diff options
Diffstat (limited to 'share/kolab2.schema')
-rw-r--r-- | share/kolab2.schema | 1098 |
1 files changed, 1098 insertions, 0 deletions
diff --git a/share/kolab2.schema b/share/kolab2.schema new file mode 100644 index 0000000..eb40a8d --- /dev/null +++ b/share/kolab2.schema @@ -0,0 +1,1098 @@ +# $Id: kolab2.schema,v 1.38 2009/07/08 10:26:06 gunnar Exp $ +# (c) 2003, 2004 Tassilo Erlewein <tassilo.erlewein@erfrakon.de> +# (c) 2003-2009 Martin Konold <martin.konold@erfrakon.de> +# (c) 2003 Achim Frank <achim.frank@erfrakon.de> +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. +# +# Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# The name of the author may not be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# This schema highly depends on the core.schema, cosine.schema and the inetorgperson.schema +# as provided by 3rd parties like OpenLDAP. +# +# slapd.conf then looks like +# include /kolab/etc/openldap/schema/core.schema +# include /kolab/etc/openldap/schema/cosine.schema +# include /kolab/etc/openldap/schema/inetorgperson.schema +# include /kolab/etc/openldap/schema/rfc2739.schema +# include /kolab/etc/openldap/schema/kolab2.schema + +# Prefix for OIDs: 1.3.6.1.4.1.19414 <- registered +# Prefix for OIDs: 1.3.6.1.4.1.19414.2000 <-- temporarily reserved for ob +# Prefix for attributes: 1.3.6.1.4.1.19414.1 +# Prefix for attributes: 1.3.6.1.4.1.19414.2 +# Prefix for objectclasses: 1.3.6.1.4.1.19414.3 +# nameprefix: kolab +# +#################### +# kolab attributes # +#################### + +# helper attribute to make the kolab root easily findable in +# a big ldap directory +attributetype ( 1.3.6.1.4.1.19414.2.1.1 + NAME ( 'k' 'kolab' ) + DESC 'Kolab attribute' + SUP name ) + +# kolabDeleteflag used to be a boolean but describes with Kolab 2 +# the fqdn of the server which is requested to delete this objects +# in its local store +attributetype ( 1.3.6.1.4.1.19414.2.1.2 + NAME 'kolabDeleteflag' + DESC 'Per host deletion status' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +# alias used to provide alternative rfc822 email addresses for kolab users +attributetype ( 1.3.6.1.4.1.19414.2.1.3 + NAME 'alias' + DESC 'RFC1274: RFC822 Mailbox' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +# kolabEncryptedPassword is an asymmetrically (RSA) encrypted copy of the +# cleartext password. This is required in order to pass the password from +# the maintainance/administration application to the kolabHomeServer running the +# resource handler application in a secure manner. +# Actually this attribute is deprecated as of Kolab 2.1. Instead we grant the +# calendar user dn: cn=calendar,cn=internal,dc=yourcompany,dc=com access to +# the respective calendar folder using IMAP ACLs. +attributetype ( 1.3.6.1.4.1.19414.2.1.4 + NAME 'kolabEncryptedPassword' + DESC 'base64 encoded public key encrypted Password' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# hostname including the domain name like kolab-master.yourcompany.com +attributetype ( 1.3.6.1.4.1.19414.2.1.5 + NAME ( 'fqhostname' 'fqdnhostname' ) + DESC 'Fully qualified Hostname including full domain component' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +# fqdn of all hosts in a multi-location or cluster setup +attributetype ( 1.3.6.1.4.1.19414.2.1.6 + NAME 'kolabHost' + DESC 'Multivalued -- list of hostnames in a Kolab setup' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +# fqdn of the server containg the actual user mailbox +attributetype ( 1.3.6.1.4.1.19414.1.1.1.1 + NAME 'kolabHomeServer' + DESC 'server which keeps the users mailbox' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +# flag for allowing unrestriced length of mails +attributetype ( 1.3.6.1.4.1.19414.1.1.1.2 + NAME 'unrestrictedMailSize' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + +# Specifies the email delegates. +# An email delegate can send email on behalf of the account +# which means using the "from" of the account. +# Delegates are specified by the syntax of rfc822 email addresses. +attributetype ( 1.3.6.1.4.1.19414.1.1.1.3 + NAME 'kolabDelegate' + DESC 'Kolab user allowed to act as delegates - RFC822 