ldaptic 0.2.0 → 0.2.1

Sign up to get free protection for your applications and to get access to all the features.
@@ -52,6 +52,7 @@ module Ldaptic
52
52
  def base=(dn)
53
53
  @base = Ldaptic::DN(dn, self)
54
54
  end
55
+ alias dn= base=
55
56
  # Access the base DN.
56
57
  def base
57
58
  @base ||= Ldaptic::DN(adapter.default_base_dn, self)
@@ -140,14 +141,14 @@ module Ldaptic
140
141
  private :search_options
141
142
 
142
143
  def find_one(dn, options)
143
- objects = search(options.merge(:base => dn, :scope => :base, :limit => false))
144
- unless objects.size == 1
144
+ object = search(options.merge(:base => dn, :scope => :base, :limit => true))
145
+ unless object
145
146
  # For a missing DN, the error will be raised automatically. If the
146
147
  # DN does exist but is not returned (e.g., it doesn't match the given
147
148
  # filter), we'll simulate it instead.
148
149
  Ldaptic::Errors.raise(Ldaptic::Errors::NoSuchObject.new("record not found for #{dn}"))
149
150
  end
150
- objects.first
151
+ object
151
152
  end
152
153
  private :find_one
153
154
 
@@ -248,19 +249,21 @@ module Ldaptic
248
249
 
249
250
  # Performs an LDAP add.
250
251
  def add(dn, attributes)
251
- log_dispatch(:add, dn, attributes)
252
252
  attributes = normalize_attributes(attributes)
253
+ log_dispatch(:add, dn, attributes)
253
254
  adapter.add(dn, attributes)
254
255
  end
255
256
 
256
257
  # Performs an LDAP modify.
257
258
  def modify(dn, attributes)
258
- log_dispatch(:modify, dn, attributes)
259
259
  if attributes.kind_of?(Hash)
260
260
  attributes = normalize_attributes(attributes)
261
261
  else
262
- attributes = attributes.map {|(action, key, values)| [action, Ldaptic.encode(key), Array(values)]}
262
+ attributes = attributes.map do |(action, key, values)|
263
+ [action, Ldaptic.encode(key), values.respond_to?(:before_type_cast) ? values.before_type_cast : Array(values)]
264
+ end
263
265
  end
266
+ log_dispatch(:modify, dn, attributes)
264
267
  adapter.modify(dn, attributes) unless attributes.empty?
265
268
  end
266
269
 
@@ -272,7 +275,7 @@ module Ldaptic
272
275
 
273
276
  # Performs an LDAP modrdn.
274
277
  def rename(dn, new_rdn, delete_old, *args)
275
- log_dispatch(:delete, dn, new_rdn, delete_old, *args)
278
+ log_dispatch(:rename, dn, new_rdn, delete_old, *args)
276
279
  adapter.rename(dn, new_rdn.to_str, delete_old, *args)
277
280
  end
278
281
 
@@ -200,6 +200,11 @@ module Ldaptic
200
200
  Ldaptic::SYNTAXES[syntax_oid]
201
201
  end
202
202
  alias syntax syntax_object
203
+
204
+ def matchable(value)
205
+ Ldaptic::MatchingRules.for(equality).new.matchable(Ldaptic.encode(value))
206
+ end
207
+
203
208
  end
204
209
 
205
210
  class MatchingRule < NameDescObsoleteDefiniton
@@ -244,3 +249,4 @@ module Ldaptic
244
249
  end
245
250
 
246
251
  require 'ldaptic/syntaxes'
252
+ require 'ldaptic/matching_rules'
@@ -11,7 +11,7 @@ class LdapticAdaptersTest < Test::Unit::TestCase
11
11
 
12
12
  def test_should_parameterize_search_options
13
13
  assert_equal(
14
- ["DC=org", 0, "(objectClass=*)", nil, false, 1, 10_000, "", nil],
14
+ ["DC=org", 0, "(objectClass=*)", nil, false, 1, 10_000],
15
15
  @ldap_conn.instance_eval { search_parameters(
16
16
  :base => "DC=org",
17
17
  :scope => 0,
@@ -35,6 +35,7 @@ class LdapticAttributeSetTest < Test::Unit::TestCase
35
35
