From 210ed01f4c599f15111be2e5dfd33edbddaa7f8d Mon Sep 17 00:00:00 2001
From: Christian Dresen <c.dresen@fh-muenster.de>
Date: Sat, 9 Jan 2016 22:50:37 +0100
Subject: [PATCH] LDAP
---
ldap/Dockerfile | 4 +-
.../fusiondirectory-apache.conf | 18 +
.../data/fusiondirectory/fusiondirectory.conf | 26 +
ldap/data/ldap_conf/ldap.conf | 17 +
ldap/data/ldap_conf/schema/README | 80 +++
ldap/data/ldap_conf/schema/collective.ldif | 48 ++
ldap/data/ldap_conf/schema/collective.schema | 65 ++
ldap/data/ldap_conf/schema/corba.ldif | 42 ++
ldap/data/ldap_conf/schema/corba.schema | 61 ++
ldap/data/ldap_conf/schema/core.ldif | 603 +++++++++++++++++
ldap/data/ldap_conf/schema/core.schema | 622 ++++++++++++++++++
ldap/data/ldap_conf/schema/cosine.ldif | 200 ++++++
ldap/data/ldap_conf/schema/cosine.schema | 404 ++++++++++++
ldap/data/ldap_conf/schema/duaconf.ldif | 83 +++
ldap/data/ldap_conf/schema/duaconf.schema | 153 +++++
ldap/data/ldap_conf/schema/dyngroup.ldif | 71 ++
ldap/data/ldap_conf/schema/dyngroup.schema | 91 +++
.../fusiondirectory/core-fd-conf.schema | 562 ++++++++++++++++
.../schema/fusiondirectory/core-fd.schema | 148 +++++
.../schema/fusiondirectory/ldapns.schema | 23 +
.../schema/fusiondirectory/openssh-lpk.ldif | 0
.../schema/fusiondirectory/rfc2307bis.schema | 288 ++++++++
.../schema/fusiondirectory/template-fd.schema | 15 +
ldap/data/ldap_conf/schema/inetorgperson.ldif | 69 ++
.../ldap_conf/schema/inetorgperson.schema | 113 ++++
ldap/data/ldap_conf/schema/java.ldif | 59 ++
ldap/data/ldap_conf/schema/java.schema | 109 +++
ldap/data/ldap_conf/schema/misc.ldif | 45 ++
ldap/data/ldap_conf/schema/misc.schema | 75 +++
ldap/data/ldap_conf/schema/nis.ldif | 120 ++++
ldap/data/ldap_conf/schema/nis.schema | 237 +++++++
ldap/data/ldap_conf/schema/openldap.ldif | 88 +++
ldap/data/ldap_conf/schema/openldap.schema | 54 ++
ldap/data/ldap_conf/schema/pmi.ldif | 123 ++++
ldap/data/ldap_conf/schema/pmi.schema | 476 ++++++++++++++
ldap/data/ldap_conf/schema/ppolicy.ldif | 84 +++
ldap/data/ldap_conf/schema/ppolicy.schema | 159 +++++
ldap/data/ldap_conf/slapd.d/cn=config.ldif | 16 +
.../slapd.d/cn=config/cn=module{0}.ldif | 14 +
.../slapd.d/cn=config/cn=schema.ldif | 12 +
.../cn=config/cn=schema/cn={0}core.ldif | 249 +++++++
.../cn=config/cn=schema/cn={1}cosine.ldif | 178 +++++
.../cn=config/cn=schema/cn={2}nis.ldif | 108 +++
.../cn=schema/cn={3}inetorgperson.ldif | 49 ++
.../cn=config/cn=schema/cn={4}core-fd.ldif | 90 +++
.../cn=schema/cn={5}core-fd-conf.ldif | 284 ++++++++
.../cn=config/cn=schema/cn={6}ldapns.ldif | 20 +
.../cn=schema/cn={7}template-fd.ldif | 17 +
.../slapd.d/cn=config/olcBackend={0}mdb.ldif | 12 +
.../cn=config/olcDatabase={-1}frontend.ldif | 18 +
.../cn=config/olcDatabase={0}config.ldif | 15 +
.../slapd.d/cn=config/olcDatabase={1}mdb.ldif | 28 +
ldap/data/ldap_db/data.mdb | Bin 0 -> 131072 bytes
ldap/data/ldap_db/lock.mdb | Bin 0 -> 8192 bytes
ldap/data/start.sh | 3 +
ldap/run.sh | 7 +-
web/warpauth/views/profile.py | 1 +
web/warpzone/settings.py | 16 +-
58 files changed, 6558 insertions(+), 14 deletions(-)
create mode 100644 ldap/data/fusiondirectory/fusiondirectory-apache.conf
create mode 100644 ldap/data/fusiondirectory/fusiondirectory.conf
create mode 100644 ldap/data/ldap_conf/ldap.conf
create mode 100644 ldap/data/ldap_conf/schema/README
create mode 100644 ldap/data/ldap_conf/schema/collective.ldif
create mode 100644 ldap/data/ldap_conf/schema/collective.schema
create mode 100644 ldap/data/ldap_conf/schema/corba.ldif
create mode 100644 ldap/data/ldap_conf/schema/corba.schema
create mode 100644 ldap/data/ldap_conf/schema/core.ldif
create mode 100644 ldap/data/ldap_conf/schema/core.schema
create mode 100644 ldap/data/ldap_conf/schema/cosine.ldif
create mode 100644 ldap/data/ldap_conf/schema/cosine.schema
create mode 100644 ldap/data/ldap_conf/schema/duaconf.ldif
create mode 100644 ldap/data/ldap_conf/schema/duaconf.schema
create mode 100644 ldap/data/ldap_conf/schema/dyngroup.ldif
create mode 100644 ldap/data/ldap_conf/schema/dyngroup.schema
create mode 100644 ldap/data/ldap_conf/schema/fusiondirectory/core-fd-conf.schema
create mode 100644 ldap/data/ldap_conf/schema/fusiondirectory/core-fd.schema
create mode 100644 ldap/data/ldap_conf/schema/fusiondirectory/ldapns.schema
create mode 100644 ldap/data/ldap_conf/schema/fusiondirectory/openssh-lpk.ldif
create mode 100644 ldap/data/ldap_conf/schema/fusiondirectory/rfc2307bis.schema
create mode 100644 ldap/data/ldap_conf/schema/fusiondirectory/template-fd.schema
create mode 100644 ldap/data/ldap_conf/schema/inetorgperson.ldif
create mode 100644 ldap/data/ldap_conf/schema/inetorgperson.schema
create mode 100644 ldap/data/ldap_conf/schema/java.ldif
create mode 100644 ldap/data/ldap_conf/schema/java.schema
create mode 100644 ldap/data/ldap_conf/schema/misc.ldif
create mode 100644 ldap/data/ldap_conf/schema/misc.schema
create mode 100644 ldap/data/ldap_conf/schema/nis.ldif
create mode 100644 ldap/data/ldap_conf/schema/nis.schema
create mode 100644 ldap/data/ldap_conf/schema/openldap.ldif
create mode 100644 ldap/data/ldap_conf/schema/openldap.schema
create mode 100644 ldap/data/ldap_conf/schema/pmi.ldif
create mode 100644 ldap/data/ldap_conf/schema/pmi.schema
create mode 100644 ldap/data/ldap_conf/schema/ppolicy.ldif
create mode 100644 ldap/data/ldap_conf/schema/ppolicy.schema
create mode 100644 ldap/data/ldap_conf/slapd.d/cn=config.ldif
create mode 100644 ldap/data/ldap_conf/slapd.d/cn=config/cn=module{0}.ldif
create mode 100644 ldap/data/ldap_conf/slapd.d/cn=config/cn=schema.ldif
create mode 100644 ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={0}core.ldif
create mode 100644 ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif
create mode 100644 ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={2}nis.ldif
create mode 100644 ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={3}inetorgperson.ldif
create mode 100644 ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={4}core-fd.ldif
create mode 100644 ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={5}core-fd-conf.ldif
create mode 100644 ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={6}ldapns.ldif
create mode 100644 ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={7}template-fd.ldif
create mode 100644 ldap/data/ldap_conf/slapd.d/cn=config/olcBackend={0}mdb.ldif
create mode 100644 ldap/data/ldap_conf/slapd.d/cn=config/olcDatabase={-1}frontend.ldif
create mode 100644 ldap/data/ldap_conf/slapd.d/cn=config/olcDatabase={0}config.ldif
create mode 100644 ldap/data/ldap_conf/slapd.d/cn=config/olcDatabase={1}mdb.ldif
create mode 100644 ldap/data/ldap_db/data.mdb
create mode 100644 ldap/data/ldap_db/lock.mdb
diff --git a/ldap/Dockerfile b/ldap/Dockerfile
index e5fd470..ca4a837 100644
--- a/ldap/Dockerfile
+++ b/ldap/Dockerfile
@@ -30,12 +30,10 @@ RUN apt-get update && apt-get install -y \
fusiondirectory-plugin-ssh
COPY ./data/start.sh /opt/start.sh
-#COPY ./data/fusiondirectory.conf /etc/fusiondirectory/fusiondirectory.conf
-#COPY ./ldap.conf /etc/ldap/slapd.conf
EXPOSE 22 8000 389
-VOLUME ["/opt/warpauth","/var/lib/ldap","/etc/ldap"]
+VOLUME ["/etc/fusiondirectory","/var/lib/ldap","/etc/ldap"]
ENTRYPOINT sh /opt/start.sh
diff --git a/ldap/data/fusiondirectory/fusiondirectory-apache.conf b/ldap/data/fusiondirectory/fusiondirectory-apache.conf
new file mode 100644
index 0000000..0d4334b
--- /dev/null
+++ b/ldap/data/fusiondirectory/fusiondirectory-apache.conf
@@ -0,0 +1,18 @@
+# Include FusionDirectory to your web service
+Alias /fusiondirectory /usr/share/fusiondirectory/html
+
+<IfModule mod_php5.c>
+<Location /fusiondirectory>
+ php_admin_flag engine on
+ php_admin_flag register_globals off
+ php_admin_flag allow_call_time_pass_reference off
+ php_admin_flag expose_php off
+ php_admin_flag zend.ze1_compatibility_mode off
+ php_admin_flag register_long_arrays off
+ php_admin_value upload_tmp_dir /var/spool/fusiondirectory/
+ php_admin_value session.cookie_lifetime 0
+# Remove the comment from the line below if you use fusiondirectory-setup --encrypt-passwords
+# include /etc/fusiondirectory/fusiondirectory.secrets
+</Location>
+</IfModule>
+
diff --git a/ldap/data/fusiondirectory/fusiondirectory.conf b/ldap/data/fusiondirectory/fusiondirectory.conf
new file mode 100644
index 0000000..b90fcf6
--- /dev/null
+++ b/ldap/data/fusiondirectory/fusiondirectory.conf
@@ -0,0 +1,26 @@
+<?xml version="1.0"?>
+<conf>
+ <!-- Main section **********************************************************
+ The main section defines global settings, which might be overridden by
+ each location definition inside.
+
+ For more information about the configuration parameters, take a look at
+ the FusionDirectory.conf(5) manual page.
+ -->
+ <main default="default"
+ logging="TRUE"
+ displayErrors="FALSE"
+ forceSSL="FALSE"
+ templateCompileDirectory="/var/spool/fusiondirectory/"
+ debugLevel="0"
+ >
+
+ <!-- Location definition -->
+ <location name="default"
+ >
+ <referral URI="ldap://localhost:389/dc=warpzone,dc=ms"
+ adminDn="cn=admin,dc=warpzone,dc=ms"
+ adminPassword="12345" />
+ </location>
+ </main>
+</conf>
diff --git a/ldap/data/ldap_conf/ldap.conf b/ldap/data/ldap_conf/ldap.conf
new file mode 100644
index 0000000..42d42b0
--- /dev/null
+++ b/ldap/data/ldap_conf/ldap.conf
@@ -0,0 +1,17 @@
+#
+# LDAP Defaults
+#
+
+# See ldap.conf(5) for details
+# This file should be world readable but not world writable.
+
+#BASE dc=example,dc=com
+#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
+
+#SIZELIMIT 12
+#TIMELIMIT 15
+#DEREF never
+
+# TLS certificates (needed for GnuTLS)
+TLS_CACERT /etc/ssl/certs/ca-certificates.crt
+
diff --git a/ldap/data/ldap_conf/schema/README b/ldap/data/ldap_conf/schema/README
new file mode 100644
index 0000000..ae88756
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/README
@@ -0,0 +1,80 @@
+This directory contains user application schema definitions for use
+with slapd(8).
+
+File Description
+---- -----------
+collective.schema Collective attributes (experimental)
+corba.schema Corba Object
+core.schema OpenLDAP "core"
+cosine.schema COSINE Pilot
+duaconf.schema Client Configuration (work in progress)
+dyngroup.schema Dynamic Group (experimental)
+inetorgperson.schema InetOrgPerson
+java.schema Java Object
+misc.schema Miscellaneous Schema (experimental)
+nadf.schema North American Directory Forum (obsolete)
+nis.schema Network Information Service (experimental)
+openldap.schema OpenLDAP Project (FYI)
+ppolicy.schema Password Policy Schema (work in progress)
+
+Additional "generally useful" schema definitions can be submitted
+using the OpenLDAP Issue Tracking System <http://www.openldap.org/its/>.
+Submissions should include a stable reference to a mature, open
+technical specification (e.g., an RFC) for the schema.
+
+The core.ldif and openldap.ldif files are equivalent to their
+corresponding .schema files. They have been provided as examples
+for use with the dynamic configuration backend. These example files
+are not actually necessary since slapd will automatically convert any
+included *.schema files into LDIF when converting a slapd.conf file
+to a configuration database, but they serve as a model of how to
+convert schema files in general.
+
+---
+
+This notice applies to all files in this directory.
+
+Copyright 1998-2014 The OpenLDAP Foundation, Redwood City, California, USA
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License. A copy of this license is available at
+http://www.OpenLDAP.org/license.html or in file LICENSE in the
+top-level directory of the distribution.
+
+---
+
+This notice applies to all schema in this directory which are derived
+from RFCs and other IETF documents.
+
+Portions Copyright 1991-2004, The Internet Society. All Rights Reserved.
+
+This document and translations of it may be copied and furnished
+to others, and derivative works that comment on or otherwise explain
+it or assist in its implementation may be prepared, copied, published
+and distributed, in whole or in part, without restriction of any
+kind, provided that the above copyright notice and this paragraph
+are included on all such copies and derivative works. However,
+this document itself may not be modified in any way, such as by
+removing the copyright notice or references to the Internet Society
+or other Internet organizations, except as needed for the purpose
+of developing Internet standards in which case the procedures for
+copyrights defined in the Internet Standards process must be
+followed, or as required to translate it into languages other than
+English.
+
+The limited permissions granted above are perpetual and will not
+be revoked by the Internet Society or its successors or assigns.
+
+This document and the information contained herein is provided on
+an "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE
+INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
+OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY
+IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
+PURPOSE.
+
+
+---
+$OpenLDAP$
diff --git a/ldap/data/ldap_conf/schema/collective.ldif b/ldap/data/ldap_conf/schema/collective.ldif
new file mode 100644
index 0000000..34ec3db
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/collective.ldif
@@ -0,0 +1,48 @@
+# collective.ldif -- Collective attribute schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (2003).
+## Please see full copyright statement below.
+#
+# From RFC 3671 [portions trimmed]:
+# Collective Attributes in LDAP
+#
+# This file was automatically generated from collective.schema; see that file
+# for complete references.
+#
+dn: cn=collective,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: collective
+olcAttributeTypes: {0}( 2.5.4.7.1 NAME 'c-l' SUP l COLLECTIVE )
+olcAttributeTypes: {1}( 2.5.4.8.1 NAME 'c-st' SUP st COLLECTIVE )
+olcAttributeTypes: {2}( 2.5.4.9.1 NAME 'c-street' SUP street COLLECTIVE )
+olcAttributeTypes: {3}( 2.5.4.10.1 NAME 'c-o' SUP o COLLECTIVE )
+olcAttributeTypes: {4}( 2.5.4.11.1 NAME 'c-ou' SUP ou COLLECTIVE )
+olcAttributeTypes: {5}( 2.5.4.16.1 NAME 'c-PostalAddress' SUP postalAddress CO
+ LLECTIVE )
+olcAttributeTypes: {6}( 2.5.4.17.1 NAME 'c-PostalCode' SUP postalCode COLLECTI
+ VE )
+olcAttributeTypes: {7}( 2.5.4.18.1 NAME 'c-PostOfficeBox' SUP postOfficeBox CO
+ LLECTIVE )
+olcAttributeTypes: {8}( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName' SUP phy
+ sicalDeliveryOfficeName COLLECTIVE )
+olcAttributeTypes: {9}( 2.5.4.20.1 NAME 'c-TelephoneNumber' SUP telephoneNumbe
+ r COLLECTIVE )
+olcAttributeTypes: {10}( 2.5.4.21.1 NAME 'c-TelexNumber' SUP telexNumber COLLE
+ CTIVE )
+olcAttributeTypes: {11}( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber' SUP facs
+ imileTelephoneNumber COLLECTIVE )
+olcAttributeTypes: {12}( 2.5.4.25.1 NAME 'c-InternationalISDNNumber' SUP inter
+ nationalISDNNumber COLLECTIVE )
diff --git a/ldap/data/ldap_conf/schema/collective.schema b/ldap/data/ldap_conf/schema/collective.schema
new file mode 100644
index 0000000..c3dc1a1
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/collective.schema
@@ -0,0 +1,65 @@
+# collective.schema -- Collective attribute schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/collective.schema,v 1.12.2.2 2007/08/31 23:14:06 quanah Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 3671, at (among other
+# places): http://www.ietf.org/rfc/rfc3671.txt
+
+attributeType ( 2.5.4.7.1 NAME 'c-l'
+ SUP l COLLECTIVE )
+
+attributeType ( 2.5.4.8.1 NAME 'c-st'
+ SUP st COLLECTIVE )
+
+attributeType ( 2.5.4.9.1 NAME 'c-street'
+ SUP street COLLECTIVE )
+
+attributeType ( 2.5.4.10.1 NAME 'c-o'
+ SUP o COLLECTIVE )
+
+attributeType ( 2.5.4.11.1 NAME 'c-ou'
+ SUP ou COLLECTIVE )
+
+attributeType ( 2.5.4.16.1 NAME 'c-PostalAddress'
+ SUP postalAddress COLLECTIVE )
+
+attributeType ( 2.5.4.17.1 NAME 'c-PostalCode'
+ SUP postalCode COLLECTIVE )
+
+attributeType ( 2.5.4.18.1 NAME 'c-PostOfficeBox'
+ SUP postOfficeBox COLLECTIVE )
+
+attributeType ( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName'
+ SUP physicalDeliveryOfficeName COLLECTIVE )
+
+attributeType ( 2.5.4.20.1 NAME 'c-TelephoneNumber'
+ SUP telephoneNumber COLLECTIVE )
+
+attributeType ( 2.5.4.21.1 NAME 'c-TelexNumber'
+ SUP telexNumber COLLECTIVE )
+
+attributeType ( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber'
+ SUP facsimileTelephoneNumber COLLECTIVE )
+
+attributeType ( 2.5.4.25.1 NAME 'c-InternationalISDNNumber'
+ SUP internationalISDNNumber COLLECTIVE )
+
diff --git a/ldap/data/ldap_conf/schema/corba.ldif b/ldap/data/ldap_conf/schema/corba.ldif
new file mode 100644
index 0000000..d5b4e07
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/corba.ldif
@@ -0,0 +1,42 @@
+# corba.ldif -- Corba Object Schema
+# depends upon core.ldif
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (1999).
+## Please see full copyright statement below.
+#
+# From RFC 2714 [portions trimmed]:
+# Schema for Representing CORBA Object References in an LDAP Directory
+#
+# This file was automatically generated from corba.schema; see that file
+# for complete references.
+#
+dn: cn=corba,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: corba
+olcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.4.1.14 NAME 'corbaIor' DESC 'Strin
+ gified interoperable object reference of a CORBA object' EQUALITY caseIgnoreI
+ A5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.4.1.15 NAME 'corbaRepositoryId' DE
+ SC 'Repository ids of interfaces implemented by a CORBA object' EQUALITY case
+ ExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcObjectClasses: {0}( 1.3.6.1.4.1.42.2.27.4.2.10 NAME 'corbaContainer' DESC '
+ Container for a CORBA object' SUP top STRUCTURAL MUST cn )
+olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.4.2.9 NAME 'corbaObject' DESC 'CORB
+ A object representation' SUP top ABSTRACT MAY ( corbaRepositoryId $ descripti
+ on ) )
+olcObjectClasses: {2}( 1.3.6.1.4.1.42.2.27.4.2.11 NAME 'corbaObjectReference'
+ DESC 'CORBA interoperable object reference' SUP corbaObject AUXILIARY MUST co
+ rbaIor )
diff --git a/ldap/data/ldap_conf/schema/corba.schema b/ldap/data/ldap_conf/schema/corba.schema
new file mode 100644
index 0000000..918e9df
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/corba.schema
@@ -0,0 +1,61 @@
+# corba.schema -- Corba Object Schema
+# depends upon core.schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.3 2007/01/02 21:44:09 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.3 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 2714, at (among other
+# places): http://www.ietf.org/rfc/rfc2714.txt
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.14
+ NAME 'corbaIor'
+ DESC 'Stringified interoperable object reference of a CORBA object'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.15
+ NAME 'corbaRepositoryId'
+ DESC 'Repository ids of interfaces implemented by a CORBA object'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.10
+ NAME 'corbaContainer'
+ DESC 'Container for a CORBA object'
+ SUP top
+ STRUCTURAL
+ MUST cn )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.9
+ NAME 'corbaObject'
+ DESC 'CORBA object representation'
+ SUP top
+ ABSTRACT
+ MAY ( corbaRepositoryId $ description ) )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.11
+ NAME 'corbaObjectReference'
+ DESC 'CORBA interoperable object reference'
+ SUP corbaObject
+ AUXILIARY
+ MUST corbaIor )
diff --git a/ldap/data/ldap_conf/schema/core.ldif b/ldap/data/ldap_conf/schema/core.ldif
new file mode 100644
index 0000000..cc1811f
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/core.ldif
@@ -0,0 +1,603 @@
+# OpenLDAP Core schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text claiming copyright by the Internet Society and including
+# the IETF RFC license, which does not meet Debian's Free Software
+# Guidelines. However, apart from short and obvious comments, the text of
+# this file is purely a functional interface specification, which is not
+# subject to that license and is not copyrightable under US law.
+#
+# The license statement is retained below so as not to remove credit, but
+# as best as we can determine, it is not applicable to the contents of
+# this file.
+
+## Portions Copyright (C) The Internet Society (1997-2003).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works. However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be
+## followed, or as required to translate it into languages other than
+## English.
+##
+## The limited permissions granted above are perpetual and will not be
+## revoked by the Internet Society or its successors or assigns.
+##
+## This document and the information contained herein is provided on an
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+#
+#
+#
+# Includes LDAPv3 schema items from:
+# RFC 2252/2256 (LDAPv3)
+#
+# Select standard track schema items:
+# RFC 1274 (uid/dc)
+# RFC 2079 (URI)
+# RFC 2247 (dc/dcObject)
+# RFC 2587 (PKI)
+# RFC 2589 (Dynamic Directory Services)
+#
+# Select informational schema items:
+# RFC 2377 (uidObject)
+#
+#
+# Standard attribute types from RFC 2256
+#
+dn: cn=core,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: core
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass'
+# DESC 'RFC2256: object classes of the entity'
+# EQUALITY objectIdentifierMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
+# DESC 'RFC2256: name of aliased object'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation'
+ DESC 'RFC2256: knowledge information'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' )
+# DESC 'RFC2256: common name(s) for which the entity is known by'
+# SUP name )
+#
+olcAttributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surname' )
+ DESC 'RFC2256: last (family) name(s) for which the entity is known by'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.5 NAME 'serialNumber'
+ DESC 'RFC2256: serial number of the entity'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
+#
+# RFC 4519 definition ('countryName' in X.500 and RFC2256)
+olcAttributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' )
+ DESC 'RFC4519: two-letter ISO-3166 country code'
+ SUP name
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
+ SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.7 NAME ( 'l' 'localityName' )
+ DESC 'RFC2256: locality which this object resides in'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
+ DESC 'RFC2256: state or province which this object resides in'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
+ DESC 'RFC2256: street address of this object'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+#
+olcAttributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationName' )
+ DESC 'RFC2256: organization this object belongs to'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
+ DESC 'RFC2256: organizational unit this object belongs to'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.12 NAME 'title'
+ DESC 'RFC2256: title associated with the entity'
+ SUP name )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.13 NAME 'description'
+# DESC 'RFC2256: descriptive information'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
+#
+# Deprecated by enhancedSearchGuide
+olcAttributeTypes: ( 2.5.4.14 NAME 'searchGuide'
+ DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
+#
+olcAttributeTypes: ( 2.5.4.15 NAME 'businessCategory'
+ DESC 'RFC2256: business category'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+#
+olcAttributeTypes: ( 2.5.4.16 NAME 'postalAddress'
+ DESC 'RFC2256: postal address'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+#
+olcAttributeTypes: ( 2.5.4.17 NAME 'postalCode'
+ DESC 'RFC2256: postal code'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+#
+olcAttributeTypes: ( 2.5.4.18 NAME 'postOfficeBox'
+ DESC 'RFC2256: Post Office Box'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+#
+olcAttributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
+ DESC 'RFC2256: Physical Delivery Office Name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+#
+olcAttributeTypes: ( 2.5.4.20 NAME 'telephoneNumber'
+ DESC 'RFC2256: Telephone Number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
+#
+olcAttributeTypes: ( 2.5.4.21 NAME 'telexNumber'
+ DESC 'RFC2256: Telex Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
+#
+olcAttributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
+ DESC 'RFC2256: Teletex Terminal Identifier'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
+#
+olcAttributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
+ DESC 'RFC2256: Facsimile (Fax) Telephone Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
+#
+olcAttributeTypes: ( 2.5.4.24 NAME 'x121Address'
+ DESC 'RFC2256: X.121 Address'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
+#
+olcAttributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber'
+ DESC 'RFC2256: international ISDN number'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
+#
+olcAttributeTypes: ( 2.5.4.26 NAME 'registeredAddress'
+ DESC 'RFC2256: registered postal address'
+ SUP postalAddress
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+#
+olcAttributeTypes: ( 2.5.4.27 NAME 'destinationIndicator'
+ DESC 'RFC2256: destination indicator'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
+#
+olcAttributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod'
+ DESC 'RFC2256: preferred delivery method'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
+ SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.29 NAME 'presentationAddress'
+ DESC 'RFC2256: presentation address'
+ EQUALITY presentationAddressMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
+ SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext'
+ DESC 'RFC2256: supported application context'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+#
+olcAttributeTypes: ( 2.5.4.31 NAME 'member'
+ DESC 'RFC2256: member of a group'
+ SUP distinguishedName )
+#
+olcAttributeTypes: ( 2.5.4.32 NAME 'owner'
+ DESC 'RFC2256: owner (of the object)'
+ SUP distinguishedName )
+#
+olcAttributeTypes: ( 2.5.4.33 NAME 'roleOccupant'
+ DESC 'RFC2256: occupant of role'
+ SUP distinguishedName )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso'
+# DESC 'RFC2256: DN of related object'
+# SUP distinguishedName )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword'
+# DESC 'RFC2256/2307: password of user'
+# EQUALITY octetStringMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
+#
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+olcAttributeTypes: ( 2.5.4.36 NAME 'userCertificate'
+ DESC 'RFC2256: X.509 user certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+#
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+olcAttributeTypes: ( 2.5.4.37 NAME 'cACertificate'
+ DESC 'RFC2256: X.509 CA certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList'
+ DESC 'RFC2256: X.509 authority revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList'
+ DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+#
+# Must be stored and requested in the binary form
+olcAttributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair'
+ DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
+#
+# 2.5.4.41 is defined above as it's used for subtyping
+#olcAttributeTypes: ( 2.5.4.41 NAME 'name'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+#
+olcAttributeTypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' )
+ DESC 'RFC2256: first name(s) for which the entity is known by'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.43 NAME 'initials'
+ DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.44 NAME 'generationQualifier'
+ DESC 'RFC2256: name qualifier indicating a generation'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier'
+ DESC 'RFC2256: X.500 unique identifier'
+ EQUALITY bitStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
+#
+olcAttributeTypes: ( 2.5.4.46 NAME 'dnQualifier'
+ DESC 'RFC2256: DN qualifier'
+ EQUALITY caseIgnoreMatch
+ ORDERING caseIgnoreOrderingMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+#
+olcAttributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide'
+ DESC 'RFC2256: enhanced search guide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
+#
+olcAttributeTypes: ( 2.5.4.48 NAME 'protocolInformation'
+ DESC 'RFC2256: protocol information'
+ EQUALITY protocolInformationMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
+#
+# 2.5.4.49 is defined above as it's used for subtyping
+#olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+#
+olcAttributeTypes: ( 2.5.4.50 NAME 'uniqueMember'
+ DESC 'RFC2256: unique member of a group'
+ EQUALITY uniqueMemberMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
+#
+olcAttributeTypes: ( 2.5.4.51 NAME 'houseIdentifier'
+ DESC 'RFC2256: house identifier'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms'
+ DESC 'RFC2256: supported algorithms'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList'
+ DESC 'RFC2256: delta revocation list; use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+#
+olcAttributeTypes: ( 2.5.4.54 NAME 'dmdName'
+ DESC 'RFC2256: name of DMD'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.65 NAME 'pseudonym'
+ DESC 'X.520(4th): pseudonym for the object'
+ SUP name )
+#
+# Standard object classes from RFC2256
+#
+# system schema
+#olcObjectClasses: ( 2.5.6.1 NAME 'alias'
+# DESC 'RFC2256: an alias'
+# SUP top STRUCTURAL
+# MUST aliasedObjectName )
+#
+olcObjectClasses: ( 2.5.6.2 NAME 'country'
+ DESC 'RFC2256: a country'
+ SUP top STRUCTURAL
+ MUST c
+ MAY ( searchGuide $ description ) )
+#
+olcObjectClasses: ( 2.5.6.3 NAME 'locality'
+ DESC 'RFC2256: a locality'
+ SUP top STRUCTURAL
+ MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.4 NAME 'organization'
+ DESC 'RFC2256: an organization'
+ SUP top STRUCTURAL
+ MUST o
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.5 NAME 'organizationalUnit'
+ DESC 'RFC2256: an organizational unit'
+ SUP top STRUCTURAL
+ MUST ou
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.6 NAME 'person'
+ DESC 'RFC2256: a person'
+ SUP top STRUCTURAL
+ MUST ( sn $ cn )
+ MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
+#
+olcObjectClasses: ( 2.5.6.7 NAME 'organizationalPerson'
+ DESC 'RFC2256: an organizational person'
+ SUP person STRUCTURAL
+ MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
+#
+olcObjectClasses: ( 2.5.6.8 NAME 'organizationalRole'
+ DESC 'RFC2256: an organizational role'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.9 NAME 'groupOfNames'
+ DESC 'RFC2256: a group of names (DNs)'
+ SUP top STRUCTURAL
+ MUST ( member $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+#
+olcObjectClasses: ( 2.5.6.10 NAME 'residentialPerson'
+ DESC 'RFC2256: an residential person'
+ SUP person STRUCTURAL
+ MUST l
+ MAY ( businessCategory $ x121Address $ registeredAddress $
+ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
+ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l ) )
+#
+olcObjectClasses: ( 2.5.6.11 NAME 'applicationProcess'
+ DESC 'RFC2256: an application process'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( seeAlso $ ou $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.12 NAME 'applicationEntity'
+ DESC 'RFC2256: an application entity'
+ SUP top STRUCTURAL
+ MUST ( presentationAddress $ cn )
+ MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
+ description ) )
+#
+olcObjectClasses: ( 2.5.6.13 NAME 'dSA'
+ DESC 'RFC2256: a directory system agent (a server)'
+ SUP applicationEntity STRUCTURAL
+ MAY knowledgeInformation )
+#
+olcObjectClasses: ( 2.5.6.14 NAME 'device'
+ DESC 'RFC2256: a device'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser'
+ DESC 'RFC2256: a strong authentication user'
+ SUP top AUXILIARY
+ MUST userCertificate )
+#
+olcObjectClasses: ( 2.5.6.16 NAME 'certificationAuthority'
+ DESC 'RFC2256: a certificate authority'
+ SUP top AUXILIARY
+ MUST ( authorityRevocationList $ certificateRevocationList $
+ cACertificate ) MAY crossCertificatePair )
+#
+olcObjectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames'
+ DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
+ SUP top STRUCTURAL
+ MUST ( uniqueMember $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+#
+olcObjectClasses: ( 2.5.6.18 NAME 'userSecurityInformation'
+ DESC 'RFC2256: a user security information'
+ SUP top AUXILIARY
+ MAY ( supportedAlgorithms ) )
+#
+olcObjectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
+ SUP certificationAuthority
+ AUXILIARY MAY ( deltaRevocationList ) )
+#
+olcObjectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint'
+ SUP top STRUCTURAL
+ MUST ( cn )
+ MAY ( certificateRevocationList $ authorityRevocationList $
+ deltaRevocationList ) )
+#
+olcObjectClasses: ( 2.5.6.20 NAME 'dmd'
+ SUP top STRUCTURAL
+ MUST ( dmdName )
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ street $ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l $ description ) )
+#
+#
+# Object Classes from RFC 2587
+#
+olcObjectClasses: ( 2.5.6.21 NAME 'pkiUser'
+ DESC 'RFC2587: a PKI user'
+ SUP top AUXILIARY
+ MAY userCertificate )
+#
+olcObjectClasses: ( 2.5.6.22 NAME 'pkiCA'
+ DESC 'RFC2587: PKI certificate authority'
+ SUP top AUXILIARY
+ MAY ( authorityRevocationList $ certificateRevocationList $
+ cACertificate $ crossCertificatePair ) )
+#
+olcObjectClasses: ( 2.5.6.23 NAME 'deltaCRL'
+ DESC 'RFC2587: PKI user'
+ SUP top AUXILIARY
+ MAY deltaRevocationList )
+#
+#
+# Standard Track URI label schema from RFC 2079
+# system schema
+#olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
+# DESC 'RFC2079: Uniform Resource Identifier with optional label'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+#
+olcObjectClasses: ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
+ DESC 'RFC2079: object that contains the URI attribute type'
+ MAY ( labeledURI )
+ SUP top AUXILIARY )
+#
+#
+# Derived from RFC 1274, but with new "short names"
+#
+#olcAttributeTypes: ( 0.9.2342.19200300.100.1.1
+# NAME ( 'uid' 'userid' )
+# DESC 'RFC1274: user identifier'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+#
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.3
+ NAME ( 'mail' 'rfc822Mailbox' )
+ DESC 'RFC1274: RFC822 Mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+#
+olcObjectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+ DESC 'RFC1274: simple security object'
+ SUP top AUXILIARY
+ MUST userPassword )
+#
+# RFC 1274 + RFC 2247
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.25
+ NAME ( 'dc' 'domainComponent' )
+ DESC 'RFC1274/2247: domain component'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+#
+# RFC 2247
+olcObjectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
+ DESC 'RFC2247: domain component object'
+ SUP top AUXILIARY MUST dc )
+#
+# RFC 2377
+olcObjectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject'
+ DESC 'RFC2377: uid object'
+ SUP top AUXILIARY MUST uid )
+#
+# From COSINE Pilot
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.37
+ NAME 'associatedDomain'
+ DESC 'RFC1274: domain associated with object'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+#
+# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
+olcAttributeTypes: ( 1.2.840.113549.1.9.1
+ NAME ( 'email' 'emailAddress' 'pkcs9email' )
+ DESC 'RFC3280: legacy attribute for email addresses in DNs'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+#
diff --git a/ldap/data/ldap_conf/schema/core.schema b/ldap/data/ldap_conf/schema/core.schema
new file mode 100644
index 0000000..cf0968a
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/core.schema
@@ -0,0 +1,622 @@
+# OpenLDAP Core schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text claiming copyright by the Internet Society and including
+# the IETF RFC license, which does not meet Debian's Free Software
+# Guidelines. However, apart from short and obvious comments, the text of
+# this file is purely a functional interface specification, which is not
+# subject to that license and is not copyrightable under US law.