Mailbox/Alias' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +# For user, group and resource Kolab accounts +# Describes how to respond to invitations +# We keep the attribute as a string, but actually it can only have one +# of the following values: +# +# ACT_ALWAYS_ACCEPT +# ACT_ALWAYS_REJECT +# ACT_REJECT_IF_CONFLICTS +# ACT_MANUAL_IF_CONFLICTS +# ACT_MANUAL +# In addition one of these values may be prefixed with a primary email +# address followed by a colon like +# user@domain.tld: ACT_ALWAYS_ACCEPT +attributetype ( 1.3.6.1.4.1.19414.1.1.1.4 + NAME ( 'kolabInvitationPolicy' 'kolabResourceAction' ) + DESC 'defines how to respond to invitations' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +# time span from now to the future used for the free busy data +# measured in days +attributetype ( 1.3.6.1.4.1.19414.1.1.1.5 + NAME 'kolabFreeBusyFuture' + DESC 'time in days for fb data towards the future' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +# time span from now to the past used for the free busy data +# measured in days +attributetype ( 1.3.6.1.4.1.19414.1.1.1.6 + NAME 'kolabFreeBusyPast' + DESC 'time in days for fb data towards the past' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +# fqdn of the server as the default SMTP MTA +# not used in Kolab 2 currently as in Kolab 2 the +# default MTA is equivalent to the kolabHomeServer +attributetype ( 1.3.6.1.4.1.19414.1.1.1.7 + NAME 'kolabHomeMTA' + DESC 'fqdn of default MTA' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} + SINGLE-VALUE ) + +# Begin date of Kolab vacation period. Sender will +# be notified every kolabVacationResendIntervall days +# that recipient is absent until kolabVacationEnd. +# Values in this syntax are encoded as printable strings, +# represented as specified in X.208. +# Note that the time zone must be specified. +# For Kolab we limit ourself to GMT +# YYYYMMDDHHMMZ e.g. 200512311458Z. +# see also: rfc 2252. +# Currently this attribute is not used in Kolab. +attributetype ( 1.3.6.1.4.1.19414.1.1.1.8 + NAME 'kolabVacationBeginDateTime' + DESC 'Begin date of vacation' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + SINGLE-VALUE ) + +# End date of Kolab vacation period. Sender will +# be notified every kolabVacationResendIntervall days +# that recipient is absent starting from kolabVacationBeginDateTime. +# Values in this syntax are encoded as printable strings, +# represented as specified in X.208. +# Note that the time zone must be specified. +# For Kolab we limit ourself to GMT +# YYYYMMDDHHMMZ e.g. 200601012258Z. +# see also: rfc 2252. +# Currently this attribute is not used in Kolab. +attributetype ( 1.3.6.1.4.1.19414.1.1.1.9 + NAME 'kolabVacationEndDateTime' + DESC 'End date of vacation' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + SINGLE-VALUE ) + +# Intervall in days after which senders get +# another vacation message. +# Currently this attribute is not used in Kolab. +attributetype ( 1.3.6.1.4.1.19414.1.1.1.10 + NAME 'kolabVacationResendInterval' + DESC 'Vacation notice interval in days' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +# Email recipient addresses which are handled by the +# vacation script. There can be multiple kolabVacationAddress +# entries for each kolabInetOrgPerson. +# Default is the primary email address and all +# email aliases of the kolabInetOrgPerson. +# Currently this attribute is not used in Kolab. +attributetype ( 1.3.6.1.4.1.19414.1.1.1.11 + NAME 'kolabVacationAddress' + DESC 'Email address for vacation to response upon' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +# Enable sending vacation notices in reaction +# unsolicited commercial email. +# Default is no. +# Currently this attribute is not used in Kolab. +attributetype ( 1.3.6.1.4.1.19414.1.1.1.12 + NAME 'kolabVacationReplyToUCE' + DESC 'Enable vacation notices to UCE' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +# Email recipient domains which are handled by the +# vacation script. There can be multiple kolabVacationReactDomain +# entries for each kolabInetOrgPerson +# Default is to handle all domains. +# Currently this attribute is not used in Kolab. +attributetype ( 1.3.6.1.4.1.19414.1.1.1.13 + NAME 