summaryrefslogtreecommitdiffstats
path: root/share
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2010-08-26 10:17:37 +0100
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2010-08-26 10:17:37 +0100
commite2f75e06656c1bd0cd0cecb4a99b8220f468fd8d (patch)
treef0ac19bdd7be13845c8a706df50f37333bf02a86 /share
downloadpykolab-e2f75e06656c1bd0cd0cecb4a99b8220f468fd8d.tar.gz
Initial commit
Diffstat (limited to 'share')
-rw-r--r--share/kolab2.schema1098
1 files changed, 1098 insertions, 0 deletions
diff --git a/share/kolab2.schema b/share/kolab2.schema
new file mode 100644
index 0000000..eb40a8d
--- /dev/null
+++ b/share/kolab2.schema
@@ -0,0 +1,1098 @@
+# $Id: kolab2.schema,v 1.38 2009/07/08 10:26:06 gunnar Exp $
+# (c) 2003, 2004 Tassilo Erlewein <tassilo.erlewein@erfrakon.de>
+# (c) 2003-2009 Martin Konold <martin.konold@erfrakon.de>
+# (c) 2003 Achim Frank <achim.frank@erfrakon.de>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# Redistributions of source code must retain the above copyright notice, this
+# list of conditions and the following disclaimer.
+#
+# Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+#
+# The name of the author may not be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# This schema highly depends on the core.schema, cosine.schema and the inetorgperson.schema
+# as provided by 3rd parties like OpenLDAP.
+#
+# slapd.conf then looks like
+# include /kolab/etc/openldap/schema/core.schema
+# include /kolab/etc/openldap/schema/cosine.schema
+# include /kolab/etc/openldap/schema/inetorgperson.schema
+# include /kolab/etc/openldap/schema/rfc2739.schema
+# include /kolab/etc/openldap/schema/kolab2.schema
+
+# Prefix for OIDs: 1.3.6.1.4.1.19414 <- registered
+# Prefix for OIDs: 1.3.6.1.4.1.19414.2000 <-- temporarily reserved for ob
+# Prefix for attributes: 1.3.6.1.4.1.19414.1
+# Prefix for attributes: 1.3.6.1.4.1.19414.2
+# Prefix for objectclasses: 1.3.6.1.4.1.19414.3
+# nameprefix: kolab
+#
+####################
+# kolab attributes #
+####################
+
+# helper attribute to make the kolab root easily findable in
+# a big ldap directory
+attributetype ( 1.3.6.1.4.1.19414.2.1.1
+ NAME ( 'k' 'kolab' )
+ DESC 'Kolab attribute'
+ SUP name )
+
+# kolabDeleteflag used to be a boolean but describes with Kolab 2
+# the fqdn of the server which is requested to delete this objects
+# in its local store
+attributetype ( 1.3.6.1.4.1.19414.2.1.2
+ NAME 'kolabDeleteflag'
+ DESC 'Per host deletion status'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+# alias used to provide alternative rfc822 email addresses for kolab users
+attributetype ( 1.3.6.1.4.1.19414.2.1.3
+ NAME 'alias'
+ DESC 'RFC1274: RFC822 Mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+# kolabEncryptedPassword is an asymmetrically (RSA) encrypted copy of the
+# cleartext password. This is required in order to pass the password from
+# the maintainance/administration application to the kolabHomeServer running the
+# resource handler application in a secure manner.
+# Actually this attribute is deprecated as of Kolab 2.1. Instead we grant the
+# calendar user dn: cn=calendar,cn=internal,dc=yourcompany,dc=com access to
+# the respective calendar folder using IMAP ACLs.