  assert_equal ["foo", "bar"], @description
36
36
  assert_same @description, @description.unshift([["baz"]])
37
37
  assert_equal ["baz", "foo", "bar"], @description
38
+ assert_equal 1, @description.index('foo')
38
39
  assert_equal "foo", @description.delete("foo")
39
40
  assert_nil @description.delete("foo")
40
41
  @description.clear
@@ -107,4 +107,9 @@ class LdapticDNTest < Test::Unit::TestCase
107
107
  assert_raise(TypeError) { Ldaptic::RDN(Object.new => "whee") }
108
108
  end
109
109
 
110
+ def test_domain
111
+ assert_equal 'example.com', Ldaptic::DN('ou=Users,dc=example,dc=com').domain
112
+ assert_nil Ldaptic::DN('ou=Users').domain
113
+ end
114
+
110
115
  end
@@ -11,6 +11,7 @@ class LdapticHierarchyTest < Test::Unit::TestCase
11
11
  assert_raise(NoMethodError) { Mock.new }
12
12
  assert_equal Mock::Top, Mock::Person.superclass
13
13
  assert Mock::Person.method_defined?(:sn)
14
+ assert Mock::Person.method_defined?(:surname)
14
15
  assert !Mock::Top.method_defined?(:sn)
15
16
  assert_equal [], Mock::Top.aux
16
17
  assert_equal %w(simpleSecurityObject), Mock::Person.aux
@@ -0,0 +1,38 @@
1
+ require File.join(File.dirname(File.expand_path(__FILE__)),'test_helper')
2
+ require 'ldaptic/matching_rules'
3
+
4
+ class LdapticMatchingRulesTest < Test::Unit::TestCase
5
+ include Ldaptic::MatchingRules
6
+
7
+ def test_for
8
+ assert_equal GeneralizedTimeMatch, Ldaptic::MatchingRules.for("generalizedTimeMatch")
9
+ end
10
+
11
+ def test_case_exact_match
12
+ assert CaseExactMatch.new.match(' A bc', 'A bc')
13
+ assert !CaseExactMatch.new.match(' A bc', 'a bC')
14
+ end
15
+
16
+ def test_case_ignore_match
17
+ assert CaseIgnoreMatch.new.match(' A bc', 'a bC')
18
+ end
19
+
20
+ def test_generalized_time_match
21
+ assert_equal Time.utc(2000,1,1,12,34,56), GeneralizedTimeMatch.new.matchable("20000101123456.0Z")
22
+ end
23
+
24
+ def test_numeric_string
25
+ assert NumericStringMatch.new.match(' 123 4', '123 4')
26
+ assert !NumericStringMatch.new.match('1234', '1235')
27
+ end
28
+
29
+ def test_distinguished_name_match
30
+ assert DistinguishedNameMatch.new.match('a=1+b=2', 'B=2+A=1')
31
+ assert !DistinguishedNameMatch.new.match('a=1,b=2', 'b=2,a=1')
32
+ end
33
+
34
+ def test_telephone_number_match
35
+ assert TelephoneNumberMatch.new.match("911", "9 1-1-")
36
+ end
37
+
38
+ end
metadata CHANGED
@@ -1,12 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ldaptic
3
3
  version: !ruby/object:Gem::Version
4
+ hash: 21
4
5
  prerelease: false
5
6
  segments:
6
7
  - 0
7
8
  - 2
8
- - 0
9
- version: 0.2.0
9
+ - 1
10
+ version: 0.2.1
10
11
  platform: ruby
11
12
  authors:
12
13
  - Tim Pope
@@ -14,7 +15,7 @@ autorequire:
14
15
  bindir: bin
15
16
  cert_chain: []
16
17
 
17
- date: 2011-01-25 00:00:00 -05:00
18
+ date: 2011-01-30 00:00:00 -05:00
18
19
  default_executable:
19
20
  dependencies:
20
21
  - !ruby/object:Gem::Dependency
@@ -25,6 +26,7 @@ dependencies:
25
26
  requirements:
26
27
  - - ~>
27
28
  - !ruby/object:Gem::Version
29
+ hash: 59
28
30
  segments:
29
31
  - 0
30
32
  - 9
@@ -40,6 +42,7 @@ dependencies:
40
42
  requirements:
41
43
  - - ~>
42
44
  - !ruby/object:Gem::Version
45
+ hash: 27
43
46
  segments:
44
47
  - 0
45
48
  - 1
@@ -55,6 +58,7 @@ dependencies:
55
58
  requirements:
56
59
  - - ~>
57
60
  - !ruby/object:Gem::Version
61
+ hash: 7
58
62
  segments:
