[Da-tools-commits] r344 .: Add userdir-ldap.schema to version control and the resulting package.

Tue Dec 25 10:22:37 UTC 2007

------------------------------------------------------------
revno: 344
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Tue 2007-12-25 11:22:37 +0100
message:
  Add userdir-ldap.schema to version control and the resulting package.
  
  Merge the addition of the schema file from the
  da-tools/userdir-ldap-common bzr repositoru on alioth.
    revno: 346
    committer: Marc 'HE' Brockschmidt <he at debian.org>
    branch nick: userdir-ldap-common
    timestamp: Tue 2007-12-25 09:34:13 +0100
    message:
      Add userdir-ldap.schema to version control and the resulting package
  
  Also, add a comment on top of the schema file that says it's now being
  versioned in bzr, and update debian/changelog.
added:
  userdir-ldap.schema
modified:
  debian/changelog
  debian/rules
-------------- next part --------------
=== added file 'userdir-ldap.schema'

--- a/userdir-ldap.schema	1970-01-01 00:00:00 +0000
+++ b/userdir-ldap.schema	2007-12-25 10:22:37 +0000
@@ -0,0 +1,470 @@
+# Revision history:
+#
+# XXX [PP]
+#   - Now version controlled in db.d.o bzr repository - 2007-12-25
+#
+# 0.7 [RM]
+#   - Add 'gender' and 'birthDate' to debianDeveloper
+#   - Add 'mailDisableMessage' to debianAccount
+#   - Add 'mailDisableMessage', 'mailCallout', 'mailGreylisting', 'mailRBL',
+#         'mailRHSBL', and 'mailWhitelist' to debianDeveloper and debianRoleAccount
+# 
+# 0.6 [JT]
+#   - Add 'access' as a MAY for debianServer objectclass.
+#   - Make activity-from a UTF-8 string rather than ASCII.
+#   - add new debianRoleAccount objectclass.
+#
+# 0.5 [JT]
+#   - Add 'access' as a MAY for debianDeveloper objectclass.
+#   - Add 'gid' attribute.
+#   - Make homeDirectory a MAY not MUST for debianAccount.
+#   - drop userPassword and memberUID MAYs from debianGroup.
+#   - add SUP top STRUCTURAL to debianGroup.
+#
+# 0.4
+#   - add a UTF8-enabled 'gecos' attribute type, conflicts with RFC2307
+#   - add debianAccount, which is roughly equivalent to posixAccount but
+#     permits UTF8 gecos fields
+#   - add debianGroup, which is the same as above but for posixGroup
+#
+# 0.3
+#   - Remove labeledURI, jpegPhoto from the list of supported 
+#     attributes; using inetOrgPerson instead of organizationalPerson as
+#     a structural objectclass gives us both of these, and several other 
+#     attributes that may be useful.
+#   - Add echelon attributes for MIA work to the debiandeveloper
+#     objectclass. (accountcomment,accountstatus)
+#   - Add specification for debianServer objectclass, used for Debian 
+#     server listings
+#
+# 0.2
+#   - grammarfied 'allowedHosts' to 'allowedHost' as
+#      1.3.6.1.4.1.9586.100.4.2.12.
+#   - add 'privateSub' as 1.3.6.1.4.1.9586.100.4.4.5.
+#   - add 'jabberJID' as 1.3.6.1.4.1.9586.100.4.2.13.
+#   - change 'icqUIN' to an integer type (see? I told you it wasn't
+#     approved for use yet! ;)
+#
+# 0.1
+#   - initial revision
+#
+#
+# Project: db.debian.org
+# Contact: Debian directory administrators <admin at db.debian.org>
+# Type:    X.500/LDAP
+# Section: Project
+#
+# enterprise.Debian.project.userdir / 1.3.6.1.4.1.9586.100.4
+#
+# .1 - public LDAP objectClasses
+#   .1 - debianAccount
+#   .2 - debianGroup
+#
+# .2 - public LDAP attributeTypes
+#   .1 - sshRSAAuthKey
+#   .2 - activity-from
+#   .3 - activity-pgp
+#   .4 - comment
+#   .5 - icqUin
+#   .6 - ircNick
+#   .7 - latitude
+#   .8 - longitude
+#   .9 - middlename (mn)
+#   .10 - onVacation
+#   .11 - supplementaryGid
+#   .12 - allowedHost
+#   .13 - jabberJID
+#   .14 - access
+#   .15 - admin
+#   .16 - architecture
+#   .17 - bandwidth
+#   .18 - disk
+#   .19 - distribution
+#   .20 - host
+#   .21 - hostname
+#   .22 - machine
+#   .23 - memory
+#   .24 - sponsor
+#   .25 - sponsor-admin
+#   .26 - sshRSAHostKey
+#   .27 - status
+#   .28 - gecos
+#   .29 - gid
+#   .30 - gender
+#   .31 - birthdate
+#   .32 - mailDisableMessage
+#
+# .3 - experimental LDAP objectClasses
+#   .1 - debianDeveloper
+#   .2 - debianServer
+#   .3 - debianRoleAccount
+# 
+# .4 - experimental LDAP attributeTypes
+#   .1 - allowedHosts - OBSOLETED
+#   .2 - dnsZoneEntry
+#   .3 - emailForward
+#   .4 - keyFingerPrint
+#   .5 - privateSub
+#   .6 - accountComment
+#   .7 - accountStatus
+#   .8 - perform callouts
+#   .9 - perform greylisting
+#   .11 - DNS RBL
+#   .12 - RHS RBL
+#   .13 - whitelist
+
+# Public attribute types
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.1 
+	NAME 'sshRSAAuthKey'
+	DESC 'textual form of an SSH public key compatible with authorized_keys'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.2
+	NAME 'activity-from'
+	DESC 'last known activity from user email address'
+	EQUALITY caseExactMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.3
+	NAME 'activity-pgp'
+	DESC 'last known activity from user PGP key'
+	EQUALITY caseExactIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.4
+	NAME 'comment'
+	DESC 'user-editable comment'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.5
+	NAME 'icqUin'
+	DESC 'UIN for ICQ instant messaging system'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.6
+	NAME 'ircNick'
+	DESC 'Internet Relay Chat nickname'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.7
+	NAME 'latitude'
+	DESC 'latitude coordinate'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.8
+	NAME 'longitude'
+	DESC 'longitude coordinate'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.9
+	NAME ( 'mn' 'middlename' )
+	SUP name )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.10
+	NAME 'onVacation'
+	DESC 'vacation message'   
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.11
+	NAME 'supplementaryGid'
+	DESC 'additional Unix group id of user'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.12
+	NAME 'allowedHost'
+	DESC 'host name this account is allowed access to'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.13
+	NAME 'jabberJID'
+	DESC 'JID for Jabber instant messaging protocol'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.14
+	NAME 'access'
+	DESC 'nature of access allowed to server'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.15
+	NAME 'admin'
+	DESC 'email address of server administrator'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.16
+	NAME 'architecture'