'kolabVacationReactDomain' + DESC 'Multivalued -- Email domain for vacation to response upon' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +# Forward all incoming emails except UCE if kolabForwardUCE +# is not set to this email address. +# There can be multiple kolabForwardAddress entries for +# each kolabInetOrgPerson. +# Currently this attribute is not used in Kolab. +attributetype ( 1.3.6.1.4.1.19414.1.1.1.14 + NAME 'kolabForwardAddress' + DESC 'Forward email to this address' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +# Keep local copy when forwarding emails to list of +# kolabForwardAddress. +# Default is no. +# Currently this attribute is not used in Kolab. +attributetype ( 1.3.6.1.4.1.19414.1.1.1.15 + NAME 'kolabForwardKeepCopy' + DESC 'Keep copy when forwarding' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +# Enable forwarding of UCE. +# Default is yes. +# Currently this attribute is not used in Kolab. +attributetype ( 1.3.6.1.4.1.19414.1.1.1.16 + NAME 'kolabForwardUCE' + DESC 'Enable forwarding of mails known as UCE' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +# comment when creating or deleting a kolab object +# a comment might be appropriate. This is most useful +# for tracability when users get moved to the graveyard +# instead of being really deleted. Every entry must be prefixed +# with an ISO 8601 date string e.g 200604301458Z. All times must +# be in zulu timezone. +attributetype ( 1.3.6.1.4.1.19414.1.1.1.17 + NAME 'kolabComment' + DESC 'multi-value comment' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) + +# describes the allowed or disallowed smtp addresses for +# recipients. If this attribute is not set for a user no +# kolab recipient policy does apply. +# example entries: +# .tld - allow mail to every recipient for this tld +# domain.tld - allow mail to everyone in domain.tld +# .domain.tld - allow mail to everyone in domain.tld and its subdomains +# user@domain.tld - allow mail to explicit user@domain.tld +# user@ - allow mail to this user but any domain +# -.tld - disallow mail to every recipient for this tld +# -domain.tld - disallow mail to everyone in domain.tld +# -.domain.tld - disallow mail to everyone in domain.tld and its subdomains +# -user@domain.tld - disallow mail to explicit user@domain.tld +# -user@ - disallow mail to this user but any domain +attributetype ( 1.3.6.1.4.1.19414.1.1.1.18 + NAME 'kolabAllowSMTPRecipient' + DESC 'SMTP address allowed for destination (multi-valued)' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} ) + +# Create the user mailbox on the kolabHomeServer only. +# Default is no. +attributetype ( 1.3.6.1.4.1.19414.1.1.1.19 + NAME 'kolabHomeServerOnly' + DESC 'Create the user mailbox on the kolabHomeServer only' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.19414.1.1.1.20 + NAME 'kolabMaritalStatus' + DESC 'ledig(0), verh.(1)} DEFAULT ledig' + EQUALITY integerMatch + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} ) + +attributetype ( 1.3.6.1.4.1.19414.1.1.1.21 + NAME ( 'homeFacsimileTelephoneNumber' 'homeFaxNumber' ) + DESC 'private facsimilie telephone number' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) + +attributetype ( 1.3.6.1.4.1.19414.1.1.1.25 + NAME 'bylawURI' + DESC 'URI pointing at the bylaw' + SUP labeledURI + SINGLE-VALUE ) + +# Single string with $ seperated lines consisting of +# surname $ +# givenName $ +# dateOfBirth $ +# restrictions $ +# signer of contract ('true'/'false') +attributetype ( 1.3.6.1.4.1.19414.1.1.1.27 + NAME 'legalRepresentative' + DESC 'legal representative' + EQUALITY caseIgnoreListMatch + SUBSTR caseIgnoreListSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) + +# Single string with $ seperated lines consisting of +# surname $ +# givenName $ +# dateOfBirth $ +# restrictions $ +# signer of contract ('true'/'false') +attributetype ( 1.3.6.1.4.1.19414.1.1.1.28 + NAME 'commercialProcuration' + DESC 'described person which has commercial procuration' + EQUALITY caseIgnoreListMatch + SUBSTR caseIgnoreListSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) + +attributetype ( 1.3.6.1.4.1.19414.1.1.1.29 + NAME 'legalRepresentationPolicy' + DESC 'described how legal