BR ldap_error (3)
for a description of possible error codes.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_result (3),
.BR ldap_search (3),
.BR ldap_first_attribute (3),
.BR ldap_get_values (3),
.BR ldap_get_dn (3)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e731000081a4000017820000044e0000000148d0f13f000009140000022d0000016a00000000000000000000002c00000000reloc/share/man/man3/ldap_first_reference.3 .TH LDAP_FIRST_REFERENCE 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_reference.3,v 1.9.2.5 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_reference, ldap_next_reference, ldap_count_references \- Stepping
through continuation references in a result chain
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
.nf
.ft B
#include
.LP
.ft B
int ldap_count_references( LDAP *ld, LDAPMessage *result )
.LP
.ft B
LDAPMessage *ldap_first_reference( LDAP *ld, LDAPMessage *result )
.LP
.ft B
LDAPMessage *ldap_next_reference( LDAP *ld, LDAPMessage *reference )
.SH DESCRIPTION
.LP
These routines are used to step through the continuation references in a
result chain received from
.BR ldap_result (3)
or the synchronous LDAP search operation routines.
.LP
The
.B ldap_first_reference()
routine is used to retrieve the first reference message in a
result chain. It takes the \fIresult\fP as returned by a call to
.BR ldap_result (3) ,
.BR ldap_search_s (3)
or
.BR ldap_search_st (3)
and returns a pointer to the first reference message in the
result chain.
.LP
This pointer should be supplied on a subsequent call to
.B ldap_next_reference()
to get the next reference message, the result of which should be
supplied to the next call to
.BR ldap_next_reference() ,
etc.
.B ldap_next_reference()
will return NULL when there are no more reference messages.
The reference messages returned from these calls are used by
.BR ldap_parse_reference (3)
to extract referrals and controls.
.LP
A count of the number of reference messages in the search result can be
obtained by calling
.BR ldap_count_references() .
It can also be used to count the number of reference messages remaining
in a result chain.
.SH ERRORS
If an error occurs in
.B ldap_first_reference()
or
.BR ldap_next_reference() ,
NULL is returned. If an error occurs in
.BR ldap_count_references() ,
-1 is returned.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_result (3),
.BR ldap_search (3),
.BR ldap_parse_reference (3)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e73b000081a4000017820000044e0000000148d0f143000011a00000022d0000016a00000000000000000000002300000000reloc/share/man/man3/ldap_search.3 .TH LDAP_SEARCH 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_search.3,v 1.17.2.7 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_search, ldap_search_s, ldap_search_st \- Perform an LDAP search operation
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
.nf
.ft B
#include /* for struct timeval definition */
#include
.LP
.ft B
int ldap_search(ld, base, scope, filter, attrs, attrsonly)
.ft
LDAP *ld;
char *base;
int scope;
char *filter, *attrs[];
int attrsonly;
.LP
.ft B
int ldap_search_s(ld, base, scope, filter, attrs, attrsonly, res)
.ft
LDAP *ld;
char *base;
int scope;
char *filter, *attrs[]
int attrsonly;
LDAPMessage **res;
.LP
.ft B
int ldap_search_st(ld, base, scope, filter, attrs, attrsonly, timeout, res)
.ft
LDAP *ld;
char *base;
int scope;
char *filter, *attrs[]
int attrsonly;
struct timeval *timeout;
LDAPMessage **res;
.SH DESCRIPTION
These routines are used to perform LDAP search operations.
.B ldap_search_s()
does the search synchronously (i.e., not
returning until the operation completes).
.B ldap_search_st()
does
the same, but allows a \fItimeout\fP to be specified.
.B ldap_search()
is the asynchronous version, initiating the search and returning
the message id of the operation it initiated.
\fIBase\fP is the DN of the entry at which to start the search.
\fIScope\fP is the scope of the search and should be one of LDAP_SCOPE_BASE,
to search the object itself,
LDAP_SCOPE_ONELEVEL, to search the object's immediate children,
or LDAP_SCOPE_SUBTREE, to search the object and all its descendants.
.LP
\fIFilter\fP is a string
representation of the filter to apply in the search. Simple filters
can be specified as \fI(attributetype=attributevalue)\fP. More complex
filters are specified using a prefix notation according to the following
BNF:
.LP
.nf
::= '(' ')'
::= | | |
::= '&'
::= '|'
::= '!'
::= |
::=
::= '=' | '~=' | '<=' | '>='
.fi
.LP
The '~=' construct is used to specify approximate matching. The
representation for and are as
described in RFC 2254. In addition, can be a single *
to achieve an attribute existence test, or can contain text and *'s
interspersed to achieve substring matching.
.LP
For example, the filter "(mail=*)" will find any entries that have a mail
attribute. The filter "(mail=*@terminator.rs.itd.umich.edu)" will find
any entries that have a mail attribute ending in the specified string.
To put parentheses in a filter, escape them with a backslash '\\'
character. See RFC 2254 for a more complete description of allowable
filters.
.LP
\fIAttrs\fP is a null-terminated array of attribute types to return
from entries that match \fIfilter\fP.
If NULL is specified, the return of all user attributes is requested.
The type "*" (LDAP_ALL_USER_ATTRIBUTES) may be used to request
all user attributes to be returned.
The type "+"(LDAP_ALL_OPERATIONAL_ATTRIBUTES) may be used to request
all operational attributes to be returned.
To request no attributes, the type "1.1" (LDAP_NO_ATTRS)
should be listed by itself.
.LP
\fIAttrsonly\fP should be set to 1 if
only attribute types are wanted. It should be set to 0 if both
attributes types and attribute values are wanted.
.SH ERRORS
.B ldap_search_s()
and
.B ldap_search_st()
will return the LDAP error code resulting from the search operation.
See
.BR ldap_error (3)
for details.
.B ldap_search()
returns -1 in case of trouble.
.SH NOTES
Note that both read
and list functionality are subsumed by these routines,
by using a filter like "(objectclass=*)" and a scope of LDAP_SCOPE_BASE (to
emulate read) or LDAP_SCOPE_ONELEVEL (to emulate list).
.LP
These routines may dynamically allocate memory. The caller is
responsible for freeing such memory using supplied deallocation
routines. Return values are contained in .
.SH SEE ALSO
.BR ldap (3),
.BR ldap_result (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e736000081a4000017820000044e0000000148d0f14100000f400000022d0000016a00000000000000000000002100000000reloc/share/man/man3/ldap_open.3 .TH LDAP_OPEN 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_open.3,v 1.13.2.5 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_init, ldap_open \- Initialize the LDAP library and open a connection to an LDAP server
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
.nf
.ft B
#include
.LP
.ft B
LDAP *ldap_open(host, port)
.ft
char *host;
int port;
.LP
.ft B
LDAP *ldap_init(host, port)
.ft
char *host;
int port;
.SH DESCRIPTION
.LP
.B ldap_open()
opens a connection to an LDAP server and allocates an LDAP
structure which is used to identify
the connection and to maintain per-connection information.
.B ldap_init()
allocates an LDAP structure but does not open an initial connection. One
of these two routines must be called before any operations are attempted.
.LP
.B ldap_open()
takes \fIhost\fP, the hostname on which the LDAP server is
running, and \fIport\fP, the port number to which to connect. If the default
IANA-assigned port of 389 is desired, LDAP_PORT should be specified for
\fIport\fP. The \fIhost\fP parameter may contain a blank-separated list
of hosts to try to connect to, and each host may optionally by of the form
\fIhost:port\fP. If present, the \fI:port\fP overrides the \fIport\fP
parameter to
.BR ldap_open() .
Upon successfully making a connection to an
LDAP server,
.B ldap_open()
returns a pointer to an LDAP structure (defined below), which
should be passed to subsequent calls to
.BR ldap_bind() ,
.BR ldap_search() ,
etc. Certain fields in the LDAP structure can be set to indicate size limit,
time limit, and how aliases are handled during operations. See
for more details.
.LP
.nf
.ft tt
typedef struct ldap {
/* ... other stuff you should not mess with ... */
char ld_lberoptions;
int ld_deref;
#define LDAP_DEREF_NEVER 0
#define LDAP_DEREF_SEARCHING 1
#define LDAP_DEREF_FINDING 2
#define LDAP_DEREF_ALWAYS 3
int ld_timelimit;
int ld_sizelimit;
#define LDAP_NO_LIMIT 0
int ld_errno;
char *ld_error;
char *ld_matched;
int ld_refhoplimit;
unsigned long ld_options;
#define LDAP_OPT_REFERRALS 0x00000002 /* set by default */
#define LDAP_OPT_RESTART 0x00000004
/* ... other stuff you should not mess with ... */
} LDAP;
.ft
.fi
.LP
.B
ldap_init()
acts just like
.BR ldap_open() ,
but does not open a connection
to the LDAP server. The actual connection open will occur when the
first operation is attempted. At this time,
.B ldap_init()
is preferred.
.B ldap_open() will be depreciated in a later release.
.SH ERRORS
If an error occurs, these routines will return NULL and errno should be
set appropriately.
.SH OPTIONS
Options that affect a particular LDAP instance may be set by modifying
the \fIld_options\fP field in the LDAP structure. This field is set
to \fILDAP_OPT_REFERRALS\fP in
.B ldap_open() and
.B ldap_init(),
which causes the library to automatically follow referrals
to other servers that may be returned in response to an LDAP operation.
.LP
The other supported option is \fILDAP_OPT_RESTART\fP, which if set will
cause the LDAP library to restart the
.BR select (2)
system call when it is interrupted by the system (i.e., errno is set to
EINTR). This option is not supported on the Macintosh and under MS-DOS.
.LP
An option can be turned off by clearing the appropriate bit in the
\fIld_options\fP field.
.SH NOTES
There are other elements in the LDAP structure that you should not
change. You should not make any assumptions about the order of elements
in the LDAP structure.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_bind (3),
.BR errno (3)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e732000081a4000017820000044e0000000148d0f13f000019ab0000022d0000016a00000000000000000000002300000000reloc/share/man/man3/ldap_get_dn.3 .TH LDAP_GET_DN 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_dn.3,v 1.25.2.5 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
.nf
.ft B
#include
.LP
.ft B
char *ldap_get_dn( LDAP *ld, LDAPMessage *entry )
.LP
.ft B
int ldap_str2dn( const char *str, LDAPDN **dn, unsigned flags )
.LP
.ft B
int ldap_dn2str( LDAPDN *dn, char **str, unsigned flags )
.LP
.ft B
char **ldap_explode_dn( const char *dn, int notypes )
.LP
.ft B
char **ldap_explode_rdn( const char *rdn, int notypes )
.LP
.ft B
char *ldap_dn2ufn( const char * dn )
.LP
.ft B
char *ldap_dn2dcedn( const char * dn )
.LP
.ft B
char *ldap_dcedn2dn( const char * dn )
.LP
.ft B
char *ldap_dn2ad_canonical( const char * dn )
.SH DESCRIPTION
These routines allow LDAP entry names (Distinguished Names, or DNs)
to be obtained, parsed, converted to a user-friendly form, and tested.
A DN has the form described in
RFC 2253 "Lightweight Directory Access Protocol (v3):
UTF-8 String Representation of Distinguished Names".
.LP
The
.B ldap_get_dn()
routine takes an \fIentry\fP as returned by
.BR ldap_first_entry (3)
or
.BR ldap_next_entry (3)
and returns a copy of
the entry's DN. Space for the DN will be obtained dynamically
and should be freed by the caller using
.BR ldap_memfree (3).
.LP
.B ldap_str2dn()
parses a string representation of a distinguished name contained in
.B str
into its components,
which are stored in
.B dn
as
.B ldap_ava
structures, arranged in
.B LDAPAVA,
.B LDAPRDN,
and
.B LDAPDN
terms, defined as:
.nf
.ft B
typedef struct ldap_ava {
char *la_attr;
struct berval *la_value;
unsigned la_flags;
} LDAPAVA;
typedef LDAPAVA** LDAPRDN;
typedef LDAPRDN** LDAPDN;
.ft
.fi
The attribute types and the attribute values are not normalized.
The
.B la_flags
can be either
.B LDAP_AVA_STRING
or
.B LDAP_AVA_BINARY,
the latter meaning that the value is BER/DER encoded and thus must
be represented as, quoting from RFC 2253, " ... an
octothorpe character ('#' ASCII 35) followed by the hexadecimal
representation of each of the bytes of the BER encoding of the X.500
AttributeValue."
The
.B flags
parameter to
.B ldap_str2dn()
can be
.LP
.nf
LDAP_DN_FORMAT_LDAPV3
LDAP_DN_FORMAT_LDAPV2
LDAP_DN_FORMAT_DCE
.fi
which defines what DN syntax is expected (according to RFC 2253,
RFC 1779 and DCE, respectively).
The format can be \fIOR\fPed to the flags
.LP
.nf
LDAP_DN_P_NO_SPACES
LDAP_DN_P_NO_SPACE_AFTER_RDN
...
LDAP_DN_PEDANTIC
.fi
The latter is a shortcut for all the previous limitations.
.LP
.B LDAP_DN_P_NO_SPACES
does not allow extra spaces in the dn; the default is to silently
eliminate spaces around AVA separators ('='), RDN component separators
('+' for LDAPv3/LDAPv2 or ',' for DCE) and RDN separators
(',' LDAPv3/LDAPv2 or '/' for DCE).
.LP
.B LDAP_DN_P_NO_SPACE_AFTER_RDN
does not allow a single space after RDN separators.
.LP
.B ldap_dn2str()
performs the inverse operation, yielding in
.B str
a string representation of
.B dn.
It allows the same values for
.B flags
as
.B ldap_str2dn(),
plus
.LP
.nf
LDAP_DN_FORMAT_UFN
LDAP_DN_FORMAT_AD_CANONICAL
.fi
for user-friendly naming (RFC 1781) and AD canonical.
.LP
The following routines are viewed as deprecated in favor of
.B ldap_str2dn()
and
.BR ldap_dn2str().
They are provided to support legacy applications.
.LP
The
.B ldap_explode_dn()
routine takes a DN as returned by
.B ldap_get_dn()
and breaks it up into its component parts. Each part is known as a
Relative Distinguished Name, or RDN.
.B ldap_explode_dn()
returns a
NULL-terminated array, each component of which contains an RDN from the
DN. The \fInotypes\fP parameter is used to request that only the RDN
values be returned, not their types. For example, the DN "cn=Bob,
c=US" would return as either { "cn=Bob", "c=US", NULL } or { "Bob",
"US", NULL }, depending on whether notypes was 0 or 1, respectively.
Assertion values in RDN strings may included escaped characters.
The result can be freed by calling
.BR ldap_value_free (3).
.LP
Similarly, the
.B ldap_explode_rdn()
routine takes an RDN as returned by
.B ldap_explode_dn(dn,0)
and breaks it up into its "type=value" component parts (or just "value",
if the \fInotypes\fP parameter is set). Note the value is not
unescaped. The result can be freed by calling
.BR ldap_value_free (3).
.LP
.B ldap_dn2ufn()
is used to turn a DN as returned by
.BR ldap_get_dn (3)
into a more user-friendly form, stripping off all type names. See
"Using the Directory to Achieve User Friendly Naming" (RFC 1781)
for more details on the UFN format. Due to the ambiguous nature
of the format, it is generally only used for display purposes.
The space for the UFN returned is obtained dynamically and the user
is responsible for freeing it via a call to
.BR ldap_memfree (3).
.LP
.B ldap_dn2dcedn()
is used to turn a DN as returned by
.BR ldap_get_dn (3)
into a DCE-style DN, e.g. a string with most-significant to least
significant rdns separated by slashes ('/'); rdn components
are separated by commas (',').
Only printable chars (e.g. LDAPv2 printable string) are allowed,
at least in this implementation.
.B ldap_dcedn2dn()
performs the opposite operation.
.B ldap_dn2ad_canonical()
turns a DN into a AD canonical name, which is basically a DCE dn
with attribute types omitted.
The trailing domain, if present, is turned in a DNS-like domain.
The space for the returned value is obtained dynamically and the user
is responsible for freeing it via a call to
.BR ldap_memfree (3).
.SH ERRORS
If an error occurs in
.BR ldap_get_dn() ,
NULL is returned and the
.B ld_errno
field in the \fIld\fP parameter is set to indicate the error. See
.BR ldap_error (3)
for a description of possible error codes.
.BR ldap_explode_dn() ,
.BR ldap_explode_rdn() ,
.B ldap_dn2ufn(),
.B ldap_dn2dcedn(),
.B ldap_dcedn2dn(),
and
.B ldap_dn2ad_canonical()
will return NULL with
.BR errno (3)
set appropriately in case of trouble.
.SH NOTES
These routines dynamically allocate memory that the caller must free.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_first_entry (3),
.BR ldap_memfree (3),
.BR ldap_value_free (3)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e735000081a4000017820000044e0000000148d0f141000008ee0000022d0000016a00000000000000000000002300000000reloc/share/man/man3/ldap_modrdn.3 .TH LDAP_MODRDN 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_modrdn.3,v 1.12.2.5 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_modrdn, ldap_modrdn_s, ldap_modrdn2, ldap_modrdn2_s \- Perform an LDAP modify RDN operation
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
.nf
.ft B
#include
.LP
.ft B
int ldap_modrdn(ld, dn, newrdn)
.ft
LDAP \(**ld;
char \(**dn, \(**newrdn;
.LP
.ft B
.LP
.ft B
int ldap_modrdn_s(ld, dn, newrdn)
.ft
LDAP \(**ld;
char \(**dn, \(**newrdn;
.LP
.ft B
int ldap_modrdn2(ld, dn, newrdn, deleteoldrdn)
.ft
LDAP \(**ld;
char \(**dn, \(**newrdn;
int deleteoldrdn;
.LP
.ft B
int ldap_modrdn2_s(ld, dn, newrdn, deleteoldrdn)
.ft
LDAP \(**ld;
char \(**dn, \(**newrdn;
int deleteoldrdn;
.SH DESCRIPTION
The
.B ldap_modrdn()
and
.B ldap_modrdn_s()
routines perform an LDAP modify
RDN operation. They both take \fIdn\fP, the DN of the entry whose
RDN is to be changed, and \fInewrdn\fP, the new RDN to give the entry.
The old RDN of the entry is never kept as an attribute of the entry.
.B ldap_modrdn()
is asynchronous, returning the message id of the operation
it initiates.
.B ldap_modrdn_s()
is synchronous, returning the LDAP error
code indicating the success or failure of the operation. Use of
these routines is deprecated. Use the versions described below
instead.
.LP
The
.B ldap_modrdn2()
and
.B ldap_modrdn2_s()
routines also perform an LDAP
modify RDN operation, taking the same parameters as above. In addition,
they both take the \fIdeleteoldrdn\fP parameter which is used as a boolean
value to indicate whether the old RDN values should be deleted from
the entry or not.
.SH ERRORS
The synchronous (_s) versions of these routines return an LDAP error
code, either LDAP_SUCCESS or an error if there was trouble.
The asynchronous versions return -1 in case
of trouble, setting the
.B ld_errno
field of \fIld\fP. See
.BR ldap_error (3)
for more details.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e730000081a4000017820000044e0000000148d0f13f00000a340000022d0000016a00000000000000000000002a00000000reloc/share/man/man3/ldap_first_message.3 .TH LDAP_FIRST_MESSAGE 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_message.3,v 1.9.2.5 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_message, ldap_next_message, ldap_count_messages \- Stepping
through messages in a result chain
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
.nf
.ft B
#include
.LP
.ft B
int ldap_count_messages( LDAP *ld, LDAPMessage *result )
.LP
.ft B
LDAPMessage *ldap_first_message( LDAP *ld, LDAPMessage *result )
.LP
.ft B
LDAPMessage *ldap_next_message( LDAP *ld, LDAPMessage *message )
.SH DESCRIPTION
.LP
These routines are used to step through the messages in a result chain
received from
.BR ldap_result (3) .