+#
+# The license statement is retained below so as not to remove credit, but
+# as best as we can determine, it is not applicable to the contents of
+# this file.
+
+## Portions Copyright (C) The Internet Society (1997-2006).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works. However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be
+## followed, or as required to translate it into languages other than
+## English.
+##
+## The limited permissions granted above are perpetual and will not be
+## revoked by the Internet Society or its successors or assigns.
+##
+## This document and the information contained herein is provided on an
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+#
+#
+# Includes LDAPv3 schema items from:
+# RFC 2252/2256 (LDAPv3)
+#
+# Select standard track schema items:
+# RFC 1274 (uid/dc)
+# RFC 2079 (URI)
+# RFC 2247 (dc/dcObject)
+# RFC 2587 (PKI)
+# RFC 2589 (Dynamic Directory Services)
+# RFC 4524 (associatedDomain)
+#
+# Select informational schema items:
+# RFC 2377 (uidObject)
+
+#
+# Standard attribute types from RFC 2256
+#
+
+# system schema
+#attributetype ( 2.5.4.0 NAME 'objectClass'
+# DESC 'RFC2256: object classes of the entity'
+# EQUALITY objectIdentifierMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+# system schema
+#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
+# DESC 'RFC2256: name of aliased object'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+attributetype ( 2.5.4.2 NAME 'knowledgeInformation'
+ DESC 'RFC2256: knowledge information'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+# system schema
+#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
+# DESC 'RFC2256: common name(s) for which the entity is known by'
+# SUP name )
+
+attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )
+ DESC 'RFC2256: last (family) name(s) for which the entity is known by'
+ SUP name )
+
+attributetype ( 2.5.4.5 NAME 'serialNumber'
+ DESC 'RFC2256: serial number of the entity'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
+
+# RFC 4519 definition ('countryName' in X.500 and RFC2256)
+attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
+ DESC 'RFC4519: two-letter ISO-3166 country code'
+ SUP name
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
+ SINGLE-VALUE )
+
+#attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
+# DESC 'RFC2256: ISO-3166 country 2-letter code'
+# SUP name SINGLE-VALUE )
+
+attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )
+ DESC 'RFC2256: locality which this object resides in'
+ SUP name )
+
+attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
+ DESC 'RFC2256: state or province which this object resides in'
+ SUP name )
+
+attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
+ DESC 'RFC2256: street address of this object'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' )
+ DESC 'RFC2256: organization this object belongs to'
+ SUP name )
+
+attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
+ DESC 'RFC2256: organizational unit this object belongs to'
+ SUP name )
+
+attributetype ( 2.5.4.12 NAME 'title'
+ DESC 'RFC2256: title associated with the entity'
+ SUP name )
+
+# system schema
+#attributetype ( 2.5.4.13 NAME 'description'
+# DESC 'RFC2256: descriptive information'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
+
+# Deprecated by enhancedSearchGuide
+attributetype ( 2.5.4.14 NAME 'searchGuide'
+ DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
+
+attributetype ( 2.5.4.15 NAME 'businessCategory'
+ DESC 'RFC2256: business category'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.16 NAME 'postalAddress'
+ DESC 'RFC2256: postal address'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attributetype ( 2.5.4.17 NAME 'postalCode'
+ DESC 'RFC2256: postal code'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+
+attributetype ( 2.5.4.18 NAME 'postOfficeBox'
+ DESC 'RFC2256: Post Office Box'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+
+attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
+ DESC 'RFC2256: Physical Delivery Office Name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.20 NAME 'telephoneNumber'
+ DESC 'RFC2256: Telephone Number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
+
+attributetype ( 2.5.4.21 NAME 'telexNumber'
+ DESC 'RFC2256: Telex Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
+
+attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
+ DESC 'RFC2256: Teletex Terminal Identifier'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
+
+attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
+ DESC 'RFC2256: Facsimile (Fax) Telephone Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
+
+attributetype ( 2.5.4.24 NAME 'x121Address'
+ DESC 'RFC2256: X.121 Address'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
+
+attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber'
+ DESC 'RFC2256: international ISDN number'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
+
+attributetype ( 2.5.4.26 NAME 'registeredAddress'
+ DESC 'RFC2256: registered postal address'
+ SUP postalAddress
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attributetype ( 2.5.4.27 NAME 'destinationIndicator'
+ DESC 'RFC2256: destination indicator'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
+
+attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'
+ DESC 'RFC2256: preferred delivery method'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
+ SINGLE-VALUE )
+
+attributetype ( 2.5.4.29 NAME 'presentationAddress'
+ DESC 'RFC2256: presentation address'
+ EQUALITY presentationAddressMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
+ SINGLE-VALUE )
+
+attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'
+ DESC 'RFC2256: supported application context'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+attributetype ( 2.5.4.31 NAME 'member'
+ DESC 'RFC2256: member of a group'
+ SUP distinguishedName )
+
+attributetype ( 2.5.4.32 NAME 'owner'
+ DESC 'RFC2256: owner (of the object)'
+ SUP distinguishedName )
+
+attributetype ( 2.5.4.33 NAME 'roleOccupant'
+ DESC 'RFC2256: occupant of role'
+ SUP distinguishedName )
+
+# system schema
+#attributetype ( 2.5.4.34 NAME 'seeAlso'
+# DESC 'RFC2256: DN of related object'
+# SUP distinguishedName )
+
+# system schema
+#attributetype ( 2.5.4.35 NAME 'userPassword'
+# DESC 'RFC2256/2307: password of user'
+# EQUALITY octetStringMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
+
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+attributetype ( 2.5.4.36 NAME 'userCertificate'
+ DESC 'RFC2256: X.509 user certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+attributetype ( 2.5.4.37 NAME 'cACertificate'
+ DESC 'RFC2256: X.509 CA certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.38 NAME 'authorityRevocationList'
+ DESC 'RFC2256: X.509 authority revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.39 NAME 'certificateRevocationList'
+ DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+# Must be stored and requested in the binary form
+attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
+ DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
+
+# system schema
+#attributetype ( 2.5.4.41 NAME 'name'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' )
+ DESC 'RFC2256: first name(s) for which the entity is known by'
+ SUP name )
+
+attributetype ( 2.5.4.43 NAME 'initials'
+ DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
+ SUP name )
+
+attributetype ( 2.5.4.44 NAME 'generationQualifier'
+ DESC 'RFC2256: name qualifier indicating a generation'
+ SUP name )
+
+attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'
+ DESC 'RFC2256: X.500 unique identifier'
+ EQUALITY bitStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
+
+attributetype ( 2.5.4.46 NAME 'dnQualifier'
+ DESC 'RFC2256: DN qualifier'
+ EQUALITY caseIgnoreMatch
+ ORDERING caseIgnoreOrderingMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+
+attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'
+ DESC 'RFC2256: enhanced search guide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
+
+attributetype ( 2.5.4.48 NAME 'protocolInformation'
+ DESC 'RFC2256: protocol information'
+ EQUALITY protocolInformationMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
+
+# system schema
+#attributetype ( 2.5.4.49 NAME 'distinguishedName'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.5.4.50 NAME 'uniqueMember'
+ DESC 'RFC2256: unique member of a group'
+ EQUALITY uniqueMemberMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
+
+attributetype ( 2.5.4.51 NAME 'houseIdentifier'
+ DESC 'RFC2256: house identifier'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.52 NAME 'supportedAlgorithms'
+ DESC 'RFC2256: supported algorithms'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.53 NAME 'deltaRevocationList'
+ DESC 'RFC2256: delta revocation list; use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+attributetype ( 2.5.4.54 NAME 'dmdName'
+ DESC 'RFC2256: name of DMD'
+ SUP name )
+
+attributetype ( 2.5.4.65 NAME 'pseudonym'
+ DESC 'X.520(4th): pseudonym for the object'
+ SUP name )
+
+# Standard object classes from RFC2256
+
+# system schema
+#objectclass ( 2.5.6.0 NAME 'top'
+# DESC 'RFC2256: top of the superclass chain'
+# ABSTRACT
+# MUST objectClass )
+
+# system schema
+#objectclass ( 2.5.6.1 NAME 'alias'
+# DESC 'RFC2256: an alias'
+# SUP top STRUCTURAL
+# MUST aliasedObjectName )
+
+objectclass ( 2.5.6.2 NAME 'country'
+ DESC 'RFC2256: a country'
+ SUP top STRUCTURAL
+ MUST c
+ MAY ( searchGuide $ description ) )
+
+objectclass ( 2.5.6.3 NAME 'locality'
+ DESC 'RFC2256: a locality'
+ SUP top STRUCTURAL
+ MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
+
+objectclass ( 2.5.6.4 NAME 'organization'
+ DESC 'RFC2256: an organization'
+ SUP top STRUCTURAL
+ MUST o
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+objectclass ( 2.5.6.5 NAME 'organizationalUnit'
+ DESC 'RFC2256: an organizational unit'
+ SUP top STRUCTURAL
+ MUST ou
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+objectclass ( 2.5.6.6 NAME 'person'
+ DESC 'RFC2256: a person'
+ SUP top STRUCTURAL
+ MUST ( sn $ cn )
+ MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
+
+objectclass ( 2.5.6.7 NAME 'organizationalPerson'
+ DESC 'RFC2256: an organizational person'
+ SUP person STRUCTURAL
+ MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
+
+objectclass ( 2.5.6.8 NAME 'organizationalRole'
+ DESC 'RFC2256: an organizational role'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
+
+objectclass ( 2.5.6.9 NAME 'groupOfNames'
+ DESC 'RFC2256: a group of names (DNs)'
+ SUP top STRUCTURAL
+ MUST ( member $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+objectclass ( 2.5.6.10 NAME 'residentialPerson'
+ DESC 'RFC2256: an residential person'
+ SUP person STRUCTURAL
+ MUST l
+ MAY ( businessCategory $ x121Address $ registeredAddress $
+ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
+ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l ) )
+
+objectclass ( 2.5.6.11 NAME 'applicationProcess'
+ DESC 'RFC2256: an application process'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( seeAlso $ ou $ l $ description ) )
+
+objectclass ( 2.5.6.12 NAME 'applicationEntity'
+ DESC 'RFC2256: an application entity'
+ SUP top STRUCTURAL
+ MUST ( presentationAddress $ cn )
+ MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
+ description ) )
+
+objectclass ( 2.5.6.13 NAME 'dSA'
+ DESC 'RFC2256: a directory system agent (a server)'
+ SUP applicationEntity STRUCTURAL
+ MAY knowledgeInformation )
+
+objectclass ( 2.5.6.14 NAME 'device'
+ DESC 'RFC2256: a device'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
+
+objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser'
+ DESC 'RFC2256: a strong authentication user'
+ SUP top AUXILIARY
+ MUST userCertificate )
+
+objectclass ( 2.5.6.16 NAME 'certificationAuthority'
+ DESC 'RFC2256: a certificate authority'
+ SUP top AUXILIARY
+ MUST ( authorityRevocationList $ certificateRevocationList $
+ cACertificate ) MAY crossCertificatePair )
+
+objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
+ DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
+ SUP top STRUCTURAL
+ MUST ( uniqueMember $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+objectclass ( 2.5.6.18 NAME 'userSecurityInformation'
+ DESC 'RFC2256: a user security information'
+ SUP top AUXILIARY
+ MAY ( supportedAlgorithms ) )
+
+objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
+ SUP certificationAuthority
+ AUXILIARY MAY ( deltaRevocationList ) )
+
+objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'
+ SUP top STRUCTURAL
+ MUST ( cn )
+ MAY ( certificateRevocationList $ authorityRevocationList $
+ deltaRevocationList ) )
+
+objectclass ( 2.5.6.20 NAME 'dmd'
+ SUP top STRUCTURAL
+ MUST ( dmdName )
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ street $ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+#
+# Object Classes from RFC 2587
+#
+objectclass ( 2.5.6.21 NAME 'pkiUser'
+ DESC 'RFC2587: a PKI user'
+ SUP top AUXILIARY
+ MAY userCertificate )
+
+objectclass ( 2.5.6.22 NAME 'pkiCA'
+ DESC 'RFC2587: PKI certificate authority'
+ SUP top AUXILIARY
+ MAY ( authorityRevocationList $ certificateRevocationList $
+ cACertificate $ crossCertificatePair ) )
+
+objectclass ( 2.5.6.23 NAME 'deltaCRL'
+ DESC 'RFC2587: PKI user'
+ SUP top AUXILIARY
+ MAY deltaRevocationList )
+
+#
+# Standard Track URI label schema from RFC 2079
+# system schema
+#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
+# DESC 'RFC2079: Uniform Resource Identifier with optional label'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
+ DESC 'RFC2079: object that contains the URI attribute type'
+ SUP top AUXILIARY
+ MAY ( labeledURI ) )
+
+#
+# Derived from RFC 1274, but with new "short names"
+#
+#attributetype ( 0.9.2342.19200300.100.1.1
+# NAME ( 'uid' 'userid' )
+# DESC 'RFC1274: user identifier'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.3
+ NAME ( 'mail' 'rfc822Mailbox' )
+ DESC 'RFC1274: RFC822 Mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+ DESC 'RFC1274: simple security object'
+ SUP top AUXILIARY
+ MUST userPassword )
+
+# RFC 1274 + RFC 2247
+attributetype ( 0.9.2342.19200300.100.1.25
+ NAME ( 'dc' 'domainComponent' )
+ DESC 'RFC1274/2247: domain component'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+# RFC 2247
+objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
+ DESC 'RFC2247: domain component object'
+ SUP top AUXILIARY MUST dc )
+
+# RFC 2377
+objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
+ DESC 'RFC2377: uid object'
+ SUP top AUXILIARY MUST uid )
+
+# RFC 4524
+# The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181]
+# host names [RFC1123] that are associated with an object. That is,
+# values of this attribute should conform to the following ABNF:
+#
+# domain = root / label *( DOT label )
+# root = SPACE
+# label = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ]
+# LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z"
+# SPACE = %x20 ; space (" ")
+# HYPHEN = %x2D ; hyphen ("-")
+# DOT = %x2E ; period (".")
+attributetype ( 0.9.2342.19200300.100.1.37
+ NAME 'associatedDomain'
+ DESC 'RFC1274: domain associated with object'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
+attributetype ( 1.2.840.113549.1.9.1
+ NAME ( 'email' 'emailAddress' 'pkcs9email' )
+ DESC 'RFC3280: legacy attribute for email addresses in DNs'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
diff --git a/ldap/data/ldap_conf/schema/cosine.ldif b/ldap/data/ldap_conf/schema/cosine.ldif
new file mode 100644
index 0000000..d207111
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/cosine.ldif
@@ -0,0 +1,200 @@
+# RFC1274: Cosine and Internet X.500 schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# RFC1274: Cosine and Internet X.500 schema
+#
+# This file contains LDAPv3 schema derived from X.500 COSINE "pilot"
+# schema. As this schema was defined for X.500(89), some
+# oddities were introduced in the mapping to LDAPv3. The
+# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt
+# (a work in progress)
+#
+# Note: It seems that the pilot schema evolved beyond what was
+# described in RFC1274. However, this document attempts to describes
+# RFC1274 as published.
+#
+# Depends on core.ldif
+#
+# This file was automatically generated from cosine.schema; see that
+# file for complete background.
+#
+dn: cn=cosine,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: cosine
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
+ EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.
+ 1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: g
+ eneral information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDri
+ nk' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgno
+ reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1
+ 274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S
+ YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274:
+ photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC12
+ 74: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat
+ ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: h
+ ost computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA
+ X 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC127
+ 4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115
+ .121.1.12 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' D
+ ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR
+ caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC '
+ RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri
+ ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DES
+ C 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu
+ bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC
+ 'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1
+ .3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DE
+ SC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR c
+ aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTe
+ lephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumb
+ erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121
+ .1.50 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC
+ 1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146
+ 6.115.121.1.12 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX
+ 1.3.6.1.4.1.1466.115.121.1.39 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY ca
+ seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY c
+ aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY c
+ aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY c
+ aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY
+ caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALIT
+ Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC
+ 'RFC1274: DN of entry associated with domain' EQUALITY distinguishedNameMatc
+ h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' D
+ ESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIg
+ noreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC
+ 'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring
+ sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTel
+ ephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNum
+ berMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
+ 1.1.50 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelep
+ honeNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumber
+ Match SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
+ .50 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCount
+ ryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBS
+ TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DE
+ SC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14
+ 66.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus
+ ' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseI
+ gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC '
+ RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst
+ ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption
+ ' DESC 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC '
+ RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin
+ gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RF
+ C1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
+ DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SIN
+ GLE-VALUE )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQualit
+ y' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 13 SINGLE-VALUE )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQualit
+ y' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 13 SINGLE-VALUE )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' D
+ ESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 23 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'R
+ FC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466
+ .115.121.1.12 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274
+ : audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' D
+ ESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgno
+ reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPilo
+ tPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rfc822
+ Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $ hom
+ ePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ busine
+ ssCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelep
+ honeNumber $ organizationalStatus $ mailPreferenceOption $ personalSignature
+ ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCT
+ URAL MUST userid MAY ( description $ seeAlso $ localityName $ organizationNam
+ e $ organizationalUnitName $ host ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUC
+ TURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $ loca
+ lityName $ organizationName $ organizationalUnitName $ documentTitle $ docume
+ ntVersion $ documentAuthor $ documentLocation $ documentPublisher ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURA
+ L MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNumber
+ ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top
+ STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber $ l
+ ocalityName $ organizationName $ organizationalUnitName ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCT
+ URAL MUST domainComponent MAY ( associatedName $ organizationName $ descripti
+ on $ businessCategory $ seeAlso $ searchGuide $ userPassword $ localityName $
+ stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ postalAdd
+ ress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber
+ $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ tel
+ exNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress
+ $ x121Address ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP d
+ omain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ telepho
+ neNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOffi
+ ceBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $
+ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDelivery
+ Method $ destinationIndicator $ registeredAddress $ x121Address ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domain
+ STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAME
+ Record ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' D
+ ESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST associat
+ edDomain )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP c
+ ountry STRUCTURAL MUST friendlyCountryName )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' SU
+ P ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa STR
+ UCTURAL MAY dSAQuality )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
+ SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximu
+ mQuality ) )
diff --git a/ldap/data/ldap_conf/schema/cosine.schema b/ldap/data/ldap_conf/schema/cosine.schema
new file mode 100644
index 0000000..a0f5ae2
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/cosine.schema
@@ -0,0 +1,404 @@
+# RFC1274: Cosine and Internet X.500 schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.schema,v 1.19.2.5 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+# RFC1274: Cosine and Internet X.500 schema
+#
+# This file contains LDAPv3 schema derived from X.500 COSINE "pilot"
+# schema. As this schema was defined for X.500(89), some
+# oddities were introduced in the mapping to LDAPv3. The
+# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt
+# (a work in progress)
+#
+# Note: It seems that the pilot schema evolved beyond what was
+# described in RFC1274. However, this document attempts to describes
+# RFC1274 as published.
+#
+# Depends on core.schema
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 1274, at (among other
+# places): http://www.ietf.org/rfc/rfc1274.txt
+
+#(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' )
+## EQUALITY caseIgnoreMatch
+## SUBSTR caseIgnoreSubstringsMatch
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+#(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' )
+## EQUALITY caseIgnoreIA5Match
+## SUBSTR caseIgnoreIA5SubstringsMatch
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info'
+ DESC 'RFC1274: general information'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
+
+attributetype ( 0.9.2342.19200300.100.1.5
+ NAME ( 'drink' 'favouriteDrink' )
+ DESC 'RFC1274: favorite drink'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber'
+ DESC 'RFC1274: room number'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo'
+ DESC 'RFC1274: photo (G3 fax)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
+
+attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
+ DESC 'RFC1274: category of user'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host'
+ DESC 'RFC1274: host computer'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager'
+ DESC 'RFC1274: DN of manager'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
+ DESC 'RFC1274: unique identifier of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
+ DESC 'RFC1274: title of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
+ DESC 'RFC1274: version of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
+ DESC 'RFC1274: DN of author of document'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
+ DESC 'RFC1274: location of document original'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.20
+ NAME ( 'homePhone' 'homeTelephoneNumber' )
+ DESC 'RFC1274: home telephone number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary'
+ DESC 'RFC1274: DN of secretary'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )
+
+## Deprecated in favor of modifyTimeStamp
+#attributetype ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime'
+# DESC 'RFC1274: time of last modify, replaced by modifyTimestamp'
+# OBSOLETE
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
+# USAGE directoryOperation )
+
+## Deprecated in favor of modifiersName
+#attributetype ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy'
+# DESC 'RFC1274: last modifier, replaced by modifiersName'
+# OBSOLETE
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+# USAGE directoryOperation )
+
+##(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' )
+## EQUALITY caseIgnoreIA5Match
+## SUBSTR caseIgnoreIA5SubstringsMatch
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+## incorrect syntax?
+attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## missing from RFC1274
+## incorrect syntax?
+attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+#attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
+# EQUALITY caseIgnoreIA5Match
+# SUBSTR caseIgnoreIA5SubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
+ DESC 'RFC1274: DN of entry associated with domain'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress'
+ DESC 'RFC1274: home postal address'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
+ DESC 'RFC1274: personal title'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.41
+ NAME ( 'mobile' 'mobileTelephoneNumber' )
+ DESC 'RFC1274: mobile telephone number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+attributetype ( 0.9.2342.19200300.100.1.42
+ NAME ( 'pager' 'pagerTelephoneNumber' )
+ DESC 'RFC1274: pager telephone number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+attributetype ( 0.9.2342.19200300.100.1.43
+ NAME ( 'co' 'friendlyCountryName' )
+ DESC 'RFC1274: friendly country name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
+ DESC 'RFC1274: unique identifer'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus'
+ DESC 'RFC1274: organizational status'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox'
+ DESC 'RFC1274: Janet mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.47
+ NAME 'mailPreferenceOption'
+ DESC 'RFC1274: mail preference option'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
+ DESC 'RFC1274: name of building'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality'
+ DESC 'RFC1274: DSA Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
+
+attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
+ DESC 'RFC1274: Single Level Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality'
+ DESC 'RFC1274: Subtree Mininum Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality'
+ DESC 'RFC1274: Subtree Maximun Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature'
+ DESC 'RFC1274: Personal Signature (G3 fax)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 )
+
+attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect'
+ DESC 'RFC1274: DIT Redirect'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio'
+ DESC 'RFC1274: audio (u-law)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
+
+attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
+ DESC 'RFC1274: publisher of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+#objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject'
+# DESC 'RFC1274: pilot object'
+# SUP top AUXILIARY
+# MAY ( info $ photo $ manager $ uniqueIdentifier $
+# lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio )
+# )
+
+objectclass ( 0.9.2342.19200300.100.4.4
+ NAME ( 'pilotPerson' 'newPilotPerson' )
+ SUP person STRUCTURAL
+ MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $
+ favouriteDrink $ roomNumber $ userClass $
+ homeTelephoneNumber $ homePostalAddress $ secretary $
+ personalTitle $ preferredDeliveryMethod $ businessCategory $
+ janetMailbox $ otherMailbox $ mobileTelephoneNumber $
+ pagerTelephoneNumber $ organizationalStatus $
+ mailPreferenceOption $ personalSignature )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account'
+ SUP top STRUCTURAL
+ MUST userid
+ MAY ( description $ seeAlso $ localityName $
+ organizationName $ organizationalUnitName $ host )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document'
+ SUP top STRUCTURAL
+ MUST documentIdentifier
+ MAY ( commonName $ description $ seeAlso $ localityName $
+ organizationName $ organizationalUnitName $
+ documentTitle $ documentVersion $ documentAuthor $
+ documentLocation $ documentPublisher )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room'
+ SUP top STRUCTURAL
+ MUST commonName
+ MAY ( roomNumber $ description $ seeAlso $ telephoneNumber )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries'
+ SUP top STRUCTURAL
+ MUST commonName
+ MAY ( description $ seeAlso $ telephonenumber $
+ localityName $ organizationName $ organizationalUnitName )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain'
+ SUP top STRUCTURAL
+ MUST domainComponent
+ MAY ( associatedName $ organizationName $ description $
+ businessCategory $ seeAlso $ searchGuide $ userPassword $
+ localityName $ stateOrProvinceName $ streetAddress $
+ physicalDeliveryOfficeName $ postalAddress $ postalCode $
+ postOfficeBox $ streetAddress $
+ facsimileTelephoneNumber $ internationalISDNNumber $
+ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $
+ preferredDeliveryMethod $ destinationIndicator $
+ registeredAddress $ x121Address )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart'
+ SUP domain STRUCTURAL
+ MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $
+ physicalDeliveryOfficeName $ postalAddress $ postalCode $
+ postOfficeBox $ streetAddress $
+ facsimileTelephoneNumber $ internationalISDNNumber $
+ telephoneNumber $ teletexTerminalIdentifier $
+ telexNumber $ preferredDeliveryMethod $ destinationIndicator $
+ registeredAddress $ x121Address )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain'
+ SUP domain STRUCTURAL
+ MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $
+ SOARecord $ CNAMERecord )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
+ DESC 'RFC1274: an object related to an domain'
+ SUP top AUXILIARY
+ MUST associatedDomain )
+
+objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry'
+ SUP country STRUCTURAL
+ MUST friendlyCountryName )
+
+## (in core.schema)
+## objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+## SUP top AUXILIARY
+## MUST userPassword )
+
+objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
+ SUP ( organization $ organizationalUnit ) STRUCTURAL
+ MAY buildingName )
+
+objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA'
+ SUP dsa STRUCTURAL
+ MAY dSAQuality )
+
+objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
+ SUP top AUXILIARY
+ MUST dsaQuality
+ MAY ( subtreeMinimumQuality $ subtreeMaximumQuality )
+ )
diff --git a/ldap/data/ldap_conf/schema/duaconf.ldif b/ldap/data/ldap_conf/schema/duaconf.ldif
new file mode 100644
index 0000000..aae45c7
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/duaconf.ldif
@@ -0,0 +1,83 @@
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# DUA schema from draft-joslin-config-schema (a work in progress)
+#
+# This file was automatically generated from duaconf.schema; see that file
+# for complete references.
+#
+dn: cn=duaconf,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: duaconf
+olcObjectIdentifier: {0}DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1
+olcAttributeTypes: {0}( DUAConfSchemaOID:1.0 NAME 'defaultServerList' DESC 'De
+ fault LDAP server host address used by a DUA' EQUALITY caseIgnoreMatch SYNTAX
+ 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: {1}( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase' DESC 'De
+ fault LDAP base DN used by a DUA' EQUALITY distinguishedNameMatch SYNTAX 1.3.
+ 6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+olcAttributeTypes: {2}( DUAConfSchemaOID:1.2 NAME 'preferredServerList' DESC '
+ Preferred LDAP server host addresses to be used by a DUA' EQUALITY
+ caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: {3}( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit' DESC 'Maxi
+ mum time in seconds a DUA should allow for a search to complete' E
+ QUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {4}( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit' DESC 'Maximu
+ m time in seconds a DUA should allow for the bind operation to com
+ plete' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALU
+ E )
+olcAttributeTypes: {5}( DUAConfSchemaOID:1.5 NAME 'followReferrals' DESC 'Tell
+ s DUA if it should follow referrals returned by a DSA search resul
+ t' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {6}( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases' DESC '
+ Tells DUA if it should dereference aliases' EQUALITY booleanMatch SYNTAX 1.3.
+ 6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {7}( DUAConfSchemaOID:1.6 NAME 'authenticationMethod' DESC
+ 'A keystring which identifies the type of authentication method us
+ ed to contact the DSA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.1
+ 21.1.15 SINGLE-VALUE )
+olcAttributeTypes: {8}( DUAConfSchemaOID:1.7 NAME 'profileTTL' DESC 'Time to l
+ ive, in seconds, before a client DUA should re-read this configura
+ tion profile' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING
+ LE-VALUE )
+olcAttributeTypes: {9}( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor' D
+ ESC 'LDAP search descriptor list used by a DUA' EQUALITY caseExactMatch SYNTA
+ X 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: {10}( DUAConfSchemaOID:1.9 NAME 'attributeMap' DESC 'Attrib
+ ute mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.14
+ 66.115.121.1.26 )
+olcAttributeTypes: {11}( DUAConfSchemaOID:1.10 NAME 'credentialLevel' DESC 'Id
+ entifies type of credentials a DUA should use when binding to the
+ LDAP server' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+olcAttributeTypes: {12}( DUAConfSchemaOID:1.11 NAME 'objectclassMap' DESC 'Obj
+ ectclass mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4
+ .1.1466.115.121.1.26 )
+olcAttributeTypes: {13}( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope' DESC
+ 'Default search scope used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6
+ .1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {14}( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel' D
+ ESC 'Identifies type of credentials a DUA should use when binding
+ to the LDAP server for a specific service' EQUALITY caseIgnoreIA5M
+ atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {15}( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMeth
+ od' DESC 'Authentication method used by a service of the DUA' EQUALITY caseIg
+ noreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcObjectClasses: {0}( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile' DESC 'Abst
+ raction of a base configuration for a DUA' SUP top STRUCTURAL MUST cn MAY ( d
+ efaultServerList $ preferredServerList $ defaultSearchBase $ defaultSearchSco
+ pe $ searchTimeLimit $ bindTimeLimit $ credentialLevel $ authenticationMethod
+ $ followReferrals $ dereferenceAliases $ serviceSearchDescriptor $ serviceCr
+ edentialLevel $ serviceAuthenticationMethod $ objectclassMap $ attributeMap $
+ profileTTL ) )
diff --git a/ldap/data/ldap_conf/schema/duaconf.schema b/ldap/data/ldap_conf/schema/duaconf.schema
new file mode 100644
index 0000000..8c1683f
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/duaconf.schema
@@ -0,0 +1,153 @@
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+# DUA schema from draft-joslin-config-schema (a work in progress)
+
+# Contents of this file are subject to change (including deletion)
+# without notice.
+#
+# Not recommended for production use!
+# Use with extreme caution!
+
+## Notes:
+## - The matching rule for attributes followReferrals and dereferenceAliases
+## has been changed to booleanMatch since their syntax is boolean
+## - There was a typo in the name of the dereferenceAliases attributeType
+## in the DUAConfigProfile objectClass definition
+## - Credit goes to the original Authors
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF Internet-Draft explaining the schema.
+# Unfortunately, that text is covered by a license that doesn't meet
+# Debian's Free Software Guidelines. This is a stripped version of the
+# schema that contains only the functional schema definition, not the text
+# of the Internet-Draft.
+#
+# For an explanation of this schema, see
+# draft-joslin-config-schema-07.txt.
+
+objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1
+
+attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList'
+ DESC 'Default LDAP server host address used by a DUA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase'
+ DESC 'Default LDAP base DN used by a DUA'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList'
+ DESC 'Preferred LDAP server host addresses to be used by a
+ DUA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit'
+ DESC 'Maximum time in seconds a DUA should allow for a
+ search to complete'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit'
+ DESC 'Maximum time in seconds a DUA should allow for the
+ bind operation to complete'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals'
+ DESC 'Tells DUA if it should follow referrals
+ returned by a DSA search result'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases'
+ DESC 'Tells DUA if it should dereference aliases'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod'
+ DESC 'A keystring which identifies the type of
+ authentication method used to contact the DSA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL'
+ DESC 'Time to live, in seconds, before a client DUA
+ should re-read this configuration profile'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor'
+ DESC 'LDAP search descriptor list used by a DUA'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap'
+ DESC 'Attribute mappings used by a DUA'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel'
+ DESC 'Identifies type of credentials a DUA should
+ use when binding to the LDAP server'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap'
+ DESC 'Objectclass mappings used by a DUA'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope'
+ DESC 'Default search scope used by a DUA'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel'
+ DESC 'Identifies type of credentials a DUA
+ should use when binding to the LDAP server for a
+ specific service'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod'
+ DESC 'Authentication method used by a service of the DUA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile'
+ SUP top STRUCTURAL
+ DESC 'Abstraction of a base configuration for a DUA'
+ MUST ( cn )
+ MAY ( defaultServerList $ preferredServerList $
+ defaultSearchBase $ defaultSearchScope $
+ searchTimeLimit $ bindTimeLimit $
+ credentialLevel $ authenticationMethod $
+ followReferrals $ dereferenceAliases $
+ serviceSearchDescriptor $ serviceCredentialLevel $
+ serviceAuthenticationMethod $ objectclassMap $
+ attributeMap $ profileTTL ) )
diff --git a/ldap/data/ldap_conf/schema/dyngroup.ldif b/ldap/data/ldap_conf/schema/dyngroup.ldif
new file mode 100644
index 0000000..1f7070d
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/dyngroup.ldif
@@ -0,0 +1,71 @@
+# dyngroup.schema -- Dynamic Group schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Dynamic Group schema (experimental), as defined by Netscape. See
+# http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf
+# page 70 for details on how these groups were used.