+	DESC 'hardware architecture of server'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.17
+	NAME 'bandwidth'
+	DESC 'type of network connection for server'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.18
+	NAME 'disk'
+	DESC 'amount of disk space available to server'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.19
+	NAME 'distribution'
+	DESC 'host OS distribution'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.9586.100.4.2.20
+#	NAME 'host'
+#	DESC '(short) host name of server'
+#	EQUALITY caseIgnoreIA5Match
+#	SUBSTR caseIgnoreIA5SubstringsMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.21
+	NAME 'hostname'
+	DESC 'FQDN of the server'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.22
+	NAME 'machine'
+	DESC 'description of physical hardware'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.23
+	NAME 'memory'
+	DESC 'amount of RAM available to server'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.24
+	NAME 'sponsor'
+	DESC 'name of the sponsor of this server'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.25
+	NAME 'sponsor-admin'
+	DESC 'email address of sponsoring server administrator'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.26
+	NAME 'sshRSAHostKey'
+	DESC 'textual form of an SSH public host key compatible with known_hosts'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.27
+	NAME 'status'
+	DESC 'administrative status of server'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.28
+	NAME 'gecos'
+	DESC 'The GECOS field; the common name'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.29
+	NAME 'gid'
+	DESC 'Group Name'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.30
+	NAME 'gender'
+	DESC 'ISO 5218 representation of human gender'
+	EQUALITY integerMatch
+	SINGLE-VALUE
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.31
+	NAME 'birthDate'
+	DESC 'Date of birth in YYYYMMDD format'
+	EQUALITY numericStringMatch
+	SINGLE-VALUE
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{8} )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.32
+	NAME 'mailDisableMessage'
+	DESC 'Message returned when all mail is disabled'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+# Public object classes
+
+objectclass ( 1.3.6.1.4.1.9586.100.4.1.1
+	NAME 'debianAccount'
+	DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
+	SUP top AUXILIARY
+	MUST ( cn $ uid $ uidNumber $ gidNumber )
+	MAY ( userPassword $ loginShell $ gecos $ homeDirectory $ description $ mailDisableMessage ) )
+
+objectclass ( 1.3.6.1.4.1.9586.100.4.1.2
+	NAME 'debianGroup'
+	SUP top STRUCTURAL
+	DESC 'attributes used for Debian groups'
+	MUST ( gid $ gidNumber )
+	MAY ( description ) )
+
+# Experimental attribute types
+
+# There are existing schemas for doing DNS in LDAP; would one of
+# these be better?  c.f. draft-miller-dns-ldap-schema-00 (expired)
+attributetype ( 1.3.6.1.4.1.9586.100.4.4.2
+	NAME 'dnsZoneEntry'
+	DESC 'DNS zone record for user'
+	EQUALITY octetStringMatch
+        SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+# rfc822mailbox (RFC1274) is recommended as a replacement for this in
+# general.
+attributetype ( 1.3.6.1.4.1.9586.100.4.4.3
+	NAME 'emailForward'
+	DESC 'forwarding address for email sent to this account'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+# Network Associates also has a schema for PGP keys / key IDs which may
+# or may not be applicable:
+# http://www.openldap.org/lists/openldap-devel/200010/msg00071.html
+attributetype ( 1.3.6.1.4.1.9586.100.4.4.4 
+	NAME 'keyFingerPrint'
+	EQUALITY caseIgnoreMatch  
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX  1.3.6.1.4.1.1466.115.121.1.15 )
+
+# Rather Debian-specific, not useful to the public.
+attributetype ( 1.3.6.1.4.1.9586.100.4.4.5 
+	NAME 'privateSub'
+	DESC 'email subscription address for debian-private mailing list'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+# Echelon attributes; re-evaluate later
+attributetype ( 1.3.6.1.4.1.9586.100.4.4.6
+	NAME 'accountComment'
+	DESC 'additional comments regarding the account status'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.4.7
+	NAME 'accountStatus'
+	DESC 'Debian developer account status'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+# mail attributes; not public information
+attributetype ( 1.3.6.1.4.1.9586.100.4.4.8
+	NAME 'mailCallout'
+	DESC 'Whether or not to require a successful callout attempt on email delivery'
+	EQUALITY booleanMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.4.9
+	NAME 'mailGreylisting'
+	DESC 'Whether or not to perform greylisting on email delivery'
+	EQUALITY booleanMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.4.11
+	NAME 'mailRBL'
+	DESC 'RBL sites to check at SMTP accept time'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.4.12
+	NAME 'mailRHSBL'
+	DESC 'RHSBL sites to check at SMTP accept time'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.9586.100.4.4.13
+	NAME 'mailWhitelist'
+	DESC 'sites to whitelist from additional SMTP accept time checks'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+# Experimental objectclasses:
+
+objectclass ( 1.3.6.1.4.1.9586.100.4.3.1
+	NAME 'debianDeveloper'
+	DESC 'additional account attributes used by Debian'
+	SUP top AUXILIARY
+	MUST ( uid $ cn $ sn )
+	MAY ( accountComment $ accountStatus $ activity-from $
+	      activity-pgp $ allowedHost $ comment $ countryName $
+	      dnsZoneEntry $ emailForward $ icqUin $ ircNick $
+	      jabberJID $ keyFingerPrint $ latitude $ longitude $ mn $
+	      onVacation $ privateSub $ sshRSAAuthKey $ supplementaryGid $
+	      access $ gender $ birthDate $ mailCallout $ mailGreylisting $
+              mailRBL $ mailRHSBL $ mailWhitelist
+	) )
+
+objectclass ( 1.3.6.1.4.1.9586.100.4.3.2
+	NAME 'debianServer'
+	DESC 'Internet-connected server associated with Debian'
+	SUP top STRUCTURAL
+	MUST ( host $ hostname )
+	MAY ( c $ access $ admin $ architecture $ bandwidth $ description $ disk $
+	      distribution $ l $ machine $ memory $ sponsor $
+	      sponsor-admin $ sshRSAHostKey $ status
+	) )
+
+objectclass ( 1.3.6.1.4.1.9586.100.4.3.3
+	NAME 'debianRoleAccount'
+	DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
+	SUP account STRUCTURAL
+	MAY ( emailForward $ supplementaryGid $ allowedHost $ labeledURI $
+	      mailCallout $ mailGreylisting $ mailRBL $ mailRHSBL $
+	      mailWhitelist
+	) )