For search operations, the result chain can contain referral, entry
and result messages. The
.BR ldap_msgtype (3)
function can be used to distinguish between the different message types.
.LP
The
.B ldap_first_message()
routine is used to retrieve the first message in a result chain.
It takes the \fIresult\fP as returned by a call to
.BR ldap_result (3) ,
.BR ldap_search_s (3)
or
.BR ldap_search_st (3)
and returns a pointer to the first message in the result chain.
.LP
This pointer should be supplied on a subsequent call to
.B ldap_next_message()
to get the next message, the result of which should be
supplied to the next call to
.BR ldap_next_message() ,
etc.
.B ldap_next_message()
will return NULL when there are no more messages.
.LP
These functions are useful when using routines like
.BR ldap_parse_result (3)
that only operate on the first result in the chain.
.LP
A count of the number of messages in the result chain can be obtained
by calling
.BR ldap_count_messages() .
It can also be used to count the number of remaining messages in a chain
if called with a message, entry or reference returned by
.B ldap_first_message() ,
.B ldap_next_message() ,
.BR ldap_first_entry (3) ,
.BR ldap_next_entry (3) ,
.BR ldap_first_reference (3) ,
.BR ldap_next_reference (3) .
.SH ERRORS
If an error occurs in
.B ldap_first_message()
or
.BR ldap_next_message() ,
NULL is returned. If an error occurs in
.BR ldap_count_messages() ,
-1 is returned.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_search (3),
.BR ldap_result (3),
.BR ldap_parse_result (3),
.BR ldap_first_entry (3),
.BR ldap_first_reference (3)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e733000081a4000017820000044e0000000148d0f14000000ab60000022d0000016a00000000000000000000002700000000reloc/share/man/man3/ldap_get_values.3 .TH LDAP_GET_VALUES 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_values.3,v 1.15.2.5 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_values, ldap_get_values_len, ldap_count_values \- LDAP attribute value handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
.nf
.ft B
#include
.LP
.ft B
char **ldap_get_values(ld, entry, attr)
.ft
LDAP *ld;
LDAPMessage *entry;
char *attr
.LP
.ft B
struct berval **ldap_get_values_len(ld, entry, attr)
.ft
LDAP *ld;
LDAPMessage *entry;
char *attr
.LP
.ft B
ldap_count_values(vals)
.ft
char **vals;
.LP
.ft B
ldap_count_values_len(vals)
.ft
struct berval **vals;
.LP
.ft B
ldap_value_free(vals)
.ft
char **vals;
.LP
.ft B
ldap_value_free_len(vals)
.ft
struct berval **vals;
.SH DESCRIPTION
These routines are used to retrieve and manipulate attribute values
from an LDAP entry as returned by
.BR ldap_first_entry (3)
or
.BR ldap_next_entry (3).
.B ldap_get_values()
takes the \fIentry\fP and the attribute \fIattr\fP
whose values are desired and returns a NULL-terminated array of the
attribute's values. \fIattr\fP may be an attribute type as returned
from
.BR ldap_first_attribute (3)
or
.BR ldap_next_attribute (3),
or if the attribute type is known it can simply be given.
.LP
The number of values in the array can be counted by calling
.BR ldap_count_values() .
The array of values returned can be freed by calling
.BR ldap_value_free() .
.LP
If the attribute values are binary in nature, and thus not suitable
to be returned as an array of char *'s, the
.B ldap_get_values_len()
routine can be used instead. It takes the same parameters as
.BR ldap_get_values() ,
but returns a NULL-terminated array of pointers
to berval structures, each containing the length of and a pointer
to a value.
.LP
The number of values in the array can be counted by calling
.BR ldap_count_values_len() .
The array of values returned can be freed by calling
.BR ldap_value_free_len() .
.SH ERRORS
If an error occurs in
.B ldap_get_values()
or
.BR ldap_get_values_len() ,
NULL is returned and the
.B ld_errno
field in the \fIld\fP parameter is set to
indicate the error. See
.BR ldap_error (3)
for a description of possible error codes.
.SH NOTES
These routines dynamically allocate memory which the caller must free
using the supplied routines.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_first_entry (3),
.BR ldap_first_attribute (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e727000081a4000017820000044e0000000148d0f13c00001f0a0000022d0000016a00000000000000000000001c00000000reloc/share/man/man3/ldap.3 .TH LDAP 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap.3,v 1.34.2.7 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap - OpenLDAP Lightweight Directory Access Protocol API
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
.nf
.ft B
#include
.ft
.fi
.SH DESCRIPTION
.LP
The Lightweight Directory Access Protocol (LDAP) (RFC 3377) provides
access to X.500 directory services. These services may be stand\-alone
or part of a distributed directory service. This client API supports
LDAP over TCP (RFC2251), LDAP over TLS/SSL, and LDAP over IPC (UNIX
domain sockets). This API supports SASL (RFC2829) and Start TLS
(RFC2830) as well as a number of protocol extensions. This API is
loosely based upon IETF/LDAPEXT C LDAP API draft specification, a (orphaned)
work in progress.
.LP
The OpenLDAP Software package includes a stand\-alone server in
.BR slapd (8),
various LDAP clients, and an LDAP client library used to provide
programmatic access to the LDAP protocol. This man page gives an
overview of the LDAP library routines.
.LP
Both synchronous and asynchronous APIs are provided. Also included are
various routines to parse the results returned from these routines.
These routines are found in the \-lldap library.
.LP
The basic interaction is as follows. A session handle is
created using
.BR ldap_initialize (3)
and set the protocol version to 3 by calling
.BR ldap_set_option (3).
The underlying session is established first operation is
issued. This would generally be a Start TLS or Bind operation.
A Start TLS operation is performed by calling
.BR ldap_start_tls_s (3).
A LDAP bind operation is performed by calling
.BR ldap_sasl_bind (3)
or one of its friends. Subsequently, other operations are performed
by calling one of the synchronous or asynchronous routines (e.g.,
.BR ldap_search_ext_s (3)
or
.BR ldap_search_ext (3)
followed by
.BR ldap_result (3)).
Results returned from these routines are interpreted by calling the
LDAP parsing routines such as
.BR ldap_parse_result (3).
The LDAP association and underlying connection is terminated by calling
.BR ldap_unbind_ext (3).
Errors can be interpreted by calling
.BR ldap_err2string (3).
.SH LDAP versions
This library supports version 3 of the Lightweight Directory Access
Protocol (LDAPv3) as defined in RFC 3377. It also supports a variant
of version 2 of LDAP as defined by U-Mich LDAP and, to some degree,
RFC 1777. Version 2 (all variants) should be viewed as obsolete.
Version 3 should be used instead.
.LP
For backwards compatibility reasons, the library defaults to version 2.
Hence, all new applications (and all actively maintained applications)
should use
.BR ldap_set_option (3)
to select version 3. The library manual pages assume version 3
has been selected.
.SH INPUT and OUTPUT PARAMETERS
All character string input/output is expected to be/is UTF\-8
encoded Unicode (version 3.2).
.LP
Distinguished names (DN) (and relative distinguished names (RDN) to
be passed to the LDAP routines should conform to RFC 2253 UTF\-8
string representation.
.LP
Search filters to be passed to the search routines are to be
constructed by hand and should conform to RFC 2254 UTF\-8
string representation.
.LP
LDAP URL are to be passed to routines are expected to conform
to RFC 2255 syntax. The
.BR ldap_url (3)
routines can be used to work with LDAP URLs.
.SH DISPLAYING RESULTS
Results obtained from the search routines can be output by hand,
by calling
.BR ldap_first_entry (3)
and
.BR ldap_next_entry (3)
to step through
the entries returned,
.BR ldap_first_attribute (3)
and
.BR ldap_next_attribute (3)
to step through an entry's attributes, and
.BR ldap_get_values (3)
to retrieve a given attribute's values. Attribute values
may or may not be displayable.
.SH UTILITY ROUTINES
Also provided are various utility routines. The
.BR ldap_sort (3)
routines are used to sort the entries and values returned via
the ldap search routines.
.SH BER LIBRARY
Also included in the distribution is a set of lightweight Basic
Encoding Rules routines. These routines are used by the LDAP library
routines to encode and decode LDAP protocol elements using the
(slightly simplified) Basic Encoding Rules defined by LDAP. They are
not normally used directly by an LDAP application program except
in the handling of controls and extended operations. The
routines provide a printf and scanf\-like interface, as well as
lower\-level access. These routines are discussed in
.BR lber\-decode (3),
.BR lber\-encode (3),
.BR lber\-memory (3),
and
.BR lber\-types (3).
.SH INDEX
.TP 20
.SM ldap_initialize(3)
initialize the LDAP library without opening a connection to a server
.TP
.SM ldap_result(3)
wait for the result from an asynchronous operation
.TP
.SM ldap_abandon_ext(3)
abandon (abort) an asynchronous operation
.TP
.SM ldap_add_ext(3)
asynchronously add an entry
.TP
.SM ldap_add_ext_s(3)
synchronously add an entry
.TP
.SM ldap_sasl_bind(3)
asynchronously bind to the directory
.TP
.SM ldap_sasl_bind_s(3)
synchronously bind to the directory
.TP
.SM ldap_unbind_ext(3)
synchronously unbind from the LDAP server and close the connection
.TP
.SM ldap_unbind(3) and ldap_unbind_s(3) are
equivalent to
.BR ldap_unbind_ext (3)
.TP
.SM ldap_memfree(3)
dispose of memory allocated by LDAP routines.
.TP
.SM ldap_compare_ext(3)
asynchronously compare to a directory entry
.TP
.SM ldap_compare_ext_s(3)
synchronously compare to a directory entry
.TP
.SM ldap_delete_ext(3)
asynchronously delete an entry
.TP
.SM ldap_delete_ext_s(3)
synchronously delete an entry
.TP
.SM ld_errno(3)
LDAP error indication
.TP
.SM ldap_errlist(3)
list of LDAP errors and their meanings
.TP
.SM ldap_err2string(3)
convert LDAP error indication to a string
.TP
.SM ldap_first_attribute(3)
return first attribute name in an entry
.TP
.SM ldap_next_attribute(3)
return next attribute name in an entry
.TP
.SM ldap_first_entry(3)
return first entry in a chain of search results
.TP
.SM ldap_next_entry(3)
return next entry in a chain of search results
.TP
.SM ldap_count_entries(3)
return number of entries in a search result
.TP
.SM ldap_get_dn(3)
extract the DN from an entry
.TP
.SM ldap_get_values_len(3)
return an attribute's values with lengths
.TP
.SM ldap_value_free_len(3)
free memory allocated by ldap_get_values_len(3)
.TP
.SM ldap_count_values_len(3)
return number of values
.TP
.SM ldap_modify_ext(3)
asynchronously modify an entry
.TP
.SM ldap_modify_ext_s(3)
synchronously modify an entry
.TP
.SM ldap_mods_free(3)
free array of pointers to mod structures used by ldap_modify_ext(3)
.TP
.SM ldap_rename(3)
asynchronously rename an entry
.TP
.SM ldap_rename_s(3)
synchronously rename an entry
.TP
.SM ldap_msgfree(3)
free results allocated by ldap_result(3)
.TP
.SM ldap_msgtype(3)
return the message type of a message from ldap_result(3)
.TP
.SM ldap_msgid(3)
return the message id of a message from ldap_result(3)
.TP
.SM ldap_search_ext(3)
asynchronously search the directory
.TP
.SM ldap_search_ext_s(3)
synchronously search the directory
.TP
.SM ldap_is_ldap_url(3)
check a URL string to see if it is an LDAP URL
.TP
.SM ldap_url_parse(3)
break up an LDAP URL string into its components
.TP
.SM ldap_sort_entries(3)
sort a list of search results
.TP
.SM ldap_sort_values(3)
sort a list of attribute values
.TP
.SM ldap_sort_strcasecmp(3)
case insensitive string comparison
.SH SEE ALSO
.BR ldap.conf (5),
.BR slapd (8),
.BR draft-ietf-ldapext-ldap-c-api-xx.txt \
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
.LP
These API manual pages are loosely based upon descriptions provided
in the IETF/LDAPEXT C LDAP API Internet Draft, a (orphaned) work
in progress.
0707010001e725000081a4000017820000044e0000000148d0f13b000005f20000022d0000016a00000000000000000000002300000000reloc/share/man/man3/lber-memory.3 .TH LBER_MEMORY 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-memory.3,v 1.12.2.5 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ber_memalloc, ber_memcalloc, ber_memrealloc, ber_memfree, ber_memvfree \- LBER memory allocators
.SH LIBRARY
OpenLDAP LBER (liblber, -llber)
.SH SYNOPSIS
.B #include
.LP
.BI "void *ber_memalloc(ber_len_t " bytes ");"
.LP
.BI "void *ber_memcalloc(ber_len_t " nelems ", ber_len_t " bytes ");"
.LP
.BI "void *ber_memrealloc(void *" ptr ", ber_len_t " bytes ");"
.LP
.BI "void ber_memfree(void *" ptr ");"
.LP
.BI "void ber_memvfree(void **" vec ");"
.SH DESCRIPTION
.LP
These routines are used to allocate/deallocate memory used/returned
by the Lightweight BER library as required by
.BR lber-encode (3)
and
.BR lber-decode (3).
.BR ber_memalloc (),
.BR ber_memcalloc (),
.BR ber_memrealloc (),
and
.BR ber_memfree ()
are used exactly like the standard
.BR malloc (3),
.BR calloc (3),
.BR realloc (3),
and
.BR free (3)
routines, respectively. The
.BR ber_memvfree ()
routine is used to free a dynamically allocated array of pointers to
arbitrary dynamically allocated objects.
.SH SEE ALSO
.BR lber-decode (3),
.BR lber-encode (3),
.BR lber-types (3)
.LP
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e72a000081a4000017820000044e0000000148d0f13d000019440000022d0000016a00000000000000000000002100000000reloc/share/man/man3/ldap_bind.3 .TH LDAP_BIND 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_bind.3,v 1.16.2.6 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s \- LDAP bind routines
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
.nf
.B #include
.LP
.BI "int ldap_bind(LDAP *" ld ", const char *" who ", const char *" cred ","
.RS
.BI "int " method ");"
.RE
.LP
.BI "int ldap_bind_s(LDAP *" ld ", const char *" who ", const char *" cred ","
.RS
.BI "int " method ");"
.RE
.LP
.BI "int ldap_simple_bind(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
.BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
.BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
.BI "LDAPControl *" cctrls "[], int *" msgidp ");"
.RE
.LP
.BI "int ldap_sasl_bind_s(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
.BI "LDAPControl *" cctrls "[], struct berval **" servercredp ");"
.RE
.LP
.BI "int ldap_parse_sasl_bind_result(LDAP *" ld ", LDAPMessage *" res ","
.RS
.BI "struct berval **" servercredp ", int " freeit ");"
.RE
.LP
.BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn ","
.RS
.BI "const char *" mechs ","
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
.BI "void *" defaults ");"
.RE
.LP
.BI "int ldap_unbind(LDAP *" ld ");"
.LP
.BI "int ldap_unbind_s(LDAP *" ld ");"
.\" .LP
.\" .ft B
.\" void ldap_set_rebind_proc( ld, rebindproc )
.\" .ft
.\" LDAP *ld;
.\" int (*rebindproc)();
.SH DESCRIPTION
.LP
These routines provide various interfaces to the LDAP bind operation.
After an association with an LDAP server is made using
.BR ldap_init (3),
an LDAP bind operation should be performed before other operations are
attempted over the connection. An LDAP bind is required when using
Version 2 of the LDAP protocol; it is optional for Version 3 but is
usually needed due to security considerations.
.LP
There are three types of bind calls, ones providing simple authentication,
ones providing SASL authentication, and general routines capable of doing
either simple or SASL authentication.
.LP
.B SASL
(Simple Authentication and Security Layer)
that can negotiate one of many different kinds of authentication.
Both synchronous and asynchronous versions of each variant of the bind
call are provided. All routines
take \fIld\fP as their first parameter, as returned from
.BR ldap_init (3).
.LP
.SH SIMPLE AUTHENTICATION
The simplest form of the bind call is
.BR ldap_simple_bind_s() .
It takes the DN to bind as in \fIwho\fP, and the userPassword associated
with the entry in \fIpasswd\fP. It returns an LDAP error indication
(see
.BR ldap_error (3)).
The
.B ldap_simple_bind()
call is asynchronous,
taking the same parameters but only initiating the bind operation and
returning the message id of the request it sent. The result of the
operation can be obtained by a subsequent call to
.BR ldap_result (3).
.SH GENERAL AUTHENTICATION
The
.B ldap_bind()
and
.B ldap_bind_s()
routines can be used when the
authentication method to use needs to be selected at runtime. They
both take an extra \fImethod\fP parameter selecting the authentication
method to use. It should be set to LDAP_AUTH_SIMPLE
to select simple authentication.
.B ldap_bind()
returns the message id of the request it initiates.
.B ldap_bind_s()
returns an LDAP error indication.
.SH SASL AUTHENTICATION
Description still under construction...
.SH UNBINDING
The
.B ldap_unbind()
call is used to unbind from the directory,
terminate the current association, and free the resources contained
in the \fIld\fP structure. Once it is called, the connection to
the LDAP server is closed, and the \fIld\fP structure is invalid.
The
.B ldap_unbind_s()
call is just another name for
.BR ldap_unbind() ;
both of these calls are synchronous in nature.
.\" .SH RE-BINDING WHILE FOLLOWING REFERRALS
.\" The
.\" .B ldap_set_rebind_proc()
.\" call is used to set a routine that will be called back to obtain bind
.\" credentials used when a new server is contacted during the following of
.\" an LDAP referral. Note that this function is only available when the
.\" LDAP libraries are compiled with LDAP_REFERRALS defined and is only
.\" used when the ld_options field in the LDAP structure has
.\" LDAP_OPT_REFERRALS set (this is the default). If
.\" .B ldap_set_rebind_proc()
.\" is never called, or if it is called with a NULL \fIrebindproc\fP
.\" parameter, an unauthenticated simple LDAP bind will always be done
.\" when chasing referrals.
.\" .LP
.\" \fIrebindproc\fP should be a function that is declared like this:
.\" .LP
.\" .nf
.\" int rebindproc( LDAP *ld, char **whop, char **credp,
.\" int *methodp, int freeit );
.\" .fi
.\" .LP
.\" The LDAP library will first call the rebindproc to obtain the
.\" referral bind credentials, and the \fIfreeit\fP parameter will be
.\" zero. The \fIwhop\fP, \fIcredp\fP, and \fImethodp\fP should be
.\" set as appropriate. If the rebindproc returns LDAP_SUCCESS, referral
.\" processing continues, and the rebindproc will be called a second
.\" time with \fIfreeit\fP non-zero to give your application a chance to
.\" free any memory allocated in the previous call.
.\" .LP
.\" If anything but LDAP_SUCCESS is returned by the first call to
.\" the rebindproc, then referral processing is stopped and that error code
.\" is returned for the original LDAP operation.