59
63
  - 3
60
64
  - 0
@@ -76,7 +80,6 @@ files:
76
80
  - LICENSE
77
81
  - lib/ldaptic/adapters.rb
78
82
  - lib/ldaptic/syntaxes.rb
79
- - lib/ldaptic/railtie.rb
80
83
  - lib/ldaptic/entry.rb
81
84
  - lib/ldaptic/filter.rb
82
85
  - lib/ldaptic/error_set.rb
@@ -92,8 +95,9 @@ files:
92
95
  - lib/ldaptic/adapters/active_directory_ext.rb
93
96
  - lib/ldaptic/adapters/net_ldap_adapter.rb
94
97
  - lib/ldaptic/adapters/ldap_conn_adapter.rb
95
- - lib/ldaptic/active_model.rb
98
+ - lib/ldaptic/matching_rules.rb
96
99
  - lib/ldaptic.rb
100
+ - test/ldaptic_matching_rules_test.rb
97
101
  - test/ldaptic_escape_test.rb
98
102
  - test/ldaptic_schema_test.rb
99
103
  - test/ldaptic_adapters_test.rb
@@ -104,11 +108,8 @@ files:
104
108
  - test/ldaptic_dn_test.rb
105
109
  - test/test_helper.rb
106
110
  - test/ldaptic_errors_test.rb
107
- - test/rbslapd1.rb
108
111
  - test/ldaptic_hierarchy_test.rb
109
112
  - test/ldaptic_attribute_set_test.rb
110
- - test/core.schema
111
- - test/rbslapd4.rb
112
113
  - test/ldaptic_syntaxes_test.rb
113
114
  has_rdoc: true
114
115
  homepage: http://github.com/tpope/ldaptic
@@ -124,6 +125,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
124
125
  requirements:
125
126
  - - ">="
126
127
  - !ruby/object:Gem::Version
128
+ hash: 3
127
129
  segments:
128
130
  - 0
129
131
  version: "0"
@@ -132,6 +134,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
132
134
  requirements:
133
135
  - - ">="
134
136
  - !ruby/object:Gem::Version
137
+ hash: 3
135
138
  segments:
136
139
  - 0
137
140
  version: "0"
@@ -1,37 +0,0 @@
1
- require 'active_model'
2
- require 'ldaptic'
3
-
4
- ActiveModel::EachValidator.class_eval do
5
- def validate(record)
6
- attributes.each do |attribute|
7
- values = record.read_attribute_for_validation(attribute)
8
- values = [values] unless values.respond_to?(:before_type_cast)
9
- values.each do |value|
10
- next if (value.nil? && options[:allow_nil]) || (value.blank? && options[:allow_blank])
11
- validate_each(record, attribute, value)
12
- end
13
- end
14
- end
15
- end
16
-
17
- class Ldaptic::Entry
18
- include ActiveModel::Validations
19
- include ActiveModel::Serializers::Xml
20
- include ActiveModel::Serializers::JSON
21
- include ActiveModel::Dirty
22
- include ActiveModel::Callbacks
23
-
24
- def read_attribute_for_validation(attribute)
25
- read_attribute(attribute.to_sym, true)
26
- end
27
-
28
- # define_model_callbacks(:save, :destroy)
29
-
30
- validate do
31
- @attributes.keys.each do |key|
32
- self[key].errors.each do |error|
33
- errors.add(key, error)
34
- end
35
- end
36
- end if respond_to?(:validate)
37
- end
@@ -1,9 +0,0 @@
1
- require 'ldaptic'
2
- require 'ldaptic/before_type_cast'
3
-
4
- class Ldaptic::Entry
5
- include Ldaptic::BeforeTypeCast
6
- if defined?(ActiveModel)
7
- extend ActiveModel::Naming
8
- end
9
- end
data/test/core.schema DELETED
@@ -1,582 +0,0 @@
1
- # OpenLDAP Core schema
2
- # $OpenLDAP: pkg/ldap/servers/slapd/schema/core.schema,v 1.68.2.6 2005/01/20 17:01:18 kurt Exp $
3
- ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4
- ##
5
- ## Copyright 1998-2005 The OpenLDAP Foundation.
6
- ## All rights reserved.
7
- ##
8
- ## Redistribution and use in source and binary forms, with or without
9
- ## modification, are permitted only as authorized by the OpenLDAP
10
- ## Public License.