=== modified file 'debian/changelog'
--- a/debian/changelog	2007-08-12 17:40:32 +0000
+++ b/debian/changelog	2007-12-25 10:22:37 +0000
@@ -1,3 +1,10 @@
+userdir-ldap (0.3.15+xxx) XXunstable; urgency=low
+
+  * Ship userdir-ldap.schema with the package, add a note that it is
+    now version-controlled in bzr on top of the file.
+
+ -- Peter Palfrader <weasel at debian.org>  Tue, 25 Dec 2007 11:21:45 +0100
+
 userdir-ldap (0.3.15) unstable; urgency=low
 
   * userdir_gpg.py: fix RT #70 (sub-key support for mail gateway)

=== modified file 'debian/rules'
--- a/debian/rules	2007-08-12 17:40:32 +0000
+++ b/debian/rules	2007-12-25 10:22:37 +0000
@@ -22,7 +22,8 @@
 	$(pysite)/userdir_ldap \
 	usr/share/doc/$(package)/samples \
 	etc/userdir-ldap/templates \
-	etc/cron.d
+	etc/cron.d \
+	etc/ldap/schema	
 
 binary-indep: build
 	dh_testdir
@@ -45,6 +46,7 @@
 	echo "# See /usr/share/doc/userdir-ldap" > $(i)/etc/userdir-ldap/generate.conf
 	chmod 644 $(i)/etc/userdir-ldap/generate.conf
 	install -m 644 templates/*-* $(i)/etc/userdir-ldap/templates/
+	install -m 644 userdir-ldap.schema $(i)/etc/ldap/schema/
 
 	dh_installdocs
 	dh_installchangelogs