.SH ERRORS
Asynchronous routines will return -1 in case of error, setting the
\fIld_errno\fP parameter of the \fIld\fP structure. Synchronous
routines return whatever \fIld_errno\fP is set to. See
.BR ldap_error (3)
for more information.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_open (3),
.B RFC 2222
(http://www.ietf.org),
.B Cyrus SASL
(http://asg.web.cmu.edu/sasl/)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e729000081a4000017820000044e0000000148d0f13c00000b730000022d0000016a00000000000000000000002000000000reloc/share/man/man3/ldap_add.3 .TH LDAP_ADD 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_add.3,v 1.15.2.5 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_add, ldap_add_s, ldap_add_ext, ldap_add_ext_s \- Perform an LDAP add operation
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int ldap_add(LDAP *" ld ", const char *" dn ", LDAPMod *" attrs "[]);"
.sp
.BI "int ldap_add_s(LDAP *" ld ", const char *" dn ", LDAPMod *" attrs "[]);"
.sp
.BI "int ldap_add_ext(LDAP *" ld ", const char *" dn ", LDAPMod *" attrs "[],"
.RS
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[], int *" msgidp ");"
.RE
.sp
.BI "int ldap_add_ext_s(LDAP *" ld ", const char *" dn ", LDAPMod *" attrs "[],"
.RS
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]);"
.RE
.fi
.SH DESCRIPTION
The
.B ldap_add_s()
routine is used to perform an LDAP add operation.
It takes \fIdn\fP, the DN of the entry to add, and \fIattrs\fP, a
null-terminated array of the entry's attributes. The LDAPMod structure
is used to represent attributes, with the \fImod_type\fP and
\fImod_values\fP fields being used as described under
.BR ldap_modify (3),
and the \fIldap_op\fP field being used only if you need to specify
the LDAP_MOD_BVALUES option. Otherwise, it should be set to zero.
.LP
Note that all entries except that
specified by the last component in the given DN must already exist.
.B ldap_add_s()
returns an LDAP error code indicating success or failure
of the operation. See
.BR ldap_error (3)
for more details.
.LP
The
.B ldap_add()
routine works just like
.BR ldap_add_s() ,
but it is asynchronous. It returns the message id of the request it
initiated. The result of this operation can be obtained by calling
.BR ldap_result (3).
.LP
The
.B ldap_add_ext()
routine allows server and client controls to be specified to extend
the add request. This routine is asynchronous like
.BR ldap_add() ,
but its return value is an LDAP error code. It stores the message id
of the request in the integer pointed to
by
.IR msgidp .
.LP
The
.B ldap_add_ext_s()
routine is the synchronous version of
.BR ldap_add_ext() .
It also returns an LDAP error code indicating success or failure
of the operation.
.SH ERRORS
.B ldap_add()
returns -1 in case of error initiating the request, and
will set the \fIld_errno\fP field in the \fIld\fP parameter
to indicate the error.
.B ldap_add_s()
will return an LDAP error code
directly (LDAP_SUCCESS if everything went ok, some error otherwise).
.B ldap_add_ext()
and
.B ldap_add_ext_s()
also directly return LDAP error codes.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_modify (3)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e72c000081a4000017820000044e0000000148d0f13e000006360000022d0000016a00000000000000000000002300000000reloc/share/man/man3/ldap_delete.3 .TH LDAP_DELETE 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_delete.3,v 1.13.2.5 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_delete, ldap_delete_s \- Perform an LDAP delete operation
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
.nf
.ft B
#include
.LP
.ft B
int ldap_delete_s(ld, dn)
.ft
LDAP *ld;
char *dn;
.LP
.ft B
int ldap_delete(ld, dn)
.ft
LDAP *ld;
char *dn;
.SH DESCRIPTION
The
.B ldap_delete_s()
routine is used to perform an LDAP delete operation
synchronously. It takes \fIdn\fP, the DN of the entry to be deleted.
It returns an LDAP error code, indicating the success or failure of the
operation.
.LP
The
.B ldap_delete()
routine is used to perform an LDAP delete operation
asynchronously. It takes the same parameters as
.BR ldap_delete_s() ,
but returns the message id of the request it initiated. The result of
the delete can be obtained by a subsequent call to
.BR ldap_result (3).
.SH ERRORS
.B ldap_delete_s()
returns an LDAP error code which can be interpreted
by calling one of
.BR ldap_perror (3)
and friends.
.B ldap_delete()
returns -1 if something went wrong initiating the request. It returns the
non-negative message id of the request if things went ok.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e737000081a4000017820000044e0000000148d0f141000009170000022d0000016a00000000000000000000002c00000000reloc/share/man/man3/ldap_parse_reference.3 .TH LDAP_PARSE_REFERENCE 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_reference.3,v 1.10.2.5 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_parse_reference \- Extract referrals and controls from a reference message
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
.nf
.ft B
#include
.LP
.ft B
int ldap_parse_reference( LDAP *ld, LDAPMessage *reference,
char ***referralsp, LDAPControl ***serverctrlsp,
int freeit )
.SH DESCRIPTION
.LP
The
.B ldap_parse_reference()
routine is used to extract referrals and controls from a reference message.
The \fIreference\fP parameter is a reference message as returned by a
call to
.BR ldap_first_reference (3) ,
.BR ldap_next_reference (3) ,
.BR ldap_first_message (3) ,
.BR ldap_next_message (3) ,
or
.BR ldap_result (3) .
.LP
The \fIreferralsp\fP parameter will be filled in with an allocated array of
character strings. The strings are copies of the referrals contained in
the parsed message. The array should be freed by calling
.BR ldap_value_free (3) .
If \fIreferralsp\fP is NULL, no referrals are returned.
If no referrals were returned, \fI*referralsp\fP is set to NULL.
.LP
The \fIserverctrlsp\fP parameter will be filled in with an allocated array of
controls copied from the parsed message. The array should be freed by calling
.BR ldap_controls_free (3).
If \fIserverctrlsp\fP is NULL, no controls are returned.
If no controls were returned, \fI*serverctrlsp\fP is set to NULL.
.LP
The \fIfreeit\fP parameter determines whether the parsed message is
freed or not after the extraction. Any non-zero value will make it
free the message. The
.BR ldap_msgfree (3)
routine can also be used to free the message later.
.SH ERRORS
Upon success LDAP_SUCCESS is returned. Otherwise the values of the
\fIreferralsp\fP and \fIserverctrlsp\fP parameters are undefined.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_first_reference (3),
.BR ldap_first_message (3),
.BR ldap_result (3),
.BR ldap_get_values (3),
.BR ldap_controls_free (3)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e726000081a4000017820000044e0000000148d0f13b0000165a0000022d0000016a00000000000000000000002200000000reloc/share/man/man3/lber-types.3 .TH LBER_TYPES 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-types.3,v 1.16.2.5 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t,
struct berval, BerValue, BerVarray, BerElement,
ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add,
ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_free
\- LBER types and allocation functions
.SH LIBRARY
OpenLDAP LBER (liblber, -llber)
.SH SYNOPSIS
.B #include
.LP
.nf
.ft B
typedef impl_tag_t ber_tag_t;
typedef impl_int_t ber_int_t;
typedef impl_uint_t ber_uint_t;
typedef impl_len_t ber_len_t;
typedef impl_slen_t ber_slen_t;
typedef struct berval {
ber_len_t bv_len;
char *bv_val;
} BerValue, *BerVarray;
typedef struct berelement BerElement;
.ft
.fi
.LP
.BI "void ber_bvfree(struct berval *" bv ");"
.LP
.BI "void ber_bvecfree(struct berval **" bvec ");"
.LP
.BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");"
.LP
.BI "void ber_bvarray_free(struct berval *" bvarray ");"
.LP
.BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");"
.LP
.BI "struct berval *ber_bvdup(const struct berval *" bv ");"
.LP
.BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");"
.LP
.BI "struct berval *ber_bvstr(const char *" str ");"
.LP
.BI "struct berval *ber_bvstrdup(const char *" str ");"
.LP
.BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");"
.LP
.BI "void ber_free(BerElement *" ber ", int " freebuf ");"
.SH DESCRIPTION
.LP
The following are the basic types and structures defined for use
with the Lightweight BER library.
.LP
.B ber_int_t
is a signed integer of at least 32 bits. It is commonly equivalent to
.BR int .
.B ber_uint_t
is the unsigned variant of
.BR ber_int_t .
.LP
.B ber_len_t
is an unsigned integer of at least 32 bits used to represent a length.
It is commonly equivalent to a
.BR size_t .
.B ber_slen_t
is the signed variant to
.BR ber_len_t .
.LP
.B ber_tag_t
is an unsigned integer of at least 32 bits used to represent a
BER tag. It is commonly equivalent to a
.BR unsigned\ long .
.LP
The actual definitions of the integral impl_TYPE_t types are platform
specific.
.LP
.BR BerValue ,
commonly used as
.BR struct\ berval ,
is used to hold an arbitrary sequence of octets.
.B bv_val
points to
.B bv_len
octets.
.B bv_val
is not necessarily terminated by a NUL (zero) octet.
.BR ber_bvfree ()
frees a BerValue, pointed to by \fIbv\fP, returned from this API. If \fIbv\fP
is NULL, the routine does nothing.
.LP
.BR ber_bvecfree ()
frees an array of BerValues (and the array), pointed to by \fIbvec\fP,
returned from this API. If \fIbvec\fP is NULL, the routine does nothing.
.BR ber_bvecadd ()
appends the \fIbv\fP pointer to the \fIbvec\fP array. Space for the array
is allocated as needed. The end of the array is marked by a NULL pointer.
.LP
.BR ber_bvarray_free ()
frees an array of BerValues (and the array), pointed to by \fIbvarray\fP,
returned from this API. If \fIbvarray\fP is NULL, the routine does nothing.
.BR ber_bvarray_add ()
appends the contents of the BerValue pointed to by \fIbv\fP to the
\fIbvarray\fP array. Space for the new element is allocated as needed.
The end of the array is marked by a BerValue with a NULL bv_val field.
.LP
.BR ber_bvdup ()
returns a copy of a BerValue. The routine returns NULL upon error
(e.g. out of memory). The caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue.
.BR ber_dupbv ()
copies a BerValue from \fIsrc\fP to \fIdst\fP. If \fIdst\fP is NULL a
new BerValue will be allocated to hold the copy. The routine returns NULL
upon error, otherwise it returns a pointer to the copy. If \fIdst\fP is
NULL the caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue, otherwise
.BR ber_memfree ()
should be used to deallocate the \fIdst->bv_val\fP. (The
.BR ber_bvdup ()
function is internally implemented as ber_dupbv(NULL, bv).
.BR ber_bvdup ()
is provided only for compatibility with an expired draft of the LDAP C API;
.BR ber_dupbv ()
is the preferred interface.)
.LP
.BR ber_bvstr ()
returns a BerValue containing the string pointed to by \fIstr\fP.
.BR ber_bvstrdup ()
returns a BerValue containing a copy of the string pointed to by \fIstr\fP.
.BR ber_str2bv ()
returns a BerValue containing the string pointed to by \fIstr\fP, whose
length may be optionally specified in \fIlen\fP. If \fIdup\fP is non-zero,
the BerValue will contain a copy of \fIstr\fP. If \fIlen\fP is zero, the
number of bytes to copy will be determined by
.BR strlen (3),
otherwise \fIlen\fP bytes will be copied. If \fIbv\fP is non-NULL, the result
will be stored in the given BerValue, otherwise a new BerValue will be
allocated to store the result. NOTE: Both
.BR ber_bvstr ()
and
.BR ber_bvstrdup ()
are implemented as macros using
.BR ber_str2bv ()
in this version of the library.
.LP
.B BerElement
is an opaque structure used to maintain state information used in
encoding and decoding. BerElement structures are created using
.BR ber_alloc_t (3)
and
.BR ber_init (3).
.BR ber_free ()
frees a BerElement pointed to by \fIber\fP. If \fIber\fP is NULL, the routine
does nothing. If \fIfreebuf\fP is zero, the internal buffer is not freed.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-decode (3),
.BR lber-memory (3)
.LP
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e73c000081a4000017820000044e0000000148d0f14300000dc90000022d0000016a00000000000000000000002100000000reloc/share/man/man3/ldap_sort.3 .TH LDAP_SORT 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_sort.3,v 1.13.2.5 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_sort_entries, ldap_sort_values, ldap_sort_strcasecmp \- LDAP sorting routines
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
.nf
.ft B
#include
.LP
.ft B
ldap_sort_entries(ld, chain, attr, cmp)
.ft
LDAP *ld;
LDAPMessage **chain;
char *attr;
int (*cmp)();
.LP
.ft B
ldap_sort_values(ld, vals, cmp)
.ft
LDAP *ld;
char **vals;
int (*cmp)();
.LP
.ft B
ldap_sort_strcasecmp(a, b)
.ft
char *a;
char *b;
.SH DESCRIPTION
These routines are used to sort lists of entries and values retrieved
from an LDAP server.
.B ldap_sort_entries()
is used to sort a chain
of entries retrieved from an LDAP search call either by DN or by some
arbitrary attribute in the entries. It takes \fIld\fP, the LDAP
structure, which is only used for error reporting, \fIchain\fP, the
list of entries as returned by
.BR ldap_search_s (3)
or
.BR ldap_result (3).
\fIattr\fP is the attribute to use as a key in the sort
or NULL to sort by DN, and \fIcmp\fP is the comparison function to use
when comparing values (or individual DN components if sorting by DN).
In this case, \fIcmp\fP should be a function taking two single values
of the \fIattr\fP to sort by, and returning a value less than zero,
equal to zero, or greater than zero, depending on whether the first
argument is less than, equal to, or greater than the second argument.
The convention is the same as used by
.BR qsort (3),
which is called to do the actual sorting.
.LP
.B ldap_sort_values()
is used to sort an array of values from an entry,
as returned by
.BR ldap_get_values (3).
It takes the LDAP connection
structure \fIld\fP, the array of values
to sort \fIvals\fP, and \fIcmp\fP, the comparison
function to use during the sort.
Note that \fIcmp\fP will be passed a pointer to each element in the
\fIvals\fP array, so if you pass the normal char ** for this parameter,
\fIcmp\fP should take two char **'s as arguments (i.e., you cannot
pass \fIstrcasecmp\fP or its friends for \fIcmp\fP). You can, however,
pass the function
.B ldap_sort_strcasecmp()
for this purpose.
.LP
For example:
.LP
.nf
.ft tt
LDAP *ld;
LDAPMessage *res;
/*
* ... call to ldap_search_s(), fill in res,
* retrieve sn attr ...
*/
/* now sort the entries on surname attribute */
if ( ldap_sort_entries( ld, &res, "sn",
ldap_sort_strcasecmp ) != 0 )
ldap_perror( ld, "ldap_sort_entries" );
.ft
.fi
.SH NOTES
.LP
The
.B ldap_sort_entries()
routine applies the comparison function to
each value of the attribute in the array as returned by a call to
.BR ldap_get_values (3),
until a mismatch is found.
This works fine for single-valued attributes, but
may produce unexpected results for multi-valued attributes.
When sorting by DN, the comparison function is
applied to an exploded version of the DN, without types.
The return values for all of these functions are declared in the
header file. Some routines may dynamically allocate memory.
Callers are responsible for freeing such memory using the supplied
deallocation routines.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_search (3),
.BR ldap_result (3),
.BR qsort (3)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e728000081a4000017820000044e0000000148d0f13c000007890000022d0000016a00000000000000000000002400000000reloc/share/man/man3/ldap_abandon.3 .TH LDAP_ABANDON 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_abandon.3,v 1.15.2.5 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_abandon, ldap_abandon_ext \- Abandon an LDAP operation in progress
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
.nf
.B #include
.sp
.BI "int ldap_abandon(LDAP *" ld ", int " msgid ");"
.sp
.BI "int ldap_abandon_ext(LDAP *" ld ", int " msgid ","
.RS
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]);"
.RE
.fi
.SH DESCRIPTION
The
.B ldap_abandon()
routine is used to abandon or cancel an LDAP
operation in progress. The \fImsgid\fP passed should be the
message id of an outstanding LDAP operation, as returned by
.BR ldap_search (3),
.BR ldap_modify (3),
etc.
.LP
.BR ldap_abandon ()
checks to see if the result of the operation has already come in. If it
has, it deletes it from the queue of pending messages. If not,
it sends an LDAP abandon operation to the the LDAP server.
.LP
The caller can expect that the result of an abandoned operation
will not be returned from a future call to
.BR ldap_result (3).
.LP
.B ldap_abandon_ext()
is equivalent to
.B ldap_abandon()
except that it allows server and client controls to be passed
in
.I sctrls
and
.IR cctrls ,
respectively.
.SH ERRORS
.B ldap_abandon()
returns 0 if everything goes ok, -1 otherwise,
setting \fIld_errno\fP with an appropriate LDAP error code.
.LP
.B ldap_abandon_ext()
directly returns an LDAP error code indicating success or failure of the
operation.
.LP
See
.BR ldap_error (3)
for details.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_result (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e72d000081a4000017820000044e0000000148d0f13e000016370000022d0000016a00000000000000000000002200000000reloc/share/man/man3/ldap_error.3 .TH LDAP_ERROR 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_error.3,v 1.19.2.5 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_perror, ld_errno, ldap_result2error, ldap_errlist, ldap_err2string \- LDAP protocol error handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
.nf
.ft B
#include
.LP
.ft B
char *ldap_err2string( int err );
.LP
.ft B
void ldap_perror( LDAP *ld, const char *s )
.LP
.ft B
int ldap_result2error( LDAP *ld, LDAPMessage *res, int freeit )
.SH DESCRIPTION
These routines provide interpretation of the various error codes
returned by the LDAP protocol and LDAP library routines or associated
with an LDAP session. The error code associated with an LDAP session
is accessible using
.BR ldap_get_option (3)
and
.BR ldap_set_option (3)
with the
.B LDAP_OPT_RESULT_CODE
option (previously called
.BR LDAP_OPT_ERROR_NUMBER ).
.LP
The
.B ldap_result2error()
routine takes \fIres\fP, a result as produced by
.BR ldap_result (3)
or
.BR ldap_search_s (3),
and returns
the corresponding error code. Possible error codes are listed
below. If the \fIfreeit\fP parameter is non zero it indicates that the
\fIres\fP parameter should be freed by a call to
.BR ldap_msgfree (3)
after the error code has been extracted. The
.B ld_errno
field in \fIld\fP is set and returned.
.LP
The returned value can be passed to
.B ldap_err2string()
to get a text description of the message. The string
returned from
.B ldap_err2string()
is a pointer to a static area that
should not be modified.
.LP
The
.B ldap_perror()
routine can be called to print an indication of
the error on standard error, similar to the way
.BR perror (3)
works.
.SH ERRORS
The possible values for an ldap error code are:
.LP
.TP 20
.SM LDAP_SUCCESS
The request was successful.
.TP
.SM LDAP_OPERATIONS_ERROR
An operations error occurred.
.TP
.SM LDAP_PROTOCOL_ERROR
A protocol violation was detected.
.TP
.SM LDAP_TIMELIMIT_EXCEEDED
An LDAP time limit was exceeded.
.TP
.SM LDAP_SIZELIMIT_EXCEEDED
An LDAP size limit was exceeded.
.TP
.SM LDAP_COMPARE_FALSE
A compare operation returned false.
.TP
.SM LDAP_COMPARE_TRUE
A compare operation returned true.
.TP
.SM LDAP_STRONG_AUTH_NOT_SUPPORTED
The LDAP server does not support strong authentication.