+attributetype ( 1.3.6.1.4.1.19414.2.1.4
+ NAME 'kolabEncryptedPassword'
+ DESC 'base64 encoded public key encrypted Password'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# hostname including the domain name like kolab-master.yourcompany.com
+attributetype ( 1.3.6.1.4.1.19414.2.1.5
+ NAME ( 'fqhostname' 'fqdnhostname' )
+ DESC 'Fully qualified Hostname including full domain component'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+# fqdn of all hosts in a multi-location or cluster setup
+attributetype ( 1.3.6.1.4.1.19414.2.1.6
+ NAME 'kolabHost'
+ DESC 'Multivalued -- list of hostnames in a Kolab setup'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+# fqdn of the server containg the actual user mailbox
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.1
+ NAME 'kolabHomeServer'
+ DESC 'server which keeps the users mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+# flag for allowing unrestriced length of mails
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.2
+ NAME 'unrestrictedMailSize'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+# Specifies the email delegates.
+# An email delegate can send email on behalf of the account
+# which means using the "from" of the account.
+# Delegates are specified by the syntax of rfc822 email addresses.
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.3
+ NAME 'kolabDelegate'
+ DESC 'Kolab user allowed to act as delegates - RFC822 Mailbox/Alias'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+# For user, group and resource Kolab accounts
+# Describes how to respond to invitations
+# We keep the attribute as a string, but actually it can only have one
+# of the following values:
+#
+# ACT_ALWAYS_ACCEPT
+# ACT_ALWAYS_REJECT
+# ACT_REJECT_IF_CONFLICTS
+# ACT_MANUAL_IF_CONFLICTS
+# ACT_MANUAL
+# In addition one of these values may be prefixed with a primary email
+# address followed by a colon like
+# user@domain.tld: ACT_ALWAYS_ACCEPT
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.4
+ NAME ( 'kolabInvitationPolicy' 'kolabResourceAction' )
+ DESC 'defines how to respond to invitations'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+# time span from now to the future used for the free busy data
+# measured in days
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.5
+ NAME 'kolabFreeBusyFuture'
+ DESC 'time in days for fb data towards the future'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+# time span from now to the past used for the free busy data
+# measured in days
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.6
+ NAME 'kolabFreeBusyPast'
+ DESC 'time in days for fb data towards the past'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+# fqdn of the server as the default SMTP MTA
+# not used in Kolab 2 currently as in Kolab 2 the
+# default MTA is equivalent to the kolabHomeServer
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.7
+ NAME 'kolabHomeMTA'
+ DESC 'fqdn of default MTA'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+# Begin date of Kolab vacation period. Sender will
+# be notified every kolabVacationResendIntervall days
+# that recipient is absent until kolabVacationEnd.
+# Values in this syntax are encoded as printable strings,
+# represented as specified in X.208.
+# Note that the time zone must be specified.
+# For Kolab we limit ourself to GMT
+# YYYYMMDDHHMMZ e.g. 200512311458Z.
+# see also: rfc 2252.
+# Currently this attribute is not used in Kolab.
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.8
+ NAME 'kolabVacationBeginDateTime'
+ DESC 'Begin date of vacation'
+ EQUALITY generalizedTimeMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ SINGLE-VALUE )
+
+# End date of Kolab vacation period. Sender will
+# be notified every kolabVacationResendIntervall days
+# that recipient is absent starting from kolabVacationBeginDateTime.
+# Values in this syntax are encoded as printable strings,
+# represented as specified in X.208.
+# Note that the time zone must be specified.
+# For Kolab we limit ourself to GMT
+# YYYYMMDDHHMMZ e.g. 200601012258Z.
+# see also: rfc 2252.
+# Currently this attribute is not used in Kolab.
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.9
+ NAME 'kolabVacationEndDateTime'
+ DESC 'End date of vacation'
+ EQUALITY generalizedTimeMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ SINGLE-VALUE )
+
+# Intervall in days after which senders get
+# another vacation message.
+# Currently this attribute is not used in Kolab.
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.10
+ NAME 'kolabVacationResendInterval'
+ DESC 'Vacation notice interval in days'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+# Email recipient addresses which are handled by the
+# vacation script. There can be multiple kolabVacationAddress
+# entries for each kolabInetOrgPerson.
+# Default is the primary email address and all
+# email aliases of the kolabInetOrgPerson.
+# Currently this attribute is not used in Kolab.
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.11
+ NAME 'kolabVacationAddress'
+ DESC 'Email address for vacation to response upon'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+# Enable sending vacation notices in reaction
+# unsolicited commercial email.