11
- ##
12
- ## A copy of this license is available in the file LICENSE in the
13
- ## top-level directory of the distribution or, alternatively, at
14
- ## <http://www.OpenLDAP.org/license.html>.
15
- #
16
- ## Portions Copyright (C) The Internet Society (1997-2003).
17
- ## All Rights Reserved.
18
- ##
19
- ## This document and translations of it may be copied and furnished to
20
- ## others, and derivative works that comment on or otherwise explain it
21
- ## or assist in its implementation may be prepared, copied, published
22
- ## and distributed, in whole or in part, without restriction of any
23
- ## kind, provided that the above copyright notice and this paragraph are
24
- ## included on all such copies and derivative works. However, this
25
- ## document itself may not be modified in any way, such as by removing
26
- ## the copyright notice or references to the Internet Society or other
27
- ## Internet organizations, except as needed for the purpose of
28
- ## developing Internet standards in which case the procedures for
29
- ## copyrights defined in the Internet Standards process must be
30
- ## followed, or as required to translate it into languages other than
31
- ## English.
32
- ##
33
- ## The limited permissions granted above are perpetual and will not be
34
- ## revoked by the Internet Society or its successors or assigns.
35
- ##
36
- ## This document and the information contained herein is provided on an
37
- ## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
38
- ## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
39
- ## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
40
- ## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
41
- ## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
42
-
43
- #
44
- #
45
- # Includes LDAPv3 schema items from:
46
- # RFC 2252/2256 (LDAPv3)
47
- #
48
- # Select standard track schema items:
49
- # RFC 1274 (uid/dc)
50
- # RFC 2079 (URI)
51
- # RFC 2247 (dc/dcObject)
52
- # RFC 2587 (PKI)
53
- # RFC 2589 (Dynamic Directory Services)
54
- #
55
- # Select informational schema items:
56
- # RFC 2377 (uidObject)
57
-
58
- #
59
- # Standard attribute types from RFC 2256
60
- #
61
-
62
- # system schema
63
- #attributetype ( 2.5.4.0 NAME 'objectClass'
64
- # DESC 'RFC2256: object classes of the entity'
65
- # EQUALITY objectIdentifierMatch
66
- # SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
67
-
68
- # system schema
69
- #attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
70
- # DESC 'RFC2256: name of aliased object'
71
- # EQUALITY distinguishedNameMatch
72
- # SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
73
-
74
- attributetype ( 2.5.4.2 NAME 'knowledgeInformation'
75
- DESC 'RFC2256: knowledge information'
76
- EQUALITY caseIgnoreMatch
77
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
78
-
79
- # system schema
80
- #attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
81
- # DESC 'RFC2256: common name(s) for which the entity is known by'
82
- # SUP name )
83
-
84
- attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )
85
- DESC 'RFC2256: last (family) name(s) for which the entity is known by'
86
- SUP name )
87
-
88
- attributetype ( 2.5.4.5 NAME 'serialNumber'
89
- DESC 'RFC2256: serial number of the entity'
90
- EQUALITY caseIgnoreMatch
91
- SUBSTR caseIgnoreSubstringsMatch
92
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
93
-
94
- attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
95
- DESC 'RFC2256: ISO-3166 country 2-letter code'
96
- EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
97
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
98
- SINGLE-VALUE )
99
-
100
- attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )
101
- DESC 'RFC2256: locality which this object resides in'
102
- SUP name )
103
-
104
- attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
105
- DESC 'RFC2256: state or province which this object resides in'
106
- SUP name )
107
-
108
- attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
109
- DESC 'RFC2256: street address of this object'
110
- EQUALITY caseIgnoreMatch
111
- SUBSTR caseIgnoreSubstringsMatch
112
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
113
-
114
- attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' )
115
- DESC 'RFC2256: organization this object belongs to'
116
- SUP name )
117
-
118
- attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
119