.TP
.SM LDAP_STRONG_AUTH_REQUIRED
Strong authentication is required for the operation.
.TP
.SM LDAP_PARTIAL_RESULTS
Partial results only returned.
.TP
.SM LDAP_NO_SUCH_ATTRIBUTE
The attribute type specified does not exist in the entry.
.TP
.SM LDAP_UNDEFINED_TYPE
The attribute type specified is invalid.
.TP
.SM LDAP_INAPPROPRIATE_MATCHING
Filter type not supported for the specified attribute.
.TP
.SM LDAP_CONSTRAINT_VIOLATION
An attribute value specified violates some constraint (e.g., a postalAddress
has too many lines, or a line that is too long).
.TP
.SM LDAP_TYPE_OR_VALUE_EXISTS
An attribute type or attribute value specified already exists in the entry.
.TP
.SM LDAP_INVALID_SYNTAX
An invalid attribute value was specified.
.TP
.SM LDAP_NO_SUCH_OBJECT
The specified object does not exist in The Directory.
.TP
.SM LDAP_ALIAS_PROBLEM
An alias in The Directory points to a nonexistent entry.
.TP
.SM LDAP_INVALID_DN_SYNTAX
A syntactically invalid DN was specified.
.TP
.SM LDAP_IS_LEAF
The object specified is a leaf.
.TP
.SM LDAP_ALIAS_DEREF_PROBLEM
A problem was encountered when dereferencing an alias.
.TP
.SM LDAP_INAPPROPRIATE_AUTH
Inappropriate authentication was specified (e.g., LDAP_AUTH_SIMPLE was
specified and the entry does not have a userPassword attribute).
.TP
.SM LDAP_INVALID_CREDENTIALS
Invalid credentials were presented (e.g., the wrong password).
.TP
.SM LDAP_INSUFFICIENT_ACCESS
The user has insufficient access to perform the operation.
.TP
.SM LDAP_BUSY
The DSA is busy.
.TP
.SM LDAP_UNAVAILABLE
The DSA is unavailable.
.TP
.SM LDAP_UNWILLING_TO_PERFORM
The DSA is unwilling to perform the operation.
.TP
.SM LDAP_LOOP_DETECT
A loop was detected.
.TP
.SM LDAP_NAMING_VIOLATION
A naming violation occurred.
.TP
.SM LDAP_OBJECT_CLASS_VIOLATION
An object class violation occurred (e.g., a "must" attribute was missing
from the entry).
.TP
.SM LDAP_NOT_ALLOWED_ON_NONLEAF
The operation is not allowed on a nonleaf object.
.TP
.SM LDAP_NOT_ALLOWED_ON_RDN
The operation is not allowed on an RDN.
.TP
.SM LDAP_ALREADY_EXISTS
The entry already exists.
.TP
.SM LDAP_NO_OBJECT_CLASS_MODS
Object class modifications are not allowed.
.TP
.SM LDAP_OTHER
An unknown error occurred.
.TP
.SM LDAP_SERVER_DOWN
The LDAP library can't contact the LDAP server.
.TP
.SM LDAP_LOCAL_ERROR
Some local error occurred. This is usually a failed dynamic memory allocation.
.TP
.SM LDAP_ENCODING_ERROR
An error was encountered encoding parameters to send to the LDAP server.
.TP
.SM LDAP_DECODING_ERROR
An error was encountered decoding a result from the LDAP server.
.TP
.SM LDAP_TIMEOUT
A timelimit was exceeded while waiting for a result.
.TP
.SM LDAP_AUTH_UNKNOWN
The authentication method specified to ldap_bind() is not known.
.TP
.SM LDAP_FILTER_ERROR
An invalid filter was supplied to ldap_search() (e.g., unbalanced
parentheses).
.TP
.SM LDAP_PARAM_ERROR
An ldap routine was called with a bad parameter.
.TP
.SM LDAP_NO_MEMORY
An memory allocation (e.g., malloc(3) or other dynamic memory
allocator) call failed in an ldap
library routine.
.SH SEE ALSO
.BR ldap (3),
.BR perror (3)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e73d000081a4000017820000044e0000000148d0f14400000bf70000022d0000016a00000000000000000000002000000000reloc/share/man/man3/ldap_url.3 .TH LDAP_URL 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_url.3,v 1.16.2.5 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_is_ldap_url,
ldap_url_parse,
ldap_free_urldesc \- LDAP Uniform Resource Locator routines
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
.nf
.ft B
#include
.ft
.LP
.ft B
int ldap_is_ldap_url( const char *url )
.LP
.ft B
int ldap_url_parse( const char *url, LDAPURLDesc **ludpp )
.LP
typedef struct ldap_url_desc {
char * lud_scheme; /* URI scheme */
char * lud_host; /* LDAP host to contact */
int lud_port; /* port on host */
char * lud_dn; /* base for search */
char ** lud_attrs; /* list of attributes */
int lud_scope; /* a LDAP_SCOPE_... value */
char * lud_filter; /* LDAP search filter */
char ** lud_exts; /* LDAP extensions */
int lud_crit_exts; /* true if any extension is critical */
/* may contain additional fields for internal use */
} LDAPURLDesc;
.LP
.ft B
ldap_free_urldesc( LDAPURLDesc *ludp )
.SH DESCRIPTION
These routines support the use of LDAP URLs (Uniform Resource Locators)
as detailed in RFC 2255. LDAP URLs look like this:
.nf
\fBldap://\fP\fIhostport\fP\fB/\fP\fIdn\fP[\fB?\fP\fIattrs\fP[\fB?\fP\fIscope\fP[\fB?\fP\fIfilter\fP[\fB?\fP\fIexts\fP]]]]
where:
\fIhostport\fP is a host name with an optional ":portnumber"
\fIdn\fP is the search base
\fIattrs\fP is a comma separated list of attributes to request
\fIscope\fP is one of these three strings:
base one sub (default=base)
\fIfilter\fP is filter
\fIexts\fP are recognized set of LDAP and/or API extensions.
Example:
ldap://ldap.example.net/dc=example,dc=net?cn,sn?sub?(cn=*)
.fi
.LP
URLs that are wrapped in angle-brackets and/or preceded by "URL:" are also
tolerated. Alternative schemes such as ldaps:// and ldapi:// may be
parsed using the below routines as well.
.LP
.B ldap_is_ldap_url()
returns a non-zero value if \fIurl\fP looks like an LDAP URL (as
opposed to some other kind of URL). It can be used as a quick check
for an LDAP URL; the
.B ldap_url_parse()
routine should be used if a more thorough check is needed.
.LP
.B ldap_url_parse()
breaks down an LDAP URL passed in \fIurl\fP into its component pieces.
If successful, zero is returned, an LDAP URL description is
allocated, filled in, and \fIludpp\fP is set to point to it. If an
error occurs, a non-zero URL error code is returned.
.LP
.B ldap_free_urldesc()
should be called to free an LDAP URL description that was obtained from
a call to
.B ldap_url_parse().
.SH SEE ALSO
.BR ldap (3)
.LP
.B The LDAP URL Format, RFC 2255,
Tim Howes and Mark Smith, December 1997.
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e734000081a4000017820000044e0000000148d0f14000000e730000022d0000016a00000000000000000000002300000000reloc/share/man/man3/ldap_modify.3 .TH LDAP_MODIFY 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_modify.3,v 1.12.2.5 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_modify, ldap_modify_s \- Perform an LDAP modify operation
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
.nf
.ft B
#include
.LP
.ft B
.nf
int ldap_modify(ld, dn, mods)
.ft
LDAP *ld;
char *dn;
LDAPMod *mods[];
.LP
.ft B
.nf
int ldap_modify_s(ld, dn, mods)
.ft
LDAP *ld;
char *dn;
LDAPMod *mods[];
.LP
.ft B
.nf
void ldap_mods_free( mods, freemods )
.ft
LDAPMod **mods;
int freemods;
.SH DESCRIPTION
The routine
.B ldap_modify_s()
is used to perform an LDAP modify operation.
\fIdn\fP is the DN of the entry to modify, and \fImods\fP is a
null-terminated array of modifications to make to the entry. Each element
of the \fImods\fP array is a pointer to an LDAPMod structure, which is
defined below.
.LP
.nf
.ft B
typedef struct ldapmod {
int mod_op;
char *mod_type;
union {
char **modv_strvals;
struct berval **modv_bvals;
} mod_vals;
struct ldapmod *mod_next;
} LDAPMod;
#define mod_values mod_vals.modv_strvals
#define mod_bvalues mod_vals.modv_bvals
.ft
.fi
.LP
The \fImod_op\fP field is used to specify the type of modification to
perform and should be one of LDAP_MOD_ADD, LDAP_MOD_DELETE, or
LDAP_MOD_REPLACE. The \fImod_type\fP and \fImod_values\fP fields
specify the attribute type to modify and a null-terminated array of
values to add, delete, or replace respectively. The \fImod_next\fP
field is used only by the LDAP server and may be ignored by the
client.
.LP
If you need to specify a non-string value (e.g., to add a
photo or audio attribute value), you should set \fImod_op\fP to the
logical OR of the operation as above (e.g., LDAP_MOD_REPLACE)
and the constant LDAP_MOD_BVALUES. In this case, \fImod_bvalues\fP
should be used instead of \fImod_values\fP, and it should point to
a null-terminated array of struct bervals, as defined in .
.LP
For LDAP_MOD_ADD modifications, the given values are added to the
entry, creating the attribute if necessary. For LDAP_MOD_DELETE
modifications, the given values are deleted from the entry, removing
the attribute if no values remain. If the entire attribute is to be deleted,
the \fImod_values\fP field should be set to NULL. For LDAP_MOD_REPLACE
modifications, the attribute will have the listed values after the
modification, having been created if necessary. All modifications are
performed in the order in which they are listed.
.LP
.B
ldap_modify_s()
returns the LDAP error code resulting from the
modify operation. This code can be interpreted by
.BR ldap_perror (3)
and friends.
.LP
The
.B ldap_modify()
operation works the same way as
.BR ldap_modify_s() ,
except that it is asynchronous, returning the message id of the
request it initiates, or -1 on error. The result of the operation
can be obtained by calling
.BR ldap_result (3).
.LP
.B ldap_mods_free()
can be used to free each element of a NULL-terminated
array of mod structures. If \fIfreemods\fP is non-zero, the
\fImods\fP pointer itself is freed as well.
.SH ERRORS
.B ldap_modify_s()
returns an ldap error code, either LDAP_SUCCESS or
an error if there was trouble.
.B ldap_modify()
returns -1 in case
of trouble, setting the
.B ld_errno
field of \fIld\fP.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_add (3)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e72b000081a4000017820000044e0000000148d0f13d000007a30000022d0000016a00000000000000000000002400000000reloc/share/man/man3/ldap_compare.3 .TH LDAP_COMPARE 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_compare.3,v 1.13.2.5 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_compare, ldap_compare_s \- Perform an LDAP compare operation
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
.nf
.ft B
#include
.LP
.ft B
int ldap_compare_s(ld, dn, attr, value)
.ft
LDAP *ld;
char *dn, *attr, *value;
.LP
.ft B
int ldap_compare(ld, dn, attr, value)
.ft
LDAP *ld;
char *dn, *attr, *value;
.SH DESCRIPTION
The
.B ldap_compare_s()
routine is used to perform an LDAP compare operation
synchronously. It takes \fIdn\fP, the DN of the entry upon which to perform
the compare, and \fIattr\fP and \fIvalue\fP, the attribute type and value to
compare to those found in the entry. It returns an LDAP error code, which
will be LDAP_COMPARE_TRUE if the entry contains the attribute value and
LDAP_COMPARE_FALSE if it does not. Otherwise, some error code is returned.
.LP
The
.B ldap_compare()
routine is used to perform an LDAP compare operation
asynchronously. It takes the same parameters as
.BR ldap_compare_s() ,
but returns the message id of the request it initiated. The result of
the compare can be obtained by a subsequent call to
.BR ldap_result (3).
.SH ERRORS
.B ldap_compare_s()
returns an LDAP error code which can be interpreted
by calling one of
.BR ldap_perror (3)
and friends. ldap_compare() returns
-1 if something went wrong initiating the request. It returns the
non-negative message id of the request if things went ok.
.SH BUGS
There is no way to compare binary values, but there should be.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e72e000081a4000017820000044e0000000148d0f13e000009230000022d0000016a00000000000000000000002c00000000reloc/share/man/man3/ldap_first_attribute.3 .TH LDAP_FIRST_ATTRIBUTE 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_attribute.3,v 1.18.2.7 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_attribute, ldap_next_attribute \- step through LDAP entry attributes
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
.nf
.ft B
#include
.LP
.ft B
char *ldap_first_attribute(
LDAP *ld, LDAPMessage *entry, BerElement **berptr )
.LP
.ft B
char *ldap_next_attribute(
LDAP *ld, LDAPMessage *entry, BerElement *ber )
.SH DESCRIPTION
The
.B ldap_first_attribute()
and
.B ldap_next_attribute()
routines are used
to step through the attributes in an LDAP entry.
.B ldap_first_attribute()
takes an \fIentry\fP as returned by
.BR ldap_first_entry (3)
or
.BR ldap_next_entry (3)
and returns a pointer to character string
containing the first attribute description in the entry.
.B ldap_next_attribute()
returns the next attribute description in the entry.
.LP
It also returns, in \fIberptr\fP, a pointer to a BerElement it has
allocated to keep track of its current position. This pointer should
be passed to subsequent calls to
.B ldap_next_attribute()
and is used used
to effectively step through the entry's attributes. The caller is
solely responsible for freeing the BerElement pointed to by \fIberptr\fP
when it is no longer needed by calling
.BR ber_free (3).
When calling
.BR ber_free (3)
in this instance, be sure the second argument is 0.
.LP
The attribute names returned are suitable for inclusion in a call
to
.BR ldap_get_values (3)
to retrieve the attribute's values.
.SH ERRORS
If an error occurs, NULL is returned and the ld_errno field in the
\fIld\fP parameter is set to indicate the error. See
.BR ldap_error (3)
for a description of possible error codes.
.SH NOTES
The
.B ldap_first_attribute()
and
.B ldap_next_attribute()
return dynamically allocated memory that must be freed by the caller via
.BR ldap_memfree (3).
.SH SEE ALSO
.BR ldap (3),
.BR ldap_first_entry (3),
.BR ldap_get_values (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e738000081a4000017820000044e0000000148d0f14100000f900000022d0000016a00000000000000000000002900000000reloc/share/man/man3/ldap_parse_result.3 .TH LDAP_PARSE_RESULT 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_result.3,v 1.9.2.6 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_parse_result \- Parsing results
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
.nf
.ft B
#include
.LP
.ft B
int ldap_parse_result( LDAP *ld, LDAPMessage *result,
int *errcodep, char **matcheddnp, char **errmsgp,
char ***referralsp, LDAPControl ***serverctrlsp,
int freeit )
.LP
.ft B
int ldap_parse_sasl_bind_result( LDAP *ld, LDAPMessage *result,
struct berval **servercredp, int freeit )
.LP
.ft B
int ldap_parse_extended_result( LDAP *ld, LDAPMessage *result,
char **retoidp, struct berval **retdatap, int freeit )
.SH DESCRIPTION
.LP
These routines are used to extract information from a result message.
They will operate on the first result message in a chain of search
results (skipping past other message types). They take the \fIresult\fP
as returned by a call to
.BR ldap_result (3),
.BR ldap_search_s (3)
or
.BR ldap_search_st (3).
In addition to
.BR ldap_parse_result() ,
the routines
.B ldap_parse_sasl_bind_result()
and
.B ldap_parse_extended_result()
are used to get all the result information from SASL bind and extended
operations.
.LP
The \fIerrcodep\fP parameter will be filled in with the result code from
the result message.
.LP
The server might supply a matched DN string in the message indicating
how much of a name in a request was recognized. The \fImatcheddnp\fP
parameter will be filled in with this string if supplied, else it will
be NULL. If a string is returned, it should be freed using
.BR ldap_memfree (3).
.LP
The \fIerrmsgp\fP parameter will be filled in with the error message
field from the parsed message. This string should be freed using
.BR ldap_memfree (3).
.LP
The \fIreferralsp\fP parameter will be filled in with an allocated array of
referral strings from the parsed message. This array should be freed using
.BR ldap_memvfree (3).
If no referrals were returned, \fI*referralsp\fP is set to NULL.
.LP
The \fIserverctrlsp\fP parameter will be filled in with an allocated array of
controls copied from the parsed message. The array should be freed using
.BR ldap_controls_free (3).
If no controls were returned, \fI*serverctrlsp\fP is set to NULL.
.LP
The \fIfreeit\fP parameter determines whether the parsed message is
freed or not after the extraction. Any non-zero value will make it
free the message. The
.BR ldap_msgfree (3)
routine can also be used to free the message later.
.LP
For SASL bind results, the \fIservercredp\fP parameter will be filled in
with an allocated berval structure containing the credentials from the
server if present. The structure should be freed using
.BR ber_bvfree (3).
.LP
For extended results, the \fIretoidp\fP parameter will be filled in
with the dotted-OID text representation of the name of the extended
operation response. The string should be freed using
.BR ldap_memfree (3).
If no OID was returned, \fI*retoidp\fP is set to NULL.
.LP
For extended results, the \fIretdatap\fP parameter will be filled in
with a pointer to a berval structure containing the data from the
extended operation response. The structure should be freed using
.BR ber_bvfree (3).
If no data were returned, \fI*retdatap\fP is set to NULL.
.LP
For all the above result parameters, NULL values can be used in calls
in order to ignore certain fields.
.SH ERRORS
Upon success LDAP_SUCCESS is returned. Otherwise the values of the
result parameters are undefined.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_result (3),
.BR ldap_search (3),
.BR ldap_memfree (3),
.BR ldap_get_values (3),
.BR ldap_controls_free (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e739000081a4000017820000044e0000000148d0f142000010440000022d0000016a00000000000000000000002300000000reloc/share/man/man3/ldap_result.3 .TH LDAP_RESULT 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_result.3,v 1.16.2.6 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_result \- Wait for the result of an LDAP operation
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
.nf
.ft B
#include
.LP
.ft B
int ldap_result( LDAP *ld, int msgid, int all,
struct timeval *timeout, LDAPMessage **result );
int ldap_msgfree( LDAPMessage *msg );
int ldap_msgtype( LDAPMessage *msg );
int ldap_msgid( LDAPMessage *msg );
.ft
.SH DESCRIPTION
The
.B ldap_result()
routine is used to wait for and return the result of
an operation previously initiated by one of the LDAP asynchronous
operation routines (e.g.,
.BR ldap_search (3),
.BR ldap_modify (3),
etc.). Those routines all return -1 in case of error, and an
invocation identifier upon successful initiation of the operation. The
invocation identifier is picked by the library and is guaranteed to be
unique across the LDAP session. It can be used to request the result
of a specific operation from
.B ldap_result()
through the \fImsgid\fP parameter.
.LP
The
.B ldap_result()
routine will block or not, depending upon the setting
of the \fItimeout\fP parameter.
If timeout is not a NULL pointer, it specifies a maximum
interval to wait for the selection to complete. If timeout
is a NULL pointer, the select blocks indefinitely. To
effect a poll, the timeout argument should be a non-NULL
pointer, pointing to a zero-valued timeval structure. See
.BR select (2)
for further details.
.LP
If the result of a specific operation is required, \fImsgid\fP should
be set to the invocation identifier returned when the operation was
initiated, otherwise LDAP_RES_ANY or LDAP_RES_UNSOLICITED should be
supplied to wait for any or unsolicited response.