+# Default is no.
+# Currently this attribute is not used in Kolab.
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.12
+ NAME 'kolabVacationReplyToUCE'
+ DESC 'Enable vacation notices to UCE'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+# Email recipient domains which are handled by the
+# vacation script. There can be multiple kolabVacationReactDomain
+# entries for each kolabInetOrgPerson
+# Default is to handle all domains.
+# Currently this attribute is not used in Kolab.
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.13
+ NAME 'kolabVacationReactDomain'
+ DESC 'Multivalued -- Email domain for vacation to response upon'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+# Forward all incoming emails except UCE if kolabForwardUCE
+# is not set to this email address.
+# There can be multiple kolabForwardAddress entries for
+# each kolabInetOrgPerson.
+# Currently this attribute is not used in Kolab.
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.14
+ NAME 'kolabForwardAddress'
+ DESC 'Forward email to this address'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+# Keep local copy when forwarding emails to list of
+# kolabForwardAddress.
+# Default is no.
+# Currently this attribute is not used in Kolab.
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.15
+ NAME 'kolabForwardKeepCopy'
+ DESC 'Keep copy when forwarding'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+# Enable forwarding of UCE.
+# Default is yes.
+# Currently this attribute is not used in Kolab.
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.16
+ NAME 'kolabForwardUCE'
+ DESC 'Enable forwarding of mails known as UCE'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+# comment when creating or deleting a kolab object
+# a comment might be appropriate. This is most useful
+# for tracability when users get moved to the graveyard
+# instead of being really deleted. Every entry must be prefixed
+# with an ISO 8601 date string e.g 200604301458Z. All times must
+# be in zulu timezone.
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.17
+ NAME 'kolabComment'
+ DESC 'multi-value comment'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
+
+# describes the allowed or disallowed smtp addresses for
+# recipients. If this attribute is not set for a user no
+# kolab recipient policy does apply.
+# example entries:
+# .tld - allow mail to every recipient for this tld
+# domain.tld - allow mail to everyone in domain.tld
+# .domain.tld - allow mail to everyone in domain.tld and its subdomains
+# user@domain.tld - allow mail to explicit user@domain.tld
+# user@ - allow mail to this user but any domain
+# -.tld - disallow mail to every recipient for this tld
+# -domain.tld - disallow mail to everyone in domain.tld
+# -.domain.tld - disallow mail to everyone in domain.tld and its subdomains
+# -user@domain.tld - disallow mail to explicit user@domain.tld
+# -user@ - disallow mail to this user but any domain
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.18
+ NAME 'kolabAllowSMTPRecipient'
+ DESC 'SMTP address allowed for destination (multi-valued)'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} )
+
+# Create the user mailbox on the kolabHomeServer only.
+# Default is no.
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.19
+ NAME 'kolabHomeServerOnly'
+ DESC 'Create the user mailbox on the kolabHomeServer only'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.20
+ NAME 'kolabMaritalStatus'
+ DESC 'ledig(0), verh.(1)} DEFAULT ledig'
+ EQUALITY integerMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} )
+
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.21
+ NAME ( 'homeFacsimileTelephoneNumber' 'homeFaxNumber' )
+ DESC 'private facsimilie telephone number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
+
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.25
+ NAME 'bylawURI'
+ DESC 'URI pointing at the bylaw'
+ SUP labeledURI
+ SINGLE-VALUE )
+
+# Single string with $ seperated lines consisting of
+# surname $
+# givenName $
+# dateOfBirth $
+# restrictions $
+# signer of contract ('true'/'false')
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.27
+ NAME 'legalRepresentative'
+ DESC 'legal representative'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+# Single string with $ seperated lines consisting of
+# surname $
+# givenName $
+# dateOfBirth $
+# restrictions $
+# signer of contract ('true'/'false')
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.28
+ NAME 'commercialProcuration'
+ DESC 'described person which has commercial procuration'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.29
+ NAME 'legalRepresentationPolicy'
+ DESC 'described how legal representation works'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.31
+ NAME 'inLiquidation'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.32
+ NAME 'tradeRegisterRegisteredCapital'
+ EQUALITY integerMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.33
+ NAME 'tradeRegisterType'
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.36
+ NAME 'tradeRegisterURI'
+ SUP labeledURI
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.37
+ NAME 'tradeRegisterLastChangedDate'
+ EQUALITY generalizedTimeMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
+
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.38
+ NAME 'kolabGermanBankAccountNumber'
+ DESC 'The 8-digits number of a german bank account without spaces'
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{10} )
+
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.39
+ NAME 'kolabGermanBankCode'
+ DESC 'The 8-digits number of a german bank code (BLZ) without spaces'
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{8} )
+
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.40
+ NAME 'kolabGermanBankName'
+ DESC 'The name of a german bank registered in the BLZ table published by Deutsche Bundesbank.'