- DESC 'RFC2256: organizational unit this object belongs to'
120
- SUP name )
121
-
122
- attributetype ( 2.5.4.12 NAME 'title'
123
- DESC 'RFC2256: title associated with the entity'
124
- SUP name )
125
-
126
- attributetype ( 2.5.4.13 NAME 'description'
127
- DESC 'RFC2256: descriptive information'
128
- EQUALITY caseIgnoreMatch
129
- SUBSTR caseIgnoreSubstringsMatch
130
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
131
-
132
- # Obsoleted by enhancedSearchGuide
133
- attributetype ( 2.5.4.14 NAME 'searchGuide'
134
- DESC 'RFC2256: search guide, obsoleted by enhancedSearchGuide'
135
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
136
-
137
- attributetype ( 2.5.4.15 NAME 'businessCategory'
138
- DESC 'RFC2256: business category'
139
- EQUALITY caseIgnoreMatch
140
- SUBSTR caseIgnoreSubstringsMatch
141
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
142
-
143
- attributetype ( 2.5.4.16 NAME 'postalAddress'
144
- DESC 'RFC2256: postal address'
145
- EQUALITY caseIgnoreListMatch
146
- SUBSTR caseIgnoreListSubstringsMatch
147
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
148
-
149
- attributetype ( 2.5.4.17 NAME 'postalCode'
150
- DESC 'RFC2256: postal code'
151
- EQUALITY caseIgnoreMatch
152
- SUBSTR caseIgnoreSubstringsMatch
153
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
154
-
155
- attributetype ( 2.5.4.18 NAME 'postOfficeBox'
156
- DESC 'RFC2256: Post Office Box'
157
- EQUALITY caseIgnoreMatch
158
- SUBSTR caseIgnoreSubstringsMatch
159
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
160
-
161
- attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
162
- DESC 'RFC2256: Physical Delivery Office Name'
163
- EQUALITY caseIgnoreMatch
164
- SUBSTR caseIgnoreSubstringsMatch
165
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
166
-
167
- attributetype ( 2.5.4.20 NAME 'telephoneNumber'
168
- DESC 'RFC2256: Telephone Number'
169
- EQUALITY telephoneNumberMatch
170
- SUBSTR telephoneNumberSubstringsMatch
171
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
172
-
173
- attributetype ( 2.5.4.21 NAME 'telexNumber'
174
- DESC 'RFC2256: Telex Number'
175
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
176
-
177
- attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
178
- DESC 'RFC2256: Teletex Terminal Identifier'
179
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
180
-
181
- attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
182
- DESC 'RFC2256: Facsimile (Fax) Telephone Number'
183
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
184
-
185
- attributetype ( 2.5.4.24 NAME 'x121Address'
186
- DESC 'RFC2256: X.121 Address'
187
- EQUALITY numericStringMatch
188
- SUBSTR numericStringSubstringsMatch
189
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
190
-
191
- attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber'
192
- DESC 'RFC2256: international ISDN number'
193
- EQUALITY numericStringMatch
194
- SUBSTR numericStringSubstringsMatch
195
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
196
-
197
- attributetype ( 2.5.4.26 NAME 'registeredAddress'
198
- DESC 'RFC2256: registered postal address'
199
- SUP postalAddress
200
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
201
-
202
- attributetype ( 2.5.4.27 NAME 'destinationIndicator'
203
- DESC 'RFC2256: destination indicator'
204
- EQUALITY caseIgnoreMatch
205
- SUBSTR caseIgnoreSubstringsMatch
206
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
207
-
208
- attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'
209
- DESC 'RFC2256: preferred delivery method'
210
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
211
- SINGLE-VALUE )
212
-
213
- attributetype ( 2.5.4.29 NAME 'presentationAddress'
214
- DESC 'RFC2256: presentation address'
215
- EQUALITY presentationAddressMatch
216
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
217
- SINGLE-VALUE )
218
-
219
- attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'
220
- DESC 'RFC2256: supported application context'
221
- EQUALITY objectIdentifierMatch
222
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
223
-
224
- attributetype ( 2.5.4.31 NAME 'member'
225
- DESC 'RFC2256: member of a group'
226
- SUP distinguishedName )
227
-
228
- attributetype ( 2.5.4.32 NAME 'owner'
229
- DESC 'RFC2256: owner (of the object)'
230
- SUP distinguishedName )
231
-
232
- attributetype ( 2.5.4.33 NAME 'roleOccupant'
233
- DESC 'RFC2256: occupant of role'
234
- SUP distinguishedName )