.LP
The \fIall\fP parameter, if non-zero, causes
.B ldap_result()
to return all responses with msgid, otherwise only the
next response is returned. This is commonly used to obtain all
the responses of a search operation.
.LP
A search response is made up of zero or
more search entries, zero or more search references, and zero or
more extended partial responses followed by a search result. If
\fIall\fP is set to 0, search entries will be returned one at a
time as they come in, via separate calls to
.BR ldap_result() .
If it's set to 1, the search
response will only be returned in its entirety, i.e., after all entries,
all references, all extended partial responses, and the final search
result have been received.
.LP
Upon success, the type of the result received is returned and the
\fIresult\fP parameter will contain the result of the operation. This
result should be passed to the LDAP parsing routines,
.BR ldap_first_message (3)
and friends, for interpretation.
.LP
The possible result types returned are:
.LP
.nf
LDAP_RES_BIND (0x61)
LDAP_RES_SEARCH_ENTRY (0x64)
LDAP_RES_SEARCH_REFERENCE (0x73)
LDAP_RES_SEARCH_RESULT (0x65)
LDAP_RES_MODIFY (0x67)
LDAP_RES_ADD (0x69)
LDAP_RES_DELETE (0x6b)
LDAP_RES_MODDN (0x6d)
LDAP_RES_COMPARE (0x6f)
LDAP_RES_EXTENDED (0x78)
LDAP_RES_INTERMEDIATE (0x79)
.fi
.LP
The
.B ldap_msgfree()
routine is used to free the memory allocated for
result(s) by
.B ldap_result()
or
.BR ldap_search_s (3)
and friends.
It takes a pointer to the result or result chain to be freed and returns
the type of the last message in the chain.
If the parameter is NULL, the function does nothing and returns zero.
.LP
The
.B ldap_msgtype()
routine returns the type of a message.
.LP
The
.B ldap_msgid()
routine returns the message id of a message.
.SH ERRORS
.B ldap_result()
returns -1 if something bad happens, and zero if the
timeout specified was exceeded.
.B ldap_msgtype()
and
.B ldap_msgid()
return -1 on error.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_search (3),
.BR ldap_first_message (3),
.BR select (2)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e723000081a4000017820000044e0000000148d0f13900002ff30000022d0000016a00000000000000000000002300000000reloc/share/man/man3/lber-decode.3 .TH LBER_DECODE 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-decode.3,v 1.21.2.5 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int,
ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal,
ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring,
ber_first_element, ber_next_element
\- LBER simplified Basic Encoding Rules library routines for decoding
.SH LIBRARY
OpenLDAP LBER (liblber, -llber)
.SH SYNOPSIS
.B #include
.LP
.BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");"
.LP
.BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");"
.LP
.BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");"
.LP
.BI "ber_tag_t ber_get_null(BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");"
.LP
.BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");"
.LP
.BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");"
.LP
.BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1. The version
of BER these routines support is the one defined for the LDAP
protocol. The encoding rules are the same as BER, except that
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form. This man page
describes the decoding routines in the lber library. See
.BR lber-encode (3)
for details on the corresponding encoding routines.
Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_get_next ()
to get the next BER element and
.BR ber_scanf ()
to do the actual decoding. In some cases,
.BR ber_peek_tag ()
may also need to be called in normal usage. The other routines are
provided for those applications that need more control than
.BR ber_scanf ()
provides. In
general, these routines return the tag of the element decoded, or
LBER_ERROR if an error occurred.
.LP
The
.BR ber_get_next ()
routine is used to read the next BER element from the given Sockbuf,
\fIsb\fP. It strips off and returns the leading tag, strips off and
returns the length of the entire element in \fIlen\fP, and sets up
\fIber\fP for subsequent calls to
.BR ber_scanf ()
et al to decode the element. See
.BR lber-sockbuf (3)
for details of the Sockbuf implementation of the \fIsb\fP parameter.
.LP
The
.BR ber_scanf ()
routine is used to decode a BER element in much the same way that
.BR scanf (3)
works. It reads from \fIber\fP, a pointer to a BerElement
such as returned by
.BR ber_get_next (),
interprets the bytes according to the format string \fIfmt\fP, and stores the
results in its additional arguments. The format string contains
conversion specifications which are used to direct the interpretation
of the BER element. The format string can contain the following
characters.
.RS
.LP
.TP 3
.B a
Octet string. A char ** should be supplied. Memory is allocated,
filled with the contents of the octet string, null-terminated, and
returned in the parameter. The caller should free the returned
string using
.BR ber_memfree ().
.TP
.B s
Octet string. A char * buffer should be supplied, followed by a pointer to a
ber_len_t initialized to the size of the buffer. Upon return, the
null-terminated octet string is put into the buffer, and the
ber_len_t is set to the actual size of the octet string.
.TP
.B O
Octet string. A struct ber_val ** should be supplied, which upon
return points to a dynamically allocated struct berval
containing the octet string and its length.
The caller should free the returned structure using
.BR ber_bvfree ().
.TP
.B o
Octet string. A struct ber_val * should be supplied, which upon
return contains the dynamically allocated
octet string and its length. The caller should free the returned octet
string using
.BR ber_memfree ().
.TP
.B m
Octet string. A struct ber_val * should be supplied, which upon return
contains the octet string and its length. The string resides in memory
assigned to the BerElement, and must not be freed by the caller.
.TP
.B b
Boolean. A pointer to a ber_int_t should be supplied.
.TP
.B e
Enumeration. A pointer to a ber_int_t should be supplied.
.TP
.B i
Integer. A pointer to a ber_int_t should be supplied.
.TP
.B B
Bitstring. A char ** should be supplied which will point to the
dynamically allocated
bits, followed by a ber_len_t *, which will point to the length
(in bits) of the bitstring returned.
.TP
.B n
Null. No parameter is required. The element is simply skipped if
it is recognized.
.TP
.B v
Sequence of octet strings. A char *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of char *'s
containing the octet strings. NULL is returned if the sequence is empty.
The caller should free the returned array and octet strings using
.BR ber_memvfree ().
.TP
.B V
Sequence of octet strings with lengths.
A struct berval *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of
struct berval *'s
containing the octet strings and their lengths.
NULL is returned if the sequence is empty.
The caller should free the returned structures using
.BR ber_bvecfree ().
.TP
.B W
Sequence of octet strings with lengths.
A BerVarray * should be supplied, which upon
return points to a dynamically allocated array of
struct berval's
containing the octet strings and their lengths. The array is terminated
by a struct berval with a NULL bv_val string pointer.
NULL is returned if the sequence is empty.
The caller should free the returned structures using
.BR ber_bvarray_free ().
.TP
.B M
Sequence of octet strings with lengths. This is a generalized form
of the previous three formats.
A void ** (ptr) should be supplied, followed by a ber_len_t * (len)
and a ber_len_t (off).
Upon return (ptr) will point to a dynamically allocated array
whose elements are all of size (*len). A struct berval will be filled
starting at offset (off) in each element. The strings in each struct
berval reside in memory assigned to the BerElement and must not be
freed by the caller. The array is terminated by a struct berval
with a NULL bv_val string pointer. NULL is returned if the sequence
is empty. The number of elements in the array is also stored
in (*len) on return. The caller should free the returned array using
.BR ber_memfree ().
.TP
.B l
Length of the next element. A pointer to a ber_len_t should be supplied.
.TP
.B t
Tag of the next element. A pointer to a ber_tag_t should be supplied.
.TP
.B T
Skip element and return its tag. A pointer to a ber_tag_t should be supplied.
.TP
.B x
Skip element. The next element is skipped.
.TP
.B {
Begin sequence. No parameter is required. The initial sequence tag
and length are skipped.
.TP
.B }
End sequence. No parameter is required and no action is taken.
.TP
.B [
Begin set. No parameter is required. The initial set tag
and length are skipped.
.TP
.B ]
End set. No parameter is required and no action is taken.
.RE
.LP
The
.BR ber_get_int ()
routine tries to interpret the next element as an integer,
returning the result in \fInum\fP. The tag of whatever it finds is returned
on success, LBER_ERROR (\-1) on failure.
.LP
The
.BR ber_get_stringb ()
routine is used to read an octet string into a
preallocated buffer. The \fIlen\fP parameter should be initialized to
the size of the buffer, and will contain the length of the octet string
read upon return. The buffer should be big enough to take the octet
string value plus a terminating NULL byte.
.LP
The
.BR ber_get_stringa ()
routine is used to dynamically allocate space into
which an octet string is read.
The caller should free the returned string using
.BR ber_memfree().
.LP
The
.BR ber_get_stringal ()
routine is used to dynamically allocate space
into which an octet string and its length are read. It takes a
struct berval **, and returns the result in this parameter.
The caller should free the returned structure using
.BR ber_bvfree().
.LP
The
.BR ber_get_stringbv ()
routine is used to read an octet string and its length into the
provided struct berval *. If the \fIalloc\fP parameter is zero, the string
will reside in memory assigned to the BerElement, and must not be freed
by the caller. If the \fIalloc\fP parameter is non-zero, the string will be
copied into dynamically allocated space which should be returned using
.BR ber_memfree ().
.LP
The
.BR ber_get_null ()
routine is used to read a NULL element. It returns
the tag of the element it skips over.
.LP
The
.BR ber_get_boolean ()
routine is used to read a boolean value. It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_enum ()
routine is used to read a enumeration value. It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_bitstringa ()
routine is used to read a bitstring value. It
takes a char ** which will hold the dynamically allocated bits, followed by an
ber_len_t *, which will point to the length (in bits) of the bitstring returned.
The caller should free the returned string using
.BR ber_memfree ().
.LP
The
.BR ber_first_element ()
routine is used to return the tag and length
of the first element in a set or sequence. It also returns in \fIcookie\fP
a magic cookie parameter that should be passed to subsequent calls to
ber_next_element(), which returns similar information.
.SH EXAMPLES
Assume the variable \fIber\fP contains a lightweight BER encoding of
the following ASN.1 object:
.LP
.nf
AlmostASearchRequest := SEQUENCE {
baseObject DistinguishedName,
scope ENUMERATED {
baseObject (0),
singleLevel (1),
wholeSubtree (2)
},
derefAliases ENUMERATED {
neverDerefaliases (0),
derefInSearching (1),
derefFindingBaseObj (2),
alwaysDerefAliases (3)
},
sizelimit INTEGER (0 .. 65535),
timelimit INTEGER (0 .. 65535),
attrsOnly BOOLEAN,
attributes SEQUENCE OF AttributeType
}
.fi
.LP
The element can be decoded using
.BR ber_scanf ()
as follows.
.LP
.nf
ber_int_t scope, deref, size, time, attrsonly;
char *dn, **attrs;
ber_tag_t tag;
tag = ber_scanf( ber, "{aeeiib{v}}",
&dn, &scope, &deref,
&size, &time, &attrsonly, &attrs );
if( tag == LBER_ERROR ) {
/* error */
} else {
/* success */
}
ber_memfree( dn );
ber_memvfree( attrs );
.fi
.SH ERRORS
If an error occurs during decoding, generally these routines return
LBER_ERROR ((ber_tag_t)\-1).
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
.B
header file. Some routines may dynamically allocate memory
which must be freed by the caller using supplied deallocation routines.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e73a000081a4000017820000044e0000000148d0f142000023010000022d0000016a00000000000000000000002300000000reloc/share/man/man3/ldap_schema.3 .TH LDAP_SCHEMA 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_schema.3,v 1.12.2.5 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 2000-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free,
ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name,
ldap_matchingrule_free,
ldap_str2attributetype, ldap_attributetype2str,
ldap_attributetype2name, ldap_attributetype_free,
ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name,
ldap_objectclass_free,
ldap_scherr2str \- Schema definition handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
.nf
.ft B
#include
#include
.LP
.ft B
LDAPSyntax * ldap_str2syntax(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_syntax2str(syn)
.ft
const LDAPSyntax * syn;
.LP
.ft B
const char * ldap_syntax2name(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
ldap_syntax_free(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_matchingrule2str(mr);
.ft
const LDAPMatchingRule * mr;
.LP
.ft B
const char * ldap_matchingrule2name(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
ldap_matchingrule_free(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_attributetype2str(at)
.ft
const LDAPAttributeType * at;
.LP
.ft B
const char * ldap_attributetype2name(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
ldap_attributetype_free(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_objectclass2str(oc)
.ft
const LDAPObjectClass * oc;
.LP
.ft B
const char * ldap_objectclass2name(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
ldap_objectclass_free(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
char * ldap_scherr2str(code)
.ft
int code;
.SH DESCRIPTION
These routines are used to parse schema definitions in the syntax
defined in RFC 2252 into structs and handle these structs. These
routines handle four kinds of definitions: syntaxes, matching rules,
attribute types and object classes. For each definition kind, four
routines are provided.
.LP
.B ldap_str2xxx()
takes a definition in RFC 2252 format in argument
.IR s
as a NUL-terminated string and returns, if possible, a pointer to a
newly allocated struct of the appropriate kind. The caller is
responsible for freeing the struct by calling
.B ldap_xxx_free()
when not needed any longer. The routine returns NULL if some problem
happened. In this case, the integer pointed at by argument
.IR code
will receive an error code (see below the description of
.B ldap_scherr2str()
for an explanation of the values) and a pointer to a NUL-terminated
string will be placed where requested by argument
.IR errp
, indicating where in argument
.IR s
the error happened, so it must not be freed by the caller. Argument
.IR flags
is a bit mask of parsing options controlling the relaxation of the
syntax recognized. The following values are defined:
.TP
.B LDAP_SCHEMA_ALLOW_NONE
strict parsing according to RFC 2252.
.TP
.B LDAP_SCHEMA_ALLOW_NO_OID
permit definitions that do not contain an initial OID.
.TP
.B LDAP_SCHEMA_ALLOW_QUOTED
permit quotes around some items that should not have them.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR
permit a
.B descr
instead of a numeric OID in places where the syntax expect the latter.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR_PREFIX
permit that the initial numeric OID contains a prefix in
.B descr
format.
.TP
.B LDAP_SCHEMA_ALLOW_ALL
be very liberal, include all options.
.LP
The structures returned are as follows:
.sp
.RS
.nf
.ne 7
.ta 8n 16n 32n
typedef struct ldap_schema_extension_item {
char *lsei_name; /* Extension name */
char **lsei_values; /* Extension values */
} LDAPSchemaExtensionItem;
typedef struct ldap_syntax {
char *syn_oid; /* OID */
char **syn_names; /* Names */
char *syn_desc; /* Description */
LDAPSchemaExtensionItem **syn_extensions; /* Extension */
} LDAPSyntax;
typedef struct ldap_matchingrule {
char *mr_oid; /* OID */
char **mr_names; /* Names */
char *mr_desc; /* Description */
int mr_obsolete; /* Is obsolete? */
char *mr_syntax_oid; /* Syntax of asserted values */
LDAPSchemaExtensionItem **mr_extensions; /* Extensions */
} LDAPMatchingRule;
typedef struct ldap_attributetype {
char *at_oid; /* OID */
char **at_names; /* Names */
char *at_desc; /* Description */
int at_obsolete; /* Is obsolete? */
char *at_sup_oid; /* OID of superior type */
char *at_equality_oid; /* OID of equality matching rule */
char *at_ordering_oid; /* OID of ordering matching rule */
char *at_substr_oid; /* OID of substrings matching rule */
char *at_syntax_oid; /* OID of syntax of values */
int at_syntax_len; /* Suggested minimum maximum length */
int at_single_value; /* Is single-valued? */
int at_collective; /* Is collective? */
int at_no_user_mod; /* Are changes forbidden through LDAP? */
int at_usage; /* Usage, see below */
LDAPSchemaExtensionItem **at_extensions; /* Extensions */
} LDAPAttributeType;
typedef struct ldap_objectclass {
char *oc_oid; /* OID */
char **oc_names; /* Names */
char *oc_desc; /* Description */
int oc_obsolete; /* Is obsolete? */
char **oc_sup_oids; /* OIDs of superior classes */
int oc_kind; /* Kind, see below */
char **oc_at_oids_must; /* OIDs of required attribute types */
char **oc_at_oids_may; /* OIDs of optional attribute types */
LDAPSchemaExtensionItem **oc_extensions; /* Extensions */
} LDAPObjectClass;
.ta
.fi
.RE
.PP
Some integer fields (those described with a question mark) have a
truth value, for these fields the possible values are:
.TP
.B LDAP_SCHEMA_NO
The answer to the question is no.
.TP
.B LDAP_SCHEMA_YES
The answer to the question is yes.
.LP
For attribute types, the following usages are possible:
.TP
.B LDAP_SCHEMA_USER_APPLICATIONS
the attribute type is non-operational.
.TP
.B LDAP_SCHEMA_DIRECTORY_OPERATION
the attribute type is operational and is pertinent to the directory
itself, i.e. it has the same value on all servers that master the
entry containing this attribute type.
.TP
.B LDAP_SCHEMA_DISTRIBUTED_OPERATION
the attribute type is operational and is pertinent to replication,
shadowing or other distributed directory aspect. TBC.
.TP
.B LDAP_SCHEMA_DSA_OPERATION
the attribute type is operational and is pertinent to the directory
server itself, i.e. it may have different values for the same entry
when retrieved from different servers that master the entry.
.LP
Object classes can be of three kinds:
.TP
.B LDAP_SCHEMA_ABSTRACT
the object class is abstract, i.e. there cannot be entries of this
class alone.
.TP
.B LDAP_SCHEMA_STRUCTURAL
the object class is structural, i.e. it describes the main role of the
entry. On some servers, once the entry is created the set of
structural object classes assigned cannot be changed: none of those
present can be removed and none other can be added.
.TP
.B LDAP_SCHEMA_AUXILIARY
the object class is auxiliary, i.e. it is intended to go with other,
structural, object classes. These can be added or removed at any time
if attribute types are added or removed at the same time as needed by
the set of object classes resulting from the operation.
.LP
Routines
.B ldap_xxx2name()
return a canonical name for the definition.
.LP
Routines
.B ldap_xxx2str()
return a string representation in the format described by RFC 2252 of
the struct passed in the argument. The string is a newly allocated
string that must be freed by the caller. These routines may return
NULL if no memory can be allocated for the string.
.LP
.B ldap_scherr2str()
returns a NUL-terminated string with a text description of the error
found. This is a pointer to a static area, so it must not be freed by
the caller. The argument
.IR code
comes from one of the parsing routines and can adopt the following
values:
.TP
.B LDAP_SCHERR_OUTOFMEM
Out of memory.
.TP
.B LDAP_SCHERR_UNEXPTOKEN
Unexpected token.
.TP
.B LDAP_SCHERR_NOLEFTPAREN
Missing opening parenthesis.
.TP
.B LDAP_SCHERR_NORIGHTPAREN
Missing closing parenthesis.
.TP
.B LDAP_SCHERR_NODIGIT
Expecting digit.
.TP
.B LDAP_SCHERR_BADNAME
Expecting a name.
.TP
.B LDAP_SCHERR_BADDESC
Bad description.
.TP
.B LDAP_SCHERR_BADSUP
Bad superiors.
.TP
.B LDAP_SCHERR_DUPOPT
Duplicate option.
.TP
.B LDAP_SCHERR_EMPTY
Unexpected end of data.