+ SUP name
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.41
+ NAME 'kolabGermanBankAccountInfo'
+ DESC 'Composed field containing a one-line human-readable representation of all necessary information.'
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.42
+ NAME 'kolabGermanBankAccountHolder'
+ DESC 'The name of the holder of a german bank account commonly used as recipient name.'
+ SINGLE-VALUE
+ SUP name )
+
+# describes the allowed or disallowed smtp addresses for
+# recipients. If this attribute is not set for a user no
+# kolab recipient policy does apply.
+# example entries:
+# .tld - allow mail to every recipient for this tld
+# domain.tld - allow mail to everyone in domain.tld
+# .domain.tld - allow mail to everyone in domain.tld and its subdomains
+# user@domain.tld - allow mail to explicit user@domain.tld
+# user@ - allow mail to this user but any domain
+# -.tld - disallow mail to every recipient for this tld
+# -domain.tld - disallow mail to everyone in domain.tld
+# -.domain.tld - disallow mail to everyone in domain.tld and its subdomains
+# -user@domain.tld - disallow mail to explicit user@domain.tld
+# -user@ - disallow mail to this user but any domain
+
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.43
+ NAME 'kolabAllowSMTPFrom'
+ DESC 'SMTP address accepted for receiving (multi-valued)'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} )
+
+attributetype ( 1.3.6.1.4.1.19414.1.1.1.44
+ NAME 'kolabSalutation'
+ DESC 'Salutation like Mr., Mrs, Herr, Frau)'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
+
+# kolabFolderType describes the kind of Kolab folder
+# as defined in the kolab format specification.
+# We will annotate all folders with an entry
+# /vendor/kolab/folder-type containing the attribute
+# value.shared set to: <type>[.<subtype>].
+# The <type> can be: mail, event, journal, task, note,
+# or contact. The <subtype> for a mail folder can be
+# inbox, drafts, sentitems, or junkemail (this one holds
+# spam mails). For the other <type>s, it can only be
+# default, or not set. For other types of folders
+# supported by the clients, these should be prefixed with
+# "k-" for KMail, "h-" for Horde and "o-" for Outlook, and
+# look like for example "kolab.o-voicemail". Other third-party
+# clients shall use the "x-" prefix.
+# We then use the ANNOTATEMORE IMAP extension to
+# associate the folder type with a folder.