+#
+# A description of the objectclass definition is available here:
+# http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745
+#
+# depends upon:
+# core.schema
+#
+# These definitions are considered experimental due to the lack of
+# a formal specification (e.g., RFC).
+#
+# NOT RECOMMENDED FOR PRODUCTION USE! USE WITH CAUTION!
+#
+# The Netscape documentation describes this as an auxiliary objectclass
+# but their implementations have always defined it as a structural class.
+# The sloppiness here is because Netscape-derived servers don't actually
+# implement the X.500 data model, and they don't honor the distinction
+# between structural and auxiliary classes. This fact is noted here:
+# http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636
+#
+# In accordance with other existing implementations, we define it as a
+# structural class.
+#
+# Our definition of memberURL also does not match theirs but again
+# their published definition and what works in practice do not agree.
+# In other words, the Netscape definitions are broken and interoperability
+# is not guaranteed.
+#
+# Also see the new DynGroup proposed spec at
+# http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02
+dn: cn=dyngroup,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: dyngroup
+olcObjectIdentifier: {0}NetscapeRoot 2.16.840.1.113730
+olcObjectIdentifier: {1}NetscapeLDAP NetscapeRoot:3
+olcObjectIdentifier: {2}NetscapeLDAPattributeType NetscapeLDAP:1
+olcObjectIdentifier: {3}NetscapeLDAPobjectClass NetscapeLDAP:2
+olcObjectIdentifier: {4}OpenLDAPExp11 1.3.6.1.4.1.4203.666.11
+olcObjectIdentifier: {5}DynGroupBase OpenLDAPExp11:8
+olcObjectIdentifier: {6}DynGroupAttr DynGroupBase:1
+olcObjectIdentifier: {7}DynGroupOC DynGroupBase:2
+olcAttributeTypes: {0}( NetscapeLDAPattributeType:198 NAME 'memberURL' DESC 'I
+ dentifies an URL associated with each member of a group. Any type of labeled
+ URL can be used.' SUP labeledURI )
+olcAttributeTypes: {1}( DynGroupAttr:1 NAME 'dgIdentity' DESC 'Identity to use
+ when processing the memberURL' SUP distinguishedName SINGLE-VALUE )
+olcAttributeTypes: {2}( DynGroupAttr:2 NAME 'dgAuthz' DESC 'Optional authoriza
+ tion rules that determine who is allowed to assume the dgIdentity' EQUALITY a
+ uthzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 X-ORDERED 'VALUES' )
+olcObjectClasses: {0}( NetscapeLDAPobjectClass:33 NAME 'groupOfURLs' SUP top S
+ TRUCTURAL MUST cn MAY ( memberURL $ businessCategory $ description $ o $ ou $
+ owner $ seeAlso ) )
+olcObjectClasses: {1}( DynGroupOC:1 NAME 'dgIdentityAux' SUP top AUXILIARY MAY
+ ( dgIdentity $ dgAuthz ) )
diff --git a/ldap/data/ldap_conf/schema/dyngroup.schema b/ldap/data/ldap_conf/schema/dyngroup.schema
new file mode 100644
index 0000000..ab8e6a0
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/dyngroup.schema
@@ -0,0 +1,91 @@
+# dyngroup.schema -- Dynamic Group schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Dynamic Group schema (experimental), as defined by Netscape. See
+# http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf
+# page 70 for details on how these groups were used.
+#
+# A description of the objectclass definition is available here:
+# http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745
+#
+# depends upon:
+# core.schema
+#
+# These definitions are considered experimental due to the lack of
+# a formal specification (e.g., RFC).
+#
+# NOT RECOMMENDED FOR PRODUCTION USE! USE WITH CAUTION!
+#
+# The Netscape documentation describes this as an auxiliary objectclass
+# but their implementations have always defined it as a structural class.
+# The sloppiness here is because Netscape-derived servers don't actually
+# implement the X.500 data model, and they don't honor the distinction
+# between structural and auxiliary classes. This fact is noted here:
+# http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636
+#
+# In accordance with other existing implementations, we define it as a
+# structural class.
+#
+# Our definition of memberURL also does not match theirs but again
+# their published definition and what works in practice do not agree.
+# In other words, the Netscape definitions are broken and interoperability
+# is not guaranteed.
+#
+# Also see the new DynGroup proposed spec at
+# http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02
+
+objectIdentifier NetscapeRoot 2.16.840.1.113730
+
+objectIdentifier NetscapeLDAP NetscapeRoot:3
+objectIdentifier NetscapeLDAPattributeType NetscapeLDAP:1
+objectIdentifier NetscapeLDAPobjectClass NetscapeLDAP:2
+
+objectIdentifier OpenLDAPExp11 1.3.6.1.4.1.4203.666.11
+objectIdentifier DynGroupBase OpenLDAPExp11:8
+objectIdentifier DynGroupAttr DynGroupBase:1
+objectIdentifier DynGroupOC DynGroupBase:2
+
+attributetype ( NetscapeLDAPattributeType:198
+ NAME 'memberURL'
+ DESC 'Identifies an URL associated with each member of a group. Any type of labeled URL can be used.'
+ SUP labeledURI )
+
+attributetype ( DynGroupAttr:1
+ NAME 'dgIdentity'
+ DESC 'Identity to use when processing the memberURL'
+ SUP distinguishedName SINGLE-VALUE )
+
+attributeType ( DynGroupAttr:2
+ NAME 'dgAuthz'
+ DESC 'Optional authorization rules that determine who is allowed to assume the dgIdentity'
+ EQUALITY authzMatch
+ SYNTAX 1.3.6.1.4.1.4203.666.2.7
+ X-ORDERED 'VALUES' )
+
+objectClass ( NetscapeLDAPobjectClass:33
+ NAME 'groupOfURLs'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( memberURL $ businessCategory $ description $ o $ ou $
+ owner $ seeAlso ) )
+
+# The Haripriya dyngroup schema still needs a lot of work.
+# We're just adding support for the dgIdentity attribute for now...
+objectClass ( DynGroupOC:1
+ NAME 'dgIdentityAux'
+ SUP top AUXILIARY
+ MAY ( dgIdentity $ dgAuthz ) )
+
+
diff --git a/ldap/data/ldap_conf/schema/fusiondirectory/core-fd-conf.schema b/ldap/data/ldap_conf/schema/fusiondirectory/core-fd-conf.schema
new file mode 100644
index 0000000..0db3f0f
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/fusiondirectory/core-fd-conf.schema
@@ -0,0 +1,562 @@
+##
+## fusiondirectory-conf.schema - Needed by FusionDirectory for its configuration
+##
+
+#~ ldapTLS="true"
+
+# Attributes
+
+# Schema setup
+
+attributetype ( 1.3.6.1.4.1.38414.8.10.1 NAME 'fdRfc2307bis'
+ DESC 'FusionDirectory - rfc2307bis'
+ OBSOLETE
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.10.2 NAME 'fdSchemaCheck'
+ DESC 'FusionDirectory - Schema check'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+# Look n feel
+
+attributetype ( 1.3.6.1.4.1.38414.8.11.1 NAME 'fdLanguage'
+ DESC 'FusionDirectory - language'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.11.2 NAME 'fdTheme'
+ DESC 'FusionDirectory - theme'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.11.3 NAME 'fdTimezone'
+ DESC 'FusionDirectory - timezone'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+# People and group storage
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.1 NAME 'fdAccountPrimaryAttribute'
+ DESC 'FusionDirectory - attribute that should be used in user dn'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.2 NAME 'fdAccountRDN'
+ DESC 'FusionDirectory - use a placeholder pattern for generating account RDNs'
+ OBSOLETE
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.3 NAME 'fdNextIdHook'
+ DESC 'FusionDirectory - A script to be called for finding the next free id for users or groups'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.4 NAME 'fdIdGenerator'
+ DESC 'FusionDirectory - An automatic way to generate new user ids'
+ OBSOLETE
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.5 NAME 'fdPersonalTitleInDN'
+ OBSOLETE
+ DESC 'FusionDirectory - Personal title in dn'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.6 NAME 'fdStrictNamingRules'
+ DESC 'FusionDirectory - Strict naming rules'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.7 NAME 'fdMinId'
+ DESC 'FusionDirectory - minimum user id'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.8 NAME 'fdUidNumberBase'
+ DESC 'FusionDirectory - uid number base'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.9 NAME 'fdGidNumberBase'
+ DESC 'FusionDirectory - gid number base'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.10 NAME 'fdUserRDN'
+ DESC 'FusionDirectory - User RDN'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.11 NAME 'fdGroupRDN'
+ DESC 'FusionDirectory - Group RDN'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.12 NAME 'fdIdAllocationMethod'
+ DESC 'FusionDirectory - id allocation method traditional/pool'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.13 NAME 'fdGidNumberPoolMin'
+ DESC 'FusionDirectory - pool gid number min'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.14 NAME 'fdUidNumberPoolMin'
+ DESC 'FusionDirectory - pool uid number min'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.15 NAME 'fdGidNumberPoolMax'
+ DESC 'FusionDirectory - pool gid number max'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.16 NAME 'fdUidNumberPoolMax'
+ DESC 'FusionDirectory - pool uid number max'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.17 NAME 'fdAclRoleRDN'
+ DESC 'FusionDirectory - ACL role RDN'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.18 NAME 'fdCnPattern'
+ DESC 'FusionDirectory - Common Name pattern'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+# Password
+
+attributetype ( 1.3.6.1.4.1.38414.8.13.1 NAME 'fdPasswordDefaultHash'
+ DESC 'FusionDirectory - Password default hash'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.13.2 NAME 'fdPasswordMinLength'
+ DESC 'FusionDirectory - Password min length'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.13.3 NAME 'fdPasswordMinDiffer'
+ DESC 'FusionDirectory - password min differ'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.13.4 NAME 'fdPasswordHook'
+ DESC 'FusionDirectory - Password hook (external command)'
+ OBSOLETE
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.13.5 NAME 'fdHandleExpiredAccounts'
+ DESC 'FusionDirectory - Handle expired accounts'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.13.6 NAME 'fdSaslRealm'
+ DESC 'FusionDirectory - SASL Realm'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.13.7 NAME 'fdSaslExop'
+ DESC 'FusionDirectory - SASL Exop'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.13.8 NAME 'fdForcePasswordDefaultHash'
+ DESC 'FusionDirectory - Force password default hash'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+# Core settings
+
+attributetype ( 1.3.6.1.4.1.38414.8.14.1 NAME 'fdPrimaryGroupFilter'
+ DESC 'FusionDirectory - Primary group filter'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.14.2 NAME 'fdListSummary'
+ DESC 'FusionDirectory - Show list summary'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.14.4 NAME 'fdModificationDetectionAttribute'
+ DESC 'FusionDirectory - Modification detection attribute'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.14.5 NAME 'fdCopyPaste'
+ DESC 'FusionDirectory - (de)Activate copy/paste'
+ OBSOLETE
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.14.6 NAME 'fdLogging'
+ DESC 'FusionDirectory - Logging'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.14.7 NAME 'fdLdapSizeLimit'
+ DESC 'FusionDirectory - LDAP size limit'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE)
+
+# Login and session
+
+attributetype ( 1.3.6.1.4.1.38414.8.15.1 NAME 'fdLoginAttribute'
+ DESC 'FusionDirectory attribute that will be used for login'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.15.2 NAME 'fdForceSSL'
+ DESC 'FusionDirectory - Force SSL'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.15.3 NAME 'fdWarnSSL'
+ DESC 'FusionDirectory - Warn user when SSL is not used'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.15.4 NAME 'fdStoreFilterSettings'
+ DESC 'FusionDirectory - Store filter settings'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.15.5 NAME 'fdSessionLifeTime'
+ DESC 'FusionDirectory - Session life time in seconds'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE)
+
+# Debugging
+
+attributetype ( 1.3.6.1.4.1.38414.8.16.1 NAME 'fdDisplayErrors'
+ DESC 'FusionDirectory - Weither or not to display errors'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.16.2 NAME 'fdLdapMaxQueryTime'
+ DESC 'FusionDirectory - Maximum LDAP query time'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.16.3 NAME 'fdLdapStats'
+ DESC 'FusionDirectory - Weither or not to activate ldap stats'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.16.4 NAME 'fdDebugLevel'
+ DESC 'FusionDirectory - Debug level'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE)
+
+# Snapshots
+
+attributetype ( 1.3.6.1.4.1.38414.8.17.1 NAME 'fdEnableSnapshots'
+ DESC 'FusionDirectory - Weither or not to enable snapshots'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.17.2 NAME 'fdSnapshotBase'
+ DESC 'FusionDirectory - Snaphost base'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.17.3 NAME 'fdSnapshotURI'
+ DESC 'FusionDirectory - Snaphost URI'
+ OBSOLETE
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.17.4 NAME 'fdSnapshotAdminDn'
+ DESC 'FusionDirectory - Snaphost admin dn'
+ OBSOLETE
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.17.5 NAME 'fdSnapshotAdminPassword'
+ DESC 'FusionDirectory - Snaphost admin password'
+ OBSOLETE
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+# Miscellaneous
+
+attributetype ( 1.3.6.1.4.1.38414.8.18.2 NAME 'fdTabHook'
+ DESC 'FusionDirectory - tab hook'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.8.18.3 NAME 'fdShells'
+ DESC 'FusionDirectory - available shell'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.8.18.4 NAME 'fusionConfigMd5'
+ DESC 'FusionDirectory - md5sum of class.cache'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.8.18.5 NAME 'fdDisplayHookOutput'
+ DESC 'FusionDirectory - display hook execution output to the user'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.18.6 NAME 'fdAclTabOnObjects'
+ DESC 'FusionDirectory - Should acl tabs be shown on all objects'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+# Plugins
+
+attributetype ( 1.3.6.1.4.1.38414.8.19.1 NAME 'fdOGroupRDN'
+ DESC 'FusionDirectory - OGroup RDN'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.19.2 NAME 'fdForceSaslPasswordAsk'
+ DESC 'FusionDirectory - Force password ask for SASL users'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+# SSL
+
+attributetype ( 1.3.6.1.4.1.38414.8.20.1 NAME 'fdSslCaCertPath'
+ DESC 'FusionDirectory - CA certificate path'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.20.2 NAME 'fdSslKeyPath'
+ DESC 'FusionDirectory - SSL key path'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.20.3 NAME 'fdSslCertPath'
+ DESC 'FusionDirectory - SSL certificate path'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+
+# merged from dashboard-fd.schema - Needed by Fusion Directory for dashboard options
+
+attributetype ( 1.3.6.1.4.1.38414.27.1.1 NAME 'fdDashboardPrefix'
+ DESC 'FusionDirectory - Dashboard computer name prefix'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.38414.27.1.2 NAME 'fdDashboardNumberOfDigit'
+ DESC 'FusionDirectory - Dashboard number of digits after prefixes in computer names'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.27.1.3 NAME 'fdDashboardExpiredAccountsDays'
+ DESC 'FusionDirectory - Dashboard number of days before expiration to be shown in board user tab'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+# merged from recovery-fd.schema - Needed by Fusion Directory for password recovery options
+
+attributetype ( 1.3.6.1.4.1.38414.8.110.1 NAME 'fdPasswordRecoveryActivated'
+ DESC 'Fusion Directory - Password recovery enabled/disabled'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.110.2 NAME 'fdPasswordRecoveryEmail'
+ DESC 'Fusion Directory - Password recovery sender email'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.110.3 NAME 'fdPasswordRecoveryMailSubject'
+ DESC 'Fusion Directory - Password recovery first email subject'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.110.4 NAME 'fdPasswordRecoveryMailBody'
+ DESC 'Fusion Directory - Password recovery first email body'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.110.5 NAME 'fdPasswordRecoveryMail2Subject'
+ DESC 'Fusion Directory - Password recovery second email subject'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.110.6 NAME 'fdPasswordRecoveryMail2Body'
+ DESC 'Fusion Directory - Password recovery second email body'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.110.7 NAME 'fdPasswordRecoveryValidity'
+ DESC 'Fusion Directory - Password recovery link validity in minutes'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.110.8 NAME 'fdPasswordRecoverySalt'
+ DESC 'Fusion Directory - Password recovery token salt'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.110.9 NAME 'fdPasswordRecoveryUseAlternate'
+ DESC 'Fusion Directory - Allow/disallow the use of alternate addresses for password recovery'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+
+# Object Class
+objectclass ( 1.3.6.1.4.1.38414.8.2.1 NAME 'fusionDirectoryConf'
+ DESC 'FusionDirectory configuration'
+ SUP top STRUCTURAL
+ MUST ( cn )
+ MAY (
+ fusionConfigMd5 $
+ fdSchemaCheck $
+ fdLanguage $ fdTheme $ fdTimezone $
+ fdAccountPrimaryAttribute $ fdNextIdHook $ fdIdGenerator $
+ fdStrictNamingRules $ fdMinId $ fdUidNumberBase $
+ fdGidNumberBase $ fdUserRDN $ fdGroupRDN $ fdIdAllocationMethod $
+ fdGidNumberPoolMin $ fdUidNumberPoolMin $ fdGidNumberPoolMax $ fdUidNumberPoolMax $
+ fdAclRoleRDN $ fdCnPattern $
+ fdPasswordDefaultHash $ fdPasswordMinLength $ fdPasswordMinDiffer $
+ fdPasswordHook $ fdHandleExpiredAccounts $ fdSaslRealm $ fdSaslExop $
+ fdForcePasswordDefaultHash $
+ fdPrimaryGroupFilter $ fdListSummary $
+ fdModificationDetectionAttribute $ fdLogging $ fdLdapSizeLimit $
+ fdLoginAttribute $ fdForceSSL $ fdWarnSSL $ fdStoreFilterSettings $ fdSessionLifeTime $
+ fdDisplayErrors $ fdLdapMaxQueryTime $ fdLdapStats $ fdDebugLevel $
+ fdEnableSnapshots $ fdSnapshotBase $
+ fdTabHook $ fdShells $ fdDisplayHookOutput $
+ fdAclTabOnObjects $
+ fdRfc2307bis $ fdCopyPaste $ fdSnapshotURI $
+ fdSnapshotAdminDn $ fdSnapshotAdminPassword $ fdPersonalTitleInDN $ fdAccountRDN $
+ fdSslCaCertPath $ fdSslKeyPath $ fdSslCertPath
+ ) )
+
+objectclass ( 1.3.6.1.4.1.38414.8.2.2 NAME 'fusionDirectoryPluginsConf'
+ DESC 'FusionDirectory plugins configuration'
+ SUP top AUXILIARY
+ MUST ( cn )
+ MAY ( fdOGroupRDN $ fdForceSaslPasswordAsk ) )
+
+objectclass ( 1.3.6.1.4.1.38414.8.2.3 NAME 'fdPasswordRecoveryConf'
+ DESC 'FusionDirectory password recovery configuration'
+ SUP top AUXILIARY
+ MUST ( cn )
+ MAY (
+ fdPasswordRecoveryActivated $ fdPasswordRecoveryEmail $
+ fdPasswordRecoveryMailSubject $ fdPasswordRecoveryMailBody $
+ fdPasswordRecoveryMail2Subject $ fdPasswordRecoveryMail2Body $
+ fdPasswordRecoveryValidity $ fdPasswordRecoverySalt $
+ fdPasswordRecoveryUseAlternate
+ ) )
+
+# Dashboard Object Class
+objectclass ( 1.3.6.1.4.1.38414.27.2.1 NAME 'fdDashboardPluginConf'
+ DESC 'FusionDirectory dashboard plugin configuration'
+ SUP top AUXILIARY
+ MUST ( cn )
+ MAY ( fdDashboardPrefix $ fdDashboardNumberOfDigit $ fdDashboardExpiredAccountsDays) )
diff --git a/ldap/data/ldap_conf/schema/fusiondirectory/core-fd.schema b/ldap/data/ldap_conf/schema/fusiondirectory/core-fd.schema
new file mode 100644
index 0000000..4ecf57c
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/fusiondirectory/core-fd.schema
@@ -0,0 +1,148 @@
+##
+## core-fd.schema - Needed by FusionDirectory for its basic fonctionnalities
+##
+
+
+# Attributes
+attributetype ( 1.3.6.1.4.1.10098.1.1.12.1 NAME 'gosaSubtreeACL'
+ DESC 'GOsa - ACL entry'
+ OBSOLETE
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10098.1.1.12.2 NAME 'gosaUser'
+ DESC 'GOsa - DN of a user'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10098.1.1.12.3 NAME 'gosaObject'
+ DESC 'GOsa - DN of an object'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10098.1.1.12.14 NAME 'gosaDefaultLanguage'
+ DESC 'GOsa - Defines the default language for a user'
+ OBSOLETE
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10098.1.1.12.30 NAME 'gosaGroupObjects'
+ DESC 'GOsa - List of all object types that are in a gosaGroupOfNames'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10098.1.1.12.34 NAME 'gosaAclTemplate'
+ DESC 'GOsa - ACL entries for ACL roles'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10098.1.1.12.35 NAME 'gosaAclEntry'
+ DESC 'GOsa - ACL entries'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10098.1.1.12.37 NAME 'gosaSnapshotTimestamp'
+ DESC 'GOsa - Unix timestamp of snapshot'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10098.1.1.12.38 NAME 'gosaSnapshotDN'
+ DESC 'GOsa - Original DN of saved object in snapshot'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10098.1.1.12.39 NAME 'gosaSnapshotData'
+ DESC 'GOsa - Original data of saved object in snapshot'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10098.1.1.12.46 NAME 'gosaLoginRestriction'
+ DESC 'GOsa - Multivalue attribute to carry a number of allowed ips/subnets'
+ OBSOLETE
+ SUP name)
+
+attributetype ( 1.3.6.1.4.1.10098.1.1.6.2 NAME 'academicTitle'
+ DESC 'Field to represent the academic title'
+ OBSOLETE
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.15305.2.1 NAME ( 'gender' 'sex' )
+ DESC 'Gender: M for male, F for female'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1}
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.15305.2.2 NAME ( 'dateOfBirth' 'dob' )
+ DESC 'Date of birth in ISO 8601 format'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10}
+ SINGLE-VALUE )
+
+# Classes
+objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.1 NAME 'gosaObject' SUP top AUXILIARY
+ DESC 'GOsa - Class for GOsa settings'
+ OBSOLETE
+ MUST ( )
+ MAY ( gosaSubtreeACL ))
+
+objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.2 NAME 'gosaLockEntry' SUP top STRUCTURAL
+ DESC 'GOsa - Class for GOsa locking'
+ MUST ( gosaUser $ gosaObject $ cn ))
+
+objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.3 NAME 'gosaCacheEntry' SUP top STRUCTURAL
+ DESC 'GOsa - Class for GOsa caching'
+ OBSOLETE
+ MAY ( )
+ MUST ( cn $ gosaUser ))
+
+objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.4 NAME 'gosaDepartment' SUP top AUXILIARY
+ DESC 'GOsa - Class to mark Departments for GOsa'
+ MUST ( ou $ description )
+ MAY ( manager ))
+
+objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.6 NAME 'gosaAccount' SUP top AUXILIARY
+ DESC 'GOsa - Class for GOsa Accounts'
+ OBSOLETE
+ MUST ( )
+ MAY (
+ gosaLoginRestriction $
+ gosaDefaultLanguage $ academicTitle $ personalTitle $ dateOfBirth $ gender
+ ) )
+
+objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.11 NAME 'gosaUserTemplate' SUP top AUXILIARY
+ DESC 'GOsa - Class for GOsa User Templates'
+ OBSOLETE
+ MUST ( cn ))
+
+objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.12 NAME 'gosaGroupOfNames'
+ DESC 'GOsa - Adds the gosaGroupObjects field to groupOfNames'
+ SUP top AUXILIARY
+ MUST ( cn $ gosaGroupObjects ) MAY ( member $ description ) )
+
+objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.17 NAME 'gosaRole'
+ DESC 'GOsa - ACL container to define ACL roles'
+ SUP top STRUCTURAL
+ MUST ( gosaAclTemplate $ cn )
+ MAY ( description ) )
+
+objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.18 NAME 'gosaAcl'
+ DESC 'GOsa - ACL container to define single ACLs'
+ SUP top AUXILIARY
+ MUST ( gosaAclEntry ))
+
+objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.19 NAME 'gosaSnapshotObject'
+ DESC 'GOsa - Container object for undo and snapshot data'
+ SUP top STRUCTURAL
+ MUST ( gosaSnapshotTimestamp $ gosaSnapshotDN $ gosaSnapshotData )
+ MAY ( description ) )
+
diff --git a/ldap/data/ldap_conf/schema/fusiondirectory/ldapns.schema b/ldap/data/ldap_conf/schema/fusiondirectory/ldapns.schema
new file mode 100644
index 0000000..21ae00c
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/fusiondirectory/ldapns.schema
@@ -0,0 +1,23 @@
+# $Id: ldapns.schema,v 1.3 2003/05/29 12:57:29 lukeh Exp $
+
+# LDAP Name Service Additional Schema
+
+# http://www.iana.org/assignments/gssapi-service-names
+
+attributetype ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService'
+ DESC 'IANA GSS-API authorized service name'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+objectclass ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject'
+ DESC 'Auxiliary object class for adding authorizedService attribute'
+ SUP top
+ AUXILIARY
+ MAY authorizedService )
+
+objectclass ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject'
+ DESC 'Auxiliary object class for adding host attribute'
+ SUP top
+ AUXILIARY
+ MAY host )
+
diff --git a/ldap/data/ldap_conf/schema/fusiondirectory/openssh-lpk.ldif b/ldap/data/ldap_conf/schema/fusiondirectory/openssh-lpk.ldif
new file mode 100644
index 0000000..e69de29
diff --git a/ldap/data/ldap_conf/schema/fusiondirectory/rfc2307bis.schema b/ldap/data/ldap_conf/schema/fusiondirectory/rfc2307bis.schema
new file mode 100644
index 0000000..db34365
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/fusiondirectory/rfc2307bis.schema
@@ -0,0 +1,288 @@
+# builtin
+#
+#attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
+# DESC 'An integer uniquely identifying a user in an administrative domain'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+# SINGLE-VALUE )
+
+# builtin
+#
+#attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber'
+# DESC 'An integer uniquely identifying a group in an
+# administrative domain'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+# SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos'
+ DESC 'The GECOS field; the common name'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
+ DESC 'The absolute path to the home directory'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
+ DESC 'The path to the login shell'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
+ DESC 'Netgroup triple'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
+ DESC 'Service port number'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol'
+ DESC 'Service protocol name'
+ SUP name )
+
+attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
+ DESC 'IP protocol number'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber'
+ DESC 'ONC RPC number'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber'
+ DESC 'IPv4 addresses as a dotted decimal omitting leading
+ zeros or IPv6 addresses as defined in RFC2373'
+ SUP name )
+
+attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber'
+ DESC 'IP network as a dotted decimal, eg. 192.168,
+ omitting leading zeros'
+ SUP name
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber'
+ DESC 'IP netmask as a dotted decimal, eg. 255.255.255.0,
+ omitting leading zeros'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress'
+ DESC 'MAC address in maximal, colon separated hex
+ notation, eg. 00:00:92:90:ee:e2'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter'
+ DESC 'rpc.bootparamd parameter'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile'
+ DESC 'Boot image name'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
+ DESC 'Name of a A generic NIS map'
+ SUP name )
+
+attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
+ DESC 'A generic NIS entry'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.28 NAME 'nisPublicKey'
+ DESC 'NIS public key'
+ EQUALITY octetStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.29 NAME 'nisSecretKey'
+ DESC 'NIS secret key'
+ EQUALITY octetStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.30 NAME 'nisDomain'
+ DESC 'NIS domain'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.1.1.1.31 NAME 'automountMapName'
+ DESC 'automount Map Name'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.32 NAME 'automountKey'
+ DESC 'Automount Key value'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.33 NAME 'automountInformation'
+ DESC 'Automount information'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY
+ DESC 'Abstraction of an account with POSIX attributes'
+ MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
+ MAY ( userPassword $ loginShell $ gecos $
+ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top AUXILIARY
+ DESC 'Additional attributes for shadow passwords'
+ MUST uid
+ MAY ( userPassword $ description $
+ shadowLastChange $ shadowMin $ shadowMax $
+ shadowWarning $ shadowInactive $
+ shadowExpire $ shadowFlag ) )
+
+objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY
+ DESC 'Abstraction of a group of accounts'
+ MUST gidNumber
+ MAY ( userPassword $ memberUid $
+ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService' SUP top STRUCTURAL
+ DESC 'Abstraction an Internet Protocol service.
+ Maps an IP port and protocol (such as tcp or udp)
+ to one or more names; the distinguished value of
+ the cn attribute denotes the services canonical
+ name'
+ MUST ( cn $ ipServicePort $ ipServiceProtocol )
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' SUP top STRUCTURAL
+ DESC 'Abstraction of an IP protocol. Maps a protocol number
+ to one or more names. The distinguished value of the cn
+ attribute denotes the protocols canonical name'
+ MUST ( cn $ ipProtocolNumber )
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' SUP top STRUCTURAL
+ DESC 'Abstraction of an Open Network Computing (ONC)
+ [RFC1057] Remote Procedure Call (RPC) binding.
+ This class maps an ONC RPC number to a name.
+ The distinguished value of the cn attribute denotes
+ the RPC services canonical name'
+ MUST ( cn $ oncRpcNumber )
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost' SUP top AUXILIARY
+ DESC 'Abstraction of a host, an IP device. The distinguished
+ value of the cn attribute denotes the hosts canonical
+ name. Device SHOULD be used as a structural class'
+ MUST ( cn $ ipHostNumber )
+ MAY ( userPassword $ l $ description $ manager ) )
+
+objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' SUP top STRUCTURAL
+ DESC 'Abstraction of a network. The distinguished value of
+ the cn attribute denotes the networks canonical name'
+ MUST ipNetworkNumber
+ MAY ( cn $ ipNetmaskNumber $ l $ description $ manager ) )
+
+objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL
+ DESC 'Abstraction of a netgroup. May refer to other netgroups'
+ MUST cn
+ MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap' SUP top STRUCTURAL
+ DESC 'A generic abstraction of a NIS map'
+ MUST nisMapName
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' SUP top STRUCTURAL
+ DESC 'An entry in a NIS map'
+ MUST ( cn $ nisMapEntry $ nisMapName )
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' SUP top AUXILIARY
+ DESC 'A device with a MAC address; device SHOULD be
+ used as a structural class'
+ MAY macAddress )
+
+objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' SUP top AUXILIARY
+ DESC 'A device with boot parameters; device SHOULD be
+ used as a structural class'
+ MAY ( bootFile $ bootParameter ) )
+
+objectclass ( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' SUP top AUXILIARY
+ DESC 'An object with a public and secret key'
+ MUST ( cn $ nisPublicKey $ nisSecretKey )
+ MAY ( uidNumber $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top AUXILIARY
+ DESC 'Associates a NIS domain with a naming context'
+ MUST nisDomain )
+
+objectclass ( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTURAL
+ MUST ( automountMapName )
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.17 NAME 'automount' SUP top STRUCTURAL
+ DESC 'Automount information'
+ MUST ( automountKey $ automountInformation )
+ MAY description )
+## namedObject is needed for groups without members
+objectclass ( 1.3.6.1.4.1.5322.13.1.1 NAME 'namedObject' SUP top
+ STRUCTURAL MAY cn )
+
diff --git a/ldap/data/ldap_conf/schema/fusiondirectory/template-fd.schema b/ldap/data/ldap_conf/schema/fusiondirectory/template-fd.schema
new file mode 100644
index 0000000..2ac801b
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/fusiondirectory/template-fd.schema
@@ -0,0 +1,15 @@
+##
+## template-fd.schema - Needed by Fusion Directory for managing templates
+##
+
+# Attributes
+attributetype ( 1.3.6.1.4.1.38414.38.1.1 NAME 'fdTemplateField'
+ DESC 'FusionDirectory - template field'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+# Objectclasses
+objectclass (1.3.6.1.4.1.38414.38.2.1 NAME 'fdTemplate'
+ DESC 'FusionDirectory - template object'
+ MUST ( cn )
+ MAY ( fdTemplateField ) )
diff --git a/ldap/data/ldap_conf/schema/inetorgperson.ldif b/ldap/data/ldap_conf/schema/inetorgperson.ldif
new file mode 100644
index 0000000..ff7927c
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/inetorgperson.ldif
@@ -0,0 +1,69 @@
+# InetOrgPerson (RFC2798)
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# InetOrgPerson (RFC2798)
+#
+# Depends upon
+# Definition of an X.500 Attribute Type and an Object Class to Hold
+# Uniform Resource Identifiers (URIs) [RFC2079]
+# (core.ldif)
+#
+# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
+# (core.ldif)
+#
+# The COSINE and Internet X.500 Schema [RFC1274] (cosine.ldif)
+#
+# This file was automatically generated from inetorgperson.schema; see
+# that file for complete references.