.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e724000081a4000017820000044e0000000148d0f13a000021500000022d0000016a00000000000000000000002300000000reloc/share/man/man3/lber-encode.3 .TH LBER_ENCODE 3 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-encode.3,v 1.19.2.5 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ber_alloc_t, ber_flush, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- LBER simplified Basic Encoding Rules library routines for encoding
.SH LIBRARY
OpenLDAP LBER (liblber, -llber)
.SH SYNOPSIS
.B #include
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_seq(BerElement *" ber ");"
.LP
.BI "int ber_put_set(BerElement *" ber ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1. The version
of BER these routines support is the one defined for the LDAP
protocol. The encoding rules are the same as BER, except that
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form. This
man page describes the encoding routines in the lber library. See
.BR lber-decode (3)
for details on the corresponding decoding routines. Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_alloc_t ()
to allocate a BER element for encoding,
.BR ber_printf ()
to do the actual encoding, and
.BR ber_flush ()
to actually write the element. The other routines are provided for those
applications that need more control than
.BR ber_printf ()
provides. In
general, these routines return the length of the element encoded, or
-1 if an error occurred.
.LP
The
.BR ber_alloc_t ()
routine is used to allocate a new BER element. It
should be called with an argument of LBER_USE_DER.
.LP
The
.BR ber_flush ()
routine is used to actually write the element to a socket
(or file) descriptor, once it has been fully encoded (using
.BR ber_printf ()
and friends). See
.BR lber-sockbuf (3)
for more details on the Sockbuf implementation of the \fIsb\fP parameter.
If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will
be freed after its contents have been flushed.
.LP
The
.BR ber_printf ()
routine is used to encode a BER element in much the same way that
.BR sprintf (3)
works. One important difference, though, is
that some state information is kept with the \fIber\fP parameter so
that multiple calls can be made to
.BR ber_printf ()
to append things to the end of the BER element.
.BR Ber_printf ()
writes to \fIber\fP, a pointer to a BerElement such as returned by
.BR ber_alloc_t ().
It interprets and
formats its arguments according to the format string \fIfmt\fP.
The format string can contain the following characters:
.RS
.LP
.TP 3
.B b
Boolean. An ber_int_t parameter should be supplied. A boolean element
is output.
.TP
.B e
Enumeration. An ber_int_t parameter should be supplied. An
enumeration element is output.
.TP
.B i
Integer. An ber_int_t parameter should be supplied. An integer element
is output.
.TP
.B B
Bitstring. A char * pointer to the start of the bitstring is supplied,
followed by the number of bits in the bitstring. A bitstring element
is output.
.TP
.B n
Null. No parameter is required. A null element is output.
.TP
.B o
Octet string. A char * is supplied, followed by the length of the
string pointed to. An octet string element is output.
.TP
.B O
Octet string. A struct berval * is supplied.
An octet string element is output.
.TP
.B s
Octet string. A null-terminated string is supplied. An octet string
element is output, not including the trailing NULL octet.
.TP
.B t
Tag. A ber_tag_t specifying the tag to give the next element
is provided. This works across calls.
.TP
.B v
Several octet strings. A null-terminated array of char *'s is
supplied. Note that a construct like '{v}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B V
Several octet strings. A null-terminated array of struct berval *'s
is supplied. Note that a construct like '{V}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B W
Several octet strings. An array of struct berval's is supplied. The
array is terminated by a struct berval with a NULL bv_val.
Note that a construct like '{W}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B {
Begin sequence. No parameter is required.
.TP
.B }
End sequence. No parameter is required.
.TP
.B [
Begin set. No parameter is required.
.TP
.B ]
End set. No parameter is required.
.RE
.LP
The
.BR ber_put_int ()
routine writes the integer element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_enum ()
routine writes the enumeration element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_boolean ()
routine writes the boolean value given by \fIbool\fP to the BER element.
.LP
The
.BR ber_put_bitstring ()
routine writes \fIblen\fP bits starting
at \fIstr\fP as a bitstring value to the given BER element. Note
that \fIblen\fP is the length \fIin bits\fP of the bitstring.
.LP
The
.BR ber_put_ostring ()
routine writes \fIlen\fP bytes starting at
\fIstr\fP to the BER element as an octet string.
.LP
The
.BR ber_put_string ()
routine writes the null-terminated string (minus
the terminating '\0') to the BER element as an octet string.
.LP
The
.BR ber_put_null ()
routine writes a NULL element to the BER element.
.LP
The
.BR ber_start_seq ()
routine is used to start a sequence in the BER element. The
.BR ber_start_set ()
routine works similarly.
The end of the sequence or set is marked by the nearest matching call to
.BR ber_put_seq ()
or
.BR ber_put_set (),
respectively.
.SH EXAMPLES
Assuming the following variable declarations, and that the variables
have been assigned appropriately, an lber encoding of
the following ASN.1 object:
.LP
.nf
AlmostASearchRequest := SEQUENCE {
baseObject DistinguishedName,
scope ENUMERATED {
baseObject (0),
singleLevel (1),
wholeSubtree (2)
},
derefAliases ENUMERATED {
neverDerefaliases (0),
derefInSearching (1),
derefFindingBaseObj (2),
alwaysDerefAliases (3)
},
sizelimit INTEGER (0 .. 65535),
timelimit INTEGER (0 .. 65535),
attrsOnly BOOLEAN,
attributes SEQUENCE OF AttributeType
}
.fi
.LP
can be achieved like so:
.LP
.nf
int rc;
ber_int_t scope, ali, size, time, attrsonly;
char *dn, **attrs;
BerElement *ber;
/* ... fill in values ... */
ber = ber_alloc_t( LBER_USE_DER );
if ( ber == NULL ) {
/* error */
}
rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali,
size, time, attrsonly, attrs );
if( rc == -1 ) {
/* error */
} else {
/* success */
}
.fi
.SH ERRORS
If an error occurs during encoding, generally these routines return -1.
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
header file.
.SH SEE ALSO
.BR lber-decode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e73e000041ed000017820000044e0000000248d0f14d000000000000022d0000016a00000000000000000000001500000000reloc/share/man/man5 0707010001e73f000081a4000017820000044e0000000148d0f144000016e70000022d0000016a00000000000000000000001c00000000reloc/share/man/man5/ldif.5 .TH LDIF 5 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man5/ldif.5,v 1.18.2.6 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldif \- LDAP Data Interchange Format
.SH DESCRIPTION
The LDAP Data Interchange Format (LDIF) is used to represent LDAP
entries and change records in text form. LDAP tools, such as
.BR ldapadd (1) and .BR ldapsearch (1), read and write LDIF entry
records. ldapmodify(1) reads LDIF change records.
.LP
This manual page provides a basic description of LDIF. A
formal specification of LDIF is published in RFC 2849.
.SH ENTRY RECORDS
.LP
LDIF entry records are used to represent directory entries. The basic
form of an entry record is:
.LP
.nf
.ft tt
dn:
:
:
::
:<
...
.ft
.fi
.LP
The value may be specified as UTF-8 text or as base64 encoded data,
or a URI may be provided to the location of the attribute value.
.LP
A line may be continued by starting the next line with a single space
or tab, e.g.,
.LP
.nf
.ft tt
dn: cn=Barbara J Jensen,dc=exam
ple,dc=com
.ft
.fi
.LP
Lines beginning with a sharp sign ('#') are ignored.
.LP
Multiple attribute values are specified on separate lines, e.g.,
.LP
.nf
.ft tt
cn: Barbara J Jensen
cn: Babs Jensen
.ft
.fi
.LP
If an value contains a non-printing character, or begins
with a space or a colon ':', the is followed by a
double colon and the value is encoded in base 64 notation. e.g.,
the value " begins with a space" would be encoded like this:
.LP
.nf
.ft tt
cn:: IGJlZ2lucyB3aXRoIGEgc3BhY2U=
.ft
.fi
.LP
If the attribute value is located in a file, the is
followed by a ':<' and a file: URI. e.g., the value contained
in the file /tmp/value would be listed like this:
.LP
.nf
.ft tt
cn:< file:///tmp/value
.ft
.fi
Other URI schemes (ftp,http) may be supported as well.
.LP
Multiple entries within the same LDIF file are separated by blank
lines.
.SH ENTRY RECORD EXAMPLE
Here is an example of an LDIF file containing three entries.
.LP
.nf
.ft tt
dn: cn=Barbara J Jensen,dc=example,dc=com
cn: Barbara J Jensen
cn: Babs Jensen
objectclass: person
description:< file:///tmp/babs
sn: Jensen
dn: cn=Bjorn J Jensen,dc=example,dc=com
cn: Bjorn J Jensen
cn: Bjorn Jensen
objectclass: person
sn: Jensen
dn: cn=Jennifer J Jensen,dc=example,dc=com
cn: Jennifer J Jensen
cn: Jennifer Jensen
objectclass: person
sn: Jensen
jpegPhoto:: /9j/4AAQSkZJRgABAAAAAQABAAD/2wBDABALD
A4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQ
ERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P/2wBDARESEhgVG
...
.ft
.fi
.LP
Note that the description in Barbara Jensen's entry is
read from file:///tmp/babs and the jpegPhoto in Jennifer
Jensen's entry is encoded using base 64.
.SH CHANGE RECORDS
LDIF change records are used to represent directory change requests.
Each change record starts with line indicating the distinguished
name of the entry being changed:
.LP
.nf
dn:
.fi
.LP
.nf
changetype: <[modify|add|delete|modrdn]>
.fi
.LP
Finally, the change information itself is given, the format of which
depends on what kind of change was specified above. For a \fIchangetype\fP
of \fImodify\fP, the format is one or more of the following:
.LP
.nf
add:
:
:
...
-
.fi
.LP
Or, for a replace modification:
.LP
.nf
replace:
:
:
...
-
.fi
.LP
If no \fIattributetype\fP lines are given to replace,
the entire attribute is to be deleted (if present).
.LP
Or, for a delete modification:
.LP
.nf
delete:
:
:
...
-
.fi
.LP
If no \fIattributetype\fP lines are given to delete,
the entire attribute is to be deleted.
.LP
For a \fIchangetype\fP of \fIadd\fP, the format is:
.LP
.nf
:
:
...
:
:
.fi
.LP
For a \fIchangetype\fP of \fImodrdn\fP or \fImoddn\fP,
the format is:
.LP
.nf
newrdn:
deleteoldrdn: 0 | 1
newsuperior:
.fi
.LP
where a value of 1 for deleteoldrdn means to delete the values
forming the old rdn from the entry, and a value of 0 means to
leave the values as non-distinguished attributes in the entry.
The newsuperior line is optional and, if present, specifies the
new superior to move the entry to.
.LP
For a \fIchangetype\fP of \fIdelete\fP, no additional information
is needed in the record.
.LP
Note that attribute values may be presented using base64 or in
files as described for entry records. Lines in change records
may be continued in the manner described for entry records as
well.
.SH CHANGE RECORD EXAMPLE
The following sample LDIF file contains a change record
of each type of change.
.LP
.nf
dn: cn=Babs Jensen,dc=example,dc=com
changetype: add
objectclass: person
objectclass: extensibleObject
cn: babs
cn: babs jensen
sn: jensen
dn: cn=Babs Jensen,dc=example,dc=com
changetype: modify
add: givenName
givenName: Barbara
givenName: babs
-
replace: description
description: the fabulous babs
-
delete: sn
sn: jensen
-
dn: cn=Babs Jensen,dc=example,dc=com
changetype: modrdn
newrdn: cn=Barbara J Jensen
deleteoldrdn: 0
newsuperior: ou=People,dc=example,dc=com
dn: cn=Barbara J Jensen,ou=People,dc=example,dc=com
changetype: delete
.fi
.SH SEE ALSO
.BR ldap (3),
.BR ldapsearch (1),
.BR ldapadd (1),
.BR ldapmodify (1),
.BR slapd.replog (5).
.LP
"LDAP Data Interchange Format," Good, G., RFC 2849.
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e71a000041ed000017820000044e0000000248d0f14d000000000000022d0000016a00000000000000000000001500000000reloc/share/man/man1 0707010001e71e000081a4000017820000044e0000000148d0f139000015600000022d0000016a00000000000000000000002200000000reloc/share/man/man1/ldapmodrdn.1 .TH LDAPMODRDN 1 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapmodrdn.1,v 1.34.2.7 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldapmodrdn \- LDAP rename entry tool
.SH SYNOPSIS
.B ldapmodrdn
[\c
.BR \-r ]
[\c
.BI \-s \ newsup\fR]
[\c
.BR \-n ]
[\c
.BR \-v ]
[\c
.BR \-c ]
[\c
.BR \-M[M] ]
[\c
.BI \-d \ debuglevel\fR]
[\c
.BI \-D \ binddn\fR]
[\c
.BR \-W ]
[\c
.BI \-w \ passwd\fR]
[\c
.BI \-y \ passwdfile\fR]
[\c
.BI \-H \ ldapuri\fR]
[\c
.BI \-h \ ldaphost\fR]
[\c
.BI \-p \ ldapport\fR]
[\c
.BI \-P \ 2\fR\||\|\fI3\fR]
[\c
.BR \-O \ security-properties ]
[\c
.BR \-I ]
[\c
.BR \-Q ]
[\c
.BI \-U \ authcid\fR]
[\c
.BI \-R \ realm\fR]
[\c
.BR \-x ]
[\c
.BI \-X \ authzid\fR]
[\c
.BI \-Y \ mech\fR]
[\c
.BR \-Z[Z] ]
[\c
.BI \-f \ file\fR]
[\c
.I dn rdn\fR]
.SH DESCRIPTION
.B ldapmodrdn
is a shell-accessible interface to the
.BR ldap_modrdn2 (3)
library call.
.LP
.B ldapmodrdn
opens a connection to an LDAP server, binds, and modifies the RDN of entries.
The entry information is read from standard input, from \fIfile\fP through
the use of the
.RI \- f
option, or from the command-line pair \fIdn\fP and
\fIrdn\fP.
.SH OPTIONS
.TP
.B \-r
Remove old RDN values from the entry. Default is to keep old values.
.TP
.BI \-s \ newsup
Specify a new superior entry. (I.e., move the target entry and make it a
child of the new superior.) This option is not supported in LDAPv2.
.TP
.B \-n
Show what would be done, but don't actually change entries. Useful for
debugging in conjunction with -v.
.TP
.B \-v
Use verbose mode, with many diagnostics written to standard output.
.TP
.B \-c
Continuous operation mode. Errors are reported, but ldapmodrdn
will continue with modifications. The default is to exit after
reporting an error.
.TP
.B \-M[M]
Enable manage DSA IT control.
.B \-MM
makes control critical.
.TP
.B \-d debuglevel
Set the LDAP debugging level to \fIdebuglevel\fP.
.B ldapmodrdn
must be
compiled with LDAP_DEBUG defined for this option to have any effect.
.TP
.B \-f file
Read the entry modification information from \fIfile\fP instead of from
standard input or the command-line.
.TP
.B \-x
Use simple authentication instead of SASL.
.TP
.B \-D binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
.TP
.B \-W
Prompt for simple authentication.
This is used instead of specifying the password on the command line.
.TP
.B \-w passwd
Use \fIpasswd\fP as the password for simple authentication.
.TP
.BI \-y \ passwdfile
Use complete contents of \fIpasswdfile\fP as the password for
simple authentication.
.TP
.BI \-H \ ldapuri
Specify URI(s) referring to the ldap server(s); only the protocol/host/port
fields are allowed; a list of URI, separated by whitespace or commas
is expected.
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
Deprecated in favor of -H.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
Deprecated in favor of -H.
.TP
.BI \-P \ 2\fR\||\|\fI3
Specify the LDAP protocol version to use.
.TP
.BI \-O \ security-properties
Specify SASL security properties.
.TP
.B \-I
Enable SASL Interactive mode. Always prompt. Default is to prompt
only as needed.
.TP
.B \-Q
Enable SASL Quiet mode. Never prompt.
.TP
.BI \-U \ authcid
Specify the authentication ID for SASL bind. The form of the ID
depends on the actual SASL mechanism used.
.TP
.BI \-R \ realm
Specify the realm of authentication ID for SASL bind. The form of the realm
depends on the actual SASL mechanism used.
.TP
.BI \-X \ authzid
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
.B dn:\c
.I
or
.B u:\c
.I
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
.B \-Z[Z]
Issue StartTLS (Transport Layer Security) extended operation. If you use
.B \-ZZ\c
, the command will require the operation to be successful.
.SH INPUT FORMAT
If the command-line arguments \fIdn\fP and \fIrdn\fP are given, \fIrdn\fP
will replace the RDN of the entry specified by the DN, \fIdn\fP.
.LP
Otherwise, the contents of \fIfile\fP (or standard input if
no
.RI \- f
flag is given) should consist of one or more entries.
.LP
.nf
Distinguished Name (DN)
Relative Distinguished Name (RDN)
.fi
.LP
One or more blank lines may be used to separate each DN/RDN pair.
.SH EXAMPLE
Assuming that the file
.B /tmp/entrymods
exists and has the contents:
.LP
.nf
cn=Modify Me,dc=example,dc=com
cn=The New Me
.fi
.LP
the command:
.LP
.nf
ldapmodrdn -r -f /tmp/entrymods
.fi
.LP
will change the RDN of the "Modify Me" entry from "Modify Me" to
"The New Me" and the old cn, "Modify Me" will be removed.
.LP
.SH DIAGNOSTICS
Exit status is 0 if no errors occur. Errors result in a non-zero exit
status and a diagnostic message being written to standard error.
.SH "SEE ALSO"
.BR ldapadd (1),
.BR ldapdelete (1),
.BR ldapmodify (1),
.BR ldapsearch (1),
.BR ldap.conf (5),
.BR ldap (3),
.BR ldap_modrdn2 (3)
.SH AUTHOR
The OpenLDAP Project
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e71b000081a4000017820000044e0000000148d0f139000012610000022d0000016a00000000000000000000002300000000reloc/share/man/man1/ldapcompare.1 .TH LDAPCOMPARE 1 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapcompare.1,v 1.8.2.6 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldapcompare \- LDAP compare tool
.SH SYNOPSIS
.B ldapcompare
[\c
.BR \-n ]
[\c
.BR \-v ]
[\c
.BR \-z ]
[\c
.BR \-M[M] ]
[\c
.BI \-d \ debuglevel\fR]
[\c
.BI \-D \ binddn\fR]
[\c
.BR \-W ]
[\c
.BI \-w \ passwd\fR]
[\c
.BI \-y \ passwdfile\fR]
[\c
.BI \-H \ ldapuri\fR]
[\c
.BI \-h \ ldaphost\fR]
[\c
.BI \-p \ ldapport\fR]
[\c
.BI \-P \ 2\fR\||\|\fI3\fR]
[\c
.BR \-O \ security-properties ]
[\c
.BR \-I ]
[\c
.BR \-Q ]
[\c
.BI \-U \ authcid\fR]
[\c
.BI \-R \ realm\fR]
[\c
.BR \-x ]
[\c
.BI \-X \ authzid\fR]
[\c
.BI \-Y \ mech\fR]
[\c
.BR \-Z[Z] ]
.IR DN \ <
.BR attr:value \ |
.BR attr::b64value \ >
.SH DESCRIPTION
.I ldapcompare
is a shell-accessible interface to the
.BR ldap_compare (3)
library call.
.LP
.B ldapcompare
opens a connection to an LDAP server, binds, and performs a compare
using specified parameters. The \fIDN\fP should be a distinguished
name in the directory. \fIAttr\fP should be a known attribute. If
followed by one colon, the assertion \fIvalue\fP should be provided
as a string. If followed by two colons, the base64 encoding of the
value is provided. The result code of the compare is provided as
the exit code and, unless ran with -z, the program prints
TRUE, FALSE, or UNDEFINED on standard output.