+attributetype ( 1.3.6.1.4.1.19414.2.1.7
+ NAME 'kolabFolderType'
+ DESC 'type of a kolab folder'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+######################
+# postfix attributes #
+######################
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.501
+ NAME 'postfix-mydomain'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.502
+ NAME 'postfix-relaydomains'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.503
+ NAME 'postfix-mydestination'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.504
+ NAME 'postfix-mynetworks'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.505
+ NAME 'postfix-relayhost'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.506
+ NAME 'postfix-transport'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.507
+ NAME 'postfix-enable-virus-scan'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.508
+ NAME 'postfix-allow-unauthenticated'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.509
+ NAME 'postfix-virtual'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.510
+ NAME 'postfix-relayport'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.511
+ NAME 'postfix-message-size-limit'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+##########################
+# cyrus imapd attributes #
+##########################
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.601
+ NAME 'cyrus-autocreatequota'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.602
+ NAME 'cyrus-admins'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+# enable plain imap without ssl
+attributetype ( 1.3.6.1.4.1.19414.2.1.603
+ NAME 'cyrus-imap'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+# enable legacy pop3
+attributetype ( 1.3.6.1.4.1.19414.2.1.604
+ NAME 'cyrus-pop3'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+# user specific quota on the cyrus imap server
+attributetype ( 1.3.6.1.4.1.19414.2.1.605
+ NAME 'cyrus-userquota'
+ DESC 'Mailbox hard quota limit in MB'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+# cyrus imapd access control list
+# acls work with users and groups
+attributetype ( 1.3.6.1.4.1.19414.2.1.651
+ NAME 'acl'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+# enable secure imap
+attributetype ( 1.3.6.1.4.1.19414.2.1.606
+ NAME 'cyrus-imaps'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+# enable secure pop3
+attributetype ( 1.3.6.1.4.1.19414.2.1.607
+ NAME 'cyrus-pop3s'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+# enable sieve support (required for forward and vacation services)
+attributetype ( 1.3.6.1.4.1.19414.2.1.608
+ NAME 'cyrus-sieve'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+# installation wide percentage which determines when to send a
+# warning to the user
+attributetype ( 1.3.6.1.4.1.19414.2.1.609
+ NAME 'cyrus-quotawarn'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+# enable smmap support
+attributetype ( 1.3.6.1.4.1.19414.2.1.610
+ NAME 'cyrus-smmap'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+# enable fulldirhash support
+attributetype ( 1.3.6.1.4.1.19414.2.1.611
+ NAME 'cyrus-fulldirhash'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+# enable hashimapspool support
+attributetype ( 1.3.6.1.4.1.19414.2.1.612
+ NAME 'cyrus-hashimapspool'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+# enable squatter support
+attributetype ( 1.3.6.1.4.1.19414.2.1.613
+ NAME 'cyrus-squatter'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+
+#############################
+# apache and php attributes #
+#############################
+
+# enable plain http (no ssl)
+attributetype ( 1.3.6.1.4.1.19414.2.1.701
+ NAME 'apache-http'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+# Allow freebusy download without authenticating first
+attributetype ( 1.3.6.1.4.1.19414.2.1.702
+ NAME 'apache-allow-unauthenticated-fb'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+##########################
+# kolabfilter attributes #
+##########################
+
+# enable trustable From:
+attributetype ( 1.3.6.1.4.1.19414.2.1.750
+ NAME 'kolabfilter-verify-from-header'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+# should Sender header be allowed instead of From
+# when present?
+attributetype ( 1.3.6.1.4.1.19414.2.1.751
+ NAME 'kolabfilter-allow-sender-header'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+# Should reject messages with From headers that dont match
+# the envelope? Default is to rewrite the header
+attributetype ( 1.3.6.1.4.1.19414.2.1.752
+ NAME 'kolabfilter-reject-forged-from-header'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+# Enable the Kolab Policy Daemon. If false or not
+# set don't use the Kolab Policy Daemon
+attributetype ( 1.3.6.1.4.1.19414.2.1.800
+ NAME 'kolabPolicyDaemon'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+# Configurable list of ciphers considered to be secure enough for our purposes.