235
-
236
- attributetype ( 2.5.4.34 NAME 'seeAlso'
237
- DESC 'RFC2256: DN of related object'
238
- SUP distinguishedName )
239
-
240
- # system schema
241
- #attributetype ( 2.5.4.35 NAME 'userPassword'
242
- # DESC 'RFC2256/2307: password of user'
243
- # EQUALITY octetStringMatch
244
- # SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
245
-
246
- # Must be transferred using ;binary
247
- # with certificateExactMatch rule (per X.509)
248
- attributetype ( 2.5.4.36 NAME 'userCertificate'
249
- DESC 'RFC2256: X.509 user certificate, use ;binary'
250
- EQUALITY certificateExactMatch
251
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
252
-
253
- # Must be transferred using ;binary
254
- # with certificateExactMatch rule (per X.509)
255
- attributetype ( 2.5.4.37 NAME 'cACertificate'
256
- DESC 'RFC2256: X.509 CA certificate, use ;binary'
257
- EQUALITY certificateExactMatch
258
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
259
-
260
- # Must be transferred using ;binary
261
- attributetype ( 2.5.4.38 NAME 'authorityRevocationList'
262
- DESC 'RFC2256: X.509 authority revocation list, use ;binary'
263
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
264
-
265
- # Must be transferred using ;binary
266
- attributetype ( 2.5.4.39 NAME 'certificateRevocationList'
267
- DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
268
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
269
-
270
- # Must be stored and requested in the binary form
271
- attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
272
- DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
273
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
274
-
275
- # 2.5.4.41 is defined above as it's used for subtyping
276
- #attributetype ( 2.5.4.41 NAME 'name'
277
- # EQUALITY caseIgnoreMatch
278
- # SUBSTR caseIgnoreSubstringsMatch
279
- # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
280
-
281
- attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' )
282
- DESC 'RFC2256: first name(s) for which the entity is known by'
283
- SUP name )
284
-
285
- attributetype ( 2.5.4.43 NAME 'initials'
286
- DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
287
- SUP name )
288
-
289
- attributetype ( 2.5.4.44 NAME 'generationQualifier'
290
- DESC 'RFC2256: name qualifier indicating a generation'
291
- SUP name )
292
-
293
- attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'
294
- DESC 'RFC2256: X.500 unique identifier'
295
- EQUALITY bitStringMatch
296
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
297
-
298
- attributetype ( 2.5.4.46 NAME 'dnQualifier'
299
- DESC 'RFC2256: DN qualifier'
300
- EQUALITY caseIgnoreMatch
301
- ORDERING caseIgnoreOrderingMatch
302
- SUBSTR caseIgnoreSubstringsMatch
303
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
304
-
305
- attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'
306
- DESC 'RFC2256: enhanced search guide'
307
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
308
-
309
- attributetype ( 2.5.4.48 NAME 'protocolInformation'
310
- DESC 'RFC2256: protocol information'
311
- EQUALITY protocolInformationMatch
312
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
313
-
314
- # 2.5.4.49 is defined above as it's used for subtyping
315
- #attributetype ( 2.5.4.49 NAME 'distinguishedName'
316
- # EQUALITY distinguishedNameMatch
317
- # SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
318
-
319
- attributetype ( 2.5.4.50 NAME 'uniqueMember'
320
- DESC 'RFC2256: unique member of a group'
321
- EQUALITY uniqueMemberMatch
322
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
323
-
324
- attributetype ( 2.5.4.51 NAME 'houseIdentifier'
325
- DESC 'RFC2256: house identifier'
326
- EQUALITY caseIgnoreMatch
327
- SUBSTR caseIgnoreSubstringsMatch
328
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
329
-
330
- # Must be transferred using ;binary
331
- attributetype ( 2.5.4.52 NAME 'supportedAlgorithms'
332
- DESC 'RFC2256: supported algorithms'
333
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
334
-
335
- # Must be transferred using ;binary
336
- attributetype ( 2.5.4.53 NAME 'deltaRevocationList'
337
- DESC 'RFC2256: delta revocation list; use ;binary'
338
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
339
-
340
- attributetype ( 2.5.4.54 NAME 'dmdName'
341
- DESC 'RFC2256: name of DMD'
342
- SUP name )
343
-
344
-
345
- # Standard object classes from RFC2256
346
-
347