.LP
.SH OPTIONS
.TP
.B \-n
Show what would be done, but don't actually perform the compare. Useful for
debugging in conjunction with -v.
.TP
.B \-v
Run in verbose mode, with many diagnostics written to standard output.
.TP
.B \-z
Run in quiet mode, no output is written. You must check the return
status. Useful in shell scripts.
.TP
.B \-M[M]
Enable manage DSA IT control.
.B \-MM
makes control critical.
.TP
.BI \-d \ debuglevel
Set the LDAP debugging level to \fIdebuglevel\fP.
.B ldapcompare
must be compiled with LDAP_DEBUG defined for this option to have any effect.
.TP
.B \-x
Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
.TP
.B \-W
Prompt for simple authentication.
This is used instead of specifying the password on the command line.
.TP
.BI \-w \ passwd
Use \fIpasswd\fP as the password for simple authentication.
.TP
.BI \-y \ passwdfile
Use complete contents of \fIpasswdfile\fP as the password for
simple authentication.
.TP
.BI \-H \ ldapuri
Specify URI(s) referring to the ldap server(s); only the protocol/host/port
fields are allowed; a list of URI, separated by whitespace or commas
is expected.
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
Deprecated in favor of -H.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
Deprecated in favor of -H.
.TP
.BI \-P \ 2\fR\||\|\fI3
Specify the LDAP protocol version to use.
.TP
.BI \-O \ security-properties
Specify SASL security properties.
.TP
.B \-I
Enable SASL Interactive mode. Always prompt. Default is to prompt
only as needed.
.TP
.B \-Q
Enable SASL Quiet mode. Never prompt.
.TP
.BI \-U \ authcid
Specify the authentication ID for SASL bind. The form of the ID
depends on the actual SASL mechanism used.
.TP
.BI \-R \ realm
Specify the realm of authentication ID for SASL bind. The form of the realm
depends on the actual SASL mechanism used.
.TP
.BI \-X \ authzid
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
.B dn:\c
.I
or
.B u:\c
.I
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
.B \-Z[Z]
Issue StartTLS (Transport Layer Security) extended operation. If you use
.B \-ZZ\c
, the command will require the operation to be successful.
.SH EXAMPLES
.nf
ldapcompare "uid=babs,dc=example,dc=com" sn:Jensen
ldapcompare "uid=babs,dc=example,dc=com" sn::SmVuc2Vu
.fi
are all equivalent.
.SH LIMITATIONS
Requiring the value be passed on the command line is limiting
and introduces some security concerns. The command should support
a mechanism to specify the location (file name or URL) to read
the value from.
.SH "SEE ALSO"
.BR ldap.conf (5),
.BR ldif (5),
.BR ldap (3),
.BR ldap_compare (3)
.SH AUTHOR
The OpenLDAP Project
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e71f000081a4000017820000044e0000000148d0f139000011bc0000022d0000016a00000000000000000000002200000000reloc/share/man/man1/ldappasswd.1 .TH LDAPPASSWD 1 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldappasswd.1,v 1.36.2.5 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldappasswd \- change the password of an LDAP entry
.SH SYNOPSIS
.B ldappasswd
[\c
.BR \-A ]
[\c
.BI \-a \ oldPasswd\fR]
[\c
.BI \-t \ oldpasswdfile\fR]
[\c
.BI \-D \ binddn\fR]
[\c
.BI \-d \ debuglevel\fR]
[\c
.BI \-H \ ldapuri\fR]
[\c
.BI \-h \ ldaphost\fR]
[\c
.BR \-n ]
[\c
.BI \-p \ ldapport\fR]
[\c
.BR \-S ]
[\c
.BI \-s \ newPasswd\fR]
[\c
.BI \-T \ newpasswdfile\fR]
[\c
.BR \-v ]
[\c
.BR \-W ]
[\c
.BI \-w \ passwd\fR]
[\c
.BI \-y \ passwdfile\fR]
[\c
.BR \-O \ security-properties ]
[\c
.BR \-I ]
[\c
.BR \-Q ]
[\c
.BI \-U \ authcid\fR]
[\c
.BI \-R \ authcid\fR]
[\c
.BR \-x ]
[\c
.BI \-X \ authzid\fR]
[\c
.BI \-R \ realm\fR]
[\c
.BI \-Y \ mech\fR]
[\c
.BR \-Z[Z] ]
[\c
.IR user ]
.SH DESCRIPTION
.B ldappasswd
is a tool to set the password of an LDAP user.
.B ldappasswd
uses the LDAPv3 Password Modify (RFC 3062) extended operation.
.LP
.B ldappasswd
sets the password of associated with the user [or an optionally
specified
.IR user ].
If the new
password is not specified on the command line and the user
doesn't enable prompting, the server will be asked to generate
a password for the user.
.LP
.B ldappasswd
is neither designed nor intended to be a replacement for
.BR passwd (1)
and should not be installed as such.
.SH OPTIONS
.TP
.BI \-A
Prompt for old password.
This is used instead of specifying the password on the command line.
.TP
.BI \-a \ oldPasswd
Set the old password to \fIoldPasswd\fP.
.TP
.BI \-t \ oldPasswdFile
Set the old password to the contents of \fIoldPasswdFile\fP.
.TP
.B \-x
Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
.TP
.BI \-d \ debuglevel
Set the LDAP debugging level to \fIdebuglevel\fP.
.B ldappasswd
must be compiled with LDAP_DEBUG defined for this option to have any effect.
.TP
.BI \-H \ ldapuri
Specify URI(s) referring to the ldap server(s); only the protocol/host/port
fields are allowed; a list of URI, separated by whitespace or commas
is expected.
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
Deprecated in favor of -H.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
Deprecated in favor of -H.
.TP
.B \-n
Do not set password. (Can be useful when used in conjunction with
.BR \-v \ or
.BR \-d )
.TP
.BI \-S
Prompt for new password.
This is used instead of specifying the password on the command line.
.TP
.BI \-s \ newPasswd
Set the new password to \fInewPasswd\fP.
.TP
.BI \-T \ newPasswdFile
Set the new password to the contents of \fInewPasswdFile\fP.
.TP
.B \-v
Increase the verbosity of output. Can be specified multiple times.
.TP
.BI \-W
Prompt for bind password.
This is used instead of specifying the password on the command line.
.TP
.BI \-w \ passwd
Use \fIpasswd\fP as the password to bind with.
.TP
.BI \-y \ passwdfile
Use complete contents of \fIpasswdfile\fP as the password for
simple authentication.
.TP
.BI \-O \ security-properties
Specify SASL security properties.
.TP
.B \-I
Enable SASL Interactive mode. Always prompt. Default is to prompt
only as needed.
.TP
.B \-Q
Enable SASL Quiet mode. Never prompt.
.TP
.BI \-U \ authcid
Specify the authentication ID for SASL bind. The form of the ID
depends on the actual SASL mechanism used.
.TP
.BI \-R \ realm
Specify the realm of authentication ID for SASL bind. The form of the realm
depends on the actual SASL mechanism used.
.TP
.BI \-X \ authzid
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
.BI dn:
or
.BI u: \fP.
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
.B \-Z[Z]
Issue StartTLS (Transport Layer Security) extended operation. If you use
.BR \-ZZ ,
the command will require the operation to be successful
.SH SEE ALSO
.BR ldap_sasl_bind (3),
.BR ldap_extended_operation (3),
.BR ldap_start_tls_s (3)
.SH AUTHOR
The OpenLDAP Project
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e720000081a4000017820000044e0000000148d0f139000030b30000022d0000016a00000000000000000000002200000000reloc/share/man/man1/ldapsearch.1 .TH LDAPSEARCH 1 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapsearch.1,v 1.49.2.14 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldapsearch \- LDAP search tool
.SH SYNOPSIS
.B ldapsearch
[\c
.BR \-n ]
[\c
.BR \-u ]
[\c
.BR \-v ]
[\c
.BR \-t[t] ]
[\c
.BI \-T \ path\fR]
[\c
.BI \-F \ prefix\fR]
[\c
.BR \-A ]
[\c
.BR \-C ]
[\c
.BR \-L[L[L]] ]
[\c
.BR \-M[M] ]
[\c
.BI \-S \ attribute\fR]
[\c
.BI \-d \ debuglevel\fR]
[\c
.BI \-f \ file\fR]
[\c
.BR \-x ]
[\c
.BI \-D \ binddn\fR]
[\c
.BR \-W ]
[\c
.BI \-w \ passwd\fR]
[\c
.BI \-y \ passwdfile\fR]
[\c
.BI \-H \ ldapuri\fR]
[\c
.BI \-h \ ldaphost\fR]
[\c
.BI \-p \ ldapport\fR]
[\c
.BI \-b \ searchbase\fR]
[\c
.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR\||\|\fIchildren\fR]
[\c
.BI \-a \ never\fR\||\|\fIalways\fR\||\|\fIsearch\fR\||\|\fIfind\fR]
[\c
.BI \-P \ 2\fR\||\|\fI3\fR]
[\c
.BR \-e \ [!]ext[=extparam]]
[\c
.BR \-E \ [!]ext[=extparam]]
[\c
.BI \-l \ timelimit\fR]
[\c
.BI \-z \ sizelimit\fR]
[\c
.BR \-O \ security-properties ]
[\c
.BR \-I ]
[\c
.BR \-Q ]
[\c
.BI \-U \ authcid\fR]
[\c
.BI \-R \ realm\fR]
[\c
.BI \-X \ authzid\fR]
[\c
.BI \-Y \ mech\fR]
[\c
.BR \-Z[Z] ]
.I filter
[\c
.IR attrs... ]
.SH DESCRIPTION
.I ldapsearch
is a shell-accessible interface to the
.BR ldap_search_ext (3)
library call.
.LP
.B ldapsearch
opens a connection to an LDAP server, binds, and performs a search
using specified parameters. The \fIfilter\fP should conform to
the string representation for search filters as defined in RFC 4515.
If not provided, the default filter, (objectClass=*), is used.
.LP
If
.B ldapsearch
finds one or more entries, the attributes specified by
\fIattrs\fP are returned. If * is listed, all user attributes are
returned. If + is listed, all operational attributes are returned.
If no \fIattrs\fP are listed, all user attributes are returned. If only
1.1 is listed, no attributes will be returned.
.SH OPTIONS
.TP
.B \-n
Show what would be done, but don't actually perform the search. Useful for
debugging in conjunction with -v.
.TP
.B \-u
Include the User Friendly Name form of the Distinguished Name (DN)
in the output.
.TP
.B \-v
Run in verbose mode, with many diagnostics written to standard output.
.TP
.B \-t[t]
A single -t writes retrieved non-printable values to a set of temporary
files. This is useful for dealing with values containing non-character
data such as jpegPhoto or audio. A second -t writes all retrieved values to
files.
.TP
.BI \-T \ path
Write temporary files to directory specified by \fIpath\fP (default:
/var/tmp/)
.TP
.BI \-F \ prefix
URL prefix for temporary files. Default is file://\fIpath\fP/ where
\fIpath\fP is /var/tmp/ or specified with -T.
.TP
.B \-A
Retrieve attributes only (no values). This is useful when you just want to
see if an attribute is present in an entry and are not interested in the
specific values.
.TP
.B \-C
Chase referrals (anonymously).
.TP
.B \-L
Search results are display in LDAP Data Interchange Format detailed in
.BR ldif (5).
A single -L restricts the output to LDIFv1.
A second -L disables comments.
A third -L disables printing of the LDIF version.
The default is to use an extended version of LDIF.
.TP
.B \-M[M]
Enable manage DSA IT control.
.B \-MM
makes control critical.
.TP
.BI \-S \ attribute
Sort the entries returned based on \fIattribute\fP. The default is not
to sort entries returned. If \fIattribute\fP is a zero-length string (""),
the entries are sorted by the components of their Distinguished Name. See
.BR ldap_sort (3)
for more details. Note that
.B ldapsearch
normally prints out entries as it receives them. The use of the
.B \-S
option defeats this behavior, causing all entries to be retrieved,
then sorted, then printed.
.TP
.BI \-d \ debuglevel
Set the LDAP debugging level to \fIdebuglevel\fP.
.B ldapsearch
must be compiled with LDAP_DEBUG defined for this option to have any effect.
.TP
.BI \-f \ file
Read a series of lines from \fIfile\fP, performing one LDAP search for
each line. In this case, the \fIfilter\fP given on the command line
is treated as a pattern where the first and only occurrence of \fB%s\fP
is replaced with a line from \fIfile\fP. Any other occurrence of the
the \fB%\fP character in the pattern will be regarded as an error.
Where it is desired that the search filter include a \fB%\fP character,
the character should be encoded as \fB\\25\fP (see RFC 4515).
If \fIfile\fP is a single
\fI-\fP character, then the lines are read from standard input.
.TP
.B \-x
Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
.TP
.B \-W
Prompt for simple authentication.
This is used instead of specifying the password on the command line.
.TP
.BI \-w \ passwd
Use \fIpasswd\fP as the password for simple authentication.
.TP
.BI \-y \ passwdfile
Use complete contents of \fIpasswdfile\fP as the password for
simple authentication.
.TP
.BI \-H \ ldapuri
Specify URI(s) referring to the ldap server(s); only the protocol/host/port
fields are allowed; a list of URI, separated by whitespace or commas
is expected.
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
Deprecated in favor of -H.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
Deprecated in favor of -H.
.TP
.BI \-b \ searchbase
Use \fIsearchbase\fP as the starting point for the search instead of
the default.
.TP
.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR\||\|\fIchildren
Specify the scope of the search to be one of
.IR base ,
.IR one ,
.IR sub ,
or
.I children
to specify a base object, one-level, subtree, or children search.
The default is
.IR sub .
Note:
.I children
scope requires LDAPv3 subordinate feature extension.
.TP
.BI \-a \ never\fR\||\|\fIalways\fR\||\|\fIsearch\fR\||\|\fIfind
Specify how aliases dereferencing is done. Should be one of
.IR never ,
.IR always ,
.IR search ,
or
.I find
to specify that aliases are never dereferenced, always dereferenced,
dereferenced when searching, or dereferenced only when locating the
base object for the search. The default is to never dereference aliases.
.TP
.BI \-P \ 2\fR\||\|\fI3
Specify the LDAP protocol version to use.
.TP
.B \-e \fI[!]ext[=extparam]\fP
.TP
.B \-E \fI[!]ext[=extparam]\fP
Specify general extensions with -e and search extensions with -E.
\'!\' indicates criticality.
General extensions:
.nf
[!]assert= (an RFC 4515 Filter)
[!]authzid= ("dn:" or "u:")
[!]manageDSAit
[!]noop
ppolicy
[!]postread[=] (a comma-separated attribute list)
[!]preread[=] (a comma-separated attribute list)
abandon, cancel (SIGINT sends abandon/cancel; not really controls)
.fi
Search extensions:
.nf
[!]domainScope (domain scope)
[!]mv= (matched values filter)
[!]pr=[/prompt|noprompt] (paged results/prompt)
[!]subentries[=true|false] (subentries)
[!]sync=ro[/] (LDAP Sync refreshOnly)
rp[/][/] (LDAP Sync refreshAndPersist)
.fi
.TP
.BI \-l \ timelimit
wait at most \fItimelimit\fP seconds for a search to complete.
A timelimit of
.I 0
(zero) or
.I none
means no limit.
A timelimit of
.I max
means the maximum integer allowable by the protocol.
A server may impose a maximal timelimit which only
the root user may override.
.TP
.BI \-z \ sizelimit
retrieve at most \fIsizelimit\fP entries for a search.
A sizelimit of
.I 0
(zero) or
.I none
means no limit.
A sizelimit of
.I max
means the maximum integer allowable by the protocol.
A server may impose a maximal sizelimit which only
the root user may override.
.TP
.BI \-O \ security-properties
Specify SASL security properties.
.TP
.B \-I
Enable SASL Interactive mode. Always prompt. Default is to prompt
only as needed.
.TP
.B \-Q
Enable SASL Quiet mode. Never prompt.
.TP
.BI \-U \ authcid
Specify the authentication ID for SASL bind. The form of the ID
depends on the actual SASL mechanism used.
.TP
.BI \-R \ realm
Specify the realm of authentication ID for SASL bind. The form of the realm
depends on the actual SASL mechanism used.
.TP
.BI \-X \ authzid
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
.B dn:\c
.I
or
.B u:\c
.I
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
.B \-Z[Z]
Issue StartTLS (Transport Layer Security) extended operation. If you use
.B \-ZZ\c
, the command will require the operation to be successful.
.SH OUTPUT FORMAT
If one or more entries are found, each entry is written to standard
output in LDAP Data Interchange Format or
.BR ldif (5):
.LP
.nf
version: 1
# bjensen, example, net
dn: uid=bjensen,dc=example,dc=net
objectClass: person
objectClass: dcObject
uid: bjensen
cn: Barbara Jensen
sn: Jensen
...
.fi
.LP
If the -t option is used, the URI of a temporary file
is used in place of the actual value. If the -A option
is given, only the "attributename" part is written.
.SH EXAMPLE
The following command:
.LP
.nf
ldapsearch -LLL "(sn=smith)" cn sn telephoneNumber
.fi
.LP
will perform a subtree search (using the default search base and
other parameters defined in
.BR ldap.conf (5))
for entries with a surname (sn) of smith. The common name (cn), surname
(sn) and telephoneNumber values will be retrieved and printed to
standard output.
The output might look something like this if two entries are found:
.LP
.nf
dn: uid=jts,dc=example,dc=com
cn: John Smith
cn: John T. Smith
sn: Smith
sn;lang-en: Smith
sn;lang-de: Schmidt
telephoneNumber: 1 555 123-4567
dn: uid=sss,dc=example,dc=com
cn: Steve Smith
cn: Steve S. Smith
sn: Smith
sn;lang-en: Smith
sn;lang-de: Schmidt
telephoneNumber: 1 555 765-4321
.fi
.LP
The command:
.LP
.nf
ldapsearch -LLL -u -t "(uid=xyz)" jpegPhoto audio
.fi
.LP
will perform a subtree search using the default search base for entries
with user id of "xyz". The user friendly form of the entry's DN will be
output after the line that contains the DN itself, and the jpegPhoto
and audio values will be retrieved and written to temporary files. The
output might look like this if one entry with one value for each of the
requested attributes is found:
.LP
.nf
dn: uid=xyz,dc=example,dc=com
ufn: xyz, example, com
audio:< file:///tmp/ldapsearch-audio-a19924
jpegPhoto:< file:///tmp/ldapsearch-jpegPhoto-a19924
.fi
.LP
This command:
.LP
.nf
ldapsearch -LLL -s one -b "c=US" "(o=University*)" o description
.fi
.LP
will perform a one-level search at the c=US level for all entries
whose organization name (o) begins begins with \fBUniversity\fP.
The organization name and description attribute values will be retrieved
and printed to standard output, resulting in output similar to this:
.LP
.nf
dn: o=University of Alaska Fairbanks,c=US
o: University of Alaska Fairbanks
description: Preparing Alaska for a brave new yesterday
description: leaf node only
dn: o=University of Colorado at Boulder,c=US
o: University of Colorado at Boulder
description: No personnel information
description: Institution of education and research
dn: o=University of Colorado at Denver,c=US
o: University of Colorado at Denver
o: UCD
o: CU/Denver
o: CU-Denver
description: Institute for Higher Learning and Research
dn: o=University of Florida,c=US
o: University of Florida
o: UFl
description: Warper of young minds
...