+#
+dn: cn=inetorgperson,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: inetorgperson
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC279
+ 8: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR cas
+ eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC '
+ RFC2798: identifies a department within an organization' EQUALITY caseIgnoreM
+ atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC
+ 2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreM
+ atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI
+ NGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RF
+ C2798: numerically identifies an employee within an organization' EQUALITY ca
+ seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
+ 1.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2
+ 798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgn
+ oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2
+ 798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC
+ 'RFC2798: preferred written or spoken language for a person' EQUALITY caseIg
+ noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 15 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' D
+ ESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.14
+ 66.115.121.1.5 )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2
+ 798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.1
+ 15.121.1.5 )
+olcObjectClasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2
+ 798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY
+ ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ em
+ ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ ini
+ tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo
+ $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre
+ ferredLanguage $ userSMIMECertificate $ userPKCS12 ) )
diff --git a/ldap/data/ldap_conf/schema/inetorgperson.schema b/ldap/data/ldap_conf/schema/inetorgperson.schema
new file mode 100644
index 0000000..34c3bf8
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/inetorgperson.schema
@@ -0,0 +1,113 @@
+# inetorgperson.schema -- InetOrgPerson (RFC2798)
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# InetOrgPerson (RFC2798)
+#
+# Depends upon
+# Definition of an X.500 Attribute Type and an Object Class to Hold
+# Uniform Resource Identifiers (URIs) [RFC2079]
+# (core.schema)
+#
+# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
+# (core.schema)
+#
+# The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema)
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 2798, at (among other
+# places): http://www.ietf.org/rfc/rfc2798.txt
+
+attributetype ( 2.16.840.1.113730.3.1.1
+ NAME 'carLicense'
+ DESC 'RFC2798: vehicle license or registration plate'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 2.16.840.1.113730.3.1.2
+ NAME 'departmentNumber'
+ DESC 'RFC2798: identifies a department within an organization'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 2.16.840.1.113730.3.1.241
+ NAME 'displayName'
+ DESC 'RFC2798: preferred name to be used when displaying entries'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113730.3.1.3
+ NAME 'employeeNumber'
+ DESC 'RFC2798: numerically identifies an employee within an organization'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113730.3.1.4
+ NAME 'employeeType'
+ DESC 'RFC2798: type of employment for a person'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 0.9.2342.19200300.100.1.60
+ NAME 'jpegPhoto'
+ DESC 'RFC2798: a JPEG image'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
+
+attributetype ( 2.16.840.1.113730.3.1.39
+ NAME 'preferredLanguage'
+ DESC 'RFC2798: preferred written or spoken language for a person'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
+attributetype ( 2.16.840.1.113730.3.1.40
+ NAME 'userSMIMECertificate'
+ DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
+attributetype ( 2.16.840.1.113730.3.1.216
+ NAME 'userPKCS12'
+ DESC 'RFC2798: personal identity information, a PKCS #12 PFX'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+objectclass ( 2.16.840.1.113730.3.2.2
+ NAME 'inetOrgPerson'
+ DESC 'RFC2798: Internet Organizational Person'
+ SUP organizationalPerson
+ STRUCTURAL
+ MAY (
+ audio $ businessCategory $ carLicense $ departmentNumber $
+ displayName $ employeeNumber $ employeeType $ givenName $
+ homePhone $ homePostalAddress $ initials $ jpegPhoto $
+ labeledURI $ mail $ manager $ mobile $ o $ pager $
+ photo $ roomNumber $ secretary $ uid $ userCertificate $
+ x500uniqueIdentifier $ preferredLanguage $
+ userSMIMECertificate $ userPKCS12 )
+ )
diff --git a/ldap/data/ldap_conf/schema/java.ldif b/ldap/data/ldap_conf/schema/java.ldif
new file mode 100644
index 0000000..61a185c
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/java.ldif
@@ -0,0 +1,59 @@
+# java.ldif -- Java Object Schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Java Object Schema (defined in RFC 2713)
+# depends upon core.ldif
+#
+# This file was automatically generated from java.schema; see that file
+# for complete references.
+#
+dn: cn=java,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: java
+olcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.4.1.6 NAME 'javaClassName' DESC 'F
+ ully qualified name of distinguished Java class or interface' EQUALITY caseEx
+ actMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.4.1.7 NAME 'javaCodebase' DESC 'UR
+ L(s) specifying the location of class definition' EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {2}( 1.3.6.1.4.1.42.2.27.4.1.13 NAME 'javaClassNames' DESC
+ 'Fully qualified Java class or interface name' EQUALITY caseExactMatch SYNTAX
+ 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.4.1.8 NAME 'javaSerializedData' DE
+ SC 'Serialized form of a Java object' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SI
+ NGLE-VALUE )
+olcAttributeTypes: {4}( 1.3.6.1.4.1.42.2.27.4.1.10 NAME 'javaFactory' DESC 'Fu
+ lly qualified Java class name of a JNDI object factory' EQUALITY caseExactMat
+ ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: {5}( 1.3.6.1.4.1.42.2.27.4.1.11 NAME 'javaReferenceAddress'
+ DESC 'Addresses associated with a JNDI Reference' EQUALITY caseExactMatch SY
+ NTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: {6}( 1.3.6.1.4.1.42.2.27.4.1.12 NAME 'javaDoc' DESC 'The Ja
+ va documentation for the class' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1
+ .1466.115.121.1.26 )
+olcObjectClasses: {0}( 1.3.6.1.4.1.42.2.27.4.2.1 NAME 'javaContainer' DESC 'Co
+ ntainer for a Java object' SUP top STRUCTURAL MUST cn )
+olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.4.2.4 NAME 'javaObject' DESC 'Java
+ object representation' SUP top ABSTRACT MUST javaClassName MAY ( javaClassNam
+ es $ javaCodebase $ javaDoc $ description ) )
+olcObjectClasses: {2}( 1.3.6.1.4.1.42.2.27.4.2.5 NAME 'javaSerializedObject' D
+ ESC 'Java serialized object' SUP javaObject AUXILIARY MUST javaSerializedData
+ )
+olcObjectClasses: {3}( 1.3.6.1.4.1.42.2.27.4.2.8 NAME 'javaMarshalledObject' D
+ ESC 'Java marshalled object' SUP javaObject AUXILIARY MUST javaSerializedData
+ )
+olcObjectClasses: {4}( 1.3.6.1.4.1.42.2.27.4.2.7 NAME 'javaNamingReference' DE
+ SC 'JNDI reference' SUP javaObject AUXILIARY MAY ( javaReferenceAddress $ jav
+ aFactory ) )
diff --git a/ldap/data/ldap_conf/schema/java.schema b/ldap/data/ldap_conf/schema/java.schema
new file mode 100644
index 0000000..24c1f1b
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/java.schema
@@ -0,0 +1,109 @@
+# java.schema -- Java Object Schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/java.schema,v 1.5.2.3 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Java Object Schema (defined in RFC 2713)
+# depends upon core.schema
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 2713, at (among other
+# places): http://www.ietf.org/rfc/rfc2713.txt
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.6
+ NAME 'javaClassName'
+ DESC 'Fully qualified name of distinguished Java class or interface'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.7
+ NAME 'javaCodebase'
+ DESC 'URL(s) specifying the location of class definition'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.13
+ NAME 'javaClassNames'
+ DESC 'Fully qualified Java class or interface name'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.8
+ NAME 'javaSerializedData'
+ DESC 'Serialized form of a Java object'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.10
+ NAME 'javaFactory'
+ DESC 'Fully qualified Java class name of a JNDI object factory'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.11
+ NAME 'javaReferenceAddress'
+ DESC 'Addresses associated with a JNDI Reference'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.12
+ NAME 'javaDoc'
+ DESC 'The Java documentation for the class'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1
+ NAME 'javaContainer'
+ DESC 'Container for a Java object'
+ SUP top
+ STRUCTURAL
+ MUST cn )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.4
+ NAME 'javaObject'
+ DESC 'Java object representation'
+ SUP top
+ ABSTRACT
+ MUST javaClassName
+ MAY ( javaClassNames $ javaCodebase $
+ javaDoc $ description ) )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.5
+ NAME 'javaSerializedObject'
+ DESC 'Java serialized object'
+ SUP javaObject
+ AUXILIARY
+ MUST javaSerializedData )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.8
+ NAME 'javaMarshalledObject'
+ DESC 'Java marshalled object'
+ SUP javaObject
+ AUXILIARY
+ MUST javaSerializedData )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.7
+ NAME 'javaNamingReference'
+ DESC 'JNDI reference'
+ SUP javaObject
+ AUXILIARY
+ MAY ( javaReferenceAddress $ javaFactory ) )
diff --git a/ldap/data/ldap_conf/schema/misc.ldif b/ldap/data/ldap_conf/schema/misc.ldif
new file mode 100644
index 0000000..d2614bb
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/misc.ldif
@@ -0,0 +1,45 @@
+# misc.ldif -- assorted schema definitions
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Assorted definitions from several sources, including
+# ''works in progress''. Contents of this file are
+# subject to change (including deletion) without notice.
+#
+# Not recommended for production use!
+# Use with extreme caution!
+#
+# This file was automatically generated from misc.schema; see that file
+# for complete references.
+#
+dn: cn=misc,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: misc
+olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.13 NAME 'mailLocalAddress' DESC
+ 'RFC822 email address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1
+ .3.6.1.4.1.1466.115.121.1.26{256} )
+olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.18 NAME 'mailHost' DESC 'FQDN of
+ the SMTP/MTA of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4
+ .1.1466.115.121.1.26{256} SINGLE-VALUE )
+olcAttributeTypes: {2}( 2.16.840.1.113730.3.1.47 NAME 'mailRoutingAddress' DES
+ C 'RFC822 routing address of this recipient' EQUALITY caseIgnoreIA5Match SYNT
+ AX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
+olcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.2.1.15 NAME 'rfc822MailMember' DES
+ C 'rfc822 mail address of group member(s)' EQUALITY caseIgnoreIA5Match SYNTAX
+ 1.3.6.1.4.1.1466.115.121.1.26 )
+olcObjectClasses: {0}( 2.16.840.1.113730.3.2.147 NAME 'inetLocalMailRecipient'
+ DESC 'Internet local mail recipient' SUP top AUXILIARY MAY ( mailLocalAddres
+ s $ mailHost $ mailRoutingAddress ) )
+olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' DESC 'NIS
+ mail alias' SUP top STRUCTURAL MUST cn MAY rfc822MailMember )
diff --git a/ldap/data/ldap_conf/schema/misc.schema b/ldap/data/ldap_conf/schema/misc.schema
new file mode 100644
index 0000000..999e25f
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/misc.schema
@@ -0,0 +1,75 @@
+# misc.schema -- assorted schema definitions
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Assorted definitions from several sources, including
+# ''works in progress''. Contents of this file are
+# subject to change (including deletion) without notice.
+#
+# Not recommended for production use!
+# Use with extreme caution!
+
+#-----------------------------------------------------------
+# draft-lachman-laser-ldap-mail-routing-02.txt !!!EXPIRED!!!
+# (a work in progress)
+#
+attributetype ( 2.16.840.1.113730.3.1.13
+ NAME 'mailLocalAddress'
+ DESC 'RFC822 email address of this recipient'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 2.16.840.1.113730.3.1.18
+ NAME 'mailHost'
+ DESC 'FQDN of the SMTP/MTA of this recipient'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113730.3.1.47
+ NAME 'mailRoutingAddress'
+ DESC 'RFC822 routing address of this recipient'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+# I-D leaves this OID TBD.
+# iPlanet uses 2.16.840.1.113.730.3.2.147 but that is an
+# improperly delegated OID. A typo is likely.
+objectclass ( 2.16.840.1.113730.3.2.147
+ NAME 'inetLocalMailRecipient'
+ DESC 'Internet local mail recipient'
+ SUP top AUXILIARY
+ MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )
+
+#-----------------------------------------------------------
+# draft-srivastava-ldap-mail-00.txt !!!EXPIRED!!!
+# (a work in progress)
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.2.1.15
+ NAME 'rfc822MailMember'
+ DESC 'rfc822 mail address of group member(s)'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+#-----------------------------------------------------------
+# !!!no I-D!!!
+# (a work in progress)
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5
+ NAME 'nisMailAlias'
+ DESC 'NIS mail alias'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY rfc822MailMember )
diff --git a/ldap/data/ldap_conf/schema/nis.ldif b/ldap/data/ldap_conf/schema/nis.ldif
new file mode 100644
index 0000000..32a63be
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/nis.ldif
@@ -0,0 +1,120 @@
+# NIS (RFC2307)
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Definitions from RFC2307 (Experimental)
+# An Approach for Using LDAP as a Network Information Service
+#
+# Depends upon core.ldif and cosine.ldif
+#
+# This file was automatically generated from nis.schema; see that file
+# for complete references.
+#
+dn: cn=nis,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: nis
+olcAttributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; th
+ e common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc
+ h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolut
+ e path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1
+ 466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to th
+ e login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2
+ 6 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integ
+ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerM
+ atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integer
+ Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerM
+ atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMat
+ ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactI
+ A5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 26 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY ca
+ seExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11
+ 5.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgr
+ oup triple' SYNTAX 1.3.6.1.1.1.0.0 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY intege
+ rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY int
+ egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integer
+ Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP address
+ ' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP netw
+ ork' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI
+ NGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netm
+ ask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI
+ NGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address'
+ EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootp
+ aramd parameter' SYNTAX 1.3.6.1.1.1.0.1 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image nam
+ e' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseExac
+ tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
+ 1.26{1024} SINGLE-VALUE )
+olcObjectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction o
+ f an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNu
+ mber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $
+ description ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional a
+ ttributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPassword
+ $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive
+ $ shadowExpire $ shadowFlag $ description ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of
+ a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPas
+ sword $ memberUid $ description ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an I
+ nternet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipSe
+ rviceProtocol ) MAY description )
+olcObjectClasses: ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction of
+ an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ description
+ ) MAY description )
+olcObjectClasses: ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an O
+ NC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description ) M
+ AY description )
+olcObjectClasses: ( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a ho
+ st, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $ desc
+ ription $ manager ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of a
+ n IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNetmas
+ kNumber $ l $ description $ manager ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction of
+ a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNe
+ tgroup $ description ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstracti
+ on of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description )
+olcObjectClasses: ( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in a
+ NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY descri
+ ption )
+olcObjectClasses: ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device w
+ ith a MAC address' SUP top AUXILIARY MAY macAddress )
+olcObjectClasses: ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A device
+ with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) )
diff --git a/ldap/data/ldap_conf/schema/nis.schema b/ldap/data/ldap_conf/schema/nis.schema
new file mode 100644
index 0000000..9627277
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/nis.schema
@@ -0,0 +1,237 @@
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+# Definitions from RFC2307 (Experimental)
+# An Approach for Using LDAP as a Network Information Service
+
+# Depends upon core.schema and cosine.schema
+
+# Note: The definitions in RFC2307 are given in syntaxes closely related
+# to those in RFC2252, however, some liberties are taken that are not
+# supported by RFC2252. This file has been written following RFC2252
+# strictly.
+
+# OID Base is iso(1) org(3) dod(6) internet(1) directory(1) nisSchema(1).
+# i.e. nisSchema in RFC2307 is 1.3.6.1.1.1
+#
+# Syntaxes are under 1.3.6.1.1.1.0 (two new syntaxes are defined)
+# validaters for these syntaxes are incomplete, they only
+# implement printable string validation (which is good as the
+# common use of these syntaxes violates the specification).
+# Attribute types are under 1.3.6.1.1.1.1
+# Object classes are under 1.3.6.1.1.1.2
+
+# Attribute Type Definitions
+
+# builtin
+#attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
+# DESC 'An integer uniquely identifying a user in an administrative domain'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# builtin
+#attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber'
+# DESC 'An integer uniquely identifying a group in an administrative domain'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos'
+ DESC 'The GECOS field; the common name'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
+ DESC 'The absolute path to the home directory'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
+ DESC 'The path to the login shell'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
+ DESC 'Netgroup triple'
+ SYNTAX 1.3.6.1.1.1.0.0 )
+
+attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol'
+ SUP name )
+
+attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber'
+ DESC 'IP address'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
+attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber'
+ DESC 'IP network'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber'
+ DESC 'IP netmask'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress'
+ DESC 'MAC address'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
+attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter'
+ DESC 'rpc.bootparamd parameter'
+ SYNTAX 1.3.6.1.1.1.0.1 )
+
+attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile'
+ DESC 'Boot image name'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
+ SUP name )
+
+attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} SINGLE-VALUE )
+
+# Object Class Definitions
+
+objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount'
+ DESC 'Abstraction of an account with POSIX attributes'
+ SUP top AUXILIARY
+ MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
+ MAY ( userPassword $ loginShell $ gecos $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount'
+ DESC 'Additional attributes for shadow passwords'
+ SUP top AUXILIARY
+ MUST uid
+ MAY ( userPassword $ shadowLastChange $ shadowMin $
+ shadowMax $ shadowWarning $ shadowInactive $
+ shadowExpire $ shadowFlag $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup'
+ DESC 'Abstraction of a group of accounts'
+ SUP top STRUCTURAL
+ MUST ( cn $ gidNumber )
+ MAY ( userPassword $ memberUid $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService'
+ DESC 'Abstraction an Internet Protocol service'
+ SUP top STRUCTURAL
+ MUST ( cn $ ipServicePort $ ipServiceProtocol )
+ MAY ( description ) )
+
+objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol'
+ DESC 'Abstraction of an IP protocol'
+ SUP top STRUCTURAL
+ MUST ( cn $ ipProtocolNumber $ description )
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc'
+ DESC 'Abstraction of an ONC/RPC binding'
+ SUP top STRUCTURAL
+ MUST ( cn $ oncRpcNumber $ description )
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost'
+ DESC 'Abstraction of a host, an IP device'
+ SUP top AUXILIARY
+ MUST ( cn $ ipHostNumber )
+ MAY ( l $ description $ manager ) )
+
+objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork'
+ DESC 'Abstraction of an IP network'
+ SUP top STRUCTURAL
+ MUST ( cn $ ipNetworkNumber )
+ MAY ( ipNetmaskNumber $ l $ description $ manager ) )
+
+objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup'
+ DESC 'Abstraction of a netgroup'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap'
+ DESC 'A generic abstraction of a NIS map'
+ SUP top STRUCTURAL
+ MUST nisMapName
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject'
+ DESC 'An entry in a NIS map'
+ SUP top STRUCTURAL
+ MUST ( cn $ nisMapEntry $ nisMapName )
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device'
+ DESC 'A device with a MAC address'
+ SUP top AUXILIARY
+ MAY macAddress )
+
+objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice'
+ DESC 'A device with boot parameters'
+ SUP top AUXILIARY
+ MAY ( bootFile $ bootParameter ) )
diff --git a/ldap/data/ldap_conf/schema/openldap.ldif b/ldap/data/ldap_conf/schema/openldap.ldif
new file mode 100644
index 0000000..f9f250f
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/openldap.ldif
@@ -0,0 +1,88 @@
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+#
+# OpenLDAP Project's directory schema items
+#
+# depends upon:
+# core.schema
+# cosine.schema
+# inetorgperson.schema
+#
+# These are provided for informational purposes only.
+#
+# This openldap.ldif file is provided as a demonstration of how to
+# convert a *.schema file into *.ldif format. The key points:
+# In LDIF, a blank line terminates an entry. Blank lines in a *.schema
+# file should be replaced with a single '#' to turn them into
+# comments, or they should just be removed.
+# In addition to the actual schema directives, the file needs a small
+# header to make it a valid LDAP entry. This header must provide the
+# dn of the entry, the objectClass, and the cn, as shown here:
+#
+dn: cn=openldap,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: openldap
+#
+# The schema directives need to be changed to LDAP Attributes.
+# First a basic string substitution can be done on each of the keywords:
+# objectIdentifier -> olcObjectIdentifier:
+# objectClass -> olcObjectClasses:
+# attributeType -> olcAttributeTypes:
+# Then leading whitespace must be fixed. The slapd.conf format allows
+# tabs or spaces to denote line continuation, while LDIF only allows
+# the space character.
+# Also slapd.conf preserves the continuation character, while LDIF strips
+# it out. So a single TAB/SPACE in slapd.conf must be replaced with
+# two SPACEs in LDIF, otherwise the continued text may get joined as
+# a single word.
+# The directives must be listed in a proper sequence:
+# All olcObjectIdentifiers must be first, so they may be referenced by
+# any following definitions.
+# All olcAttributeTypes must be next, so they may be referenced by any
+# following objectClass definitions.
+# All olcObjectClasses must be after the olcAttributeTypes.
+# And of course, any superior must occur before anything that inherits
+# from it.
+#
+olcObjectIdentifier: OpenLDAProot 1.3.6.1.4.1.4203
+#
+olcObjectIdentifier: OpenLDAP OpenLDAProot:1
+olcObjectIdentifier: OpenLDAPattributeType OpenLDAP:3
+olcObjectIdentifier: OpenLDAPobjectClass OpenLDAP:4
+#
+olcObjectClasses: ( OpenLDAPobjectClass:3
+ NAME 'OpenLDAPorg'
+ DESC 'OpenLDAP Organizational Object'
+ SUP organization
+ MAY ( buildingName $ displayName $ labeledURI ) )
+#
+olcObjectClasses: ( OpenLDAPobjectClass:4
+ NAME 'OpenLDAPou'
+ DESC 'OpenLDAP Organizational Unit Object'
+ SUP organizationalUnit
+ MAY ( buildingName $ displayName $ labeledURI $ o ) )
+#
+olcObjectClasses: ( OpenLDAPobjectClass:5
+ NAME 'OpenLDAPperson'
+ DESC 'OpenLDAP Person'
+ SUP ( pilotPerson $ inetOrgPerson )
+ MUST ( uid $ cn )
+ MAY ( givenName $ labeledURI $ o ) )
+#
+olcObjectClasses: ( OpenLDAPobjectClass:6
+ NAME 'OpenLDAPdisplayableObject'
+ DESC 'OpenLDAP Displayable Object'
+ AUXILIARY
+ MAY displayName )
diff --git a/ldap/data/ldap_conf/schema/openldap.schema b/ldap/data/ldap_conf/schema/openldap.schema
new file mode 100644
index 0000000..9f7466d
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/openldap.schema
@@ -0,0 +1,54 @@
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+#
+# OpenLDAP Project's directory schema items
+#
+# depends upon:
+# core.schema
+# cosine.schema
+# inetorgperson.schema
+#
+# These are provided for informational purposes only.
+
+objectIdentifier OpenLDAProot 1.3.6.1.4.1.4203
+
+objectIdentifier OpenLDAP OpenLDAProot:1
+objectIdentifier OpenLDAPattributeType OpenLDAP:3
+objectIdentifier OpenLDAPobjectClass OpenLDAP:4
+
+objectClass ( OpenLDAPobjectClass:3
+ NAME 'OpenLDAPorg'
+ DESC 'OpenLDAP Organizational Object'
+ SUP organization
+ MAY ( buildingName $ displayName $ labeledURI ) )
+
+objectClass ( OpenLDAPobjectClass:4
+ NAME 'OpenLDAPou'
+ DESC 'OpenLDAP Organizational Unit Object'
+ SUP organizationalUnit
+ MAY ( buildingName $ displayName $ labeledURI $ o ) )
+
+objectClass ( OpenLDAPobjectClass:5
+ NAME 'OpenLDAPperson'
+ DESC 'OpenLDAP Person'
+ SUP ( pilotPerson $ inetOrgPerson )
+ MUST ( uid $ cn )
+ MAY ( givenName $ labeledURI $ o ) )
+
+objectClass ( OpenLDAPobjectClass:6
+ NAME 'OpenLDAPdisplayableObject'
+ DESC 'OpenLDAP Displayable Object'
+ AUXILIARY
+ MAY displayName )
diff --git a/ldap/data/ldap_conf/schema/pmi.ldif b/ldap/data/ldap_conf/schema/pmi.ldif
new file mode 100644
index 0000000..c567f26
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/pmi.ldif
@@ -0,0 +1,123 @@
+# OpenLDAP X.509 PMI schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (1997-2006).
+## All Rights Reserved.
+#
+# Includes LDAPv3 schema items from:
+# ITU X.509 (08/2005)
+#
+# This file was automatically generated from pmi.schema; see that file
+# for complete references.
+#
+dn: cn=pmi,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: pmi
+olcObjectIdentifier: {0}id-oc-pmiUser 2.5.6.24
+olcObjectIdentifier: {1}id-oc-pmiAA 2.5.6.25
+olcObjectIdentifier: {2}id-oc-pmiSOA 2.5.6.26
+olcObjectIdentifier: {3}id-oc-attCertCRLDistributionPts 2.5.6.27
+olcObjectIdentifier: {4}id-oc-privilegePolicy 2.5.6.32
+olcObjectIdentifier: {5}id-oc-pmiDelegationPath 2.5.6.33
+olcObjectIdentifier: {6}id-oc-protectedPrivilegePolicy 2.5.6.34
+olcObjectIdentifier: {7}id-at-attributeCertificate 2.5.4.58
+olcObjectIdentifier: {8}id-at-attributeCertificateRevocationList 2.5.4.59
+olcObjectIdentifier: {9}id-at-aACertificate 2.5.4.61
+olcObjectIdentifier: {10}id-at-attributeDescriptorCertificate 2.5.4.62
+olcObjectIdentifier: {11}id-at-attributeAuthorityRevocationList 2.5.4.63
+olcObjectIdentifier: {12}id-at-privPolicy 2.5.4.71
+olcObjectIdentifier: {13}id-at-role 2.5.4.72
+olcObjectIdentifier: {14}id-at-delegationPath 2.5.4.73
+olcObjectIdentifier: {15}id-at-protPrivPolicy 2.5.4.74
+olcObjectIdentifier: {16}id-at-xMLPrivilegeInfo 2.5.4.75
+olcObjectIdentifier: {17}id-at-xMLPprotPrivPolicy 2.5.4.76
+olcObjectIdentifier: {18}id-mr 2.5.13
+olcObjectIdentifier: {19}id-mr-attributeCertificateMatch id-mr:42
+olcObjectIdentifier: {20}id-mr-attributeCertificateExactMatch id-mr:45
+olcObjectIdentifier: {21}id-mr-holderIssuerMatch id-mr:46
+olcObjectIdentifier: {22}id-mr-authAttIdMatch id-mr:53
+olcObjectIdentifier: {23}id-mr-roleSpecCertIdMatch id-mr:54
+olcObjectIdentifier: {24}id-mr-basicAttConstraintsMatch id-mr:55
+olcObjectIdentifier: {25}id-mr-delegatedNameConstraintsMatch id-mr:56
+olcObjectIdentifier: {26}id-mr-timeSpecMatch id-mr:57
+olcObjectIdentifier: {27}id-mr-attDescriptorMatch id-mr:58
+olcObjectIdentifier: {28}id-mr-acceptableCertPoliciesMatch id-mr:59
+olcObjectIdentifier: {29}id-mr-delegationPathMatch id-mr:61
+olcObjectIdentifier: {30}id-mr-sOAIdentifierMatch id-mr:66
+olcObjectIdentifier: {31}id-mr-indirectIssuerMatch id-mr:67
+olcObjectIdentifier: {32}AttributeCertificate 1.3.6.1.4.1.4203.666.11.10.2.1
+olcObjectIdentifier: {33}CertificateList 1.3.6.1.4.1.1466.115.121.1.9
+olcObjectIdentifier: {34}AttCertPath 1.3.6.1.4.1.4203.666.11.10.2.4
+olcObjectIdentifier: {35}PolicySyntax 1.3.6.1.4.1.4203.666.11.10.2.5
+olcObjectIdentifier: {36}RoleSyntax 1.3.6.1.4.1.4203.666.11.10.2.6
+olcLdapSyntaxes: {0}( 1.3.6.1.4.1.4203.666.11.10.2.4 DESC 'X.509 PMI attribute
+ cartificate path: SEQUENCE OF AttributeCertificate' X-SUBST '1.3.6.1.4.1.146
+ 6.115.121.1.15' )
+olcLdapSyntaxes: {1}( 1.3.6.1.4.1.4203.666.11.10.2.5 DESC 'X.509 PMI policy sy
+ ntax' X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+olcLdapSyntaxes: {2}( 1.3.6.1.4.1.4203.666.11.10.2.6 DESC 'X.509 PMI role synt
+ ax' X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+olcAttributeTypes: {0}( id-at-role NAME 'role' DESC 'X.509 Role attribute, use
+ ;binary' SYNTAX RoleSyntax )
+olcAttributeTypes: {1}( id-at-xMLPrivilegeInfo NAME 'xmlPrivilegeInfo' DESC 'X
+ .509 XML privilege information attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1
+ 5 )
+olcAttributeTypes: {2}( id-at-attributeCertificate NAME 'attributeCertificateA
+ ttribute' DESC 'X.509 Attribute certificate attribute, use ;binary' EQUALITY
+ attributeCertificateExactMatch SYNTAX AttributeCertificate )
+olcAttributeTypes: {3}( id-at-aACertificate NAME 'aACertificate' DESC 'X.509 A
+ A certificate attribute, use ;binary' EQUALITY attributeCertificateExactMatch
+ SYNTAX AttributeCertificate )
+olcAttributeTypes: {4}( id-at-attributeDescriptorCertificate NAME 'attributeDe
+ scriptorCertificate' DESC 'X.509 Attribute descriptor certificate attribute,
+ use ;binary' EQUALITY attributeCertificateExactMatch SYNTAX AttributeCertific
+ ate )
+olcAttributeTypes: {5}( id-at-attributeCertificateRevocationList NAME 'attribu
+ teCertificateRevocationList' DESC 'X.509 Attribute certificate revocation lis
+ t attribute, use ;binary' SYNTAX CertificateList X-EQUALITY 'certificateListE
+ xactMatch, not implemented yet' )
+olcAttributeTypes: {6}( id-at-attributeAuthorityRevocationList NAME 'attribute
+ AuthorityRevocationList' DESC 'X.509 AA certificate revocation list attribute
+ , use ;binary' SYNTAX CertificateList X-EQUALITY 'certificateListExactMatch,
+ not implemented yet' )
+olcAttributeTypes: {7}( id-at-delegationPath NAME 'delegationPath' DESC 'X.509
+ Delegation path attribute, use ;binary' SYNTAX AttCertPath )
+olcAttributeTypes: {8}( id-at-privPolicy NAME 'privPolicy' DESC 'X.509 Privile
+ ge policy attribute, use ;binary' SYNTAX PolicySyntax )
+olcAttributeTypes: {9}( id-at-protPrivPolicy NAME 'protPrivPolicy' DESC 'X.509
+ Protected privilege policy attribute, use ;binary' EQUALITY attributeCertifi
+ cateExactMatch SYNTAX AttributeCertificate )
+olcAttributeTypes: {10}( id-at-xMLPprotPrivPolicy NAME 'xmlPrivPolicy' DESC 'X
+ .509 XML Protected privilege policy attribute' SYNTAX 1.3.6.1.4.1.1466.115.12
+ 1.1.15 )
+olcObjectClasses: {0}( id-oc-pmiUser NAME 'pmiUser' DESC 'X.509 PMI user objec
+ t class' SUP top AUXILIARY MAY attributeCertificateAttribute )
+olcObjectClasses: {1}( id-oc-pmiAA NAME 'pmiAA' DESC 'X.509 PMI AA object clas
+ s' SUP top AUXILIARY MAY ( aACertificate $ attributeCertificateRevocationList
+ $ attributeAuthorityRevocationList ) )
+olcObjectClasses: {2}( id-oc-pmiSOA NAME 'pmiSOA' DESC 'X.509 PMI SOA object c
+ lass' SUP top AUXILIARY MAY ( attributeCertificateRevocationList $ attributeA
+ uthorityRevocationList $ attributeDescriptorCertificate ) )
+olcObjectClasses: {3}( id-oc-attCertCRLDistributionPts NAME 'attCertCRLDistrib
+ utionPt' DESC 'X.509 Attribute certificate CRL distribution point object clas
+ s' SUP top AUXILIARY MAY ( attributeCertificateRevocationList $ attributeAuth
+ orityRevocationList ) )
+olcObjectClasses: {4}( id-oc-pmiDelegationPath NAME 'pmiDelegationPath' DESC '
+ X.509 PMI delegation path' SUP top AUXILIARY MAY delegationPath )
+olcObjectClasses: {5}( id-oc-privilegePolicy NAME 'privilegePolicy' DESC 'X.50
+ 9 Privilege policy object class' SUP top AUXILIARY MAY privPolicy )
+olcObjectClasses: {6}( id-oc-protectedPrivilegePolicy NAME 'protectedPrivilege
+ Policy' DESC 'X.509 Protected privilege policy object class' SUP top AUXILIAR
+ Y MAY protPrivPolicy )
diff --git a/ldap/data/ldap_conf/schema/pmi.schema b/ldap/data/ldap_conf/schema/pmi.schema
new file mode 100644
index 0000000..bc3ca0b
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/pmi.schema
@@ -0,0 +1,476 @@
+# OpenLDAP X.509 PMI schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text claiming copyright by the Internet Society and including
+# the IETF RFC license, which does not meet Debian's Free Software
+# Guidelines. However, apart from short and obvious comments, the text of
+# this file is purely a functional interface specification, which is not
+# subject to that license and is not copyrightable under US law.
+#
+# The license statement is retained below so as not to remove credit, but
+# as best as we can determine, it is not applicable to the contents of
+# this file.
+
+## Portions Copyright (C) The Internet Society (1997-2006).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works. However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be
+## followed, or as required to translate it into languages other than
+## English.
+##
+## The limited permissions granted above are perpetual and will not be
+## revoked by the Internet Society or its successors or assigns.
