[Da-tools-commits] r346 .: Add userdir-ldap.schema to version control and the resulting package.
Marc 'HE' Brockschmidt
he at debian.org
Tue Dec 25 08:34:13 UTC 2007
------------------------------------------------------------
revno: 346
committer: Marc 'HE' Brockschmidt <he at debian.org>
branch nick: userdir-ldap-common
timestamp: Tue 2007-12-25 09:34:13 +0100
message:
Add userdir-ldap.schema to version control and the resulting package.
added:
userdir-ldap.schema
modified:
debian/rules
-------------- next part --------------
=== added file 'userdir-ldap.schema'
--- a/userdir-ldap.schema 1970-01-01 00:00:00 +0000
+++ b/userdir-ldap.schema 2007-12-25 08:34:13 +0000
@@ -0,0 +1,467 @@
+# Revision history:
+#
+# 0.7 [RM]
+# - Add 'gender' and 'birthDate' to debianDeveloper
+# - Add 'mailDisableMessage' to debianAccount
+# - Add 'mailDisableMessage', 'mailCallout', 'mailGreylisting', 'mailRBL',
+# 'mailRHSBL', and 'mailWhitelist' to debianDeveloper and debianRoleAccount
+#
+# 0.6 [JT]
+# - Add 'access' as a MAY for debianServer objectclass.
+# - Make activity-from a UTF-8 string rather than ASCII.
+# - add new debianRoleAccount objectclass.
+#
+# 0.5 [JT]
+# - Add 'access' as a MAY for debianDeveloper objectclass.
+# - Add 'gid' attribute.
+# - Make homeDirectory a MAY not MUST for debianAccount.
+# - drop userPassword and memberUID MAYs from debianGroup.
+# - add SUP top STRUCTURAL to debianGroup.
+#
+# 0.4
+# - add a UTF8-enabled 'gecos' attribute type, conflicts with RFC2307
+# - add debianAccount, which is roughly equivalent to posixAccount but
+# permits UTF8 gecos fields
+# - add debianGroup, which is the same as above but for posixGroup
+#
+# 0.3
+# - Remove labeledURI, jpegPhoto from the list of supported
+# attributes; using inetOrgPerson instead of organizationalPerson as
+# a structural objectclass gives us both of these, and several other
+# attributes that may be useful.
+# - Add echelon attributes for MIA work to the debiandeveloper
+# objectclass. (accountcomment,accountstatus)
+# - Add specification for debianServer objectclass, used for Debian
+# server listings
+#
+# 0.2
+# - grammarfied 'allowedHosts' to 'allowedHost' as
+# 1.3.6.1.4.1.9586.100.4.2.12.
+# - add 'privateSub' as 1.3.6.1.4.1.9586.100.4.4.5.
+# - add 'jabberJID' as 1.3.6.1.4.1.9586.100.4.2.13.
+# - change 'icqUIN' to an integer type (see? I told you it wasn't
+# approved for use yet! ;)
+#
+# 0.1
+# - initial revision
+#
+#
+# Project: db.debian.org
+# Contact: Debian directory administrators <admin at db.debian.org>
+# Type: X.500/LDAP
+# Section: Project
+#
+# enterprise.Debian.project.userdir / 1.3.6.1.4.1.9586.100.4
+#
+# .1 - public LDAP objectClasses
+# .1 - debianAccount
+# .2 - debianGroup
+#
+# .2 - public LDAP attributeTypes
+# .1 - sshRSAAuthKey
+# .2 - activity-from
+# .3 - activity-pgp
+# .4 - comment
+# .5 - icqUin
+# .6 - ircNick
+# .7 - latitude
+# .8 - longitude
+# .9 - middlename (mn)
+# .10 - onVacation
+# .11 - supplementaryGid
+# .12 - allowedHost
+# .13 - jabberJID
+# .14 - access
+# .15 - admin
+# .16 - architecture
+# .17 - bandwidth
+# .18 - disk
+# .19 - distribution
+# .20 - host
+# .21 - hostname
+# .22 - machine
+# .23 - memory
+# .24 - sponsor
+# .25 - sponsor-admin
+# .26 - sshRSAHostKey
+# .27 - status
+# .28 - gecos
+# .29 - gid
+# .30 - gender
+# .31 - birthdate
+# .32 - mailDisableMessage
+#
+# .3 - experimental LDAP objectClasses
+# .1 - debianDeveloper
+# .2 - debianServer
+# .3 - debianRoleAccount
+#
+# .4 - experimental LDAP attributeTypes
+# .1 - allowedHosts - OBSOLETED
+# .2 - dnsZoneEntry
+# .3 - emailForward
+# .4 - keyFingerPrint
+# .5 - privateSub
+# .6 - accountComment
+# .7 - accountStatus
+# .8 - perform callouts
+# .9 - perform greylisting
+# .11 - DNS RBL
+# .12 - RHS RBL
+# .13 - whitelist
+
+# Public attribute types
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.1
+ NAME 'sshRSAAuthKey'
+ DESC 'textual form of an SSH public key compatible with authorized_keys'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.2
+ NAME 'activity-from'
+ DESC 'last known activity from user email address'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.3
+ NAME 'activity-pgp'
+ DESC 'last known activity from user PGP key'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.4
+ NAME 'comment'
+ DESC 'user-editable comment'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.5
