--- rfc2307bis.schema-orig 2014-05-22 01:45:11.938895274 +0000 +++ rfc2307bis.schema 2014-05-23 18:49:21.776700588 +0000 @@ -4,6 +4,13 @@ # Extracted from http://tools.ietf.org/id/draft-howard-rfc2307bis-02.txt # as of 2012/05/25, by Robin H. Johnson # +# Updated on 2014/05/23 by Jorge Manuel B. S. Vicetto +# Remove extraneous "'" characters, replace SUBSTRINGS with SUBSTR, add missing +# MAY section to nisObject, drop authPassword as it's still not supported by +# openldap and add SUBSTR matching rule for memberUid. + +# Attribute Type Definitions + #attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' # DESC 'An integer uniquely identifying a user in an # administrative domain' @@ -92,10 +100,9 @@ SINGLE-VALUE ) - - attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) @@ -248,18 +242,19 @@ SINGLE-VALUE ) +# Object Class Definitions objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY DESC 'Abstraction of an account with POSIX attributes' MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) - MAY ( authPassword $ userPassword $ loginShell $ gecos $ + MAY ( userPassword $ loginShell $ gecos $ description ) ) objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top AUXILIARY DESC 'Additional attributes for shadow passwords' MUST uid - MAY ( authPassword $ userPassword $ description $ + MAY ( userPassword $ description $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag ) ) @@ -268,7 +263,7 @@ objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY DESC 'Abstraction of a group of accounts' MUST gidNumber - MAY ( authPassword $ userPassword $ memberUid $ + MAY ( userPassword $ memberUid $ description ) ) @@ -276,8 +271,8 @@ DESC 'Abstraction an Internet Protocol service. Maps an IP port and protocol (such as tcp or udp) to one or more names; the distinguished value of - the cn attribute denotes the service's canonical - name' + the cn attribute denotes the canonical name of the + service' MUST ( cn $ ipServicePort $ ipServiceProtocol ) MAY description ) @@ -298,17 +290,17 @@ [RFC1057] Remote Procedure Call (RPC) binding. This class maps an ONC RPC number to a name. The distinguished value of the cn attribute denotes - the RPC service canonical name' + the canonical name of the RPC service' MUST ( cn $ oncRpcNumber ) MAY description ) objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost' SUP top AUXILIARY DESC 'Abstraction of a host, an IP device. The distinguished - value of the cn attribute denotes the host's canonical - name. Device SHOULD be used as a structural class' + value of the cn attribute denotes the canonical name of + the host. Device SHOULD be used as a structural class' MUST ( cn $ ipHostNumber ) - MAY ( authPassword $ userPassword $ l $ description $ + MAY ( userPassword $ l $ description $ manager ) ) @@ -335,6 +327,7 @@ objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' SUP top STRUCTURAL DESC 'An entry in a NIS map' MUST ( cn $ nisMapEntry $ nisMapName ) + MAY description ) objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' SUP top AUXILIARY