+##
+## This document and the information contained herein is provided on an
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+#
+#
+# Includes LDAPv3 schema items from:
+# ITU X.509 (08/2005)
+#
+## X.509 (08/2005) pp. 120-121
+##
+## -- object identifier assignments --
+## -- object classes --
+## id-oc-pmiUser OBJECT IDENTIFIER ::= {id-oc 24}
+## id-oc-pmiAA OBJECT IDENTIFIER ::= {id-oc 25}
+## id-oc-pmiSOA OBJECT IDENTIFIER ::= {id-oc 26}
+## id-oc-attCertCRLDistributionPts OBJECT IDENTIFIER ::= {id-oc 27}
+## id-oc-privilegePolicy OBJECT IDENTIFIER ::= {id-oc 32}
+## id-oc-pmiDelegationPath OBJECT IDENTIFIER ::= {id-oc 33}
+## id-oc-protectedPrivilegePolicy OBJECT IDENTIFIER ::= {id-oc 34}
+## -- directory attributes --
+## id-at-attributeCertificate OBJECT IDENTIFIER ::= {id-at 58}
+## id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59}
+## id-at-aACertificate OBJECT IDENTIFIER ::= {id-at 61}
+## id-at-attributeDescriptorCertificate OBJECT IDENTIFIER ::= {id-at 62}
+## id-at-attributeAuthorityRevocationList OBJECT IDENTIFIER ::= {id-at 63}
+## id-at-privPolicy OBJECT IDENTIFIER ::= {id-at 71}
+## id-at-role OBJECT IDENTIFIER ::= {id-at 72}
+## id-at-delegationPath OBJECT IDENTIFIER ::= {id-at 73}
+## id-at-protPrivPolicy OBJECT IDENTIFIER ::= {id-at 74}
+## id-at-xMLPrivilegeInfo OBJECT IDENTIFIER ::= {id-at 75}
+## id-at-xMLPprotPrivPolicy OBJECT IDENTIFIER ::= {id-at 76}
+## -- attribute certificate extensions --
+## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38}
+## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39}
+## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41}
+## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42}
+## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43}
+## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48}
+## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49}
+## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50}
+## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52}
+## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55}
+## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56}
+## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57}
+## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61}
+## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62}
+## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64}
+## -- PMI matching rules --
+## id-mr-attributeCertificateMatch OBJECT IDENTIFIER ::= {id-mr 42}
+## id-mr-attributeCertificateExactMatch OBJECT IDENTIFIER ::= {id-mr 45}
+## id-mr-holderIssuerMatch OBJECT IDENTIFIER ::= {id-mr 46}
+## id-mr-authAttIdMatch OBJECT IDENTIFIER ::= {id-mr 53}
+## id-mr-roleSpecCertIdMatch OBJECT IDENTIFIER ::= {id-mr 54}
+## id-mr-basicAttConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 55}
+## id-mr-delegatedNameConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 56}
+## id-mr-timeSpecMatch OBJECT IDENTIFIER ::= {id-mr 57}
+## id-mr-attDescriptorMatch OBJECT IDENTIFIER ::= {id-mr 58}
+## id-mr-acceptableCertPoliciesMatch OBJECT IDENTIFIER ::= {id-mr 59}
+## id-mr-delegationPathMatch OBJECT IDENTIFIER ::= {id-mr 61}
+## id-mr-sOAIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 66}
+## id-mr-indirectIssuerMatch OBJECT IDENTIFIER ::= {id-mr 67}
+##
+##
+## X.509 (08/2005) pp. 71, 86-89
+##
+## 14.4.1 Role attribute
+## role ATTRIBUTE ::= {
+## WITH SYNTAX RoleSyntax
+## ID id-at-role }
+## RoleSyntax ::= SEQUENCE {
+## roleAuthority [0] GeneralNames OPTIONAL,
+## roleName [1] GeneralName }
+##
+## 14.5 XML privilege information attribute
+## xmlPrivilegeInfo ATTRIBUTE ::= {
+## WITH SYNTAX UTF8String -- contains XML-encoded privilege information
+## ID id-at-xMLPrivilegeInfo }
+##
+## 17.1 PMI directory object classes
+##
+## 17.1.1 PMI user object class
+## pmiUser OBJECT-CLASS ::= {
+## -- a PMI user (i.e., a "holder")
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {attributeCertificateAttribute}
+## ID id-oc-pmiUser }
+##
+## 17.1.2 PMI AA object class
+## pmiAA OBJECT-CLASS ::= {
+## -- a PMI AA
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {aACertificate |
+## attributeCertificateRevocationList |
+## attributeAuthorityRevocationList}
+## ID id-oc-pmiAA }
+##
+## 17.1.3 PMI SOA object class
+## pmiSOA OBJECT-CLASS ::= { -- a PMI Source of Authority
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {attributeCertificateRevocationList |
+## attributeAuthorityRevocationList |
+## attributeDescriptorCertificate}
+## ID id-oc-pmiSOA }
+##
+## 17.1.4 Attribute certificate CRL distribution point object class
+## attCertCRLDistributionPt OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN { attributeCertificateRevocationList |
+## attributeAuthorityRevocationList }
+## ID id-oc-attCertCRLDistributionPts }
+##
+## 17.1.5 PMI delegation path
+## pmiDelegationPath OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN { delegationPath }
+## ID id-oc-pmiDelegationPath }
+##
+## 17.1.6 Privilege policy object class
+## privilegePolicy OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {privPolicy }
+## ID id-oc-privilegePolicy }
+##
+## 17.1.7 Protected privilege policy object class
+## protectedPrivilegePolicy OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {protPrivPolicy }
+## ID id-oc-protectedPrivilegePolicy }
+##
+## 17.2 PMI Directory attributes
+##
+## 17.2.1 Attribute certificate attribute
+## attributeCertificateAttribute ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-attributeCertificate }
+##
+## 17.2.2 AA certificate attribute
+## aACertificate ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-aACertificate }
+##
+## 17.2.3 Attribute descriptor certificate attribute
+## attributeDescriptorCertificate ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-attributeDescriptorCertificate }
+##
+## 17.2.4 Attribute certificate revocation list attribute
+## attributeCertificateRevocationList ATTRIBUTE ::= {
+## WITH SYNTAX CertificateList
+## EQUALITY MATCHING RULE certificateListExactMatch
+## ID id-at-attributeCertificateRevocationList}
+##
+## 17.2.5 AA certificate revocation list attribute
+## attributeAuthorityRevocationList ATTRIBUTE ::= {
+## WITH SYNTAX CertificateList
+## EQUALITY MATCHING RULE certificateListExactMatch
+## ID id-at-attributeAuthorityRevocationList }
+##
+## 17.2.6 Delegation path attribute
+## delegationPath ATTRIBUTE ::= {
+## WITH SYNTAX AttCertPath
+## ID id-at-delegationPath }
+## AttCertPath ::= SEQUENCE OF AttributeCertificate
+##
+## 17.2.7 Privilege policy attribute
+## privPolicy ATTRIBUTE ::= {
+## WITH SYNTAX PolicySyntax
+## ID id-at-privPolicy }
+##
+## 17.2.8 Protected privilege policy attribute
+## protPrivPolicy ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-protPrivPolicy }
+##
+## 17.2.9 XML Protected privilege policy attribute
+## xmlPrivPolicy ATTRIBUTE ::= {
+## WITH SYNTAX UTF8String -- contains XML-encoded privilege policy information
+## ID id-at-xMLPprotPrivPolicy }
+##
+
+## -- object identifier assignments --
+## -- object classes --
+objectidentifier id-oc-pmiUser 2.5.6.24
+objectidentifier id-oc-pmiAA 2.5.6.25
+objectidentifier id-oc-pmiSOA 2.5.6.26
+objectidentifier id-oc-attCertCRLDistributionPts 2.5.6.27
+objectidentifier id-oc-privilegePolicy 2.5.6.32
+objectidentifier id-oc-pmiDelegationPath 2.5.6.33
+objectidentifier id-oc-protectedPrivilegePolicy 2.5.6.34
+## -- directory attributes --
+objectidentifier id-at-attributeCertificate 2.5.4.58
+objectidentifier id-at-attributeCertificateRevocationList 2.5.4.59
+objectidentifier id-at-aACertificate 2.5.4.61
+objectidentifier id-at-attributeDescriptorCertificate 2.5.4.62
+objectidentifier id-at-attributeAuthorityRevocationList 2.5.4.63
+objectidentifier id-at-privPolicy 2.5.4.71
+objectidentifier id-at-role 2.5.4.72
+objectidentifier id-at-delegationPath 2.5.4.73
+objectidentifier id-at-protPrivPolicy 2.5.4.74
+objectidentifier id-at-xMLPrivilegeInfo 2.5.4.75
+objectidentifier id-at-xMLPprotPrivPolicy 2.5.4.76
+## -- attribute certificate extensions --
+## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38}
+## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39}
+## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41}
+## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42}
+## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43}
+## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48}
+## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49}
+## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50}
+## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52}
+## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55}
+## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56}
+## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57}
+## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61}
+## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62}
+## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64}
+## -- PMI matching rules --
+objectidentifier id-mr 2.5.13
+objectidentifier id-mr-attributeCertificateMatch id-mr:42
+objectidentifier id-mr-attributeCertificateExactMatch id-mr:45
+objectidentifier id-mr-holderIssuerMatch id-mr:46
+objectidentifier id-mr-authAttIdMatch id-mr:53
+objectidentifier id-mr-roleSpecCertIdMatch id-mr:54
+objectidentifier id-mr-basicAttConstraintsMatch id-mr:55
+objectidentifier id-mr-delegatedNameConstraintsMatch id-mr:56
+objectidentifier id-mr-timeSpecMatch id-mr:57
+objectidentifier id-mr-attDescriptorMatch id-mr:58
+objectidentifier id-mr-acceptableCertPoliciesMatch id-mr:59
+objectidentifier id-mr-delegationPathMatch id-mr:61
+objectidentifier id-mr-sOAIdentifierMatch id-mr:66
+objectidentifier id-mr-indirectIssuerMatch id-mr:67
+## -- syntaxes --
+## NOTE: 1.3.6.1.4.1.4203.666.11.10 is the oid arc assigned by OpenLDAP
+## to this work in progress
+objectidentifier AttributeCertificate 1.3.6.1.4.1.4203.666.11.10.2.1
+objectidentifier CertificateList 1.3.6.1.4.1.1466.115.121.1.9
+objectidentifier AttCertPath 1.3.6.1.4.1.4203.666.11.10.2.4
+objectidentifier PolicySyntax 1.3.6.1.4.1.4203.666.11.10.2.5
+objectidentifier RoleSyntax 1.3.6.1.4.1.4203.666.11.10.2.6
+# NOTE: OIDs from <draft-ietf-pkix-ldap-schema-02.txt> (expired)
+#objectidentifier AttributeCertificate 1.2.826.0.1.3344810.7.5
+#objectidentifier AttCertPath 1.2.826.0.1.3344810.7.10
+#objectidentifier PolicySyntax 1.2.826.0.1.3344810.7.17
+#objectidentifier RoleSyntax 1.2.826.0.1.3344810.7.13
+##
+## Substitute syntaxes
+##
+## AttCertPath
+ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.4
+ NAME 'AttCertPath'
+ DESC 'X.509 PMI attribute cartificate path: SEQUENCE OF AttributeCertificate'
+ X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+##
+## PolicySyntax
+ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.5
+ NAME 'PolicySyntax'
+ DESC 'X.509 PMI policy syntax'
+ X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+##
+## RoleSyntax
+ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.6
+ NAME 'RoleSyntax'
+ DESC 'X.509 PMI role syntax'
+ X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+##
+## X.509 (08/2005) pp. 71, 86-89
+##
+## 14.4.1 Role attribute
+attributeType ( id-at-role
+ NAME 'role'
+ DESC 'X.509 Role attribute, use ;binary'
+ SYNTAX RoleSyntax )
+##
+## 14.5 XML privilege information attribute
+## -- contains XML-encoded privilege information
+attributeType ( id-at-xMLPrivilegeInfo
+ NAME 'xmlPrivilegeInfo'
+ DESC 'X.509 XML privilege information attribute'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+##
+## 17.2 PMI Directory attributes
+##
+## 17.2.1 Attribute certificate attribute
+attributeType ( id-at-attributeCertificate
+ NAME 'attributeCertificateAttribute'
+ DESC 'X.509 Attribute certificate attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.2 AA certificate attribute
+attributeType ( id-at-aACertificate
+ NAME 'aACertificate'
+ DESC 'X.509 AA certificate attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.3 Attribute descriptor certificate attribute
+attributeType ( id-at-attributeDescriptorCertificate
+ NAME 'attributeDescriptorCertificate'
+ DESC 'X.509 Attribute descriptor certificate attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.4 Attribute certificate revocation list attribute
+attributeType ( id-at-attributeCertificateRevocationList
+ NAME 'attributeCertificateRevocationList'
+ DESC 'X.509 Attribute certificate revocation list attribute, use ;binary'
+ SYNTAX CertificateList
+ X-EQUALITY 'certificateListExactMatch, not implemented yet' )
+##
+## 17.2.5 AA certificate revocation list attribute
+attributeType ( id-at-attributeAuthorityRevocationList
+ NAME 'attributeAuthorityRevocationList'
+ DESC 'X.509 AA certificate revocation list attribute, use ;binary'
+ SYNTAX CertificateList
+ X-EQUALITY 'certificateListExactMatch, not implemented yet' )
+##
+## 17.2.6 Delegation path attribute
+attributeType ( id-at-delegationPath
+ NAME 'delegationPath'
+ DESC 'X.509 Delegation path attribute, use ;binary'
+ SYNTAX AttCertPath )
+## AttCertPath ::= SEQUENCE OF AttributeCertificate
+##
+## 17.2.7 Privilege policy attribute
+attributeType ( id-at-privPolicy
+ NAME 'privPolicy'
+ DESC 'X.509 Privilege policy attribute, use ;binary'
+ SYNTAX PolicySyntax )
+##
+## 17.2.8 Protected privilege policy attribute
+attributeType ( id-at-protPrivPolicy
+ NAME 'protPrivPolicy'
+ DESC 'X.509 Protected privilege policy attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.9 XML Protected privilege policy attribute
+## -- contains XML-encoded privilege policy information
+attributeType ( id-at-xMLPprotPrivPolicy
+ NAME 'xmlPrivPolicy'
+ DESC 'X.509 XML Protected privilege policy attribute'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+##
+## 17.1 PMI directory object classes
+##
+## 17.1.1 PMI user object class
+## -- a PMI user (i.e., a "holder")
+objectClass ( id-oc-pmiUser
+ NAME 'pmiUser'
+ DESC 'X.509 PMI user object class'
+ SUP top
+ AUXILIARY
+ MAY ( attributeCertificateAttribute ) )
+##
+## 17.1.2 PMI AA object class
+## -- a PMI AA
+objectClass ( id-oc-pmiAA
+ NAME 'pmiAA'
+ DESC 'X.509 PMI AA object class'
+ SUP top
+ AUXILIARY
+ MAY ( aACertificate $
+ attributeCertificateRevocationList $
+ attributeAuthorityRevocationList
+ ) )
+##
+## 17.1.3 PMI SOA object class
+## -- a PMI Source of Authority
+objectClass ( id-oc-pmiSOA
+ NAME 'pmiSOA'
+ DESC 'X.509 PMI SOA object class'
+ SUP top
+ AUXILIARY
+ MAY ( attributeCertificateRevocationList $
+ attributeAuthorityRevocationList $
+ attributeDescriptorCertificate
+ ) )
+##
+## 17.1.4 Attribute certificate CRL distribution point object class
+objectClass ( id-oc-attCertCRLDistributionPts
+ NAME 'attCertCRLDistributionPt'
+ DESC 'X.509 Attribute certificate CRL distribution point object class'
+ SUP top
+ AUXILIARY
+ MAY ( attributeCertificateRevocationList $
+ attributeAuthorityRevocationList
+ ) )
+##
+## 17.1.5 PMI delegation path
+objectClass ( id-oc-pmiDelegationPath
+ NAME 'pmiDelegationPath'
+ DESC 'X.509 PMI delegation path'
+ SUP top
+ AUXILIARY
+ MAY ( delegationPath ) )
+##
+## 17.1.6 Privilege policy object class
+objectClass ( id-oc-privilegePolicy
+ NAME 'privilegePolicy'
+ DESC 'X.509 Privilege policy object class'
+ SUP top
+ AUXILIARY
+ MAY ( privPolicy ) )
+##
+## 17.1.7 Protected privilege policy object class
+objectClass ( id-oc-protectedPrivilegePolicy
+ NAME 'protectedPrivilegePolicy'
+ DESC 'X.509 Protected privilege policy object class'
+ SUP top
+ AUXILIARY
+ MAY ( protPrivPolicy ) )
+
diff --git a/ldap/data/ldap_conf/schema/ppolicy.ldif b/ldap/data/ldap_conf/schema/ppolicy.ldif
new file mode 100644
index 0000000..6559529
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/ppolicy.ldif
@@ -0,0 +1,84 @@
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2004-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (2004).
+## Please see full copyright statement below.
+#
+# Definitions from Draft behera-ldap-password-policy-07 (a work in progress)
+# Password Policy for LDAP Directories
+# With extensions from Hewlett-Packard:
+# pwdCheckModule etc.
+#
+# Contents of this file are subject to change (including deletion)
+# without notice.
+#
+# Not recommended for production use!
+# Use with extreme caution!
+#
+# This file was automatically generated from ppolicy.schema; see that file
+# for complete references.
+#
+dn: cn=ppolicy,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: ppolicy
+olcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.8.1.1 NAME 'pwdAttribute' EQUALITY
+ objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+olcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.8.1.2 NAME 'pwdMinAge' EQUALITY in
+ tegerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+olcAttributeTypes: {2}( 1.3.6.1.4.1.42.2.27.8.1.3 NAME 'pwdMaxAge' EQUALITY in
+ tegerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+olcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.8.1.4 NAME 'pwdInHistory' EQUALITY
+ integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
+ .27 SINGLE-VALUE )
+olcAttributeTypes: {4}( 1.3.6.1.4.1.42.2.27.8.1.5 NAME 'pwdCheckQuality' EQUAL
+ ITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.12
+ 1.1.27 SINGLE-VALUE )
+olcAttributeTypes: {5}( 1.3.6.1.4.1.42.2.27.8.1.6 NAME 'pwdMinLength' EQUALITY
+ integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
+ 1.27 SINGLE-VALUE )
+olcAttributeTypes: {6}( 1.3.6.1.4.1.42.2.27.8.1.7 NAME 'pwdExpireWarning' EQUA
+ LITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.
+ 121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {7}( 1.3.6.1.4.1.42.2.27.8.1.8 NAME 'pwdGraceAuthNLimit' EQ
+ UALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.11
+ 5.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {8}( 1.3.6.1.4.1.42.2.27.8.1.9 NAME 'pwdLockout' EQUALITY b
+ ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {9}( 1.3.6.1.4.1.42.2.27.8.1.10 NAME 'pwdLockoutDuration' E
+ QUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.1
+ 15.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {10}( 1.3.6.1.4.1.42.2.27.8.1.11 NAME 'pwdMaxFailure' EQUAL
+ ITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.1
+ 21.1.27 SINGLE-VALUE )
+olcAttributeTypes: {11}( 1.3.6.1.4.1.42.2.27.8.1.12 NAME 'pwdFailureCountInter
+ val' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.
+ 1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {12}( 1.3.6.1.4.1.42.2.27.8.1.13 NAME 'pwdMustChange' EQUAL
+ ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {13}( 1.3.6.1.4.1.42.2.27.8.1.14 NAME 'pwdAllowUserChange'
+ EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {14}( 1.3.6.1.4.1.42.2.27.8.1.15 NAME 'pwdSafeModify' EQUAL
+ ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {15}( 1.3.6.1.4.1.4754.1.99.1 NAME 'pwdCheckModule' DESC 'L
+ oadable module that instantiates "check_password() function' EQUALITY caseExa
+ ctIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcObjectClasses: {0}( 1.3.6.1.4.1.4754.2.99.1 NAME 'pwdPolicyChecker' SUP top
+ AUXILIARY MAY pwdCheckModule )
+olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.8.2.1 NAME 'pwdPolicy' SUP top AUXI
+ LIARY MUST pwdAttribute MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheck
+ Quality $ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout $
+ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ pwdMustChange
+ $ pwdAllowUserChange $ pwdSafeModify ) )
diff --git a/ldap/data/ldap_conf/schema/ppolicy.schema b/ldap/data/ldap_conf/schema/ppolicy.schema
new file mode 100644
index 0000000..8720a22
--- /dev/null
+++ b/ldap/data/ldap_conf/schema/ppolicy.schema
@@ -0,0 +1,159 @@
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/ppolicy.schema,v 1.2.2.4 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2004-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (2004).
+## Please see full copyright statement below.
+
+# Definitions from Draft behera-ldap-password-policy-07 (a work in progress)
+# Password Policy for LDAP Directories
+# With extensions from Hewlett-Packard:
+# pwdCheckModule etc.
+
+# Contents of this file are subject to change (including deletion)
+# without notice.
+#
+# Not recommended for production use!
+# Use with extreme caution!
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF Internet-Draft explaining the schema.
+# Unfortunately, that text is covered by a license that doesn't meet
+# Debian's Free Software Guidelines. This is a stripped version of the
+# schema that contains only the functional schema definition, not the text
+# of the Internet-Draft.
+#
+# For an explanation of this schema, see
+# draft-behera-ldap-password-policy-08.txt.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.1
+ NAME 'pwdAttribute'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.2
+ NAME 'pwdMinAge'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.3
+ NAME 'pwdMaxAge'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.4
+ NAME 'pwdInHistory'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.5
+ NAME 'pwdCheckQuality'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.6
+ NAME 'pwdMinLength'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.7
+ NAME 'pwdExpireWarning'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.8
+ NAME 'pwdGraceAuthNLimit'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.9
+ NAME 'pwdLockout'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.10
+ NAME 'pwdLockoutDuration'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.11
+ NAME 'pwdMaxFailure'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.12
+ NAME 'pwdFailureCountInterval'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.13
+ NAME 'pwdMustChange'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.14
+ NAME 'pwdAllowUserChange'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.15
+ NAME 'pwdSafeModify'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.4754.1.99.1
+ NAME 'pwdCheckModule'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ DESC 'Loadable module that instantiates "check_password() function'
+ SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.4754.2.99.1
+ NAME 'pwdPolicyChecker'
+ SUP top
+ AUXILIARY
+ MAY ( pwdCheckModule ) )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.8.2.1
+ NAME 'pwdPolicy'
+ SUP top
+ AUXILIARY
+ MUST ( pwdAttribute )
+ MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $
+ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout
+ $ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $
+ pwdMustChange $ pwdAllowUserChange $ pwdSafeModify ) )
diff --git a/ldap/data/ldap_conf/slapd.d/cn=config.ldif b/ldap/data/ldap_conf/slapd.d/cn=config.ldif
new file mode 100644
index 0000000..7bd72ac
--- /dev/null
+++ b/ldap/data/ldap_conf/slapd.d/cn=config.ldif
@@ -0,0 +1,16 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 b5bf1103
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+olcArgsFile: /var/run/slapd/slapd.args
+olcLogLevel: none
+olcPidFile: /var/run/slapd/slapd.pid
+olcToolThreads: 1
+structuralObjectClass: olcGlobal
+entryUUID: 352fd2c6-4b40-1035-97eb-87e18fb4723c
+creatorsName: cn=config
+createTimestamp: 20160109171438Z
+entryCSN: 20160109171438.298036Z#000000#000#000000
+modifiersName: cn=config
+modifyTimestamp: 20160109171438Z
diff --git a/ldap/data/ldap_conf/slapd.d/cn=config/cn=module{0}.ldif b/ldap/data/ldap_conf/slapd.d/cn=config/cn=module{0}.ldif
new file mode 100644
index 0000000..d21f950
--- /dev/null
+++ b/ldap/data/ldap_conf/slapd.d/cn=config/cn=module{0}.ldif
@@ -0,0 +1,14 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 00e54b7f
+dn: cn=module{0}
+objectClass: olcModuleList
+cn: module{0}
+olcModulePath: /usr/lib/ldap
+olcModuleLoad: {0}back_mdb
+structuralObjectClass: olcModuleList
+entryUUID: 35309bde-4b40-1035-97f3-87e18fb4723c
+creatorsName: cn=admin,cn=config
+createTimestamp: 20160109171438Z
+entryCSN: 20160109171438.303274Z#000000#000#000000
+modifiersName: cn=admin,cn=config
+modifyTimestamp: 20160109171438Z
diff --git a/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema.ldif b/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema.ldif
new file mode 100644
index 0000000..4b2091b
--- /dev/null
+++ b/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema.ldif
@@ -0,0 +1,12 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 cd0f551e
+dn: cn=schema
+objectClass: olcSchemaConfig
+cn: schema
+structuralObjectClass: olcSchemaConfig
+entryUUID: 352feeaa-4b40-1035-97ee-87e18fb4723c
+creatorsName: cn=admin,cn=config
+createTimestamp: 20160109171438Z
+entryCSN: 20160109171438.298859Z#000000#000#000000
+modifiersName: cn=admin,cn=config
+modifyTimestamp: 20160109171438Z
diff --git a/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={0}core.ldif b/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={0}core.ldif
new file mode 100644
index 0000000..ce134d8
--- /dev/null
+++ b/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={0}core.ldif
@@ -0,0 +1,249 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 e10062b8
+dn: cn={0}core
+objectClass: olcSchemaConfig
+cn: {0}core
+olcAttributeTypes: {0}( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: k
+ nowledge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.
+ 121.1.15{32768} )
+olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last
+ (family) name(s) for which the entity is known by' SUP name )
+olcAttributeTypes: {2}( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial nu
+ mber of the entity' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat
+ ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
+olcAttributeTypes: {3}( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC4519: tw
+ o-letter ISO-3166 country code' SUP name SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 11 SINGLE-VALUE )
+olcAttributeTypes: {4}( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256: l
+ ocality which this object resides in' SUP name )
+olcAttributeTypes: {5}( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'RF
+ C2256: state or province which this object resides in' SUP name )
+olcAttributeTypes: {6}( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC 'RFC2
+ 256: street address of this object' EQUALITY caseIgnoreMatch SUBSTR caseIgn
+ oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+olcAttributeTypes: {7}( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC22
+ 56: organization this object belongs to' SUP name )
+olcAttributeTypes: {8}( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC
+ 'RFC2256: organizational unit this object belongs to' SUP name )
+olcAttributeTypes: {9}( 2.5.4.12 NAME 'title' DESC 'RFC2256: title associate
+ d with the entity' SUP name )
+olcAttributeTypes: {10}( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search g
+ uide, deprecated by enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 25 )
+olcAttributeTypes: {11}( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256: bus
+ iness category' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S
+ YNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+olcAttributeTypes: {12}( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256: postal
+ address' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+olcAttributeTypes: {13}( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal co
+ de' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.
+ 1.4.1.1466.115.121.1.15{40} )
+olcAttributeTypes: {14}( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post O
+ ffice Box' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
+ 1.3.6.1.4.1.1466.115.121.1.15{40} )
+olcAttributeTypes: {15}( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'RF
+ C2256: Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR caseI
+ gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+olcAttributeTypes: {16}( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256: Tele
+ phone Number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstring
+ sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
+olcAttributeTypes: {17}( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex Nu
+ mber' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
+olcAttributeTypes: {18}( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'RFC
+ 2256: Teletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
+olcAttributeTypes: {19}( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
+ DESC 'RFC2256: Facsimile (Fax) Telephone Number' SYNTAX 1.3.6.1.4.1.1466.11
+ 5.121.1.22 )
+olcAttributeTypes: {20}( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121 Ad
+ dress' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNT
+ AX 1.3.6.1.4.1.1466.115.121.1.36{15} )
+olcAttributeTypes: {21}( 2.5.4.25 NAME 'internationaliSDNNumber' DESC 'RFC22
+ 56: international ISDN number' EQUALITY numericStringMatch SUBSTR numericSt
+ ringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
+olcAttributeTypes: {22}( 2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256: re
+ gistered postal address' SUP postalAddress SYNTAX 1.3.6.1.4.1.1466.115.121.
+ 1.41 )
+olcAttributeTypes: {23}( 2.5.4.27 NAME 'destinationIndicator' DESC 'RFC2256:
+ destination indicator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring
+ sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
+olcAttributeTypes: {24}( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC 'RFC22
+ 56: preferred delivery method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SINGLE-
+ VALUE )
+olcAttributeTypes: {25}( 2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256:
+ presentation address' EQUALITY presentationAddressMatch SYNTAX 1.3.6.1.4.1.
+ 1466.115.121.1.43 SINGLE-VALUE )
+olcAttributeTypes: {26}( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'R
+ FC2256: supported application context' EQUALITY objectIdentifierMatch SYNTA
+ X 1.3.6.1.4.1.1466.115.121.1.38 )
+olcAttributeTypes: {27}( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a g
+ roup' SUP distinguishedName )
+olcAttributeTypes: {28}( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the
+ object)' SUP distinguishedName )
+olcAttributeTypes: {29}( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256: occupan
+ t of role' SUP distinguishedName )
+olcAttributeTypes: {30}( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256: X.50
+ 9 user certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.
+ 6.1.4.1.1466.115.121.1.8 )
+olcAttributeTypes: {31}( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256: X.509
+ CA certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.
+ 4.1.1466.115.121.1.8 )
+olcAttributeTypes: {32}( 2.5.4.38 NAME 'authorityRevocationList' DESC 'RFC22
+ 56: X.509 authority revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.1
+ 15.121.1.9 )
+olcAttributeTypes: {33}( 2.5.4.39 NAME 'certificateRevocationList' DESC 'RFC
+ 2256: X.509 certificate revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.14
+ 66.115.121.1.9 )
+olcAttributeTypes: {34}( 2.5.4.40 NAME 'crossCertificatePair' DESC 'RFC2256:
+ X.509 cross certificate pair, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121
+ .1.10 )
+olcAttributeTypes: {35}( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: f
+ irst name(s) for which the entity is known by' SUP name )
+olcAttributeTypes: {36}( 2.5.4.43 NAME 'initials' DESC 'RFC2256: initials of
+ some or all of names, but not the surname(s).' SUP name )
+olcAttributeTypes: {37}( 2.5.4.44 NAME 'generationQualifier' DESC 'RFC2256:
+ name qualifier indicating a generation' SUP name )
+olcAttributeTypes: {38}( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'RFC2256:
+ X.500 unique identifier' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.1
+ 15.121.1.6 )
+olcAttributeTypes: {39}( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN quali
+ fier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR case
+ IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+olcAttributeTypes: {40}( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'RFC2256:
+ enhanced search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
+olcAttributeTypes: {41}( 2.5.4.48 NAME 'protocolInformation' DESC 'RFC2256:
+ protocol information' EQUALITY protocolInformationMatch SYNTAX 1.3.6.1.4.1.
+ 1466.115.121.1.42 )
+olcAttributeTypes: {42}( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique
+ member of a group' EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.1
+ 21.1.34 )
+olcAttributeTypes: {43}( 2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256: hous
+ e identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYN
+ TAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+olcAttributeTypes: {44}( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'RFC2256:
+ supported algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
+olcAttributeTypes: {45}( 2.5.4.53 NAME 'deltaRevocationList' DESC 'RFC2256:
+ delta revocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+olcAttributeTypes: {46}( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name of DMD'
+ SUP name )
+olcAttributeTypes: {47}( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th): pseudon
+ ym for the object' SUP name )
+olcAttributeTypes: {48}( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mail
+ box' ) DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBST
+ R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ )
+olcAttributeTypes: {49}( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainCompo
+ nent' ) DESC 'RFC1274/2247: domain component' EQUALITY caseIgnoreIA5Match S
+ UBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SIN
+ GLE-VALUE )
+olcAttributeTypes: {50}( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
+ DESC 'RFC1274: domain associated with object' EQUALITY caseIgnoreIA5Match S
+ UBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {51}( 1.2.840.113549.1.9.1 NAME ( 'email' 'emailAddress'
+ 'pkcs9email' ) DESC 'RFC3280: legacy attribute for email addresses in DNs'
+ EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.
+ 6.1.4.1.1466.115.121.1.26{128} )
+olcObjectClasses: {0}( 2.5.6.2 NAME 'country' DESC 'RFC2256: a country' SUP
+ top STRUCTURAL MUST c MAY ( searchGuide $ description ) )
+olcObjectClasses: {1}( 2.5.6.3 NAME 'locality' DESC 'RFC2256: a locality' SU
+ P top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $ descriptio
+ n ) )
+olcObjectClasses: {2}( 2.5.6.4 NAME 'organization' DESC 'RFC2256: an organiz
+ ation' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $ seeAlso
+ $ businessCategory $ x121Address $ registeredAddress $ destinationIndicato
+ r $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ tel
+ ephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street
+ $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName
+ $ st $ l $ description ) )
+olcObjectClasses: {3}( 2.5.6.5 NAME 'organizationalUnit' DESC 'RFC2256: an o
+ rganizational unit' SUP top STRUCTURAL MUST ou MAY ( userPassword $ searchG
+ uide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ desti
+ nationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalId
+ entifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNu
+ mber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDelive
+ ryOfficeName $ st $ l $ description ) )
+olcObjectClasses: {4}( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person' SUP to
+ p STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAls
+ o $ description ) )
+olcObjectClasses: {5}( 2.5.6.7 NAME 'organizationalPerson' DESC 'RFC2256: an
+ organizational person' SUP person STRUCTURAL MAY ( title $ x121Address $ r
+ egisteredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNu
+ mber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumbe
+ r $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ posta
+ lAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
+olcObjectClasses: {6}( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256: an o
+ rganizational role' SUP top STRUCTURAL MUST cn MAY ( x121Address $ register
+ edAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
+ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ fac
+ simileTelephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $
+ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOffic
+ eName $ ou $ st $ l $ description ) )
+olcObjectClasses: {7}( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a group of
+ names (DNs)' SUP top STRUCTURAL MUST ( member $ cn ) MAY ( businessCategor
+ y $ seeAlso $ owner $ ou $ o $ description ) )
+olcObjectClasses: {8}( 2.5.6.10 NAME 'residentialPerson' DESC 'RFC2256: an r
+ esidential person' SUP person STRUCTURAL MUST l MAY ( businessCategory $ x1
+ 21Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMet
+ hod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internati
+ onaliSDNNumber $ facsimileTelephoneNumber $ preferredDeliveryMethod $ stree
+ t $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName
+ $ st $ l ) )
+olcObjectClasses: {9}( 2.5.6.11 NAME 'applicationProcess' DESC 'RFC2256: an
+ application process' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $ de
+ scription ) )
+olcObjectClasses: {10}( 2.5.6.12 NAME 'applicationEntity' DESC 'RFC2256: an
+ application entity' SUP top STRUCTURAL MUST ( presentationAddress $ cn ) MA
+ Y ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) )
+olcObjectClasses: {11}( 2.5.6.13 NAME 'dSA' DESC 'RFC2256: a directory syste
+ m agent (a server)' SUP applicationEntity STRUCTURAL MAY knowledgeInformati
+ on )
+olcObjectClasses: {12}( 2.5.6.14 NAME 'device' DESC 'RFC2256: a device' SUP
+ top STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $
+ description ) )
+olcObjectClasses: {13}( 2.5.6.15 NAME 'strongAuthenticationUser' DESC 'RFC22
+ 56: a strong authentication user' SUP top AUXILIARY MUST userCertificate )
+olcObjectClasses: {14}( 2.5.6.16 NAME 'certificationAuthority' DESC 'RFC2256
+ : a certificate authority' SUP top AUXILIARY MUST ( authorityRevocationList
+ $ certificateRevocationList $ cACertificate ) MAY crossCertificatePair )
+olcObjectClasses: {15}( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a
+ group of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST (
+ uniqueMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ de
+ scription ) )
+olcObjectClasses: {16}( 2.5.6.18 NAME 'userSecurityInformation' DESC 'RFC225
+ 6: a user security information' SUP top AUXILIARY MAY ( supportedAlgorithms
+ ) )
+olcObjectClasses: {17}( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP cert
+ ificationAuthority AUXILIARY MAY ( deltaRevocationList ) )
+olcObjectClasses: {18}( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTU
+ RAL MUST ( cn ) MAY ( certificateRevocationList $ authorityRevocationList $
+ deltaRevocationList ) )
+olcObjectClasses: {19}( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdNam
+ e ) MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Add
+ ress $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $
+ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationali
+ SDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode
+ $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+olcObjectClasses: {20}( 2.5.6.21 NAME 'pkiUser' DESC 'RFC2587: a PKI user' S
+ UP top AUXILIARY MAY userCertificate )
+olcObjectClasses: {21}( 2.5.6.22 NAME 'pkiCA' DESC 'RFC2587: PKI certificate
+ authority' SUP top AUXILIARY MAY ( authorityRevocationList $ certificateRe
+ vocationList $ cACertificate $ crossCertificatePair ) )
+olcObjectClasses: {22}( 2.5.6.23 NAME 'deltaCRL' DESC 'RFC2587: PKI user' SU
+ P top AUXILIARY MAY deltaRevocationList )
+olcObjectClasses: {23}( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' DESC 'R
+ FC2079: object that contains the URI attribute type' MAY ( labeledURI ) SUP
+ top AUXILIARY )
+olcObjectClasses: {24}( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObjec
+ t' DESC 'RFC1274: simple security object' SUP top AUXILIARY MUST userPasswo
+ rd )
+olcObjectClasses: {25}( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'RFC2247:
+ domain component object' SUP top AUXILIARY MUST dc )
+olcObjectClasses: {26}( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid ob
+ ject' SUP top AUXILIARY MUST uid )
+structuralObjectClass: olcSchemaConfig
+entryUUID: 352ff0d0-4b40-1035-97ef-87e18fb4723c
+creatorsName: cn=admin,cn=config
+createTimestamp: 20160109171438Z
+entryCSN: 20160109171438.298896Z#000000#000#000000
+modifiersName: cn=admin,cn=config
+modifyTimestamp: 20160109171438Z
diff --git a/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif b/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif
new file mode 100644
index 0000000..c3606cb
--- /dev/null
+++ b/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif
@@ -0,0 +1,178 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 8d28ab18
+dn: cn={1}cosine
+objectClass: olcSchemaConfig
+cn: {1}cosine
+olcAttributeTypes: {0}( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress
+ ' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.