+ NAME 'icqUin'
+ DESC 'UIN for ICQ instant messaging system'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.6
+ NAME 'ircNick'
+ DESC 'Internet Relay Chat nickname'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.7
+ NAME 'latitude'
+ DESC 'latitude coordinate'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.8
+ NAME 'longitude'
+ DESC 'longitude coordinate'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.9
+ NAME ( 'mn' 'middlename' )
+ SUP name )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.10
+ NAME 'onVacation'
+ DESC 'vacation message'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.11
+ NAME 'supplementaryGid'
+ DESC 'additional Unix group id of user'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.12
+ NAME 'allowedHost'
+ DESC 'host name this account is allowed access to'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.13
+ NAME 'jabberJID'
+ DESC 'JID for Jabber instant messaging protocol'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.14
+ NAME 'access'
+ DESC 'nature of access allowed to server'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.15
+ NAME 'admin'
+ DESC 'email address of server administrator'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.16
+ NAME 'architecture'
+ DESC 'hardware architecture of server'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.17
+ NAME 'bandwidth'
+ DESC 'type of network connection for server'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.18
+ NAME 'disk'
+ DESC 'amount of disk space available to server'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.19
+ NAME 'distribution'
+ DESC 'host OS distribution'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.9586.100.4.2.20
+# NAME 'host'
+# DESC '(short) host name of server'
+# EQUALITY caseIgnoreIA5Match
+# SUBSTR caseIgnoreIA5SubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.21
+ NAME 'hostname'
+ DESC 'FQDN of the server'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.22
+ NAME 'machine'
+ DESC 'description of physical hardware'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.23
+ NAME 'memory'
+ DESC 'amount of RAM available to server'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.24
+ NAME 'sponsor'
+ DESC 'name of the sponsor of this server'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.25
+ NAME 'sponsor-admin'
+ DESC 'email address of sponsoring server administrator'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.26
+ NAME 'sshRSAHostKey'
+ DESC 'textual form of an SSH public host key compatible with known_hosts'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.27
+ NAME 'status'
+ DESC 'administrative status of server'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.28
+ NAME 'gecos'
+ DESC 'The GECOS field; the common name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.29
+ NAME 'gid'
+ DESC 'Group Name'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.30
+ NAME 'gender'
+ DESC 'ISO 5218 representation of human gender'
+ EQUALITY integerMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.31
+ NAME 'birthDate'
+ DESC 'Date of birth in YYYYMMDD format'
+ EQUALITY numericStringMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{8} )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.32
+ NAME 'mailDisableMessage'
+ DESC 'Message returned when all mail is disabled'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+# Public object classes
+
+objectclass ( 1.3.6.1.4.1.9586.100.4.1.1
+ NAME 'debianAccount'
+ DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
+ SUP top AUXILIARY
+ MUST ( cn $ uid $ uidNumber $ gidNumber )
+ MAY ( userPassword $ loginShell $ gecos $ homeDirectory $ description $ mailDisableMessage ) )
+
+objectclass ( 1.3.6.1.4.1.9586.100.4.1.2
+ NAME 'debianGroup'
+ SUP top STRUCTURAL
+ DESC 'attributes used for Debian groups'
+ MUST ( gid $ gidNumber )
+ MAY ( description ) )
+
+# Experimental attribute types
+
+# There are existing schemas for doing DNS in LDAP; would one of
+# these be better? c.f. draft-miller-dns-ldap-schema-00 (expired)
+attributetype ( 1.3.6.1.4.1.9586.100.4.4.2
+ NAME 'dnsZoneEntry'
+ DESC 'DNS zone record for user'
+ EQUALITY octetStringMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+# rfc822mailbox (RFC1274) is recommended as a replacement for this in
+# general.