- # system schema
348
- #objectclass ( 2.5.6.1 NAME 'alias'
349
- # DESC 'RFC2256: an alias'
350
- # SUP top STRUCTURAL
351
- # MUST aliasedObjectName )
352
-
353
- objectclass ( 2.5.6.2 NAME 'country'
354
- DESC 'RFC2256: a country'
355
- SUP top STRUCTURAL
356
- MUST c
357
- MAY ( searchGuide $ description ) )
358
-
359
- objectclass ( 2.5.6.3 NAME 'locality'
360
- DESC 'RFC2256: a locality'
361
- SUP top STRUCTURAL
362
- MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
363
-
364
- objectclass ( 2.5.6.4 NAME 'organization'
365
- DESC 'RFC2256: an organization'
366
- SUP top STRUCTURAL
367
- MUST o
368
- MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
369
- x121Address $ registeredAddress $ destinationIndicator $
370
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
371
- telephoneNumber $ internationaliSDNNumber $
372
- facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
373
- postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
374
-
375
- objectclass ( 2.5.6.5 NAME 'organizationalUnit'
376
- DESC 'RFC2256: an organizational unit'
377
- SUP top STRUCTURAL
378
- MUST ou
379
- MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
380
- x121Address $ registeredAddress $ destinationIndicator $
381
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
382
- telephoneNumber $ internationaliSDNNumber $
383
- facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
384
- postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
385
-
386
- objectclass ( 2.5.6.6 NAME 'person'
387
- DESC 'RFC2256: a person'
388
- SUP top STRUCTURAL
389
- MUST ( sn $ cn )
390
- MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
391
-
392
- objectclass ( 2.5.6.7 NAME 'organizationalPerson'
393
- DESC 'RFC2256: an organizational person'
394
- SUP person STRUCTURAL
395
- MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
396
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
397
- telephoneNumber $ internationaliSDNNumber $
398
- facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
399
- postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
400
-
401
- objectclass ( 2.5.6.8 NAME 'organizationalRole'
402
- DESC 'RFC2256: an organizational role'
403
- SUP top STRUCTURAL
404
- MUST cn
405
- MAY ( x121Address $ registeredAddress $ destinationIndicator $
406
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
407
- telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
408
- seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
409
- postOfficeBox $ postalCode $ postalAddress $
410
- physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
411
-
412
- objectclass ( 2.5.6.9 NAME 'groupOfNames'
413
- DESC 'RFC2256: a group of names (DNs)'
414
- SUP top STRUCTURAL
415
- MUST ( member $ cn )
416
- MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
417
-
418
- objectclass ( 2.5.6.10 NAME 'residentialPerson'
419
- DESC 'RFC2256: an residential person'
420
- SUP person STRUCTURAL
421
- MUST l
422
- MAY ( businessCategory $ x121Address $ registeredAddress $
423
- destinationIndicator $ preferredDeliveryMethod $ telexNumber $
424
- teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
425
- facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
426
- postOfficeBox $ postalCode $ postalAddress $
427
- physicalDeliveryOfficeName $ st $ l ) )
428
-
429
- objectclass ( 2.5.6.11 NAME 'applicationProcess'
430
- DESC 'RFC2256: an application process'
431
- SUP top STRUCTURAL
432
- MUST cn
433
- MAY ( seeAlso $ ou $ l $ description ) )
434
-
435
- objectclass ( 2.5.6.12 NAME 'applicationEntity'
436
- DESC 'RFC2256: an application entity'
437
- SUP top STRUCTURAL
438
- MUST ( presentationAddress $ cn )
439
- MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
440
- description ) )
441
-
442
- objectclass ( 2.5.6.13 NAME 'dSA'
443
- DESC 'RFC2256: a directory system agent (a server)'
444
- SUP applicationEntity STRUCTURAL
445
- MAY knowledgeInformation )
446
-
447
- objectclass ( 2.5.6.14 NAME 'device'
448
- DESC 'RFC2256: a device'
449
- SUP top STRUCTURAL
450
- MUST cn
451
- MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
452
-
453
- objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser'
454
- DESC 'RFC2256: a strong authentication user'
455
- SUP top AUXILIARY
456
- MUST userCertificate )
457
-
458
- objectclass ( 2.5.6.16 NAME 'certificationAuthority'
459
- DESC 'RFC2256: a certificate authority'
460
- SUP top AUXILIARY
461