+ 4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {1}( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274:
+ general information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM
+ atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
+olcAttributeTypes: {2}( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteD
+ rink' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR case
+ IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {3}( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RF
+ C1274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat
+ ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {4}( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274
+ : photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
+olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC
+ 1274: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring
+ sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {6}( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274:
+ host computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S
+ YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {7}( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC1
+ 274: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466
+ .115.121.1.12 )
+olcAttributeTypes: {8}( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
+ DESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUB
+ STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {9}( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC
+ 'RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub
+ stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {10}( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' D
+ ESC 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgno
+ reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {11}( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DE
+ SC 'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNT
+ AX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: {12}( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
+ DESC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBS
+ TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {13}( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'home
+ TelephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephone
+ NumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.1
+ 15.121.1.50 )
+olcAttributeTypes: {14}( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'R
+ FC1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1
+ .1466.115.121.1.12 )
+olcAttributeTypes: {15}( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNT
+ AX 1.3.6.1.4.1.1466.115.121.1.39 )
+olcAttributeTypes: {16}( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY
+ caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {17}( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY
+ caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {18}( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY
+ caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {19}( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY
+ caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {20}( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALIT
+ Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {21}( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUAL
+ ITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {22}( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DE
+ SC 'RFC1274: DN of entry associated with domain' EQUALITY distinguishedName
+ Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: {23}( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress'
+ DESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR ca
+ seIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+olcAttributeTypes: {24}( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DES
+ C 'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst
+ ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {25}( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileT
+ elephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephon
+ eNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.
+ 115.121.1.50 )
+olcAttributeTypes: {26}( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTel
+ ephoneNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNu
+ mberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115
+ .121.1.50 )
+olcAttributeTypes: {27}( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCou
+ ntryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: {28}( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
+ DESC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.
+ 1.1466.115.121.1.15{256} )
+olcAttributeTypes: {29}( 0.9.2342.19200300.100.1.45 NAME 'organizationalStat
+ us' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR c
+ aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {30}( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC
+ 'RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5S
+ ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+olcAttributeTypes: {31}( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOpti
+ on' DESC 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.
+ 1.27 )
+olcAttributeTypes: {32}( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC
+ 'RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs
+ tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {33}( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC '
+ RFC1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
+olcAttributeTypes: {34}( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality
+ ' DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13
+ SINGLE-VALUE )
+olcAttributeTypes: {35}( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQual
+ ity' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.12
+ 1.1.13 SINGLE-VALUE )
+olcAttributeTypes: {36}( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQual
+ ity' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.12
+ 1.1.13 SINGLE-VALUE )
+olcAttributeTypes: {37}( 0.9.2342.19200300.100.1.53 NAME 'personalSignature'
+ DESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.12
+ 1.1.23 )
+olcAttributeTypes: {38}( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC
+ 'RFC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.
+ 1466.115.121.1.12 )
+olcAttributeTypes: {39}( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC12
+ 74: audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
+olcAttributeTypes: {40}( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
+ DESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR case
+ IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcObjectClasses: {0}( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPi
+ lotPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rf
+ c822Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber
+ $ homePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod
+ $ businessCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $
+ pagerTelephoneNumber $ organizationalStatus $ mailPreferenceOption $ person
+ alSignature ) )
+olcObjectClasses: {1}( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRU
+ CTURAL MUST userid MAY ( description $ seeAlso $ localityName $ organizatio
+ nName $ organizationalUnitName $ host ) )
+olcObjectClasses: {2}( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STR
+ UCTURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $
+ localityName $ organizationName $ organizationalUnitName $ documentTitle $
+ documentVersion $ documentAuthor $ documentLocation $ documentPublisher ) )
+olcObjectClasses: {3}( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTU
+ RAL MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNum
+ ber ) )
+olcObjectClasses: {4}( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP t
+ op STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber
+ $ localityName $ organizationName $ organizationalUnitName ) )
+olcObjectClasses: {5}( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRU
+ CTURAL MUST domainComponent MAY ( associatedName $ organizationName $ descr
+ iption $ businessCategory $ seeAlso $ searchGuide $ userPassword $ locality
+ Name $ stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ p
+ ostalAddress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTeleph
+ oneNumber $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIden
+ tifier $ telexNumber $ preferredDeliveryMethod $ destinationIndicator $ reg
+ isteredAddress $ x121Address ) )
+olcObjectClasses: {6}( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP
+ domain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ tel
+ ephoneNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ po
+ stOfficeBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNN
+ umber $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferr
+ edDeliveryMethod $ destinationIndicator $ registeredAddress $ x121Address )
+ )
+olcObjectClasses: {7}( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domai
+ n STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ C
+ NAMERecord ) )
+olcObjectClasses: {8}( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
+ DESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST asso
+ ciatedDomain )
+olcObjectClasses: {9}( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP
+ country STRUCTURAL MUST friendlyCountryName )
+olcObjectClasses: {10}( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
+ SUP ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName )
+olcObjectClasses: {11}( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa S
+ TRUCTURAL MAY dSAQuality )
+olcObjectClasses: {12}( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData
+ ' SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMa
+ ximumQuality ) )
+structuralObjectClass: olcSchemaConfig
+entryUUID: 353020aa-4b40-1035-97f0-87e18fb4723c
+creatorsName: cn=admin,cn=config
+createTimestamp: 20160109171438Z
+entryCSN: 20160109171438.300120Z#000000#000#000000
+modifiersName: cn=admin,cn=config
+modifyTimestamp: 20160109171438Z
diff --git a/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={2}nis.ldif b/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={2}nis.ldif
new file mode 100644
index 0000000..4d34aec
--- /dev/null
+++ b/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={2}nis.ldif
@@ -0,0 +1,108 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 9e14530e
+dn: cn={2}nis
+objectClass: olcSchemaConfig
+cn: {2}nis
+olcAttributeTypes: {0}( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field;
+ the common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings
+ Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {1}( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absol
+ ute path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4
+ .1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {2}( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to
+ the login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121
+ .1.26 SINGLE-VALUE )
+olcAttributeTypes: {3}( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY int
+ egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {4}( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMat
+ ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {5}( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMat
+ ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {6}( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY intege
+ rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {7}( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integ
+ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {8}( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY intege
+ rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {9}( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerM
+ atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {10}( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExac
+ tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
+ 1.1.26 )
+olcAttributeTypes: {11}( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY
+ caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.146
+ 6.115.121.1.26 )
+olcAttributeTypes: {12}( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Net
+ group triple' SYNTAX 1.3.6.1.1.1.0.0 )
+olcAttributeTypes: {13}( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY inte
+ gerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {14}( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name
+ )
+olcAttributeTypes: {15}( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY i
+ ntegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {16}( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integ
+ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {17}( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP addre
+ ss' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+olcAttributeTypes: {18}( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP ne
+ twork' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128
+ } SINGLE-VALUE )
+olcAttributeTypes: {19}( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP ne
+ tmask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128
+ } SINGLE-VALUE )
+olcAttributeTypes: {20}( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC addres
+ s' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+olcAttributeTypes: {21}( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.boo
+ tparamd parameter' SYNTAX 1.3.6.1.1.1.0.1 )
+olcAttributeTypes: {22}( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image n
+ ame' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {23}( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name )
+olcAttributeTypes: {24}( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseEx
+ actIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.
+ 121.1.26{1024} SINGLE-VALUE )
+olcObjectClasses: {0}( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction
+ of an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ u
+ idNumber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ ge
+ cos $ description ) )
+olcObjectClasses: {1}( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional
+ attributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPass
+ word $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowIna
+ ctive $ shadowExpire $ shadowFlag $ description ) )
+olcObjectClasses: {2}( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction o
+ f a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( use
+ rPassword $ memberUid $ description ) )
+olcObjectClasses: {3}( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an
+ Internet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $
+ ipServiceProtocol ) MAY description )
+olcObjectClasses: {4}( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction o
+ f an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ descrip
+ tion ) MAY description )
+olcObjectClasses: {5}( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an
+ ONC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description
+ ) MAY description )
+olcObjectClasses: {6}( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a
+ host, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $
+ description $ manager ) )
+olcObjectClasses: {7}( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of
+ an IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNe
+ tmaskNumber $ l $ description $ manager ) )
+olcObjectClasses: {8}( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction
+ of a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberN
+ isNetgroup $ description ) )
+olcObjectClasses: {9}( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstrac
+ tion of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description )
+olcObjectClasses: {10}( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in
+ a NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY de
+ scription )
+olcObjectClasses: {11}( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device
+ with a MAC address' SUP top AUXILIARY MAY macAddress )
+olcObjectClasses: {12}( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A devic
+ e with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter )
+ )
+structuralObjectClass: olcSchemaConfig
+entryUUID: 35304de6-4b40-1035-97f1-87e18fb4723c
+creatorsName: cn=admin,cn=config
+createTimestamp: 20160109171438Z
+entryCSN: 20160109171438.301292Z#000000#000#000000
+modifiersName: cn=admin,cn=config
+modifyTimestamp: 20160109171438Z
diff --git a/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={3}inetorgperson.ldif b/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={3}inetorgperson.ldif
new file mode 100644
index 0000000..f8dd9cc
--- /dev/null
+++ b/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={3}inetorgperson.ldif
@@ -0,0 +1,49 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 c8d0515c
+dn: cn={3}inetorgperson
+objectClass: olcSchemaConfig
+cn: {3}inetorgperson
+olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC2
+ 798: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR
+ caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC
+ 'RFC2798: identifies a department within an organization' EQUALITY caseIgn
+ oreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
+ .15 )
+olcAttributeTypes: {2}( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'R
+ FC2798: preferred name to be used when displaying entries' EQUALITY caseIgn
+ oreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
+ .15 SINGLE-VALUE )
+olcAttributeTypes: {3}( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC '
+ RFC2798: numerically identifies an employee within an organization' EQUALIT
+ Y caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.
+ 115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: {4}( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RF
+ C2798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR cas
+ eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RF
+ C2798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
+olcAttributeTypes: {6}( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DE
+ SC 'RFC2798: preferred written or spoken language for a person' EQUALITY ca
+ seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.
+ 121.1.15 SINGLE-VALUE )
+olcAttributeTypes: {7}( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate'
+ DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.
+ 1.1466.115.121.1.5 )
+olcAttributeTypes: {8}( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RF
+ C2798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.14
+ 66.115.121.1.5 )
+olcObjectClasses: {0}( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RF
+ C2798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL
+ MAY ( audio $ businessCategory $ carLicense $ departmentNumber $ displayNam
+ e $ employeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddre
+ ss $ initials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ page
+ r $ photo $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIden
+ tifier $ preferredLanguage $ userSMIMECertificate $ userPKCS12 ) )
+structuralObjectClass: olcSchemaConfig
+entryUUID: 35308e14-4b40-1035-97f2-87e18fb4723c
+creatorsName: cn=admin,cn=config
+createTimestamp: 20160109171438Z
+entryCSN: 20160109171438.302936Z#000000#000#000000
+modifiersName: cn=admin,cn=config
+modifyTimestamp: 20160109171438Z
diff --git a/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={4}core-fd.ldif b/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={4}core-fd.ldif
new file mode 100644
index 0000000..f5b2e32
--- /dev/null
+++ b/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={4}core-fd.ldif
@@ -0,0 +1,90 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 d16a33cf
+dn: cn={4}core-fd
+objectClass: olcSchemaConfig
+cn: {4}core-fd
+olcAttributeTypes: {0}( 1.3.6.1.4.1.10098.1.1.12.1 NAME 'gosaSubtreeACL' DES
+ C 'GOsa - ACL entry' OBSOLETE EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub
+ stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+olcAttributeTypes: {1}( 1.3.6.1.4.1.10098.1.1.12.2 NAME 'gosaUser' DESC 'GOs
+ a - DN of a user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+olcAttributeTypes: {2}( 1.3.6.1.4.1.10098.1.1.12.3 NAME 'gosaObject' DESC 'G
+ Osa - DN of an object' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings
+ Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+olcAttributeTypes: {3}( 1.3.6.1.4.1.10098.1.1.12.14 NAME 'gosaDefaultLanguag
+ e' DESC 'GOsa - Defines the default language for a user' OBSOLETE EQUALITY
+ caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1
+ 466.115.121.1.26 SINGLE-VALUE)
+olcAttributeTypes: {4}( 1.3.6.1.4.1.10098.1.1.12.30 NAME 'gosaGroupObjects'
+ DESC 'GOsa - List of all object types that are in a gosaGroupOfNames' EQUAL
+ ITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4
+ .1.1466.115.121.1.26 SINGLE-VALUE)
+olcAttributeTypes: {5}( 1.3.6.1.4.1.10098.1.1.12.34 NAME 'gosaAclTemplate' D
+ ESC 'GOsa - ACL entries for ACL roles' EQUALITY caseIgnoreIA5Match SUBSTR c
+ aseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+olcAttributeTypes: {6}( 1.3.6.1.4.1.10098.1.1.12.35 NAME 'gosaAclEntry' DESC
+ 'GOsa - ACL entries' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst
+ ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+olcAttributeTypes: {7}( 1.3.6.1.4.1.10098.1.1.12.37 NAME 'gosaSnapshotTimest
+ amp' DESC 'GOsa - Unix timestamp of snapshot' EQUALITY caseIgnoreMatch SUBS
+ TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA
+ LUE)
+olcAttributeTypes: {8}( 1.3.6.1.4.1.10098.1.1.12.38 NAME 'gosaSnapshotDN' DE
+ SC 'GOsa - Original DN of saved object in snapshot' EQUALITY caseIgnoreMatc
+ h SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN
+ GLE-VALUE)
+olcAttributeTypes: {9}( 1.3.6.1.4.1.10098.1.1.12.39 NAME 'gosaSnapshotData'
+ DESC 'GOsa - Original data of saved object in snapshot' SYNTAX 1.3.6.1.4.1.
+ 1466.115.121.1.5 SINGLE-VALUE)
+olcAttributeTypes: {10}( 1.3.6.1.4.1.10098.1.1.12.46 NAME 'gosaLoginRestrict
+ ion' DESC 'GOsa - Multivalue attribute to carry a number of allowed ips/sub
+ nets' OBSOLETE SUP name)
+olcAttributeTypes: {11}( 1.3.6.1.4.1.10098.1.1.6.2 NAME 'academicTitle' DESC
+ 'Field to represent the academic title' OBSOLETE EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+olcAttributeTypes: {12}( 1.3.6.1.4.1.15305.2.1 NAME ( 'gender' 'sex' ) DESC
+ 'Gender: M for male, F for female' EQUALITY caseIgnoreIA5Match SYNTAX 1
+ .3.6.1.4.1.1466.115.121.1.26{1} SINGLE-VALUE )
+olcAttributeTypes: {13}( 1.3.6.1.4.1.15305.2.2 NAME ( 'dateOfBirth' 'dob' )
+ DESC 'Date of birth in ISO 8601 format' EQUALITY caseIgnoreMatch SYNTAX
+ 1.3.6.1.4.1.1466.115.121.1.15{10} SINGLE-VALUE )
+olcObjectClasses: {0}( 1.3.6.1.4.1.10098.1.2.1.19.1 NAME 'gosaObject' SUP to
+ p AUXILIARY DESC 'GOsa - Class for GOsa settings' OBSOLETE MUST ( ) MAY ( g
+ osaSubtreeACL ))
+olcObjectClasses: {1}( 1.3.6.1.4.1.10098.1.2.1.19.2 NAME 'gosaLockEntry' SUP
+ top STRUCTURAL DESC 'GOsa - Class for GOsa locking' MUST ( gosaUser $ gosa
+ Object $ cn ))
+olcObjectClasses: {2}( 1.3.6.1.4.1.10098.1.2.1.19.3 NAME 'gosaCacheEntry' SU
+ P top STRUCTURAL DESC 'GOsa - Class for GOsa caching' OBSOLETE MAY ( ) MUS
+ T ( cn $ gosaUser ))
+olcObjectClasses: {3}( 1.3.6.1.4.1.10098.1.2.1.19.4 NAME 'gosaDepartment' SU
+ P top AUXILIARY DESC 'GOsa - Class to mark Departments for GOsa' MUST ( ou
+ $ description ) MAY ( manager ))
+olcObjectClasses: {4}( 1.3.6.1.4.1.10098.1.2.1.19.6 NAME 'gosaAccount' SUP t
+ op AUXILIARY DESC 'GOsa - Class for GOsa Accounts' OBSOLETE MUST ( ) MAY (
+ gosaLoginRestriction $ gosaDefaultLanguage $ academicTitle $ personalTitle
+ $ dateOfBirth $ gender ) )
+olcObjectClasses: {5}( 1.3.6.1.4.1.10098.1.2.1.19.11 NAME 'gosaUserTemplate'
+ SUP top AUXILIARY DESC 'GOsa - Class for GOsa User Templates' OBSOLETE MUS
+ T ( cn ))
+olcObjectClasses: {6}( 1.3.6.1.4.1.10098.1.2.1.19.12 NAME 'gosaGroupOfNames'
+ DESC 'GOsa - Adds the gosaGroupObjects field to groupOfNames' SUP top AUXI
+ LIARY MUST ( cn $ gosaGroupObjects ) MAY ( member $ description ) )
+olcObjectClasses: {7}( 1.3.6.1.4.1.10098.1.2.1.19.17 NAME 'gosaRole' DESC 'G
+ Osa - ACL container to define ACL roles' SUP top STRUCTURAL MUST ( gosaAclT
+ emplate $ cn ) MAY ( description ) )
+olcObjectClasses: {8}( 1.3.6.1.4.1.10098.1.2.1.19.18 NAME 'gosaAcl' DESC 'GO
+ sa - ACL container to define single ACLs' SUP top AUXILIARY MUST ( gosaAclE
+ ntry ))
+olcObjectClasses: {9}( 1.3.6.1.4.1.10098.1.2.1.19.19 NAME 'gosaSnapshotObjec
+ t' DESC 'GOsa - Container object for undo and snapshot data' SUP top STRUCT
+ URAL MUST ( gosaSnapshotTimestamp $ gosaSnapshotDN $ gosaSnapshotData ) MAY
+ ( description ) )
+structuralObjectClass: olcSchemaConfig
+entryUUID: 513eab9e-4b46-1035-8a61-a5f01aea6174
+creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+createTimestamp: 20160109175822Z
+entryCSN: 20160109175822.351990Z#000000#000#000000
+modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+modifyTimestamp: 20160109175822Z
diff --git a/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={5}core-fd-conf.ldif b/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={5}core-fd-conf.ldif
new file mode 100644
index 0000000..eabddf0
--- /dev/null
+++ b/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={5}core-fd-conf.ldif
@@ -0,0 +1,284 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 5643a101
+dn: cn={5}core-fd-conf
+objectClass: olcSchemaConfig
+cn: {5}core-fd-conf
+olcAttributeTypes: {0}( 1.3.6.1.4.1.38414.8.10.1 NAME 'fdRfc2307bis' DESC 'F
+ usionDirectory - rfc2307bis' OBSOLETE EQUALITY booleanMatch SYNTAX 1.3.6.1.
+ 4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {1}( 1.3.6.1.4.1.38414.8.10.2 NAME 'fdSchemaCheck' DESC '
+ FusionDirectory - Schema check' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.14
+ 66.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {2}( 1.3.6.1.4.1.38414.8.11.1 NAME 'fdLanguage' DESC 'Fus
+ ionDirectory - language' EQUALITY caseExactIA5Match SUBSTR caseExactIA5Subs
+ tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+olcAttributeTypes: {3}( 1.3.6.1.4.1.38414.8.11.2 NAME 'fdTheme' DESC 'Fusion
+ Directory - theme' EQUALITY caseExactIA5Match SUBSTR caseExactIA5Substrings
+ Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+olcAttributeTypes: {4}( 1.3.6.1.4.1.38414.8.11.3 NAME 'fdTimezone' DESC 'Fus
+ ionDirectory - timezone' EQUALITY caseExactIA5Match SUBSTR caseExactIA5Subs
+ tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+olcAttributeTypes: {5}( 1.3.6.1.4.1.38414.8.12.1 NAME 'fdAccountPrimaryAttri
+ bute' DESC 'FusionDirectory - attribute that should be used in user dn' EQU
+ ALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4
+ .1.1466.115.121.1.26 SINGLE-VALUE)
+olcAttributeTypes: {6}( 1.3.6.1.4.1.38414.8.12.2 NAME 'fdAccountRDN' DESC 'F
+ usionDirectory - use a placeholder pattern for generating account RDNs' OBS
+ OLETE EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX
+ 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+olcAttributeTypes: {7}( 1.3.6.1.4.1.38414.8.12.3 NAME 'fdNextIdHook' DESC 'F
+ usionDirectory - A script to be called for finding the next free id for use
+ rs or groups' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+olcAttributeTypes: {8}( 1.3.6.1.4.1.38414.8.12.4 NAME 'fdIdGenerator' DESC '
+ FusionDirectory - An automatic way to generate new user ids' OBSOLETE EQUAL
+ ITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1
+ .1466.115.121.1.26 SINGLE-VALUE)
+olcAttributeTypes: {9}( 1.3.6.1.4.1.38414.8.12.5 NAME 'fdPersonalTitleInDN'
+ OBSOLETE DESC 'FusionDirectory - Personal title in dn' EQUALITY booleanMatc
+ h SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {10}( 1.3.6.1.4.1.38414.8.12.6 NAME 'fdStrictNamingRules'
+ DESC 'FusionDirectory - Strict naming rules' EQUALITY booleanMatch SYNTAX
+ 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {11}( 1.3.6.1.4.1.38414.8.12.7 NAME 'fdMinId' DESC 'Fusio
+ nDirectory - minimum user id' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466
+ .115.121.1.27 SINGLE-VALUE)
+olcAttributeTypes: {12}( 1.3.6.1.4.1.38414.8.12.8 NAME 'fdUidNumberBase' DES
+ C 'FusionDirectory - uid number base' EQUALITY integerMatch SYNTAX 1.3.6.1.
+ 4.1.1466.115.121.1.27 SINGLE-VALUE)
+olcAttributeTypes: {13}( 1.3.6.1.4.1.38414.8.12.9 NAME 'fdGidNumberBase' DES
+ C 'FusionDirectory - gid number base' EQUALITY integerMatch SYNTAX 1.3.6.1.
+ 4.1.1466.115.121.1.27 SINGLE-VALUE)
+olcAttributeTypes: {14}( 1.3.6.1.4.1.38414.8.12.10 NAME 'fdUserRDN' DESC 'Fu
+ sionDirectory - User RDN' EQUALITY caseExactIA5Match SUBSTR caseExactIA5Sub
+ stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+olcAttributeTypes: {15}( 1.3.6.1.4.1.38414.8.12.11 NAME 'fdGroupRDN' DESC 'F
+ usionDirectory - Group RDN' EQUALITY caseExactIA5Match SUBSTR caseExactIA5S
+ ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+olcAttributeTypes: {16}( 1.3.6.1.4.1.38414.8.12.12 NAME 'fdIdAllocationMetho
+ d' DESC 'FusionDirectory - id allocation method traditional/pool' EQUALITY
+ caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.146
+ 6.115.121.1.26 SINGLE-VALUE)
+olcAttributeTypes: {17}( 1.3.6.1.4.1.38414.8.12.13 NAME 'fdGidNumberPoolMin'
+ DESC 'FusionDirectory - pool gid number min' EQUALITY integerMatch SYNTAX
+ 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
+olcAttributeTypes: {18}( 1.3.6.1.4.1.38414.8.12.14 NAME 'fdUidNumberPoolMin'
+ DESC 'FusionDirectory - pool uid number min' EQUALITY integerMatch SYNTAX
+ 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
+olcAttributeTypes: {19}( 1.3.6.1.4.1.38414.8.12.15 NAME 'fdGidNumberPoolMax'
+ DESC 'FusionDirectory - pool gid number max' EQUALITY integerMatch SYNTAX
+ 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
+olcAttributeTypes: {20}( 1.3.6.1.4.1.38414.8.12.16 NAME 'fdUidNumberPoolMax'
+ DESC 'FusionDirectory - pool uid number max' EQUALITY integerMatch SYNTAX
+ 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
+olcAttributeTypes: {21}( 1.3.6.1.4.1.38414.8.12.17 NAME 'fdAclRoleRDN' DESC
+ 'FusionDirectory - ACL role RDN' EQUALITY caseExactIA5Match SUBSTR caseExac
+ tIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+olcAttributeTypes: {22}( 1.3.6.1.4.1.38414.8.12.18 NAME 'fdCnPattern' DESC '
+ FusionDirectory - Common Name pattern' EQUALITY caseExactIA5Match SUBSTR ca
+ seExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE
+ )
+olcAttributeTypes: {23}( 1.3.6.1.4.1.38414.8.13.1 NAME 'fdPasswordDefaultHas
+ h' DESC 'FusionDirectory - Password default hash' EQUALITY caseExactIA5Matc
+ h SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 S
+ INGLE-VALUE)
+olcAttributeTypes: {24}( 1.3.6.1.4.1.38414.8.13.2 NAME 'fdPasswordMinLength'
+ DESC 'FusionDirectory - Password min length' EQUALITY integerMatch SYNTAX
+ 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
+olcAttributeTypes: {25}( 1.3.6.1.4.1.38414.8.13.3 NAME 'fdPasswordMinDiffer'
+ DESC 'FusionDirectory - password min differ' EQUALITY integerMatch SYNTAX
+ 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
+olcAttributeTypes: {26}( 1.3.6.1.4.1.38414.8.13.4 NAME 'fdPasswordHook' DESC
+ 'FusionDirectory - Password hook (external command)' OBSOLETE EQUALITY cas
+ eExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.1
+ 15.121.1.26 SINGLE-VALUE)
+olcAttributeTypes: {27}( 1.3.6.1.4.1.38414.8.13.5 NAME 'fdHandleExpiredAccou
+ nts' DESC 'FusionDirectory - Handle expired accounts' EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {28}( 1.3.6.1.4.1.38414.8.13.6 NAME 'fdSaslRealm' DESC 'F
+ usionDirectory - SASL Realm' EQUALITY caseExactIA5Match SUBSTR caseExactIA5
+ SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+olcAttributeTypes: {29}( 1.3.6.1.4.1.38414.8.13.7 NAME 'fdSaslExop' DESC 'Fu
+ sionDirectory - SASL Exop' EQUALITY caseExactIA5Match SUBSTR caseExactIA5Su
+ bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+olcAttributeTypes: {30}( 1.3.6.1.4.1.38414.8.13.8 NAME 'fdForcePasswordDefau
+ ltHash' DESC 'FusionDirectory - Force password default hash' EQUALITY boole
+ anMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {31}( 1.3.6.1.4.1.38414.8.14.1 NAME 'fdPrimaryGroupFilter
+ ' DESC 'FusionDirectory - Primary group filter' EQUALITY booleanMatch SYNTA
+ X 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {32}( 1.3.6.1.4.1.38414.8.14.2 NAME 'fdListSummary' DESC
+ 'FusionDirectory - Show list summary' EQUALITY booleanMatch SYNTAX 1.3.6.1.
+ 4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {33}( 1.3.6.1.4.1.38414.8.14.4 NAME 'fdModificationDetect
+ ionAttribute' DESC 'FusionDirectory - Modification detection attribute' EQU
+ ALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4
+ .1.1466.115.121.1.26 SINGLE-VALUE)
+olcAttributeTypes: {34}( 1.3.6.1.4.1.38414.8.14.5 NAME 'fdCopyPaste' DESC 'F
+ usionDirectory - (de)Activate copy/paste' OBSOLETE EQUALITY booleanMatch SY
+ NTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {35}( 1.3.6.1.4.1.38414.8.14.6 NAME 'fdLogging' DESC 'Fus
+ ionDirectory - Logging' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.1
+ 21.1.7 SINGLE-VALUE )
+olcAttributeTypes: {36}( 1.3.6.1.4.1.38414.8.14.7 NAME 'fdLdapSizeLimit' DES
+ C 'FusionDirectory - LDAP size limit' EQUALITY integerMatch SYNTAX 1.3.6.1.