+# E.g. TLS 1.0 and SSL 3.0
+attributetype ( 1.3.6.1.4.1.19414.2.1.801
+ NAME 'kolabSecureCiphers'
+ DESC 'comma separated list of ciphers considered to be secure'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+
+######################################################
+# proftpd attributes (unused since Kolab Server 2.2) #
+######################################################
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.901
+ NAME 'proftpd-defaultquota'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.902
+ NAME 'proftpd-ftp'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.903
+ NAME 'proftpd-userPassword'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+########################################################################
+# pop3 service attributes (suitable to integrate external pop3 sources #
+########################################################################
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.1001
+ NAME 'externalPop3AccountDescription'
+ DESC 'a human readable description of the external POP3 account e.g. my gmail account'
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.1002
+ NAME 'externalPop3AccountMail'
+ DESC 'email address associated with the external POP3 account e.g. givenname.surname@gmail.com'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.1003
+ NAME 'externalPop3AccountServer'
+ DESC 'Pop3 server associated with the external POP3 account e.g. pop3.provider.com'
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.1004
+ NAME 'externalPop3AccountPort'
+ DESC 'TCP port number used for pop3 service associated with the external POP3 account e.g. 110'
+ EQUALITY integerMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{5} )
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.1005
+ NAME 'externalPop3AccountUseSSL'
+ DESC 'boolean defining if SSL must be used for external POP3 account - requires suitable externalPop3AccountPort'
+ EQUALITY booleanMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.1006
+ NAME 'externalPop3AccountUseTLS'
+ DESC 'boolean defining if TLS must be used for external POP3 account'
+ EQUALITY booleanMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+# sometimes useful for self-signed certificates
+attributetype ( 1.3.6.1.4.1.19414.2.1.1007
+ NAME 'externalPop3AccountCheckServerCertificate'
+ DESC 'allows to disable checking server certificates when using SSL or TLS - beware of MIT-attacks!'
+ EQUALITY booleanMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.1008
+ NAME 'externalPop3AccountLoginName'
+ DESC 'name used to login into pop3 account often this uid is equivalent to the email address'
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.1009
+ NAME 'externalPop3EncryptedAccountPassword'
+ DESC 'encryped password for the external POP3 account - secret key must be known to the pop3 fetch service'
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.1010
+ NAME 'externalPop3AccountKeepMailOnServer'
+ DESC 'controls if fetched message shall remain on external POP3 server - beware this is often unreliable'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.1011
+ NAME 'externalPop3AccountLoginMethod'
+ DESC 'login method used for external POP3 account - currently these are plainText, LOGIN, PLAIN, NTLM, DIGEST-MD5, CRAM-MD5, GSSAPI and APOP'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
+
+########################
+# external definitions #
+########################
+
+# extended from apple.schema
+attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.27
+ NAME ( 'apple-birthday' 'dateOfBirth' 'dateOfIncorporation' )
+ DESC 'Birthday or date of incorporation'
+ EQUALITY generalizedTimeMatch
+ SUBSTR caseExactIA5SubstringsMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
+
+# from http://www.stroeder.com/stroeder.com.schema
+attributetype ( 1.3.6.1.4.1.5427.1.389.4.12
+ NAME ( 'birthPlace' 'placeOfBirth' )
+ DESC 'Place of birth'
+ SUP name
+ SINGLE-VALUE )
+
+# from http://www.stroeder.com/stroeder.com.schema
+attributetype ( 1.3.6.1.4.1.5427.1.389.4.14
+ NAME 'birthName'
+ DESC 'Last name at time of birth, e.g. maiden name'
+ SUP name
+ SINGLE-VALUE )
+
+# from http://www.stroeder.com/stroeder.com.schema
+# The following data items and codes are used (see ISO 5218):
+# Not known 0
+# Male 1
+# Female 2
+# Not specified 9
+#
+attributetype ( 1.3.6.1.4.1.5427.1.389.4.7
+ NAME 'gender'
+ DESC 'Representation of human sex (see ISO 5218)'
+ EQUALITY integerMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} )
+
+# from http://www.stroeder.com/stroeder.com.schema
+# tax ID of person or company within Germany
+#
+attributetype ( 1.3.6.1.4.1.5427.1.389.4.666
+ NAME 'germanTaxId'
+ DESC 'tax ID of person or company within Germany'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{20} )
+
+# rfc 3039
+# ISO 3166 Country Code
+# multiple citizenships are possible!