- MUST ( authorityRevocationList $ certificateRevocationList $
462
- cACertificate ) MAY crossCertificatePair )
463
-
464
- objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
465
- DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
466
- SUP top STRUCTURAL
467
- MUST ( uniqueMember $ cn )
468
- MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
469
-
470
- objectclass ( 2.5.6.18 NAME 'userSecurityInformation'
471
- DESC 'RFC2256: a user security information'
472
- SUP top AUXILIARY
473
- MAY ( supportedAlgorithms ) )
474
-
475
- objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
476
- SUP certificationAuthority
477
- AUXILIARY MAY ( deltaRevocationList ) )
478
-
479
- objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'
480
- SUP top STRUCTURAL
481
- MUST ( cn )
482
- MAY ( certificateRevocationList $ authorityRevocationList $
483
- deltaRevocationList ) )
484
-
485
- objectclass ( 2.5.6.20 NAME 'dmd'
486
- SUP top STRUCTURAL
487
- MUST ( dmdName )
488
- MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
489
- x121Address $ registeredAddress $ destinationIndicator $
490
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
491
- telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
492
- street $ postOfficeBox $ postalCode $ postalAddress $
493
- physicalDeliveryOfficeName $ st $ l $ description ) )
494
-
495
- #
496
- # Object Classes from RFC 2587
497
- #
498
- objectclass ( 2.5.6.21 NAME 'pkiUser'
499
- DESC 'RFC2587: a PKI user'
500
- SUP top AUXILIARY
501
- MAY userCertificate )
502
-
503
- objectclass ( 2.5.6.22 NAME 'pkiCA'
504
- DESC 'RFC2587: PKI certificate authority'
505
- SUP top AUXILIARY
506
- MAY ( authorityRevocationList $ certificateRevocationList $
507
- cACertificate $ crossCertificatePair ) )
508
-
509
- objectclass ( 2.5.6.23 NAME 'deltaCRL'
510
- DESC 'RFC2587: PKI user'
511
- SUP top AUXILIARY
512
- MAY deltaRevocationList )
513
-
514
- #
515
- # Standard Track URI label schema from RFC 2079
516
- # system schema
517
- #attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
518
- # DESC 'RFC2079: Uniform Resource Identifier with optional label'
519
- # EQUALITY caseExactMatch
520
- # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
521
-
522
- objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
523
- DESC 'RFC2079: object that contains the URI attribute type'
524
- SUP top AUXILIARY
525
- MAY labeledURI )
526
-
527
- #
528
- # Derived from RFC 1274, but with new "short names"
529
- #
530
- attributetype ( 0.9.2342.19200300.100.1.1
531
- NAME ( 'uid' 'userid' )
532
- DESC 'RFC1274: user identifier'
533
- EQUALITY caseIgnoreMatch
534
- SUBSTR caseIgnoreSubstringsMatch
535
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
536
-
537
- attributetype ( 0.9.2342.19200300.100.1.3
538
- NAME ( 'mail' 'rfc822Mailbox' )
539
- DESC 'RFC1274: RFC822 Mailbox'
540
- EQUALITY caseIgnoreIA5Match
541
- SUBSTR caseIgnoreIA5SubstringsMatch
542
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
543
-
544
- objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
545
- DESC 'RFC1274: simple security object'
546
- SUP top AUXILIARY
547
- MUST userPassword )
548
-
549
- # RFC 1274 + RFC 2247
550
- attributetype ( 0.9.2342.19200300.100.1.25
551
- NAME ( 'dc' 'domainComponent' )
552
- DESC 'RFC1274/2247: domain component'
553
- EQUALITY caseIgnoreIA5Match
554
- SUBSTR caseIgnoreIA5SubstringsMatch
555
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
556
-
557
- # RFC 2247
558
- objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
559
- DESC 'RFC2247: domain component object'
560
- SUP top AUXILIARY MUST dc )
561
-
562
- # RFC 2377
563
- objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
564
- DESC 'RFC2377: uid object'
565
- SUP top AUXILIARY MUST uid )
566
-
567
- # From COSINE Pilot
568
- attributetype ( 0.9.2342.19200300.100.1.37
569
- NAME 'associatedDomain'
570
- DESC 'RFC1274: domain associated with object'
571
- EQUALITY caseIgnoreIA5Match
572
- SUBSTR caseIgnoreIA5SubstringsMatch
573
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
574
-
575
- # RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
576
- attributetype ( 1.2.840.113549.1.9.1
577
- NAME ( 'email' 'emailAddress' 'pkcs9email' )
578
- DESC 'RFC2459: legacy attribute for email addresses in DNs'
579
- EQUALITY caseIgnoreIA5Match
580
- SUBSTR caseIgnoreIA5SubstringsMatch
581
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
582
-