+ 4.1.1466.115.121.1.27 SINGLE-VALUE)
+olcAttributeTypes: {37}( 1.3.6.1.4.1.38414.8.15.1 NAME 'fdLoginAttribute' DE
+ SC 'FusionDirectory attribute that will be used for login' EQUALITY caseExa
+ ctIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1
+ 21.1.26 SINGLE-VALUE)
+olcAttributeTypes: {38}( 1.3.6.1.4.1.38414.8.15.2 NAME 'fdForceSSL' DESC 'Fu
+ sionDirectory - Force SSL' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.11
+ 5.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {39}( 1.3.6.1.4.1.38414.8.15.3 NAME 'fdWarnSSL' DESC 'Fus
+ ionDirectory - Warn user when SSL is not used' EQUALITY booleanMatch SYNTAX
+ 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {40}( 1.3.6.1.4.1.38414.8.15.4 NAME 'fdStoreFilterSetting
+ s' DESC 'FusionDirectory - Store filter settings' EQUALITY booleanMatch SYN
+ TAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {41}( 1.3.6.1.4.1.38414.8.15.5 NAME 'fdSessionLifeTime' D
+ ESC 'FusionDirectory - Session life time in seconds' EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
+olcAttributeTypes: {42}( 1.3.6.1.4.1.38414.8.16.1 NAME 'fdDisplayErrors' DES
+ C 'FusionDirectory - Weither or not to display errors' EQUALITY booleanMatc
+ h SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {43}( 1.3.6.1.4.1.38414.8.16.2 NAME 'fdLdapMaxQueryTime'
+ DESC 'FusionDirectory - Maximum LDAP query time' EQUALITY integerMatch SYNT
+ AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
+olcAttributeTypes: {44}( 1.3.6.1.4.1.38414.8.16.3 NAME 'fdLdapStats' DESC 'F
+ usionDirectory - Weither or not to activate ldap stats' EQUALITY booleanMat
+ ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {45}( 1.3.6.1.4.1.38414.8.16.4 NAME 'fdDebugLevel' DESC '
+ FusionDirectory - Debug level' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146
+ 6.115.121.1.27 SINGLE-VALUE)
+olcAttributeTypes: {46}( 1.3.6.1.4.1.38414.8.17.1 NAME 'fdEnableSnapshots' D
+ ESC 'FusionDirectory - Weither or not to enable snapshots' EQUALITY boolean
+ Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {47}( 1.3.6.1.4.1.38414.8.17.2 NAME 'fdSnapshotBase' DESC
+ 'FusionDirectory - Snaphost base' EQUALITY caseExactIA5Match SUBSTR caseEx
+ actIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+olcAttributeTypes: {48}( 1.3.6.1.4.1.38414.8.17.3 NAME 'fdSnapshotURI' DESC
+ 'FusionDirectory - Snaphost URI' OBSOLETE EQUALITY caseExactIA5Match SUBSTR
+ caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VA
+ LUE)
+olcAttributeTypes: {49}( 1.3.6.1.4.1.38414.8.17.4 NAME 'fdSnapshotAdminDn' D
+ ESC 'FusionDirectory - Snaphost admin dn' OBSOLETE EQUALITY caseExactIA5Mat
+ ch SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE)
+olcAttributeTypes: {50}( 1.3.6.1.4.1.38414.8.17.5 NAME 'fdSnapshotAdminPassw
+ ord' DESC 'FusionDirectory - Snaphost admin password' OBSOLETE EQUALITY cas
+ eExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.1
+ 15.121.1.26 SINGLE-VALUE)
+olcAttributeTypes: {51}( 1.3.6.1.4.1.38414.8.18.2 NAME 'fdTabHook' DESC 'Fus
+ ionDirectory - tab hook' EQUALITY caseExactIA5Match SUBSTR caseExactIA5Subs
+ tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {52}( 1.3.6.1.4.1.38414.8.18.3 NAME 'fdShells' DESC 'Fusi
+ onDirectory - available shell' EQUALITY caseExactIA5Match SUBSTR caseExactI
+ A5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {53}( 1.3.6.1.4.1.38414.8.18.4 NAME 'fusionConfigMd5' DES
+ C 'FusionDirectory - md5sum of class.cache' EQUALITY caseExactIA5Match SUBS
+ TR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {54}( 1.3.6.1.4.1.38414.8.18.5 NAME 'fdDisplayHookOutput'
+ DESC 'FusionDirectory - display hook execution output to the user' EQUALIT
+ Y booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {55}( 1.3.6.1.4.1.38414.8.18.6 NAME 'fdAclTabOnObjects' D
+ ESC 'FusionDirectory - Should acl tabs be shown on all objects' EQUALITY bo
+ oleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {56}( 1.3.6.1.4.1.38414.8.19.1 NAME 'fdOGroupRDN' DESC 'F
+ usionDirectory - OGroup RDN' EQUALITY caseExactIA5Match SUBSTR caseExactIA5
+ SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+olcAttributeTypes: {57}( 1.3.6.1.4.1.38414.8.19.2 NAME 'fdForceSaslPasswordA
+ sk' DESC 'FusionDirectory - Force password ask for SASL users' EQUALITY boo
+ leanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {58}( 1.3.6.1.4.1.38414.8.20.1 NAME 'fdSslCaCertPath' DES
+ C 'FusionDirectory - CA certificate path' EQUALITY caseExactIA5Match SUBSTR
+ caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VA
+ LUE)
+olcAttributeTypes: {59}( 1.3.6.1.4.1.38414.8.20.2 NAME 'fdSslKeyPath' DESC '
+ FusionDirectory - SSL key path' EQUALITY caseExactIA5Match SUBSTR caseExact
+ IA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+olcAttributeTypes: {60}( 1.3.6.1.4.1.38414.8.20.3 NAME 'fdSslCertPath' DESC
+ 'FusionDirectory - SSL certificate path' EQUALITY caseExactIA5Match SUBSTR
+ caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VAL
+ UE)
+olcAttributeTypes: {61}( 1.3.6.1.4.1.38414.27.1.1 NAME 'fdDashboardPrefix' D
+ ESC 'FusionDirectory - Dashboard computer name prefix' EQUALITY caseExactIA
+ 5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
+ .26)
+olcAttributeTypes: {62}( 1.3.6.1.4.1.38414.27.1.2 NAME 'fdDashboardNumberOfD
+ igit' DESC 'FusionDirectory - Dashboard number of digits after prefixes in
+ computer names' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+olcAttributeTypes: {63}( 1.3.6.1.4.1.38414.27.1.3 NAME 'fdDashboardExpiredAc
+ countsDays' DESC 'FusionDirectory - Dashboard number of days before expirat
+ ion to be shown in board user tab' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1
+ .1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {64}( 1.3.6.1.4.1.38414.8.110.1 NAME 'fdPasswordRecoveryA
+ ctivated' DESC 'Fusion Directory - Password recovery enabled/disabled' EQUA
+ LITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {65}( 1.3.6.1.4.1.38414.8.110.2 NAME 'fdPasswordRecoveryE
+ mail' DESC 'Fusion Directory - Password recovery sender email' EQUALITY cas
+ eExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {66}( 1.3.6.1.4.1.38414.8.110.3 NAME 'fdPasswordRecoveryM
+ ailSubject' DESC 'Fusion Directory - Password recovery first email subject'
+ EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
+ )
+olcAttributeTypes: {67}( 1.3.6.1.4.1.38414.8.110.4 NAME 'fdPasswordRecoveryM
+ ailBody' DESC 'Fusion Directory - Password recovery first email body' EQUAL
+ ITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: {68}( 1.3.6.1.4.1.38414.8.110.5 NAME 'fdPasswordRecoveryM
+ ail2Subject' DESC 'Fusion Directory - Password recovery second email subjec
+ t' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALU
+ E )
+olcAttributeTypes: {69}( 1.3.6.1.4.1.38414.8.110.6 NAME 'fdPasswordRecoveryM
+ ail2Body' DESC 'Fusion Directory - Password recovery second email body' EQU
+ ALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: {70}( 1.3.6.1.4.1.38414.8.110.7 NAME 'fdPasswordRecoveryV
+ alidity' DESC 'Fusion Directory - Password recovery link validity in minute
+ s' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1
+ 466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {71}( 1.3.6.1.4.1.38414.8.110.8 NAME 'fdPasswordRecoveryS
+ alt' DESC 'Fusion Directory - Password recovery token salt' EQUALITY caseEx
+ actIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {72}( 1.3.6.1.4.1.38414.8.110.9 NAME 'fdPasswordRecoveryU
+ seAlternate' DESC 'Fusion Directory - Allow/disallow the use of alternate a
+ ddresses for password recovery' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.14
+ 66.115.121.1.7 SINGLE-VALUE )
+olcObjectClasses: {0}( 1.3.6.1.4.1.38414.8.2.1 NAME 'fusionDirectoryConf' DE
+ SC 'FusionDirectory configuration' SUP top STRUCTURAL MUST ( cn ) MAY ( fus
+ ionConfigMd5 $ fdSchemaCheck $ fdLanguage $ fdTheme $ fdTimezone $ fdAccoun
+ tPrimaryAttribute $ fdNextIdHook $ fdIdGenerator $ fdStrictNamingRules $ fd
+ MinId $ fdUidNumberBase $ fdGidNumberBase $ fdUserRDN $ fdGroupRDN $ fdIdAl
+ locationMethod $ fdGidNumberPoolMin $ fdUidNumberPoolMin $ fdGidNumberPoolM
+ ax $ fdUidNumberPoolMax $ fdAclRoleRDN $ fdCnPattern $ fdPasswordDefaultHas
+ h $ fdPasswordMinLength $ fdPasswordMinDiffer $ fdPasswordHook $ fdHandleEx
+ piredAccounts $ fdSaslRealm $ fdSaslExop $ fdForcePasswordDefaultHash $ fdP
+ rimaryGroupFilter $ fdListSummary $ fdModificationDetectionAttribute $ fdLo
+ gging $ fdLdapSizeLimit $ fdLoginAttribute $ fdForceSSL $ fdWarnSSL $ fdSto
+ reFilterSettings $ fdSessionLifeTime $ fdDisplayErrors $ fdLdapMaxQueryTime
+ $ fdLdapStats $ fdDebugLevel $ fdEnableSnapshots $ fdSnapshotBase $ fdTabH
+ ook $ fdShells $ fdDisplayHookOutput $ fdAclTabOnObjects $ fdRfc2307bis $ f
+ dCopyPaste $ fdSnapshotURI $ fdSnapshotAdminDn $ fdSnapshotAdminPassword $
+ fdPersonalTitleInDN $ fdAccountRDN $ fdSslCaCertPath $ fdSslKeyPath $ fdSsl
+ CertPath ) )
+olcObjectClasses: {1}( 1.3.6.1.4.1.38414.8.2.2 NAME 'fusionDirectoryPluginsC
+ onf' DESC 'FusionDirectory plugins configuration' SUP top AUXILIARY MUST (
+ cn ) MAY ( fdOGroupRDN $ fdForceSaslPasswordAsk ) )
+olcObjectClasses: {2}( 1.3.6.1.4.1.38414.8.2.3 NAME 'fdPasswordRecoveryConf'
+ DESC 'FusionDirectory password recovery configuration' SUP top AUXILIARY M
+ UST ( cn ) MAY ( fdPasswordRecoveryActivated $ fdPasswordRecoveryEmail
+ $ fdPasswordRecoveryMailSubject $ fdPasswordRecoveryMailBody $ fdPas
+ swordRecoveryMail2Subject $ fdPasswordRecoveryMail2Body $ fdPasswordRecove
+ ryValidity $ fdPasswordRecoverySalt $ fdPasswordRecoveryUseAltern
+ ate ) )
+olcObjectClasses: {3}( 1.3.6.1.4.1.38414.27.2.1 NAME 'fdDashboardPluginConf'
+ DESC 'FusionDirectory dashboard plugin configuration' SUP top AUXILIARY MU
+ ST ( cn ) MAY ( fdDashboardPrefix $ fdDashboardNumberOfDigit $ fdDashboardE
+ xpiredAccountsDays) )
+structuralObjectClass: olcSchemaConfig
+entryUUID: 51421fd6-4b46-1035-8a62-a5f01aea6174
+creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+createTimestamp: 20160109175822Z
+entryCSN: 20160109175822.374659Z#000000#000#000000
+modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+modifyTimestamp: 20160109175822Z
diff --git a/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={6}ldapns.ldif b/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={6}ldapns.ldif
new file mode 100644
index 0000000..4d27641
--- /dev/null
+++ b/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={6}ldapns.ldif
@@ -0,0 +1,20 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 1eeccea7
+dn: cn={6}ldapns
+objectClass: olcSchemaConfig
+cn: {6}ldapns
+olcAttributeTypes: {0}( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' DES
+ C 'IANA GSS-API authorized service name' EQUALITY caseIgnoreMatch SYNTAX 1.
+ 3.6.1.4.1.1466.115.121.1.15{256} )
+olcObjectClasses: {0}( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject
+ ' DESC 'Auxiliary object class for adding authorizedService attribute' SUP
+ top AUXILIARY MAY authorizedService )
+olcObjectClasses: {1}( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject' DESC 'Auxil
+ iary object class for adding host attribute' SUP top AUXILIARY MAY host )
+structuralObjectClass: olcSchemaConfig
+entryUUID: 51461df2-4b46-1035-8a63-a5f01aea6174
+creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+createTimestamp: 20160109175822Z
+entryCSN: 20160109175822.400798Z#000000#000#000000
+modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+modifyTimestamp: 20160109175822Z
diff --git a/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={7}template-fd.ldif b/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={7}template-fd.ldif
new file mode 100644
index 0000000..0187d53
--- /dev/null
+++ b/ldap/data/ldap_conf/slapd.d/cn=config/cn=schema/cn={7}template-fd.ldif
@@ -0,0 +1,17 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 22a14bb7
+dn: cn={7}template-fd
+objectClass: olcSchemaConfig
+cn: {7}template-fd
+olcAttributeTypes: {0}( 1.3.6.1.4.1.38414.38.1.1 NAME 'fdTemplateField' DESC
+ 'FusionDirectory - template field' EQUALITY caseExactMatch SYNTAX 1.3.6.1.
+ 4.1.1466.115.121.1.15)
+olcObjectClasses: {0}(1.3.6.1.4.1.38414.38.2.1 NAME 'fdTemplate' DESC 'Fusio
+ nDirectory - template object' MUST ( cn ) MAY ( fdTemplateField ) )
+structuralObjectClass: olcSchemaConfig
+entryUUID: 51499c84-4b46-1035-8a64-a5f01aea6174
+creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+createTimestamp: 20160109175822Z
+entryCSN: 20160109175822.423697Z#000000#000#000000
+modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+modifyTimestamp: 20160109175822Z
diff --git a/ldap/data/ldap_conf/slapd.d/cn=config/olcBackend={0}mdb.ldif b/ldap/data/ldap_conf/slapd.d/cn=config/olcBackend={0}mdb.ldif
new file mode 100644
index 0000000..aeb9bc2
--- /dev/null
+++ b/ldap/data/ldap_conf/slapd.d/cn=config/olcBackend={0}mdb.ldif
@@ -0,0 +1,12 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 b76c0b19
+dn: olcBackend={0}mdb
+objectClass: olcBackendConfig
+olcBackend: {0}mdb
+structuralObjectClass: olcBackendConfig
+entryUUID: 3530bc2c-4b40-1035-97f4-87e18fb4723c
+creatorsName: cn=admin,cn=config
+createTimestamp: 20160109171438Z
+entryCSN: 20160109171438.304112Z#000000#000#000000
+modifiersName: cn=admin,cn=config
+modifyTimestamp: 20160109171438Z
diff --git a/ldap/data/ldap_conf/slapd.d/cn=config/olcDatabase={-1}frontend.ldif b/ldap/data/ldap_conf/slapd.d/cn=config/olcDatabase={-1}frontend.ldif
new file mode 100644
index 0000000..168147a
--- /dev/null
+++ b/ldap/data/ldap_conf/slapd.d/cn=config/olcDatabase={-1}frontend.ldif
@@ -0,0 +1,18 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 8a1c1b89
+dn: olcDatabase={-1}frontend
+objectClass: olcDatabaseConfig
+objectClass: olcFrontendConfig
+olcDatabase: {-1}frontend
+olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern
+ al,cn=auth manage by * break
+olcAccess: {1}to dn.exact="" by * read
+olcAccess: {2}to dn.base="cn=Subschema" by * read
+olcSizeLimit: 500
+structuralObjectClass: olcDatabaseConfig
+entryUUID: 352fd8d4-4b40-1035-97ec-87e18fb4723c
+creatorsName: cn=config
+createTimestamp: 20160109171438Z
+entryCSN: 20160109171438.298281Z#000000#000#000000
+modifiersName: cn=config
+modifyTimestamp: 20160109171438Z
diff --git a/ldap/data/ldap_conf/slapd.d/cn=config/olcDatabase={0}config.ldif b/ldap/data/ldap_conf/slapd.d/cn=config/olcDatabase={0}config.ldif
new file mode 100644
index 0000000..c3e42c0
--- /dev/null
+++ b/ldap/data/ldap_conf/slapd.d/cn=config/olcDatabase={0}config.ldif
@@ -0,0 +1,15 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 84ef2f3c
+dn: olcDatabase={0}config
+objectClass: olcDatabaseConfig
+olcDatabase: {0}config
+olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern
+ al,cn=auth manage by * break
+olcRootDN: cn=admin,cn=config
+structuralObjectClass: olcDatabaseConfig
+entryUUID: 352fe7ac-4b40-1035-97ed-87e18fb4723c
+creatorsName: cn=config
+createTimestamp: 20160109171438Z
+entryCSN: 20160109171438.298680Z#000000#000#000000
+modifiersName: cn=config
+modifyTimestamp: 20160109171438Z
diff --git a/ldap/data/ldap_conf/slapd.d/cn=config/olcDatabase={1}mdb.ldif b/ldap/data/ldap_conf/slapd.d/cn=config/olcDatabase={1}mdb.ldif
new file mode 100644
index 0000000..515cf11
--- /dev/null
+++ b/ldap/data/ldap_conf/slapd.d/cn=config/olcDatabase={1}mdb.ldif
@@ -0,0 +1,28 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 403a1978
+dn: olcDatabase={1}mdb
+objectClass: olcDatabaseConfig
+objectClass: olcMdbConfig
+olcDatabase: {1}mdb
+olcDbDirectory: /var/lib/ldap
+olcSuffix: dc=warpzone,dc=ms
+olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonym
+ ous auth by * none
+olcAccess: {1}to dn.base="" by * read
+olcAccess: {2}to * by * read
+olcLastMod: TRUE
+olcRootDN: cn=admin,dc=warpzone,dc=ms
+olcRootPW:: e1NTSEF9aTZsUlYvdlhLVUFxU255ZEF6YUZUQUN4NmxRRUpmbE4=
+olcDbCheckpoint: 512 30
+olcDbIndex: objectClass eq
+olcDbIndex: cn,uid eq
+olcDbIndex: uidNumber,gidNumber eq
+olcDbIndex: member,memberUid eq
+olcDbMaxSize: 1073741824
+structuralObjectClass: olcMdbConfig
+entryUUID: 3530c8e8-4b40-1035-97f5-87e18fb4723c
+creatorsName: cn=admin,cn=config
+createTimestamp: 20160109171438Z
+entryCSN: 20160109171438.304442Z#000000#000#000000
+modifiersName: cn=admin,cn=config
+modifyTimestamp: 20160109171438Z
diff --git a/ldap/data/ldap_db/data.mdb b/ldap/data/ldap_db/data.mdb
new file mode 100644
index 0000000000000000000000000000000000000000..83a98a617030a5c75b944473439068e308105a09
GIT binary patch
literal 131072
zcmeHw3yd7cd1jFsle5o}X&%MMa&F9rOv&W3=h5@f!yrXUq$G;mkX(~oKct?Sp4|~=
zXZB`hxw|xC43xkioJ0l`ArD!W1tZYe24X8d%V84PQ5?dMW5o~><f1bipAp!CkSIFY
z5e|+|vG4z?`tP3ZndQ!sv)ZLtHK^&T>Uwln{ay9f|0*Hag=OFe&;6fotl=be-6Jp8
z3K16G9WSIZtyLHCU!AMEc)7fgy3_CEdxvx7a&afFFS-YG59l7yJ)nC)_kivJ-2=J@
zbPwnr&^@4gK=(lJdcfP4_h$e99^a#RwR<6zf%pIKcJgz%n6JE!=pN8LpnE{~fbId^
z1G)!v59l7yJ)nC)_kivJ-2=Vo0p{Bau~ytBHm&<)q|x`&!4F4%G-O0J48A%1!tfV|
z9$Wv7!Iua2ho2pIXyEw3&c03So?Vw&zkgjX+ShgH9?(6YdqDTVYU+Vsl@AjZoA{yn
z@|D}Ie4}*67GCIAoV$~B4Uu#h$9YW&i=$#A{q7*I+>N5yu_kWEPbH?O=&R1$K2fXA
zOxJ}My3VPs?6k{qZdY_{*DLRZf={d}-Xg>R<(ai=)7DI55-q!75`&ZOsQeF$%}!iw
zrG7D!Sv!$Q<cxUU%G&W{CSez|b~2k!r;8agn?m0$nujUlk5SF&RgSOcmYlac<M!&f
zX!fjiejoox+(5#A)C=Wm{<Itj72y7U$$3)l8&1dgZ>Hbp#GJUt?WvnZbHU!_k-Wxz
zR|Ehx7_(BNY~>^zs1QSy|5>+)=6Z}+>2yhs9IhLj`usUZgm@?AELDm%tKO*1<Qp?J
z8)X71Tq;AgU_}0lQyaf0;BABasT&KyE!XoR1yB#iTkDC6sCaBmRQz1*So1A$Sez5%
zPB!j^;Mc%U!?merh>K=~-ejh3*QRUL2km@A4xBIkF6TY`B~zl=Rj=@9`_aIiqB%(I
z)+^R@eX^<=^&$fuTXf!R+OAHQW&b-NuGtR_4*Xd8a;;jn<y*PokW)WjRWu`-8|aye
zGxbunQYh7^Gpe<D40JGwN5Wqoa8k(2IpA!yV(+BzR9&>EIE@RQJsCdLEEa@b?!TL5
zv9RFL5Q~l*kJt51NrrCG2KU?seZS<wVn|*QoGBG<FVw7g;Rd+3AE(=ZPL6Y*0LnMf
z?+p1noO-s2W`~-%6@E^Y8IXa-iiKTPVX9P-ExQq(-TY;oFR2YOIM+5=byzT5iHpD<
zm-)Q&e*9kCGG;5h-*n*p2uuR=9?!^JgL*$_ZOd0H#nJ?3dMCut%k8V&h7euCB$s12
z=~ER55urBhLa9-mt<Z#3t)op}oS~TKXO8o8^ZfiJ@sOOURmGS&f;9!>{0#hTs^kvQ
z?5CVlR>hjIYj_+ED&DeiXFQc3&_kING`Inl2=~{$MXky1mrkSNhB;?cRvRYRb=(3^
z!~MX}!w?`Y0-yXf@R!6-DLT9X*U$3+Lx2G8(*_?r8bx|&e0S_Pov|6<Qp#b5Zl8VH
zQ@CGvg;1pjxdC}~pN;nao5YLPyfhddc=4KR>G$x^3q#?^_lKXP->bvELM@T!<YRhk
z8NQA8;{KX7v~Gi{AV<B4_ku@zcrJv|PZVxq957R%PZ7tw29G{R-iUKWey#&oj2qTu
zl$oU~Jkn5R2YKXatq)Mk^#P&7WG>tQedJcT)R-4BJD0KTqP;7bOQv_ljD)!>Q#2C0
z61jvKk6Y<<GLaX*dj7Rv+<V|!^HbN{YHs=OjoSe25|FVvaGlOdagkebBbG8^MmCl)
zl16%*7L_A8EY_k?ofhsBO;qdF-h5dYx725Hjhb!Waw?w8o;q=~VVy|UbBQquAFk)8
zvi0$k_tnP_+?OrH@0!maoIaDA8k6zd$@^}<rEsErdi2Ej=|d;(I-NUFo;h?N8yh`&
zM>&_cqdtCY?)0g%vBas9_srT;*%>F^$j{z>drQ0X)b9Ljtzpfg-5Cm3WV>hQrs`)W
zrl{TGe0~z`&d7LfZi?ESEuWsAJ$t%5TRfecEzguEva#v89JQOPpRLcGo~L%_=N^>p
zI&sx*YwyIeBgu3onK8z<8q(q71bfi=vFy0OFl=_<nZIwWEL+I~o&i&UA7lX>1HK@y
z0vJPnc<8Sn4t*B*gcC<S@Rthz-NN+_IhloJJJg)mO&%*c9_kr&k?#O(1JBd??3fu4
zM-}i`#}UW33E%o1B943bCgI<y;<68bkI+3CMmq>259TipV@^VO^dUTUfP4?T0EE$3
zn^m}pFg$i_xQD*R9KmHEN5o;w(Hw?c5rvzWi`gTNHsCQvh@*Y@XdwPxC(i9}apK%3
zTUA`({kAz_<lWwqj(L#Uka^yx!cELY@D5D5@td6c3@=#q@q8SAzlzKE-`Nu0<%H1=
z;j6Me^by9N=49E=Xb*jjvBj020bz_a=59`3ET2Jn(H7dk`y!07=I;S>H$3_U&yT)A
zpCLcuo#uEfGPoC|D?FZ);)~AZ3X9**i2Xjoz(m2mfB&8Cf6<yLHz=mAd#CJLDR1pQ
zY|q|*s#-fO+7gZ*9lKN1>ywuHyKC>EV|NPmFK@{|yV9u5?>lx_xB;0QHw>V*(zg_$
z8Qu^w1EDVNj;O<GvB>S+b|b&LUN7&Su9ePM4SRR7Fml?S7mKFn?OLOb+z5EtFPfaU
zI_BnNe$DL@L>Q_Zwx;au(e3rhcF~p~Upz)V5Oe?NJ=^elN^7I`P@0SBwT2rti;!R1
z(OG5D8g3md!x^;Qxl(1fRi6|xkaI(MPU7on4m8|b1vmFu+^nOjO0`^_pe>B7u4t9(
zwhFpgm!%2yW}Tp&kxI4qAOyxrXRQDNV+IhIKcD}SL}1?0Qv@cT%@pHS!pIksu|m#_
zC$fp06*r3(p$3JxX^BNMc#D1_Wn@RviR3aZ`lx=KrWfg+!$d=~pIrVagt-xO6eb{N
zjgWH@);7$Ol-$I62+#8$?k#1$>vn#t)+Ve<>8z!IeXLSyh#=u281GPopdwqea)uwR
zO$MOi&wl>2go;p4p~4$ept&PPHesX_%Y(=Pizc@jgF@pehm}IWZLpRCkHeaXamE;8
zorC8wM0hD<7~FrLJ*;tDC$1Q0tZfW8NP}lwk>lOM18*-@+1}-9+nro|uZBI_etX)g
zHKqtZ@P?{=@Z1#dD@mkciII3blQc5R@s*%@XXXQ}E4Nl`5r-nLMqY{>iaZ^8Jkp4q
zi#!my5E+$w|Ca~O^*=js+rW7LA%JVo+<7_Sdel$gxxf|iaXPrL{Dy&_-l~$DJLn33
zn-d2f3=iCss%zr=i<0Lnf7_^IDc^Rt-y??l5V1z?1VZQ|YwmQBoDPUyD>3w<8L`1H
zoIG64PZj2Ki4V@^=P$BX$F96ES8+0*k(n3VU~j7s&L)yX*C3LIS;!>w$qX^B%y=xG
zBt}*-VJ6LVQFNKj-w#IC%H}h%46Qe*q#~ox`cvGMjG39ZnYF0uoap<)^PBH2Tx)*z
z%X?35f9&{&E^{Xzk0oMQ0QgH%@sXIB&17S}|B|>lf~y~5;-^_1H~<{x`X~al-fYK(
zJm3)bacx}>0F&^%9&nuD7G;(LZaW|eAUg$TE-=s}H|>NQ>QJ&slZtH_d7u}0XSnTb
za+i_I6$qsA8Ow-?f4BZ+@ZLk$nom4B@bxElesaxa4tFe*G|iYd+$ugoP#aHYdq3RV
z91Vv;AZWZn_kdf<cmo%K=kezF>KJbyi_jMtYh@<-?sR|$Vt*Sc)0F6@2M-B9JpA(>
zdsM>1@AeEH;&DGb#N#8h+9i^y<$(t@2N!nMG0-^RmI4o$3*Z?Zuuj3R4tNMK!voQ~
zD@W-`G4s94<$JpPhK|x3a-yUXK`uDH0_Bd<%z348!7)~zYv+PLEnnM{k?CfC$uzVT
zfCGmL!^D{O4XBZfrE>*4h1K2U)jgN?ukNAizW(yPHm&Y|+N;$)6Ik6TK0-@=Hnj|F
z0b1Q<b5b7UdFT5EJsR#(@YE!ggMYi?sfsCe*sxBHmnCoML>Ks~;wV)NYwm1WGKOYR
zs4Kj6QBf*|w=SB^kGB?!#bhFFCw+KpjsU$CZ~f&P=^shF^=rL@Y{Of)B<L9<iBvkC
zO80)@Qq{|a>vd;d0xtw^DeD%~EqLAH_zKKdo$yxT@JjJL?5}0u1O@g&pwCU|gtwSx
zypXo!#O7{Wa;AUye|+>GpOVA>3=cp04(|_4-Q4`>Kkz)kY5(+>*BuC^J^Y6gA(njP
zd{15f%^KEzI8OW6*}cDk^#YF5?6q?bs<4;#`bXFQ8}_VlobNqP?|&5gU^q^@{)^xK
zGhVOw9uV4X;^CnSk?#(liwqARiYWg7Bg1O{uWHc$x(9R*^s)ySFJzqgO2-Q=BWIea
zOx(YECj8Uqlh1tcAvt~i51u|ROL&HsGc)dAJt;n7rei7Eo;flixH!Sfq&jeO5)58(
z)=!qrTFUy#_&u+m9A6#lrz39dTn;GlRhGeS-w>qCWXdp!^wUc2%Ml#3qD}T)?>Hm}
z{wuv2_(ak_@Dv}(m?@K3d&@EKvN<{M0lM{4#+~UsJnpM&zwaaL_#&YHL`PYg9JivL
zY<W9GnE6zy7|UCJh=}<i;={$C{EdW&Kj|4n#7!R}ors$w*)$OZ&E<gzG}qj!>AzPO
z{rBpn_c_Wkr%72xxWqsi>#&<D#FOcSnUJC=9u+w5rvm@o0rLZr3j9c~sKCS)@a6y_
z+f#fb6C*y?GRy(0dWW4Vo^;j)-ot^eJAws+@C49)fG%Kt$9>=oSo1*-QVvpeYbkBY
zp30E~J-MVTq3%jlLj~o(Y>GmVyMt4u`<&8aB!fl{jV|VX={UEBiBjS4jQ0qOl^3F|
z24ZerRt?uk`8jI1n+{+mjPv|!3Bki7U#uwaota**`ffl}rTF!}vQ@7yRs}>q;4s9}
zsX9WUREXP1fHV=0nYYhYc^TioUPYZJ4~ar0UP98KTT;P{lTBVA0}2P61CHCZ3aYFp
z_0nDzJaag1AMmH#T7t*TgL{TI4~od&4S#>|so@>NZwy@+`rP0q5IYxe&pGhU?}=x6
zFY*%K^G3ShHr;EYzu_6TMR+MZP1KM4TnDb8bzl%s|14eMyXD!tLKkkpmA2RN|62ZE
z%8n2?Njm>l1PGpY;6ffS4LAl2V(td~;roVXoPMR`|CtbalyoD7(yUVd2S`M>9<|El
zXst9c*{DaW6&X_#UR^+h_hR>rTd3@<B!W_#C4CSt4C1+LES`#G62$5!biYMyCgYbc
zym9mGPe}Q~aL?omp}E2G9#Er!qKKKyq?d)^i|XZ4&vYBiNpRiJZ2&LuJO^%|@KWZ$
zZs)cRc$h0e?FKqzq7h8zb4f_-w2WXnFoM^8=b#+H^~*bgv8=faJUs;<G=f@BMhLAZ
zqvmtW+geWs+A=GpC-ZR{0nCkz(TXfIL1<;Uziu~XrtfdqbB+6@n$7)<|5lhz%$%-T
zQ;qs`tU?w8lGCMlZ7O5Nvsp7^LaqP6kxMFxwH@v?vD%&o>x75Zd+4~buW_EV<nAIH
z8_F$aO@VifD)&Ox6s~kVNR0<+Jg5VT<Dx%qphKps2@hg<0qkmS7H<rm8+vp2)yV$g
z3#12-i99#_#^A}}^6=B74bX^W2Eu(ehQAnobN%Zc*}$1~F7>if^8a%V-Gb#Wz>|3&
zUV;{Zo$4a@c}NG1i1>ad_V6LBAM2OCI|`;P&vhIPq<Cg=d@}^(_a^FD3Pk6rqDj
zdpTM;55P_kCpf0NoXcKm$SW$@ImK!%3YnN)ch#zuhFvKLl_@IOJGcwcnO#M``=POq
zh!4$tL~1#}e#}J`7og#=XeQs2gMFO0;sGuq$zru~5ubeKZ+1$a(N}xLGYYbgl~`fI
zSSBu_6f0EvBD{}edR#aANQOa%skd++=?H{6mkx8M=Kl*3rEk0&y$>Eoo=Z5s0^`c)
zQj5l#=Kr&$FQzV$;D_e_YyLmkertsY&Hq;#>6-uF?Ys|$Aw19ft4sdJ<>@PPn1Sfs
zY%Ft?^8e3KzlP}d>DSErVVeOim==s9PgvB5zq3c;{D=cbhr^l-$CN3iy<krO2iyye
zdGIU;$oL$~)w88pE{8Hie|4>@K232vxA?su{3q|p@Jt!{F<pu&H^2|z_!*hE%+KnT
zSNVWb!Uf-fWfb_C7JC=oD+S*PJPka}?!!CY$$2>KukQK48BRMWbA`m;Ke6_8eiyvs
z4YWhzcU<gQxNUw%!>RMPr(gIF9vjrTk?Q0;{GP#n<Fac<|MfeUTJ{s6#2;U3*`Itg
z|7jK;z%y?m4LTl6)qjewq<R<sihqQ@{@=U*=uz%7?(5WF|M*6JM^4*Q{QI8<^S$?f
z{qW2FG}OG7T5m}Gf7brLK-&MF{{L%z7y8bJKh6(^B3H1}`+vRvcWf`RJa-FHr^LsT
ziR3cKi*a*$|8IU)%l~7|W;{^u|D{RR?yaWshP>s=)$;#}4h^|Nc;J3m>wyb*AlG%E
z`+)H4iuL;<l3=X&|9b!536icd`!8DlU(5fq>29bOkVu(yPda=>-g9DqH-bAf313Y9
zpKiN$mYsY}%-!&&D&A!Lfbj*;9N<&Veb58o(<(0IubG#C=fOR+vyHCUXJfC4IIk6`
zpW<?@z}^|*9ptg)Yt7fXrj#mn<4A2{)UMU5mB75<Bu=Y)`)hXHu0;1u)=Kq8$*PEg
zO31qj-YqXpm2&brmp!FMoouAr*3<~j;gHn?)97RidA!BPjvYI=_t(eAOZ%<kbJel&
z#@_Mq!>MFqt{yviPt2M+Ix|)nJ4lKwt*>Ea<JnZqfC&iCmQ|+c*IN0)O;$*1t$Yev
zE7V1@pU}&l^#41htp@#njHPmGi4Jpq?VjPMiOaudT{Cok?Q<d=!TEnTgugNPdjl^I
zydG}!eJlLu>uc+;XVMB6Ua>3d--53W2O3utfiCQ>Aul|CPxwCI`I`Yf3~|8zHoEre
zo9P}8bNH;l!kpl7yH1A#;IBh1nPRdSOBMrgYy08$Q%5$wA>sDnUTIq;46-K4I5??8
zQJh4uGpXz{=-{gA$HjR}PV~hw?G12@c?^TKkiA~yfnR~~bq#(CFVtZGO*&n|NM)ft
z-!kzO`~x^XyY3M=fWOnL0gNS*z5%58NXCf8W6NMOkp@sUhp{5Z@()a#?q(dZZo#j>
zIFgbOoq(qPJB(kxkk96`Nf?hw=A5HLa;e;|TrOKkn|3A_kDKCezy0mI?!EU~^S4g_
z#b;(-`O5aoG)F*M7wJT%b^H(?!C4upWguU1bJYL%1X+Fy;|7QCaVr9jz6{GvVSa|^
zx%LQ!;ZX-rCX6NUj0AZ~Yi_42JdZK%EyrB!J21%?*;_7GXQdcaJ=&;7aWC4Kv`e)p
z9k>)Fwpg_`B~5ZicT8EOO0;3+qE@94ovzkPb0|j|HsyJ!*^n`K`zApuGd-=3x9(E;
z#<&G*#BSO4-h93~Q)%2<ug&h1srW;T^me>l)`GcQjh;k|=%AUHgl6v`oV;HjBz82s
zN$P_P_Dmnd56uQyq8*86GO+a7bCV9x2SIb<4;;K5a0a&!90T!zXE+Ap2fq*;-%j`7
zmm7}xq%FQe-7BE&g|V*_-~x)H^2CN{u4Yy8lT!Dq>&zYDj?`smtF?mC4{L!ssV}DD
zKG<YEG6j#_mS&h$rCZ@N7Rwp|IL!s%^w)l6orKeY<%Lr+oV=WH+H~NQ5peA5ZYB=^
z1V0mS2v|cpc+uF?@f?geJnt`&2R^vJ<ozVR1^CsupFB2SZ`f1Oy*Nvdc9b=X4s{fD
zl_*sn-9&#D|2<WUQ%<<Y5xN1jf3!|KI6667-FM1}-F>7yQ97G4?mM)%GM+wcqz@*K
zX9N335+KjTa|KvFX;GxJ`~Z35yWjsk36T9g1ISLQkZH0Zzl@4>jK2ZS;JU%zn2y17
z;#;`Sa!#D#gJ;@}*3i&d79Hd3AG&N{=&t`GrN!E}yhCTC$gI_}ta*SGY2$$LZeU@z
ziQ2kPMjCxT9sF?QM?*$r!{D34*#G}x{Wk_*9@rm#cHp6b;{!YUj<0`c{Zs2|JmhNN
z^}p@`-2=J@bPv1@dH^RS0{3IdJ$Z7iqdkPvOr-*mJc|+eCdorTm1P_yiYm+F%-W4~
zS~RduIOwK=l8U+|wGP2Ss<A#pTmozcKn(FBT;mgzt+fSSwfM|toG;JM3ft?xN_-J+
z6?n4eoU@zT-jM6`=ceB2XxW}+6PMO|WqJ&}8<*yH<8y!gy$8MM;0f^DOTec*w}m#b
zl-sj)+!6*Q8xEL0+U7Q45kNWriT16Ms!*_21TY@wm#7G8;aa&iK41ECq?>$?JjoMv
zI~vCwpNsndlpfDH8qI8bl6pWHqhzS^kIoi4z!dL|!%FxH3=__ullXF7opjHoU~35P
z$+Ert{urqZ@+TX?IS3u$gX?*b0;q@M++V0CO25a}M8(g=jy2yBhe>vM+{wnh5FCAe
z8m>(}15WX#x5p>t3UdVGEVJw{iPNPiXF%?|J%vY`ccQA@_LC1<PP=re_5K!}H)EvS
zJr|M@Og~&Nq_JKm#Ycu4zN%-+h-Q~(t@DWbTLhf6pX%J6qFPhu%wmRP_*BrKV3zvP
zfnM&vn`JTY1T3-WxN+~Pxy(CrNVLH{x1ql4u-xsd=2$h;RpfLf-5;k6fKKjx?h`=g
zCi<Nre~0s`IKjQWCeRe%_&HS!kb%7J*4h_gDDszazN9wD;9R_xFc(M+QvbGaSXv`o
z=JWJ8ct3tGp7VGunGU=k)#%XsIl$j5*QnmlSwr|JPWPmDh9!S)gH#8o=C*Si+mpB)
z!wFN`MT8bMAH_Nt=dXb0XO8om^ZfiJ@eqyeX7w6G*=#OaGd}}An<~0PH2dipm;~7p
z1QiL+pC8aenIu8RWrDa8@cz78)N1Cb?YEo?%Q>U6jWCU^;}&=t?gxe*hCOi+_~fsF
zza;RVr0ehoTtDLh3;`00YJ(3RjUrVCxMasr#&`g5DdjLjx6eN9Dcmo-La5T<!g$X8
za_D>5AYLW;|IEO_zRdbP?`U50!caJ(?f-jyr9-+0dffv|Kjm+9mD5k1y$5eW+UciS
z|6hnGfTRogBdjU#%uD1r)(gztZy{ZrnR;6Pzr#VTEZW5C1~fEEXn|I1-a}!vjv~E_
zamNY_&*RQ~xYaT4zAd9KGDe$8ZU6svE&tz1_E5|Jcm4fCCLDfse*Xc&Pat~tD%by~
zvmn_ZKTq2#zRK<Y(|WJv|6NUhD^LEv7iU@HkYb-4buu-QNyHQB9tjjF+CoSezdtg=
zoDGi}u!cA?=OaHOyMM1lo{yZ5G_Uy?$^U!$|L6Lj9k^{^y#J6#qM$kKavjT$G9Cqb
zgrv*R2XPaH=^{OFq+3<Exr46ow>j~hbcKhU6H!x|pv^?d^Of-`)B)NIzBRM~>L~Ic
z4q7TaaB#E<eM!)T5Jp>g>DGMMr*S?Aq8%c^;5#dg+PoyFGL3Ul>v&yd%q7OMg_DQN
zB=$x}qkeEUKR<W+)Y(|#)X95h?VzpxTw*3$n5#IMyE;de&P9pmGPYUBB=gA(9oBBf
zV<g6wNfhZMbu(QQ>KxTYv-$hM$XeNaCI)NbDfb{vtLQi7*Y}0zH%n7~U+$GDzgXae
zV2Y2#%xosxqmL+n{>kPD7Jdj|ASl6}4Q?s>0l*|Y;{zOLxJ8{v1N?2HYp>w8g8+Mn
zeV}Bd$-fg|sVTl%`^Nt&!~YcfAS~WV;{msn@y47B&*RPU)iK__EuSxf{h!NB^xf$I
zNp?JGq)gL*Af0#eQ^K#x^3QwhQK`!EyS-9nG3ms|)-{ykBPrPJTbAP>lCn9B|JADx
zd=#%QDIv`7U|QzVxZwB-l)DnS;P`eu*UklJIxov=T<LUPItV45E7<awY*T4EWsAAA
ze{~OC_w|?WwXZcl`=`BH-KFJR-q;a6P8sSovZ-Z|lU3D^3n>fnykygbT`uXR;HgOh
z5csz%o_Z>t%$_=N*sxBHmk%At#zs$cfv?U}q50X0Va=T_mnX8Z=~)!&3U4(@PMfgQ
zoDt7kgtaC!3A>oJli7SaUCfx-l!Lb}n$3^57K_DXB5gy7*27zK1n8|MsDJrJ`bQFP
z{aWuJ+kcR4#xO<_sdPM*?!5%KgluY#-0KeB%92-0!DFx|f@eI2<EsOYaRtoWzzM51
z4O{2JP3eTUm}b0?w&cX-Zd-DufB1iV^dFy+!~YBqKl&2y4@|w2uKz#%<#h*G!h-W%
zj{d)rvGF7{Ro$M15B9NmBJ3OBu-+i9(v^-7QdB(%ttGja^L^+0#PFVg{QqMC`TtGp
zo?Vw&zn`l@VeNDe=pN8LpnKqL(F44bV=8ek<^Lh^r}PKB5Vs?d5w`~&=}#6maV6gw
zS1D6YNX&7ZCFxjVu6xOOuOu4Z(uL$a?|OMn7hCCV7R5BX$pZ`w?lJOsJC3_jiX^KE
zt%@_QJRr`W@22K%^6>lkM}njtT}#!A%l~t4vV7^%<^TP=X_kBsN>H;rr2ko0r~H4f
z_y5{{v9@2lu>In<{`?|M*Mc2_4#HzJ=}H0j4!8VtERSscR?@Zf{=ZT>E6w;=WqFQ?