+attributetype ( 1.3.6.1.5.5.7.9.4
+ NAME 'countryOfCitizenship'
+ DESC 'Country of citizenship'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 )
+
+# ISO 3166 Country Code
+attributetype ( 1.3.6.1.5.5.7.9.5
+ NAME 'countryOfResidence'
+ DESC 'Country of residence'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 )
+
+# http://www.daasi.de/
+attributetype ( 1.3.6.1.4.1.5062.1.1.3.16
+ NAME 'legalForm'
+ DESC 'legal form of a company'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# http://www.daasi.de/
+# location of the trade register authority
+attributetype ( 1.3.6.1.4.1.5062.1.1.3.17
+ NAME 'tradeRegisterLocation'
+ DESC 'Location of the trade registrar where the organization is registered'
+ SUP name
+ SINGLE-VALUE )
+
+# http://www.daasi.de/
+# registration number a the trade register authority
+attributetype ( 1.3.6.1.4.1.5062.1.1.3.18
+ NAME 'tradeRegisterIdentifier'
+ DESC 'Idientifier with which an organization is registered'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# https://forxa.mancomun.org/plugins/scmsvn/viewcvs.php/trunk/ldap/dxpisi.schema?annotate=29&root=mancomun
+# VATNumber
+# Identifier number for companies and persons. In Spain it is the same as NIF/CIF.
+# In Germany it is called Umsatzsteueridentifikationsnummer.
+attributetype ( 1.3.6.1.4.1.27994.1.3.4
+ NAME 'VATNumber'
+ DESC 'Identifier number for companies and persons'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} )
+
+########################
+# kolab object classes #
+########################
+
+# main kolab server configuration
+# storing global values and user specific default values
+# like kolabFreeBusyFuture and kolabFreeBusyPast
+objectclass ( 1.3.6.1.4.1.19414.2.2.1
+ NAME 'kolab'
+ DESC 'Kolab server configuration'
+ SUP top STRUCTURAL
+ MUST k
+ MAY ( kolabHost $
+ postfix-mydomain $
+ postfix-relaydomains $
+ postfix-mydestination $
+ postfix-mynetworks $
+ postfix-relayhost $
+ postfix-relayport $
+ postfix-transport $
+ postfix-virtual $
+ postfix-enable-virus-scan $
+ postfix-allow-unauthenticated $
+ postfix-message-size-limit $
+ cyrus-quotawarn $
+ cyrus-autocreatequota $
+ cyrus-admins $
+ cyrus-imap $
+ cyrus-pop3 $
+ cyrus-imaps $
+ cyrus-pop3s $
+ cyrus-sieve $
+ cyrus-smmap $
+ cyrus-fulldirhash $
+ cyrus-hashimapspool $
+ cyrus-squatter $
+ apache-http $
+ apache-allow-unauthenticated-fb $
+ kolabfilter-verify-from-header $
+ kolabfilter-allow-sender-header $
+ kolabfilter-reject-forged-from-header $
+ kolabPolicyDaemon $
+ kolabSecureCiphers $
+ proftpd-ftp $
+ proftpd-defaultquota $
+ kolabFreeBusyFuture $
+ kolabFreeBusyPast $
+ uid $
+ userPassword ) )
+
+# public folders are typically visible to everyone subscribed to
+# the server without the need for an extra login. Subfolders are
+# defined using the hiarchy seperator '/' e.g. "sf/sub1". Please note
+# that the term public folder is prefered to shared folder because
+# normal user mailboxes can also share folders using acls.
+objectclass ( 1.3.6.1.4.1.19414.2.2.9
+ NAME 'kolabSharedFolder'
+ DESC 'Kolab public shared folder'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( acl $
+ alias $
+ cyrus-userquota $
+ kolabHomeServer $
+ kolabFolderType $
+ kolabDeleteflag ) )
+
+# kolabNamedObject is used as a plain node for the LDAP tree.
+# In contrast to unix filesystem directories LDAP nodes can
+# and often do also have contents/attributes. We use the
+# kolabNamedObject in order to put some structure in the
+# LDAP directory tree.