+attributetype ( 1.3.6.1.4.1.9586.100.4.4.3
+ NAME 'emailForward'
+ DESC 'forwarding address for email sent to this account'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+# Network Associates also has a schema for PGP keys / key IDs which may
+# or may not be applicable:
+# http://www.openldap.org/lists/openldap-devel/200010/msg00071.html
+attributetype ( 1.3.6.1.4.1.9586.100.4.4.4
+ NAME 'keyFingerPrint'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# Rather Debian-specific, not useful to the public.
+attributetype ( 1.3.6.1.4.1.9586.100.4.4.5
+ NAME 'privateSub'
+ DESC 'email subscription address for debian-private mailing list'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+# Echelon attributes; re-evaluate later
+attributetype ( 1.3.6.1.4.1.9586.100.4.4.6
+ NAME 'accountComment'
+ DESC 'additional comments regarding the account status'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.4.7
+ NAME 'accountStatus'
+ DESC 'Debian developer account status'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+# mail attributes; not public information
+attributetype ( 1.3.6.1.4.1.9586.100.4.4.8
+ NAME 'mailCallout'
+ DESC 'Whether or not to require a successful callout attempt on email delivery'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.4.9
+ NAME 'mailGreylisting'
+ DESC 'Whether or not to perform greylisting on email delivery'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.4.11
+ NAME 'mailRBL'
+ DESC 'RBL sites to check at SMTP accept time'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.4.12
+ NAME 'mailRHSBL'
+ DESC 'RHSBL sites to check at SMTP accept time'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.4.13
+ NAME 'mailWhitelist'
+ DESC 'sites to whitelist from additional SMTP accept time checks'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+# Experimental objectclasses:
+
+objectclass ( 1.3.6.1.4.1.9586.100.4.3.1
+ NAME 'debianDeveloper'
+ DESC 'additional account attributes used by Debian'
+ SUP top AUXILIARY
+ MUST ( uid $ cn $ sn )
+ MAY ( accountComment $ accountStatus $ activity-from $
+ activity-pgp $ allowedHost $ comment $ countryName $
+ dnsZoneEntry $ emailForward $ icqUin $ ircNick $
+ jabberJID $ keyFingerPrint $ latitude $ longitude $ mn $
+ onVacation $ privateSub $ sshRSAAuthKey $ supplementaryGid $
+ access $ gender $ birthDate $ mailCallout $ mailGreylisting $
+ mailRBL $ mailRHSBL $ mailWhitelist
+ ) )
+
+objectclass ( 1.3.6.1.4.1.9586.100.4.3.2
+ NAME 'debianServer'
+ DESC 'Internet-connected server associated with Debian'
+ SUP top STRUCTURAL
+ MUST ( host $ hostname )
+ MAY ( c $ access $ admin $ architecture $ bandwidth $ description $ disk $
+ distribution $ l $ machine $ memory $ sponsor $
+ sponsor-admin $ sshRSAHostKey $ status
+ ) )
+
+objectclass ( 1.3.6.1.4.1.9586.100.4.3.3
+ NAME 'debianRoleAccount'
+ DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
+ SUP account STRUCTURAL
+ MAY ( emailForward $ supplementaryGid $ allowedHost $ labeledURI $
+ mailCallout $ mailGreylisting $ mailRBL $ mailRHSBL $
+ mailWhitelist
+ ) )
=== modified file 'debian/rules'
--- a/debian/rules 2007-08-12 17:40:32 +0000
+++ b/debian/rules 2007-12-25 08:34:13 +0000
@@ -22,7 +22,8 @@
$(pysite)/userdir_ldap \
usr/share/doc/$(package)/samples \
etc/userdir-ldap/templates \
- etc/cron.d
+ etc/cron.d \
+ etc/ldap/schema
binary-indep: build
dh_testdir
@@ -45,6 +46,7 @@
echo "# See /usr/share/doc/userdir-ldap" > $(i)/etc/userdir-ldap/generate.conf
chmod 644 $(i)/etc/userdir-ldap/generate.conf
install -m 644 templates/*-* $(i)/etc/userdir-ldap/templates/
+ install -m 644 userdir-ldap.schema $(i)/etc/ldap/schema/
dh_installdocs
dh_installchangelogs
More information about the Da-tools-commits
mailing list