representation works' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.19414.1.1.1.31 + NAME 'inLiquidation' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + +attributetype ( 1.3.6.1.4.1.19414.1.1.1.32 + NAME 'tradeRegisterRegisteredCapital' + EQUALITY integerMatch + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +attributetype ( 1.3.6.1.4.1.19414.1.1.1.33 + NAME 'tradeRegisterType' + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.19414.1.1.1.36 + NAME 'tradeRegisterURI' + SUP labeledURI + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.19414.1.1.1.37 + NAME 'tradeRegisterLastChangedDate' + EQUALITY generalizedTimeMatch + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) + +attributetype ( 1.3.6.1.4.1.19414.1.1.1.38 + NAME 'kolabGermanBankAccountNumber' + DESC 'The 8-digits number of a german bank account without spaces' + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{10} ) + +attributetype ( 1.3.6.1.4.1.19414.1.1.1.39 + NAME 'kolabGermanBankCode' + DESC 'The 8-digits number of a german bank code (BLZ) without spaces' + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{8} ) + +attributetype ( 1.3.6.1.4.1.19414.1.1.1.40 + NAME 'kolabGermanBankName' + DESC 'The name of a german bank registered in the BLZ table published by Deutsche Bundesbank.' + SUP name + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.19414.1.1.1.41 + NAME 'kolabGermanBankAccountInfo' + DESC 'Composed field containing a one-line human-readable representation of all necessary information.' + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.19414.1.1.1.42 + NAME 'kolabGermanBankAccountHolder' + DESC 'The name of the holder of a german bank account commonly used as recipient name.' + SINGLE-VALUE + SUP name ) + +# describes the allowed or disallowed smtp addresses for +# recipients. If this attribute is not set for a user no +# kolab recipient policy does apply. +# example entries: +# .tld - allow mail to every recipient for this tld +# domain.tld - allow mail to everyone in domain.tld +# .domain.tld - allow mail to everyone in domain.tld and its subdomains +# user@domain.tld - allow mail to explicit user@domain.tld +# user@ - allow mail to this user but any domain +# -.tld - disallow mail to every recipient for this tld +# -domain.tld - disallow mail to everyone in domain.tld +# -.domain.tld - disallow mail to everyone in domain.tld and its subdomains +# -user@domain.tld - disallow mail to explicit user@domain.tld +# -user@ - disallow mail to this user but any domain + +attributetype ( 1.3.6.1.4.1.19414.1.1.1.43 + NAME 'kolabAllowSMTPFrom' + DESC 'SMTP address accepted for receiving (multi-valued)' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} ) + +attributetype ( 1.3.6.1.4.1.19414.1.1.1.44 + NAME 'kolabSalutation' + DESC 'Salutation like Mr., Mrs, Herr, Frau)' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} ) + +# kolabFolderType describes the kind of Kolab folder +# as defined in the kolab format specification. +# We will annotate all folders with an entry +# /vendor/kolab/folder-type containing the attribute +# value.shared set to: <type>[.<subtype>]. +# The <type> can be: mail, event, journal, task, note, +# or contact. The <subtype> for a mail folder can be +# inbox, drafts, sentitems, or junkemail (this one holds +# spam mails). For the other <type>s, it can only be +# default, or not set. For other types of folders +# supported by the clients, these should be prefixed with +# "k-" for KMail, "h-" for Horde and "o-" for Outlook, and +# look like for example "kolab.o-voicemail". Other third-party +# clients shall use the "x-" prefix. +# We then use the ANNOTATEMORE IMAP extension to +# associate the folder type with a folder. +attributetype ( 1.3.6.1.4.1.19414.2.1.7 + NAME 'kolabFolderType' + DESC 'type of a kolab folder' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} + SINGLE-VALUE ) + +###################### +# postfix attributes # +###################### + +attributetype ( 1.3.6.1.4.1.19414.2.1.501 + NAME 'postfix-mydomain' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +attributetype ( 1.3.6.1.4.1.19414.2.1.502 + NAME 'postfix-relaydomains' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +attributetype ( 1.3.6.1.4.1.19414.2.1.503 + NAME 'postfix-mydestination' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +attributetype ( 1.3.6.1.4.1.19414.2.1.504 + NAME 'postfix-mynetworks' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +attributetype ( 1.3.6.1.4.1.19414.2.1.505 + NAME 'postfix-relayhost' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +attributetype ( 1.3.6.1.4.1.19414.2.1.506 + NAME 'postfix-transport' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +attributetype ( 1.3.6.1.4.1.19414.2.1.507 + NAME 'postfix-enable-virus-scan' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.19414.2.1.508 + NAME 'postfix-allow-unauthenticated' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.19414.2.1.509 + NAME 'postfix-virtual' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +attributetype ( 1.3.6.1.4.1.19414.2.1.510 + NAME 'postfix-relayport' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +attributetype ( 1.3.6.1.4.1.19414.2.1.511 + NAME 'postfix-message-size-limit' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +########################## +# cyrus imapd attributes # +########################## + +attributetype ( 1.3.6.1.4.1.19414.2.1.601 + NAME 'cyrus-autocreatequota' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.19414.2.1.602 + NAME 'cyrus-admins' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +# enable plain imap without ssl +attributetype ( 1.3.6.1.4.1.19414.2.1.603 + NAME 'cyrus-imap' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +# enable legacy pop3 +attributetype ( 1.3.6.1.4.1.19414.2.1.604 + NAME 'cyrus-pop3' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + +# user specific quota on the cyrus imap server +attributetype ( 1.3.6.1.4.1.19414.2.1.605 + NAME 'cyrus-userquota' + DESC 'Mailbox hard quota limit in MB' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +# cyrus imapd access control list +# acls work with users and groups +attributetype ( 1.3.6.1.4.1.19414.2.1.651 + NAME 'acl' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +# enable secure imap +attributetype ( 1.3.6.1.4.1.19414.2.1.606 + NAME 'cyrus-imaps' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + +# enable secure pop3 +attributetype ( 1.3.6.1.4.1.19414.2.1.607 + NAME 'cyrus-pop3s' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + +# enable sieve support (required for forward and vacation services) +attributetype ( 1.3.6.1.4.1.19414.2.1.608 + NAME 'cyrus-sieve' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + +# installation wide percentage which determines when to send a +# warning to the user +attributetype ( 1.3.6.1.4.1.19414.2.1.609 + NAME 'cyrus-quotawarn' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +# enable smmap support +attributetype ( 1.3.6.1.4.1.19414.2.1.610 + NAME 'cyrus-smmap' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + +# enable fulldirhash support +attributetype ( 1.3.6.1.4.1.19414.2.1.611 + NAME 'cyrus-fulldirhash' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + +# enable hashimapspool support +attributetype ( 1.3.6.1.4.1.19414.2.1.612 + NAME 'cyrus-hashimapspool' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + +# enable squatter support +attributetype ( 1.3.6.1.4.1.19414.2.1.613 + NAME 'cyrus-squatter' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + + +############################# +# apache and php attributes # +############################# + +# enable plain http (no ssl) +attributetype ( 1.3.6.1.4.1.19414.2.1.701 + NAME 'apache-http' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + +# Allow freebusy download without authenticating first +attributetype ( 1.3.6.1.4.1.19414.2.1.702 + NAME 'apache-allow-unauthenticated-fb' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + +########################## +# kolabfilter attributes # +########################## + +# enable trustable From: +attributetype ( 1.3.6.1.4.1.19414.2.1.750 + NAME 'kolabfilter-verify-from-header' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + +# should Sender header be allowed instead of From +# when present? +attributetype ( 1.3.6.1.4.1.19414.2.1.751 + NAME 