+objectclass ( 1.3.6.1.4.1.5322.13.1.1
+ NAME 'kolabNamedObject'
+ SUP top STRUCTURAL
+ MAY (cn $ ou) )
+
+# kolab account
+# we use an auxiliary in order to ease integration
+# with existing inetOrgPerson objects
+# Please note that userPassword is a may
+# attribute in the schema but is mandatory for
+# Kolab
+objectclass ( 1.3.6.1.4.1.19414.3.2.2
+ NAME 'kolabInetOrgPerson'
+ DESC 'Kolab Internet Organizational Person'
+ SUP top AUXILIARY
+ MAY ( c $
+ alias $
+ pseudonym $
+ kolabHomeServer $
+ kolabHomeServerOnly $
+ kolabHomeMTA $
+ unrestrictedMailSize $
+ kolabDelegate $
+ kolabEncryptedPassword $
+ cyrus-userquota $
+ kolabInvitationPolicy $
+ kolabFreeBusyFuture $
+ calFBURL $
+ kolabVacationBeginDateTime $
+ kolabVacationEndDateTime $
+ kolabVacationResendInterval $
+ kolabVacationAddress $
+ kolabVacationReplyToUCE $
+ kolabVacationReactDomain $
+ kolabForwardAddress $
+ kolabForwardKeepCopy $
+ kolabForwardUCE $
+ kolabAllowSMTPRecipient $
+ kolabAllowSMTPFrom $
+ kolabSalutation $
+ kolabMaritalStatus $
+ dateOfBirth $
+ placeOfBirth $
+ birthName $
+ gender $
+ homeFacsimileTelephoneNumber $
+ countryOfCitizenship $
+ countryOfResidence $
+ legalForm $
+ tradeRegisterLocation $
+ tradeRegisterIdentifier $
+ VATNumber $
+ germanTaxId $
+ kolabDeleteflag $
+ kolabComment ) )
+
+# kolab organization with country support
+objectclass ( 1.3.6.1.4.1.19414.3.2.3
+ NAME 'kolabOrganization'
+ DESC 'RFC2256: a Kolab organization'
+ SUP organization STRUCTURAL
+ MAY ( c $
+ mail $
+ kolabDeleteflag $
+ alias ) )
+
+# kolab organizational unit with country support
+objectclass ( 1.3.6.1.4.1.19414.3.2.4
+ NAME 'kolabOrganizationalUnit'
+ DESC 'a Kolab organizational unit'
+ SUP organizationalUnit STRUCTURAL
+ MAY ( c $
+ mail $
+ kolabDeleteflag $
+ alias ) )
+
+# kolab groupOfNames with extra kolabDeleteflag and the required
+# attribute mail.
+# The mail attribute for kolab objects of the type kolabGroupOfNames
+# is not arbitrary but MUST be a single attribute of the form
+# of an valid SMTP address with the CN as the local part.
+# E.g cn@kolabdomain (e.g. employees@mydomain.com). The
+# mail attribute MUST be globally unique.
+objectclass ( 1.3.6.1.4.1.19414.3.2.5
+ NAME 'kolabGroupOfNames'
+ DESC 'Kolab group of names (DNs) derived from RFC2256'
+ SUP groupOfNames STRUCTURAL
+ MAY ( mail $
+ kolabDeleteflag ) )
+
+objectclass ( 1.3.6.1.4.1.19414.3.2.6
+ NAME 'kolabExternalPop3Account'
+ DESC 'kolab fetch messages via POP3 from external sources'
+ SUP top STRUCTURAL
+ MUST ( externalPop3AccountServer $
+ externalPop3AccountLoginName $
+ externalPop3EncryptedAccountPassword )
+ MAY ( externalPop3AccountDescription $
+ externalPop3AccountMail $
+ externalPop3AccountPort $
+ externalPop3AccountUseSSL $
+ externalPop3AccountUseTLS $
+ externalPop3AccountLoginMethod $
+ externalPop3AccountCheckServerCertificate $
+ externalPop3AccountKeepMailOnServer ) )
+
+objectclass ( 1.3.6.1.4.1.19414.3.2.7
+ NAME 'kolabGermanBankArrangement'
+ DESC 'German bank account information'
+ SUP top STRUCTURAL
+ MUST ( kolabGermanBankAccountNumber $
+ kolabGermanBankCode )
+ MAY ( kolabGermanBankAccountHolder $
+ kolabGermanBankName $
+ kolabGermanBankAccountInfo ) )