.fi
.SH DIAGNOSTICS
Exit status is zero if no errors occur.
Errors result in a non-zero exit status and
a diagnostic message being written to standard error.
.SH "SEE ALSO"
.BR ldapadd (1),
.BR ldapdelete (1),
.BR ldapmodify (1),
.BR ldapmodrdn (1),
.BR ldap.conf (5),
.BR ldif (5),
.BR ldap (3),
.BR ldap_search_ext (3),
.BR ldap_sort (3)
.SH AUTHOR
The OpenLDAP Project
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e71d000081a4000017820000044e0000000148d0f139000020440000022d0000016a00000000000000000000002200000000reloc/share/man/man1/ldapmodify.1 .TH LDAPMODIFY 1 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapmodify.1,v 1.44.2.7 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
.SH SYNOPSIS
.B ldapmodify
[\c
.BR \-a ]
[\c
.BR \-c ]
[\c
.BI \-S \ file\fR]
[\c
.BR \-n ]
[\c
.BR \-v ]
[\c
.BR \-M[M] ]
[\c
.BI \-d \ debuglevel\fR]
[\c
.BI \-D \ binddn\fR]
[\c
.BR \-W ]
[\c
.BI \-w \ passwd\fR]
[\c
.BI \-y \ passwdfile\fR]
[\c
.BI \-H \ ldapuri\fR]
[\c
.BI \-h \ ldaphost\fR]
[\c
.BI \-p \ ldapport\fR]
[\c
.BI \-P \ 2\fR\||\|\fI3\fR]
[\c
.BR \-O \ security-properties ]
[\c
.BR \-I ]
[\c
.BR \-Q ]
[\c
.BI \-U \ authcid\fR]
[\c
.BI \-R \ realm\fR]
[\c
.BR \-x ]
[\c
.BI \-X \ authzid\fR]
[\c
.BI \-Y \ mech\fR]
[\c
.BR \-Z[Z] ]
[\c
.BI \-f \ file\fR]
.LP
.B ldapadd
[\c
.BR \-c ]
[\c
.BI \-S \ file\fR]
[\c
.BR \-n ]
[\c
.BR \-v ]
[\c
.BR \-M[M] ]
[\c
.BI \-d \ debuglevel\fR]
[\c
.BI \-D \ binddn\fR]
[\c
.BR \-W ]
[\c
.BI \-w \ passwd\fR]
[\c
.BI \-y \ passwdfile\fR]
[\c
.BI \-h \ ldaphost\fR]
[\c
.BI \-p \ ldapport\fR]
[\c
.BI \-P \ 2\fR\||\|\fI3\fR]
[\c
.BR \-O \ security-properties ]
[\c
.BR \-I ]
[\c
.BR \-Q ]
[\c
.BI \-U \ authcid\fR]
[\c
.BI \-R \ realm\fR]
[\c
.BR \-x ]
[\c
.BI \-X \ authzid\fR]
[\c
.BI \-Y \ mech\fR]
[\c
.BR \-Z[Z] ]
[\c
.BI \-f \ file\fR]
.SH DESCRIPTION
.B ldapmodify
is a shell-accessible interface to the
.BR ldap_modify (3)
and
.BR ldap_add (3)
library calls.
.B ldapadd
is implemented as a hard link to the ldapmodify tool. When invoked as
.B ldapadd
the -a (add new entry) flag is turned on automatically.
.LP
.B ldapmodify
opens a connection to an LDAP server, binds, and modifies or adds entries.
The entry information is read from standard input or from \fIfile\fP through
the use of the -f option.
.SH OPTIONS
.TP
.B \-a
Add new entries. The default for
.B ldapmodify
is to modify existing entries. If invoked as
.BR ldapadd ,
this flag is always set.
.TP
.B \-c
Continuous operation mode. Errors are reported, but
.B ldapmodify
will continue with modifications. The default is to exit after
reporting an error.
.TP
.BI \-S \ file
Add or change records which where skipped due to an error are written to \fIfile\fP
and the error message returned by the server is added as a comment. Most useful in
conjunction with -c.
.TP
.B \-n
Show what would be done, but don't actually modify entries. Useful for
debugging in conjunction with -v.
.TP
.B \-v
Use verbose mode, with many diagnostics written to standard output.
.TP
.B \-F
Force application of all changes regardless of the contents of input
lines that begin with
.I replica:
(by default, replica: lines are compared against the LDAP server host
and port in use to decide if a replog record should actually be applied).
.TP
.B \-M[M]
Enable manage DSA IT control.
.B \-MM
makes control critical.
.TP
.BI \-d \ debuglevel
Set the LDAP debugging level to \fIdebuglevel\fP.
.B ldapmodify
must be compiled with LDAP_DEBUG defined for this option to have any effect.
.TP
.BI \-f \ file
Read the entry modification information from \fIfile\fP instead of from
standard input.
.TP
.B \-x
Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
.TP
.B \-W
Prompt for simple authentication.
This is used instead of specifying the password on the command line.
.TP
.BI \-w \ passwd
Use \fIpasswd\fP as the password for simple authentication.
.TP
.BI \-y \ passwdfile
Use complete contents of \fIpasswdfile\fP as the password for
simple authentication.
.TP
.BI \-H \ ldapuri
Specify URI(s) referring to the ldap server(s); only the protocol/host/port
fields are allowed; a list of URI, separated by whitespace or commas
is expected.
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
Deprecated in favor of -H.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
Deprecated in favor of -H.
.TP
.BI \-P \ 2\fR\||\|\fI3
Specify the LDAP protocol version to use.
.TP
.BI \-O \ security-properties
Specify SASL security properties.
.TP
.B \-I
Enable SASL Interactive mode. Always prompt. Default is to prompt
only as needed.
.TP
.B \-Q
Enable SASL Quiet mode. Never prompt.
.TP
.BI \-U \ authcid
Specify the authentication ID for SASL bind. The form of the ID
depends on the actual SASL mechanism used.
.TP
.BI \-R \ realm
Specify the realm of authentication ID for SASL bind. The form of the realm
depends on the actual SASL mechanism used.
.TP
.BI \-X \ authzid
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
.B dn:\c
.I
or
.B u:\c
.I
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
.B \-Z[Z]
Issue StartTLS (Transport Layer Security) extended operation. If you use
.B \-ZZ\c
, the command will require the operation to be successful.
.SH INPUT FORMAT
The contents of \fIfile\fP (or standard input if no \-f flag is given on
the command line) should conform to the format defined in
.BR ldif (1)
(LDIF as defined RFC 2849), or
.BR slapd.replog (5)
(an extended form of LDIF)
with the exceptions noted below.
.LP
Lines that begin with "replica:" are matched against the LDAP server host
and port in use to decide if a particular replog record should be applied.
Any other lines that precede the "dn:" line are ignored.
The -F flag can be used to force
.I ldapmodify
to apply all of the replog changes, regardless of the presence or
absence of any "replica:" lines.
.LP
If no "changetype:" line is present, the default is "add" if the -a
flag is set (or if the program was invoked as
.I ldapadd)
and "modify" otherwise.
.LP
If changetype is "modify" and no "add:", "replace:", or "delete:" lines
appear, the default is "replace" for
.BR ldapmodify (1)
and "add" for
.BR ldapadd (1).
.LP
Note that the above exceptions to the
.BR slapd.replog (5)
format allow
.BR ldif (5)
entries to be used as input to
.I ldapmodify
or
.I ldapadd.
.SH EXAMPLES
Assuming that the file
.B /tmp/entrymods
exists and has the contents:
.LP
.nf
dn: cn=Modify Me,dc=example,dc=com
changetype: modify
replace: mail
mail: modme@example.com
-
add: title
title: Grand Poobah
-
add: jpegPhoto
jpegPhoto:< file:///tmp/modme.jpeg
-
delete: description
-
.fi
.LP
the command:
.LP
.nf
ldapmodify -f /tmp/entrymods
.fi
.LP
will replace the contents of the "Modify Me" entry's
.I mail
attribute with the value "modme@example.com", add a
.I title
of "Grand Poobah", and the contents of the file "/tmp/modme.jpeg"
as a
.IR jpegPhoto ,
and completely remove the
.I description
attribute.
.LP
Assuming that the file
.B /tmp/newentry
exists and has the contents:
.LP
.nf
dn: cn=Barbara Jensen,dc=example,dc=com
objectClass: person
cn: Barbara Jensen
cn: Babs Jensen
sn: Jensen
title: the world's most famous mythical manager
mail: bjensen@example.com
uid: bjensen
.LP
the command:
.LP
.nf
ldapadd -f /tmp/newentry
.fi
.LP
will add a new entry for Babs Jensen, using the values from the
file
.B /tmp/newentry.
.LP
Assuming that the file
.B /tmp/entrymods
exists and has the contents:
.LP
.nf
dn: cn=Barbara Jensen,dc=example,dc=com
changetype: delete
.LP
the command:
.LP
.nf
ldapmodify -f /tmp/entrymods
.fi
.LP
will remove Babs Jensen's entry.
.SH DIAGNOSTICS
Exit status is zero if no errors occur. Errors result in a non-zero
exit status and a diagnostic message being written to standard error.
.SH "SEE ALSO"
.BR ldapadd (1),
.BR ldapdelete (1),
.BR ldapmodrdn (1),
.BR ldapsearch (1),
.BR ldap.conf (5),
.BR ldap (3),
.BR ldap_add (3),
.BR ldap_delete (3),
.BR ldap_modify (3),
.BR ldap_modrdn (3),
.BR ldif (5),
.BR slapd.replog (5)
.SH AUTHOR
The OpenLDAP Project
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e71c000081a4000017820000044e0000000148d0f139000013e60000022d0000016a00000000000000000000002200000000reloc/share/man/man1/ldapdelete.1 .TH LDAPDELETE 1 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapdelete.1,v 1.38.2.6 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldapdelete \- LDAP delete entry tool
.SH SYNOPSIS
.B ldapdelete
[\c
.BR \-n ]
[\c
.BR \-v ]
[\c
.BR \-c ]
[\c
.BR \-M[M] ]
[\c
.BI \-d \ debuglevel\fR]
[\c
.BI \-f \ file\fR]
[\c
.BI \-D \ binddn\fR]
[\c
.BR \-W ]
[\c
.BI \-w \ passwd\fR]
[\c
.BI \-y \ passwdfile\fR]
[\c
.BI \-H \ ldapuri\fR]
[\c
.BI \-h \ ldaphost\fR]
[\c
.BI \-P \ 2\fR\||\|\fI3\fR]
[\c
.BI \-p \ ldapport\fR]
[\c
.BR \-O \ security-properties ]
[\c
.BI \-U \ authcid\fR]
[\c
.BI \-R \ realm\fR]
[\c
.BR \-r ]
[\c
.BR \-x ]
[\c
.BR \-I ]
[\c
.BR \-Q ]
[\c
.BI \-X \ authzid\fR]
[\c
.BI \-Y \ mech\fR]
[\c
.BR \-Z[Z] ]
[\c
.IR dn ]...
.SH DESCRIPTION
.I ldapdelete
is a shell-accessible interface to the
.BR ldap_delete (3)
library call.
.LP
.B ldapdelete
opens a connection to an LDAP server, binds, and deletes one or more
entries. If one or more \fIDN\fP arguments are provided, entries with
those Distinguished Names are deleted. Each \fIDN\fP should be provided
using the LDAPv3 string representation as defined in RFC 2253.
If no \fIdn\fP arguments
are provided, a list of DNs is read from standard input (or from
\fIfile\fP if the -f flag is used).
.SH OPTIONS
.TP
.B \-n
Show what would be done, but don't actually delete entries. Useful for
debugging in conjunction with -v.
.TP
.B \-v
Use verbose mode, with many diagnostics written to standard output.
.TP
.B \-c
Continuous operation mode. Errors are reported, but
.B ldapdelete
will continue with deletions. The default is to exit after
reporting an error.
.TP
.B \-M[M]
Enable manage DSA IT control.
.B \-MM
makes control critical.
.TP
.BI \-d \ debuglevel
Set the LDAP debugging level to \fIdebuglevel\fP.
.B ldapdelete
must be compiled with LDAP_DEBUG defined for this option to have any effect.
.TP
.BI \-f \ file
Read a series of DNs from \fIfile\fP, one per line, performing an
LDAP delete for each.
.TP
.B \-x
Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
.TP
.B \-W
Prompt for simple authentication.
This is used instead of specifying the password on the command line.
.TP
.BI \-w \ passwd
Use \fIpasswd\fP as the password for simple authentication.
.TP
.BI \-y \ passwdfile
Use complete contents of \fIpasswdfile\fP as the password for
simple authentication.
.TP
.BI \-H \ ldapuri
Specify URI(s) referring to the ldap server(s); only the protocol/host/port
fields are allowed; a list of URI, separated by whitespace or commas
is expected.
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
Deprecated in favor of -H.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
Deprecated in favor of -H.
.TP
.BI \-P \ 2\fR\||\|\fI3
Specify the LDAP protocol version to use.
.TP
.B \-r
Do a recursive delete. If the DN specified isn't a leaf, its
children, and all their children are deleted down the tree. No
verification is done, so if you add this switch, ldapdelete will
happily delete large portions of your tree. Use with care.
.TP
.BI \-O \ security-properties
Specify SASL security properties.
.TP
.B \-I
Enable SASL Interactive mode. Always prompt. Default is to prompt
only as needed.
.TP
.B \-Q
Enable SASL Quiet mode. Never prompt.
.TP
.BI \-U \ authcid
Specify the authentication ID for SASL bind. The form of the identity depends on the
actual SASL mechanism used.
.TP
.BI \-R \ realm
Specify the realm of authentication ID for SASL bind. The form of the realm
depends on the actual SASL mechanism used.
.TP
.BI \-X \ authzid
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
.B dn:\c
.I
or
.B u:\c
.I
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
.B \-Z[Z]
Issue StartTLS (Transport Layer Security) extended operation. If you use
.B \-ZZ\c
, the command will require the operation to be successful.
.SH EXAMPLE
The following command:
.LP
.nf
ldapdelete "cn=Delete Me,dc=example,dc=com"
.fi
.LP
will attempt to delete the entry named "cn=Delete Me,dc=example,dc=com".
Of course it would probably be necessary to supply authentication
credentials.
.SH DIAGNOSTICS
Exit status is 0 if no errors occur. Errors result in a non-zero exit
status and a diagnostic message being written to standard error.
.SH "SEE ALSO"
.BR ldap.conf (5),
.BR ldapadd (1),
.BR ldapmodify (1),
.BR ldapmodrdn (1),
.BR ldapsearch (1),
.BR ldap (3),
.BR ldap_delete (3)
.SH AUTHOR
The OpenLDAP Project
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e721000081a4000017820000044e0000000148d0f13900000e460000022d0000016a00000000000000000000002200000000reloc/share/man/man1/ldapwhoami.1 .TH LDAPWHOAMI 1 "2008/07/16" "OpenLDAP 2.3.43"
.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapwhoami.1,v 1.6.2.6 2008/02/11 23:24:09 kurt Exp $
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldapwhoami \- LDAP who am i? tool
.SH SYNOPSIS
.B ldapwhoami
[\c
.BR \-n ]
[\c
.BR \-v ]
[\c
.BR \-z ]
[\c
.BI \-d \ debuglevel\fR]
[\c
.BI \-D \ binddn\fR]
[\c
.BR \-W ]
[\c
.BI \-w \ passwd\fR]
[\c
.BI \-y \ passwdfile\fR]
[\c
.BI \-H \ ldapuri\fR]
[\c
.BI \-h \ ldaphost\fR]
[\c
.BI \-p \ ldapport\fR]
[\c
.BI \-O \ security-properties\fR]
[\c
.BR \-I ]
[\c
.BR \-Q ]
[\c
.BI \-U \ authcid\fR]
[\c
.BI \-R \ realm\fR]
[\c
.BR \-x ]
[\c
.BI \-X \ authzid\fR]
[\c
.BI \-Y \ mech\fR]
[\c
.BR \-Z[Z] ]
.SH DESCRIPTION
.I ldapwhoami
implements the LDAP "Who Am I?" extended operation.
.LP
.B ldapwhoami
opens a connection to an LDAP server, binds, and performs a whoami
operation.
.SH OPTIONS
.TP
.B \-n
Show what would be done, but don't actually perform the whoami operation.
Useful for
debugging in conjunction with -v.
.TP
.B \-v
Run in verbose mode, with many diagnostics written to standard output.
.TP
.BI \-d \ debuglevel
Set the LDAP debugging level to \fIdebuglevel\fP.
.B ldapwhoami
must be compiled with LDAP_DEBUG defined for this option to have any effect.
.TP
.B \-x
Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
.TP
.B \-W
Prompt for simple authentication.
This is used instead of specifying the password on the command line.
.TP
.BI \-w \ passwd
Use \fIpasswd\fP as the password for simple authentication.
.TP
.BI \-y \ passwdfile
Use complete contents of \fIpasswdfile\fP as the password for
simple authentication.
.TP
.BI \-H \ ldapuri
Specify URI(s) referring to the ldap server(s); only the protocol/host/port
fields are allowed; a list of URI, separated by whitespace or commas
is expected.
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
Deprecated in favor of -H.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
Deprecated in favor of -H.
.TP
.BI \-P \ 2\fR\||\|\fI3
Specify the LDAP protocol version to use.
.TP
.BI \-O \ security-properties
Specify SASL security properties.
.TP
.B \-I
Enable SASL Interactive mode. Always prompt. Default is to prompt
only as needed.
.TP
.B \-Q
Enable SASL Quiet mode. Never prompt.
.TP
.BI \-U \ authcid
Specify the authentication ID for SASL bind. The form of the ID
depends on the actual SASL mechanism used.
.TP
.BI \-R \ realm
Specify the realm of authentication ID for SASL bind. The form of the realm
depends on the actual SASL mechanism used.
.TP
.BI \-X \ authzid
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
.B dn:\c
.I
or
.B u:\c
.I
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
.B \-Z[Z]
Issue StartTLS (Transport Layer Security) extended operation. If you use
.B \-ZZ\c
, the command will require the operation to be successful.
.SH EXAMPLE
.nf
ldapwhoami -x -D "cn=Manager,dc=example,dc=com" -W
.fi
.SH "SEE ALSO"
.BR ldap.conf (5),
.BR ldap (3),
.BR ldap_extended_operation (3)
.SH AUTHOR
The OpenLDAP Project
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
0707010001e6fe000041ed000017820000044e0000000248d0f14c000000000000022d0000016a00000000000000000000000a00000000reloc/bin 0707010001e701000081ed000017820000044e0000000148d0f11c00011b780000022d0000016a00000000000000000000001500000000reloc/bin/ldapmodify ELF (4 à 4 ( 4 4 À À ô ýÿÿo Ð Ð Ð Ð Ø Å Ñ Ñ /usr/lib/ld.so.1 ! Ó Ï " # $ % ( * + , - . 0 4 5 7 8 9 > A B C D E F G I J K N O P R S T U V W Y Z [ \ ^ _ ` b c e f g h i j k l p r s t v w x y | ~ € ‚ … ‡ ˆ ‰ Œ ’ ” – — š › ¡ £ ¤ ¥ ¦ § ¨ ª « ¬ ® ¯ ± ³ µ ¶ · ¹ º ¼ ½ ¾ ¿ À Á Â Ã Ä Å Æ É Í
! &