'kolabfilter-allow-sender-header' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + +# Should reject messages with From headers that dont match +# the envelope? Default is to rewrite the header +attributetype ( 1.3.6.1.4.1.19414.2.1.752 + NAME 'kolabfilter-reject-forged-from-header' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + +# Enable the Kolab Policy Daemon. If false or not +# set don't use the Kolab Policy Daemon +attributetype ( 1.3.6.1.4.1.19414.2.1.800 + NAME 'kolabPolicyDaemon' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + +# Configurable list of ciphers considered to be secure enough for our purposes. +# E.g. TLS 1.0 and SSL 3.0 +attributetype ( 1.3.6.1.4.1.19414.2.1.801 + NAME 'kolabSecureCiphers' + DESC 'comma separated list of ciphers considered to be secure' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + + +###################################################### +# proftpd attributes (unused since Kolab Server 2.2) # +###################################################### + +attributetype ( 1.3.6.1.4.1.19414.2.1.901 + NAME 'proftpd-defaultquota' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +attributetype ( 1.3.6.1.4.1.19414.2.1.902 + NAME 'proftpd-ftp' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + +attributetype ( 1.3.6.1.4.1.19414.2.1.903 + NAME 'proftpd-userPassword' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +######################################################################## +# pop3 service attributes (suitable to integrate external pop3 sources # +######################################################################## + +attributetype ( 1.3.6.1.4.1.19414.2.1.1001 + NAME 'externalPop3AccountDescription' + DESC 'a human readable description of the external POP3 account e.g. my gmail account' + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) + +attributetype ( 1.3.6.1.4.1.19414.2.1.1002 + NAME 'externalPop3AccountMail' + DESC 'email address associated with the external POP3 account e.g. givenname.surname@gmail.com' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +attributetype ( 1.3.6.1.4.1.19414.2.1.1003 + NAME 'externalPop3AccountServer' + DESC 'Pop3 server associated with the external POP3 account e.g. pop3.provider.com' + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +attributetype ( 1.3.6.1.4.1.19414.2.1.1004 + NAME 'externalPop3AccountPort' + DESC 'TCP port number used for pop3 service associated with the external POP3 account e.g. 110' + EQUALITY integerMatch + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{5} ) + +attributetype ( 1.3.6.1.4.1.19414.2.1.1005 + NAME 'externalPop3AccountUseSSL' + DESC 'boolean defining if SSL must be used for external POP3 account - requires suitable externalPop3AccountPort' + EQUALITY booleanMatch + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + +attributetype ( 1.3.6.1.4.1.19414.2.1.1006 + NAME 'externalPop3AccountUseTLS' + DESC 'boolean defining if TLS must be used for external POP3 account' + EQUALITY booleanMatch + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + +# sometimes useful for self-signed certificates +attributetype ( 1.3.6.1.4.1.19414.2.1.1007 + NAME 'externalPop3AccountCheckServerCertificate' + DESC 'allows to disable checking server certificates when using SSL or TLS - beware of MIT-attacks!' + EQUALITY booleanMatch + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + +attributetype ( 1.3.6.1.4.1.19414.2.1.1008 + NAME 'externalPop3AccountLoginName' + DESC 'name used to login into pop3 account often this uid is equivalent to the email address' + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 1.3.6.1.4.1.19414.2.1.1009 + NAME 'externalPop3EncryptedAccountPassword' + DESC 'encryped password for the external POP3 account - secret key must be known to the pop3 fetch service' + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40) + +attributetype ( 1.3.6.1.4.1.19414.2.1.1010 + NAME 'externalPop3AccountKeepMailOnServer' + DESC 'controls if fetched message shall remain on external POP3 server - beware this is often unreliable' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + +attributetype ( 1.3.6.1.4.1.19414.2.1.1011 + NAME 'externalPop3AccountLoginMethod' + DESC 'login method used