zeQEpug-5wN07%Ekgk%dqP<$knA+BY7S;#-KIba!(LsAas|NZ9RZ<5actC0tW`24?@
zh8`bkJ^ycb;A`P?;fjZhaPbwoYWshUQnlj1uD1UtndI93Uxkk@>tga@gM2*ssJOQO
z*U?_O(gbw$0o#QjwEaKu#kOKC(Dwg2*#9HS0y&RjvABl*OOzi}0KX<L>QHBYFMV(A
z-z~3}y>)jKCzdRjbb5v3kk(VKlf?;4f|o~e;y!zk0vHXBv+nTaY3?(<M7_aVr@7C(
zA=PfX%tEX7H0z1-o2xQfb01$K%dU2>xgWH<!MkU`QL811i__g8uZs3JsKFqCRnjO|
z@_EkHKWlj0LD4~LpV@hjQ*D58j(gC#T>Aen$`%P4>Fhh+kKjDCTc|e}-uNk)GRUyY
zdf5E5yfINcR_1#u`8;$J!!h$cxrew9c`TW>$TJL6sF~KxBc{ec2z6K@^?yKL!f@UV
zXXCZL8_uWWI=POS={kt34!!$2Y0nX70^$t4rItPCwA*?PBKmYC&p15jJd-~E4_{bF
ztcLUdyp?k;$<V(zI5+g>aAD}x$o^rb0K7POa#&FSGITP)jo~kb-(3GXe{M9Qm*-YW
z{$JD2HT`^H`nf*;5A#9?=_sxLZ)Ax)Pw+9W<~^oAGQO}B`8iCY@GL*a@zo(e=a{K-
zE(a9z)rob0jFg#7877JP`@|;cB#TzDN&BvM9FlT#Utzhq%cYysd4E2-xjz3-=?MX+
zgm2YT>o95^^nHAa9li+kKeYaTKmjZfC&o>4tJeQYq++&Z;QMdU_euKoeg570mqDrT
z^JvfXedtsOmv2U-YdR%jgtQjp=^mdwq~-q=7n}B{${Jq>e)ejR|6h&!UPX%ti5t#6
zbqmW^Jx6mh_JE*y@E%OjJnmSvG!K4urhPEYgWnG{4yI{v8fX`scF=iez5ic5`+uf?
zLH<7~9*8_Z764z0JRNyF(ukZR?SI(+@0arbFRxej|KALMH~iK0pYIt3fPi8JoZkQI
z{r|%I|F>R#j_J%-x?ZTZ|0if3CD(-=INtB;{r{y4PU`)C_jYRZ{@;)eCn`CoD!FE-
zJ8WmVkewn@px*y0x!J4C{>#;C@1t0==(N3=(~X%L9edXr>oC6*;>mQvOvvNZJS#A9
zKUL`O4wxU1RG~+DMHM14kdG=vac%z()CSNNdTK+eRIwXJY7?V$v}m;w;21fHbg~cb
z?XTH&yAs{!8u=@z1kcu=cgsstrG(1sT=tY2bvxg%t*H^R#j0)v)2w;AL4WG}#_{pe
ze(U&Lb!@z`cYOSCDw&w8$4=f8v!;&Dj1|TX2F`D^vhi#xW(3YrFZ!YO3pZII3ALZP
z7}PQyB>a;<`T)y$aN6bQ|J!Tl9#r)}0thZ7UjOL&fAh<~gv5KE-v21e$Z)>vzxeGx
zV>ueOUxoeuM)8u|{e$xl8o;^8_lF0E8<9-pRTe*yE$Khq11sGF=cQm+*p=t%X5WlF
z@GHPy_0FX6LLHV%(@Lj}RF=4=EliY5!9Veg&#rq!PCUPJv5AL{1EI;W3mjI<|6@(;
zl3%Lj|6`d%TAr9LaS6flTllWvwEVw3=R8V`^A7U=vq+~y*c;U-PHw_U?4???I$NP*
z*^AZMlvG5F?wGQ0O1qVdT9ra{q57D0f3#Y*g>efi-t9YMy<VGbIf<QOzFd5kdV8+c
zbJgQUCKfnXJ?}pYId(L>NgiW8*t4^c0bZUql0lYeN8*_badvyJ3K`3w`f(xtKnfUp
zXGbjr$H1@PnP#_>!thv*PzBZ&;8_Xsm{)G6D?G0`xVId5I3K#j*8`<9cGN1DqqWk+
zWTQ^7=zty|YtoKR(EUm@SF<YlNr6b$nLEOrRj<!hYlU0MM6nO*TH-#~l<6)!c3YZZ
zR+Vmr(^xEP1mH9mfYV?5m30zM2bLF3$#C*=!fDfiQ^xZl$9^+;02^e@0f&G!q(deR
zG-lWv1S}#BpLF8L18+KUrbnloIA9e%t>Scgs|Uv@w;XWX{eJS;e7#{$MfXDQzC;uW
zt5L0qx=NI?3T~o5i~pXg#VIG)9Jd!x`$y}<gQJtP)qSUo*xg6U6Q#2$<Gw?CE92?I
zM*3j#cs8(qq(kI$@m#?I8kbhaF*8NO@&n|J?|%RHBtZ7}3?Ol;d+Wp*%Z?<|Nh8yx
zam<Vy(~tmvo~_P6CSfDZaDXc~w$ch1g98k}@gB2DVU}xXtz(DCxOMbemxG@P&%t#g
zJW3wV0v(9fXSspihx76C1NPxKAM1&<)~#}=f7a{hwG97nPrvXV{B7gg!yBv}{nzgV
z(>@VO{BbZX_18bXk;jG0K67OFMSQDpoOaV+{J+m|S=M_&&utQuWc_c)z+~Tt9sd6V
z+WtTF+YYDiFo$;9C;07$wjOJ$?f+~0|7*l{f*)R&@x9?21wjpS4PXj$5Ip0Q97jHs
zLm8wY?>4$ZW(V^v;tY?NzmONQWcaobUJPzK5Fi-2YdHr_Diq4U6WabiHX+or<QzPV
z>8BXWDAK#&`(sUk=kezF>KJcqBs*LAA6xKF2T0QP|GS0<%mwfa4~&<u4tQ{Rd`jFi
z5WTx{l%5>8#k+9sy$rD|leYg~v8L;j)ds2c_S*j6GOq)R>UnAV|4Too3j1z&ZU0}M
zU)9LZ-hR8#_W$X~LN>_Hn|Br0_WwQn7W@UqZ#!Tco$yw&_HX&D{V%8e|I5{5Tq*m1
zZ0`aH?FMmy_WPNEgMFFxKN>P38^{(Q<o~t(e*!-3bPwnr&^>Tf^Z@VVSaVO?|7T<Z
zv^O~3^|DT+w*T+hC}iHsrQ0Y3<->EU#YUmxkA(%(H~2k+R@*wAThZ(Nzt&&W`irYc
zf01><u}=d}0-Lpk>@c&O!3xkfHC@XgHl&?%Ew%msE8qS<%OV)RKQhDnc_p{eZex;H
zR`3(yAP=P68v1U}M}9_<|F1-zkDQM*ulbn>M;;j-m9qaY54_fQq3?Y7<4TBt3th2S
zy?*NTbK&(<+yB${|MIuvnAo#b_bi1L;=H#1H(>?VO>O_LYkoh=d#p}=|Hb7$wEaJA
z|F0C#^OfgjY5o7MzyB*+-ltXL-xUUu)&M&2Wwri4?T|*WOCoxRqj#~Oeg<gE@J_xa
zXesbP{S00=u-AiUeGTmC;8&-<hSKD}+VuaIqK2DDrdstkk`y1wB;tv52Zf>yG|rH^
z<MSvKr^Y+sL+LYwB|IP};0XCy&w=RxOv?uU|D0IY|4QV0wD<p9<dcy~WIVDbvMsVH
zB1r%Le-8io@RP$IA3iyp9Nswm^P%q!ou`uln?nx{9Un>!Z65l?;LC$A3_d;h$-&y-
z(ZLT4ZW&xR`1-*22EIA)xq(j%R0cjckQ&%B5E}Tu{XgjcX8%|FpXh(M|4jc!`|s#C
z`fuo8$7&byDfOT30o?<-2XqhU9?(6YdqDTVa`%8jze3_RY6#klM{*C6fi2b-z12yD
z{*S^RLv%Kq5L5P4&aNqmn2^XixenB-Gt;VqIw)P(lR$C;_3q7=@2oUx^PG;I3g}Iv
zjs*aPm4@VwhV&>MtTiNeK+<BtVQb1(s#jDi_DS`MvYsB278jg0j@whyWvgL3)`3D&
zv!-Cz^R?16j!SlHfFyptqI9@IQh&Z!pl3X8<&IRGS8%mvcT?VC;n<{IF4q;8EhKk#
z#lrqlotm3JSgoEuGSirzX*gQaA+bxA*>C4&CJxzW?6T4-4oQm<#loS2HGQmMk$MQf
z!~0c!Ro|VpTD4YpICLSY<zFn^UD#VDBQ(-b$bEKWvRdH2yh)a&r-wn1qx%o@m_iG%
zSdgPascIh(67Q3#7*R@e+rLreEfo&WU}*2K>b83iT8zcQnD3s_A`a16cDQ$6sd9J0
zISnx+Pl2WWYSc>k1`S)OGI4aKY}ef}*&@sAtBhKWhFz-&B|#7p@0IC$^ZDvbr7>D7
zO<A@1y$z}+H$x-JJr$L?j@8TitbKN^L6uBOTLyqO$Q@A2bdT?FA3?57-nrMFM-j=|
zq!RB@>5jS%UYlV8CwvwQcUG)i**@l~^YGnwt8#X|PEd8IRJ4zm2tK)wAqP<`kkonQ
z*s(*7W_d`yXR&ZswU)OjnZF*$kr6~xCrTCfW%*sP$8(^ibk;spnkqHiHn8uL<*49<
zqCnC6U{^=uQ7x2;B?T+{?FN0(^ptMxN-I1h;frb@YYE3@rqJ0g!~x2S1!o8(0Nqt8
z(^#oJXGrR$77GW-NKM(kb8fm+v+3iJ!&X-^AoL{YDd%nZBj0Zqt(kJ;pjDq#yU&oM
zdQeNwEYOm{9aHoLja+`xp0f5$+WFHiBw!4SGZ=t<)k?86abLl#GVJ3Wiv<h{_&5x$
zfCfsXs%&>u@MTgjSe1zxYr<BNT_Jh5I>Y0Dah*b+&ZEY9!<w3QpAU1TyjLRoK5~}g
z*%PhWnDq7?JIpm<7R}denxed#7)GJlEAP?AkBS(YK-rP?jE&vB-;qHJNm>%jaY8xI
zDyunbUzs}6o#XH>g*?wZM1~SoIlHS|u7oG$|5fobF*>B=|M$E@@&BJ2*607>8;y~t
zzH4IS;F$)8nFAiHAMRrXgU9-aIA%t8q@nLI${0z$hq`;A%Pj?)juZhfb-C24W!On@
zjz4xTd*xxsn*YBr|6kkx$4u3Mo-e_S01P-DX|>kc*udKUzYtOCyKd|N1m_Zt^IQQM
z?{dr)9fqxg{+vGl&xTQWGNRcc_#uxQ!0@W&)jRte7)KQ8mtg;4b?N(S{=YNqUD!_5
z_W!FDOWXga&weT2zvln@4H|3v|7t&gy#T!C|G$0g|1TH+-?*4*?=Ds@vidE>4Oo5v
z2+byOFmjN%|I>v0x9b1j)^`5iN7sFCodI-JJKY1i2XqhU9=J++fGq>CzGr6}Z@j9M
zsaHZRQfi9dg04DBT!xL}4u{tu$hLH|kIt56!jc=}c0fDz9Py3@C^r-|q=}!_Ffb^%
zqw+s2w1&PAFHv7$9Jp_I94=i$UvWre7t<e)Ua3*GasuP1LK~e7!O?53$B4n4C|{L4
zqr`)`Qo4=^@lML&iW&2X)4>$3pP|#`YV-jWlH_iQFR2jAJWf&z=oOAD?hKmm1f88~
z;&!-wlohap*b$aF*NYTDyBz1yK)X@;J+>w)elB*b`Ib0LGMVE}Htu7G^y+>g{Pg}2
ziHl~0dd^483C0x{JJ{zb(d??v8J57k@Z3((9He$yPPu7~C@xg6Md!`bx$=MrC&UOQ
z=%JpwSv2wOTlsR07~MpKZV7{03ddI!%ZTO%%B7fu1!7a?$yEG23I>z75B=o<g@nfk
z)WO<QRBLklDHwL=HU$mAZ-e{qW?9UmB#K4Hjo}9TWwgWJj%fR;xD9ZzkyG(}5rma$
zc|e*Q;NE_mZUZ_w&V2&t+(f@K<nKUr<hF@shnlz*eomDakb%Zr8~eV9;>`vj!}*fh
zAcJe(Cad;Nff5&iJudTkDuegq_u`f@7vlY<1Mf#*qE7vB1B$!skbu?8(LbP==7_vx
zLSwdZLJYm!zA9jlS?3M_*dd9_F`OuVFx3*FHgJjz9UnszWK|ya<cl*D^X$)YesiAv
zza$=_cjt8yGsj{z^E2?Xsdw5Tn*CIgk05CYDqeVSbOAk-Ngl}HZfD(-1pIYxQ7eAO
zuby*8<zskfxQGRwhWmk`hao^*1U~s|;4jIY^_(|Qy%$!x9`qdC$11-NkQ9N-$p5gE
zHA0Z<Ro}AG=Ri7txx6+o%yGM1&u(NU$Mt|04acL&-=dN(z#O0)zcc5<6W>7W>mdIh
z_W%0Z_Wxg9|9NiEsqad=X#Ic9|JVF~H6PIY>7FBinH}?~=Kr@Ld@XEXt^eO9_@VXx
zMHGvm=KnKC*vzL=#aJGvV5O4k6s&A97u%JLnVGnmwalcM6CW=A<ZtdRTx)*zPxhYN
z{@C#kxp*L$@PQo{<BA<_wS1e2c+1(}ia|e;O~=z&v-igbYW~0G|Kp?A{C^TZ?j#PV
z_5TSrh<+rIDu=HxWr49T19cSJD3&e8o)2F0|26+Vs~GeP>i_qO|Ihpt?Eklkhlegi
zzB_y_GCX`J^6=0LL#_7zo?QRzz-<G=178cD3s;zYK+w9f?iES=3A^V~f=&{}BXxm?
zAuoI!*=Y|1x)A*8kiP}#-eHHe1do&6iD=-jgA{M3m@LMU#ialEc-t>+^{FEp-;l@0
zKisS1;}b^0Z@0ooj3muWDx2*+#)Z!U&7F6~ojD5Fw@Mlsr7vW67J1-TV0=A(h!^TG
zfTopB8>wvEKY#`Q0FKYDdqfW4@APT_V~M1104Y9_F=Fvp2g4&hn0RD!G!AfV7n|vu
z-Han>pztd&j*1iD@B`YlAM%BKHlIz(lc;mf!N0jwZdWdsEu>95lZ(eq@weap_Febh
zd#(9fr~l$JGp~GQ`(<u<VwptRe_}e~Bk4>slUjx?4>w2sk5BNtBy@)zeMBPCQ`%PY
zn16TBg>f6upW%6~Jwjo4)PX86mY_{1$WvN#J6+*<jByWhGwy+I4?GDlfH=N;c;Hf~
z540;RPzd80P_{K6V2tzm7$&|5^lWFHL(?18DDL6p^inNK43{W4F10DCh8x{6W#LqH
zD;FhI$f!K$9OdZD_3}IpUeA#}=}m$TW3LhygPdozXK^Wpmnc8DRm=}yeggAuJ}2hH
zJubE1;f;2bi(r`yyt(I?s~qG`YR<jnEISJ@_gRp0&!cf=a_;dxdG77OxyO9rxz)<K
zPthadtL9bD!@`deHy=Oc2)@ED+u02;Z&C3KHUIze`2XDZOXvUdtf0o~^7#L%4udXh
zX&qCRHISB+E0wzIZ%?gZxWhQGD&6Ol9wYl1<UmYV%>B}Fk}JKI*76Cq@_>?;R09cj
zC>s)&Si?1fYEWgp*Y-lVqYwvNVPrr$)dOn@qeApzeFq!>j^{vCa=@n>Pq!~tMOs#%
z&<z<>b%aEz5Vw&4854eF;3}<-rM7sT<+6oJyo7v%Zb@&Px%~T`0M7$l)+(s7o@7~j
z+1s45+`gJakl5M&|Ah$K|3BA{{r`CXA)r$|bBsT-EE-^W8)~PHyGdPSPk>$qJ2aHs
z1WpH!cR_q7UEzUiQlB)@*HQ9(WgHT9V7yTVZCvZ*LHu%XNLZaYRL!53rfmSXu8h-8
znzNPgQU{(z*BNt(v25Yw;c|YeFrQ0&a5g_L&reO9I(g5mJ(ZmqKh|=dYA!L8EzDJ%
z%x7fg`LnUa{M>^w^V#~`X^N}ESGQGQPbZl$<GGA&7Bb0vGLyCAW;_;8CNha)f_OCP
zqUbW4zaNaOmCa{j86W${D*D+!eP4Kfvt<8#xmWC;m_bLIw6KFHJ`yvtnd~y`Wr_VG
zn<F^-ApsG-cwV`&vPY5B1sw`73D0{Yjx*e%PNel3ZaWYlI_QB*F<tq00s^~AYPWss
zdzIOLmYY@@Z(e$qGTy<xFvnNNc>6?#eUUMuNKV(PFb!6hX1m--2S~ExNh4*NhL4n$
zP54P!|GdW@m87iS?G-7@jK{stpNNGNA4$a$&~@8tNQa9Pyllz~svoB>lfHbp7<>El
zrN9GZ{NVZf$2tYSI^ZE7d>@G3T{%imika_Skb9RQ#x0g61&^;lxyzA)m(ws;L_PXe
zNx@^RJlDRLW;!SDHh_Oh+>0J~A$m3FS@0_W2M*nX)p6RVdm|Z3=L$9`ohj25?nwJr
z_t14;fB9aUgggGUSF1Z2=J7snT7H$G9wVDFdjEN=>Ya1ao_D@)mY2O0JQW)$__r&b
zdMcjGo;q>ZuuhJb4;{$HMo)Bsug+7U`PqtL&7CcmC$h2WSrqCDZ#9!yo3PZJ5zkwM
zwI(wOyO_0;*?c-(%$V7fgSRf4&5yShi^XIjZG(x{BDO?;-YT~A%Qw<Ll6dRadI#A?
z0J4pdL@FImrI!h^sX215%L&t?NH1mG!bT9D*Da2(z<kvSZ)N2`ml}S8QufY}p-4BS
z6W(H)@j}{?6PqWsX8MQ!$4CG1DLMSl@bIHA@&3Tn&CQSg1J4tj_D_F#-GN}*!+$st
zVhu9R_tf>@tYPhk<Ft>R-TNC%ui!LZYq`9t+tcvDx`7(7Z-7(fJ*^&IuUIbuJ7>-R
zSNp8h0lz@KHUB?ogG=-Oh35a$d<NRy3Vf%U|F8M~n*Xn8fQ|+~sFQI1oi{kIMEnj=
z3))k-R1lvLSA^!i=Ko8p9c}vA3j0(uw1N)&zZIJMjMu7G0fp^)B<(5uj0}a$m0K>&
zea-(bReX#xDX)c5;Q2s}2#p6UX|%x?=h`N-Y5u?JEyV}c{QqwF|17|+_S3?Vd{`3y
z-&DQsg053Xcl>{zVVLU8Jp69>|KN+m@#@26FNOclbzuL0i}?P!PevMjKOOvVq}Bf4
zFQoqe{_wK{4-Fh2*xC2}bq}rYzv3+bs6N#Hx(9R*=pN8L(Aoox2QziK^KOiJnUho$
z(ySb3xim;rwp;mw7B}p$Eq@!!-$Ln(EoBIlT{-S8#!gj_Iyfw|QeC@kERSDydXMAW
zd!4P&5jNabQ?TDvyIZ=jkr>>Ec-X*F<d9!--T?A+aQp_BuA|`J#jO?{g$%tL;GE?f
z_&qUFty0?yjX1-_@@Nro?Q#g-Ldgf->#KI#B_FOt`+t7;Tdh<CDL+E+$P_qj|L;=l
z|M8r+vhx26+oa_0`eylod75_G{vTTa<sOPUJ;ZzZx6=L}(X-e*jmvXq{KK71I@*Wi
zRisEykJW`8!zJSZz@?Ofh1PZ&W_t?v3zt)+nc|>gY%dV2_D1mlS^s}P+W+4}=l`|p
z|2s|Vi|zs413l~kmJ4N^@=BKr)#v{S5e0m7q4xpI8J^|mIF9uKb2sq1mDBss=l=y|
zk6`UBsl+CoO|ECPdnt00Sb^br+*g;pzfa}E7lHmqbhK3gBziFo5N-dD#<-h#0N*$~
z!vn`x$2=f~J>=gBt^Z}3v8!F*r&zOa;P`1+{By;7WUPZUwYL99-!;*X<bs}57b&-h
zIUoBntohIfq4mBA`YF7VuL)cb9*kz(XZ(QY3Fu72gNlp$Ja0fT9r(kI<arK3d$^B$
z+vtjRAVY~b=t%IWALW)}Kc`f&8%Jsrqjc(hwGyyN<|Iz5d;4p4-L6FUP1Z{FM#-v(
zf=cjg{du>%G*!yU>s<Df8g-(V*w)ktozAPO38q=|bc6mrcI?=}y}v#_UfORRpR10I
zH};N?A5J9`bM@HCdt%nq(V4Nr*g*p1*4MDI@oXw)1nj64{kn@^xXB7h-NjEqcai1q
z<ycc6@~-|Mg&~KJF^1#)J=5%&>d(9b-m3%mgTq+BVeH_zUeKaZn<1}i>=0Bm!S2ry
zP&5jZTuWAjPOd-SCx-V7o?PFEoQqtLKi2<$t?xqL`S8d21yJM)cG~{Gw*SAd{eQCW
zK4PZngv@0yphmk0X+B=ri_rW3o*4a>J=$XRK@DImMe5m(t~V}D(52LNFv`J1+zz+=
z)hjemu>Db<x0kXH46f%K=QSH^z;dkF9q_ac`g3~!e>waAQMpiu-Srsz{r6$LBm`@x
zy2!O0>A=Mp2V|U&aXgM^RhcGW1O65#4qOhNVFvXr2h2#JgCoVmWG|*JpfGy?=g@IN
zeTI-c&<cbXI@TfWLt`HiADa1y6#WHywy1raMKk%HE0#><Y^#v>E2WbKnpV}_ji>+R
z`%)?WJnL>cM^JV6<hz><GOgxQp*2qCQ^|}gHM%U5k8DokFB*SY7=KY_5fX;63>KK#
zEP@|@;r$HeE4c@uc~0B4pzUdwQ^-o$wb1(imC{*h#@8y3RZ0zEUz+~^<*p&=nE%uo
zijSl+WVLL05Lnq9eX8;s#TEPijbb$N`N*i`|6ho_6v;%M8-8Q(<ZyZT=}3cqnSpTM
zjo~kb-(3GXP}QEem9qb**H68EuBP=<^ZyG|rOG9v;Cla0vvIdJ@AdxwlHpAA|26-g
zkop!<pgeA{x%G!&oDn~U`8G?T1A<-y&om#7Gfih@>42L5&!Y`<qMHA|y7~X-<hK+O
zpMK4}pLwUjv|yZy(3e{yo8o(1{wlsfINs>sdxm3M`=Hsv@%PU5%b5?r_#E?hnLfhh
zP?jXT-P0YOrg#Xm!0-LwKRw;_8l4xPkvw_iXWlR71vq|2@bTgJS-tWq9W)uZ;5)FL
zIew<a-i3M8!FN(D;gHyUc*i?A52yXrJs&v3X$R>U@Q#1~#M;;SUC{405CvOKpLBn*
zXW_Q_9Sx_>-=2QqKX`0V=SHfN^YD8H`;E)49sSquTx!`*gc5(;S{CmJXu@0$r}{w%
cma}K6ezv>E&jz|ZoL85M^E+_8y_O^R|7|6KF#rGn
literal 0
HcmV?d00001
diff --git a/ldap/data/ldap_db/lock.mdb b/ldap/data/ldap_db/lock.mdb
new file mode 100644
index 0000000000000000000000000000000000000000..0041bebf53c2b3ef4ea4534278728f0633f1346b
GIT binary patch
literal 8192
zcmeIuu@OK(5Cu@zl6EAT5YvEM4|*^%U1&ilByg9U0GZ%zva`4MXJ_6zZ&N5jkyn>L
z#JP<9p12lW+`nx{tU3kuW9-{BJoj6EshZ(K{`rC*1PBlyK!5-N0t5&UAV7cs0RjXF
T5FkK+009C72oNAZ;Qs<AbZ{Gt
literal 0
HcmV?d00001
diff --git a/ldap/data/start.sh b/ldap/data/start.sh
index 6dd8777..6b6d324 100644
--- a/ldap/data/start.sh
+++ b/ldap/data/start.sh
@@ -15,6 +15,9 @@ chown -R openldap:openldap /var/lib/ldap
service slapd restart
cp -r /tmp/ldap/schema/fusiondirectory /etc/ldap/schema/
+chown -R www-data /etc/fusiondirectory/
+chmod 770 /etc/fusiondirectory/fusiondirectory.conf
+
fusiondirectory-insert-schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/openssh-lpk.schema
service apache2 restart
diff --git a/ldap/run.sh b/ldap/run.sh
index ddf79d5..f691975 100644
--- a/ldap/run.sh
+++ b/ldap/run.sh
@@ -3,9 +3,10 @@
docker run \
--name ldap \
- -v /opt/warpauth/data/ldap_db:/var/lib/ldap \
- -v /opt/warpauth/data/ldap_conf:/etc/ldap \
+ -v ${PWD}/data/ldap_db:/var/lib/ldap \
+ -v ${PWD}/data/ldap_conf:/etc/ldap \
+ -v ${PWD}/data/fusiondirectory:/etc/fusiondirectory \
-p 389:389 \
- -p 8123:80 \
+ -p 8123:80 \
-it \
ldap
diff --git a/web/warpauth/views/profile.py b/web/warpauth/views/profile.py
index f40bfef..a68bdf7 100644
--- a/web/warpauth/views/profile.py
+++ b/web/warpauth/views/profile.py
@@ -9,6 +9,7 @@ from warpauth.util import *
##
# http://www.python-ldap.org/doc/html/ldap.html#ldap.LDAPObject
+# ToDo: first- and lastname, email, public?
##
@login_required(login_url='/login/', redirect_field_name=None)
diff --git a/web/warpzone/settings.py b/web/warpzone/settings.py
index db91d2a..8bb9f17 100644
--- a/web/warpzone/settings.py
+++ b/web/warpzone/settings.py
@@ -103,8 +103,8 @@ DATABASES = {
},
'ldap': {
'ENGINE': 'ldapdb.backends.ldap',
- # 'NAME': 'ldap://s1.dyhost.de/',
- 'NAME': 'ldap://ldap/',
+ 'NAME': 'ldap://s1.dyhost.de/',
+ #'NAME': 'ldap://ldap/',
'USER': 'cn=admin,dc=warpzone,dc=ms',
'PASSWORD': '12345',
}
@@ -139,8 +139,8 @@ AUTHENTICATION_BACKENDS = (
# AUTH LDAP SETTINGS
#
-# AUTH_LDAP_SERVER_URI = "ldap://s1.dyhost.de"
-AUTH_LDAP_SERVER_URI = "ldap://ldap"
+AUTH_LDAP_SERVER_URI = "ldap://s1.dyhost.de"
+#AUTH_LDAP_SERVER_URI = "ldap://ldap"
AUTH_LDAP_BIND_DN = "cn=admin,dc=warpzone,dc=ms"
AUTH_LDAP_BIND_PASSWORD = "12345"
@@ -163,10 +163,10 @@ AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_SEARCH_PATH,
AUTH_LDAP_GROUP_TYPE = PosixGroupType()
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
- "is_active": "cn=active,ou=groups,ou=WarpAuth,ou=Warpzone,dc=warpzone,dc=ms",
- "is_staff": ["cn=superuser,ou=groups,ou=WarpAuth,ou=Warpzone,dc=warpzone,dc=ms",
- "cn=superuser,ou=groups,ou=WarpAuth,ou=Warpzone,dc=warpzone,dc=ms"],
- "is_superuser": "cn=superuser,ou=groups,ou=WarpAuth,ou=Warpzone,dc=warpzone,dc=ms"
+ "is_active": "cn=active,ou=Groups,dc=warpzone,dc=ms",
+ "is_staff": ["cn=superuser,ou=Groups,dc=warpzone,dc=ms",
+ "cn=superuser,ou=Groups,dc=warpzone,dc=ms"],
+ "is_superuser": "cn=superuser,ou=Groups,dc=warpzone,dc=ms"
}
AUTH_LDAP_FIND_GROUP_PERMS = True
--
GitLab