for external POP3 account - currently these are plainText, LOGIN, PLAIN, NTLM, DIGEST-MD5, CRAM-MD5, GSSAPI and APOP' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) + +######################## +# external definitions # +######################## + +# extended from apple.schema +attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.27 + NAME ( 'apple-birthday' 'dateOfBirth' 'dateOfIncorporation' ) + DESC 'Birthday or date of incorporation' + EQUALITY generalizedTimeMatch + SUBSTR caseExactIA5SubstringsMatch + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) + +# from http://www.stroeder.com/stroeder.com.schema +attributetype ( 1.3.6.1.4.1.5427.1.389.4.12 + NAME ( 'birthPlace' 'placeOfBirth' ) + DESC 'Place of birth' + SUP name + SINGLE-VALUE ) + +# from http://www.stroeder.com/stroeder.com.schema +attributetype ( 1.3.6.1.4.1.5427.1.389.4.14 + NAME 'birthName' + DESC 'Last name at time of birth, e.g. maiden name' + SUP name + SINGLE-VALUE ) + +# from http://www.stroeder.com/stroeder.com.schema +# The following data items and codes are used (see ISO 5218): +# Not known 0 +# Male 1 +# Female 2 +# Not specified 9 +# +attributetype ( 1.3.6.1.4.1.5427.1.389.4.7 + NAME 'gender' + DESC 'Representation of human sex (see ISO 5218)' + EQUALITY integerMatch + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} ) + +# from http://www.stroeder.com/stroeder.com.schema +# tax ID of person or company within Germany +# +attributetype ( 1.3.6.1.4.1.5427.1.389.4.666 + NAME 'germanTaxId' + DESC 'tax ID of person or company within Germany' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{20} ) + +# rfc 3039 +# ISO 3166 Country Code +# multiple citizenships are possible! +attributetype ( 1.3.6.1.5.5.7.9.4 + NAME 'countryOfCitizenship' + DESC 'Country of citizenship' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 ) + +# ISO 3166 Country Code +attributetype ( 1.3.6.1.5.5.7.9.5 + NAME 'countryOfResidence' + DESC 'Country of residence' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 ) + +# http://www.daasi.de/ +attributetype ( 1.3.6.1.4.1.5062.1.1.3.16 + NAME 'legalForm' + DESC 'legal form of a company' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# http://www.daasi.de/ +# location of the trade register authority +attributetype ( 1.3.6.1.4.1.5062.1.1.3.17 + NAME 'tradeRegisterLocation' + DESC 'Location of the trade registrar where the organization is registered' + SUP name + SINGLE-VALUE ) + +# http://www.daasi.de/ +# registration number a the trade register authority +attributetype ( 1.3.6.1.4.1.5062.1.1.3.18 + NAME 'tradeRegisterIdentifier' + DESC 'Idientifier with which an organization is registered' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# https://forxa.mancomun.org/plugins/scmsvn/viewcvs.php/trunk/ldap/dxpisi.schema?annotate=29&root=mancomun +# VATNumber +# Identifier number for companies and persons. In Spain it is the same as NIF/CIF. +# In Germany it is called Umsatzsteueridentifikationsnummer. +attributetype ( 1.3.6.1.4.1.27994.1.3.4 + NAME 'VATNumber' + DESC 'Identifier number for companies and persons' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} ) + +######################## +# kolab object classes # +######################## + +# main kolab server configuration +# storing global values and user specific default values +# like kolabFreeBusyFuture and kolabFreeBusyPast +objectclass ( 1.3.6.1.4.1.19414.2.2.1 + NAME 'kolab' + DESC 'Kolab server configuration' + SUP top STRUCTURAL + MUST k + MAY ( kolabHost $ + postfix-mydomain $ + postfix-relaydomains $ + postfix-mydestination $ + postfix-mynetworks $ + postfix-relayhost $ + postfix-relayport $ + postfix-transport $ + postfix-virtual $ + postfix-enable-virus-scan $ + postfix-allow-unauthenticated $ + postfix-message-size-limit $ + cyrus-quotawarn $ + cyrus-autocreatequota $ + cyrus-admins $ + cyrus-imap $ + cyrus-pop3 $ + cyrus-imaps $ + cyrus-pop3s $ + cyrus-sieve $ + cyrus-smmap $ + cyrus-fulldirhash $ + cyrus-hashimapspool $ + cyrus-squatter $ + apache-http $ + apache-allow-unauthenticated-fb $ + kolabfilter-verify-from-header $ + kolabfilter-allow-sender-header $ + kolabfilter-reject-forged-from-header $ + kolabPolicyDaemon $ + kolabSecureCiphers $ + proftpd-ftp $ + proftpd-defaultquota $ + kolabFreeBusyFuture $ + kolabFreeBusyPast $ + uid $ + userPassword ) ) + +# public folders are typically visible to everyone subscribed to +# the server without the need for an extra login. Subfolders are +# defined using the hiarchy seperator '/' e.g. "sf/sub1". Please note +# that the term public folder is prefered to shared folder because +# normal user mailboxes can also share folders using acls. +objectclass ( 1.3.6.1.4.1.19414.2.2.9 + NAME 'kolabSharedFolder' + DESC 'Kolab public shared folder' + SUP top STRUCTURAL + MUST cn + MAY ( acl $ + alias $ + cyrus-userquota $ + kolabHomeServer $ + kolabFolderType $ + kolabDeleteflag ) ) + +# kolabNamedObject is used as a plain node for the LDAP tree. +# In contrast to unix filesystem directories LDAP nodes can +# and often do also have contents/attributes. We use the +# kolabNamedObject in order to put some structure in the +# LDAP directory tree. +objectclass ( 1.3.6.1.4.1.5322.13.1.1 + NAME 'kolabNamedObject' + SUP top STRUCTURAL + MAY (cn $ ou) ) + +# kolab account +# we use an auxiliary in order to ease integration +# with existing inetOrgPerson objects +# Please note that userPassword is a may +# attribute in the schema but is mandatory for +# Kolab +objectclass ( 1.3.6.1.4.1.19414.3.2.2 + NAME 'kolabInetOrgPerson' + DESC 'Kolab Internet Organizational Person' + SUP top AUXILIARY + MAY ( c $ + alias $ + pseudonym $ + kolabHomeServer $ + kolabHomeServerOnly $ + kolabHomeMTA $ + unrestrictedMailSize $ + kolabDelegate $ + kolabEncryptedPassword $ + cyrus-userquota $ + kolabInvitationPolicy $ + kolabFreeBusyFuture $ + calFBURL $ + kolabVacationBeginDateTime $ + kolabVacationEndDateTime $ + kolabVacationResendInterval $ + kolabVacationAddress $ + kolabVacationReplyToUCE $ + kolabVacationReactDomain $ + kolabForwardAddress $ + kolabForwardKeepCopy $ + kolabForwardUCE $ + kolabAllowSMTPRecipient $ + kolabAllowSMTPFrom $ + kolabSalutation $ + kolabMaritalStatus $ + dateOfBirth $ + placeOfBirth $ + birthName $ + gender $ + homeFacsimileTelephoneNumber $ + countryOfCitizenship $ + countryOfResidence $ + legalForm $ + tradeRegisterLocation $ + tradeRegisterIdentifier $ + VATNumber $ + germanTaxId $ + kolabDeleteflag $ + kolabComment ) ) + +# kolab organization with country support +objectclass ( 1.3.6.1.4.1.19414.3.2.3 + NAME 'kolabOrganization' + DESC 'RFC2256: a Kolab organization' + SUP organization STRUCTURAL + MAY ( c $ + mail $ + kolabDeleteflag $ + alias ) ) + +# kolab organizational unit with country support +objectclass ( 1.3.6.1.4.1.19414.3.2.4 + NAME 'kolabOrganizationalUnit' + DESC 'a Kolab organizational unit' + SUP organizationalUnit STRUCTURAL + MAY ( c $ + mail $ + kolabDeleteflag $ + alias ) ) + +# kolab groupOfNames with extra kolabDeleteflag and the required +# attribute mail. +# The mail attribute for kolab objects of the type kolabGroupOfNames +# is not arbitrary but MUST be a single attribute of the form +# of an valid SMTP address with the CN as the local part. +# E.g cn@kolabdomain (e.g. employees@mydomain.com). The +# mail attribute MUST be globally unique. +objectclass ( 1.3.6.1.4.1.19414.3.2.5 + NAME 'kolabGroupOfNames' + DESC 'Kolab group of names (DNs) derived from RFC2256' + SUP groupOfNames STRUCTURAL + MAY ( mail $ + kolabDeleteflag ) ) + +objectclass ( 1.3.6.1.4.1.19414.3.2.6 + NAME 'kolabExternalPop3Account' + DESC 'kolab fetch messages via POP3 from external sources' + SUP top STRUCTURAL + MUST ( externalPop3AccountServer $ + externalPop3AccountLoginName $ + externalPop3EncryptedAccountPassword ) + MAY ( externalPop3AccountDescription $ + externalPop3AccountMail $ + externalPop3AccountPort $ + externalPop3AccountUseSSL $ + externalPop3AccountUseTLS $ + externalPop3AccountLoginMethod $ + externalPop3AccountCheckServerCertificate $ + externalPop3AccountKeepMailOnServer ) ) + +objectclass ( 1.3.6.1.4.1.19414.3.2.7 + NAME 'kolabGermanBankArrangement' + DESC 'German bank account information' + SUP top STRUCTURAL + MUST ( kolabGermanBankAccountNumber $ + kolabGermanBankCode ) + MAY ( kolabGermanBankAccountHolder $ + kolabGermanBankName $ + kolabGermanBankAccountInfo ) ) |