1 # $Id: kolab2.schema,v 1.5 2005/03/18 00:29:24 martin Exp $
2 # (c) 2003, 2004 Tassilo Erlewein <tassilo.erlewein@erfrakon.de>
3 # (c) 2003, 2004 Martin Konold <martin.konold@erfrakon.de>
4 # (c) 2003 Achim Frank <achim.frank@erfrakon.de>
5 #
6 # Redistribution and use in source and binary forms, with or without
7 # modification, are permitted provided that the following conditions are met:
8 #
9 # Redistributions of source code must retain the above copyright notice, this
10 # list of conditions and the following disclaimer.
11 #
12 # Redistributions in binary form must reproduce the above copyright notice,
13 # this list of conditions and the following disclaimer in the documentation
14 # and/or other materials provided with the distribution.
15 #
16 # The name of the author may not be used to endorse or promote products derived
17 # from this software without specific prior written permission.
18 #
19 #
20 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
21 # WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
22 # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
23 # EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
24 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
26 # OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
27 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
28 # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
29 # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 # This schema highly depends on the core.schema, cosine.schema and the inetorgperson.schema
32 # as provided by 3rd parties like OpenLDAP.
33 #
34 # slapd.conf then looks like
35 # include /kolab/etc/openldap/schema/core.schema
36 # include /kolab/etc/openldap/schema/cosine.schema
37 # include /kolab/local/etc/openldap/schema/inetorgperson.schema
38 # include /kolab/local/etc/openldap/schema/kolab2.schema
40 #
41 ####################
42 # kolab attributes #
43 ####################
45 # helper attribute to make the kolab root easily findable in
46 # a big ldap directory
47 attributetype ( 1.3.6.1.4.1.19414.2.1.1
48 NAME ( 'k' 'kolab' )
49 DESC 'Kolab attribute'
50 SUP name )
52 # kolabDeleteflag used to be a boolean but describes with Kolab 2
53 # the fqdn of the server which is requested to delete this objects
54 # in its local store
55 attributetype ( 1.3.6.1.4.1.19414.2.1.2
56 NAME 'kolabDeleteflag'
57 DESC 'Per host deletion status'
58 EQUALITY caseIgnoreIA5Match
59 SUBSTR caseIgnoreIA5SubstringsMatch
60 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
62 # alias used to provide alternative rfc822 email addresses for kolab users
63 attributetype ( 1.3.6.1.4.1.19414.2.1.3
64 NAME 'alias'
65 DESC 'RFC1274: RFC822 Mailbox'
66 EQUALITY caseIgnoreIA5Match
67 SUBSTR caseIgnoreIA5SubstringsMatch
68 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
70 # kolabEncryptedPassword is an asymmetrically (RSA) encrypted copy of the
71 # cleartext password. This is required in order to pass the password from
72 # the maintainance/administration application to the kolabHomeServer running the
73 # resource handler application in a secure maner
74 attributetype ( 1.3.6.1.4.1.19419.2.1.4
75 NAME 'kolabEncryptedPassword'
76 DESC 'base64 encoded public key encrypted Password'
77 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
79 # hostname including the domain name like kolab-master.bsi.de
80 attributetype ( 1.3.6.1.4.1.19414.2.1.5
81 NAME ( 'fqhostname' 'fqdnhostname' )
82 DESC 'Fully qualified Hostname including full domain component'
83 EQUALITY caseIgnoreIA5Match
84 SUBSTR caseIgnoreIA5SubstringsMatch
85 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
87 # fqdn of all hosts in a multi-location setup
88 attributetype ( 1.3.6.1.4.1.19414.2.1.6
89 NAME 'kolabHost'
90 DESC 'Multivalued -- list of hostnames in a Kolab setup'
91 EQUALITY caseIgnoreIA5Match
92 SUBSTR caseIgnoreIA5SubstringsMatch
93 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
95 # fqdn of the server containg the actual user data
96 attributetype ( 1.3.6.1.4.1.19419.1.1.1.1
97 NAME 'kolabHomeServer'
98 DESC 'server which keeps the users mailbox'
99 EQUALITY caseIgnoreIA5Match
100 SUBSTR caseIgnoreIA5SubstringsMatch
101 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
103 # flag for allowing unrestriced length of mails
104 attributetype ( 1.3.6.1.4.1.19419.1.1.1.2
105 NAME 'unrestrictedMailSize'
106 EQUALITY booleanMatch
107 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
109 # allow delegates to act in your name (vacation/secretary boss use case)
110 # we use the syntax of rfc822 email addresses in order identify
111 # users allow to act in the name of others
112 attributetype ( 1.3.6.1.4.1.19419.1.1.1.3
113 NAME 'kolabDelegate'
114 DESC 'Kolab user allowed to act as delegates - RFC822 Mailbox/Alias'
115 EQUALITY caseIgnoreIA5Match
116 SUBSTR caseIgnoreIA5SubstringsMatch
117 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
119 # For user, group and resource Kolab accounts
120 # Describes how to respond to invitations
121 # We keep the attribute as a string, but actually it can only have one
122 # of the following values:
123 #
124 # ACT_ALWAYS_ACCEPT
125 # ACT_ALWAYS_REJECT
126 # ACT_REJECT_IF_CONFLICTS
127 # ACT_MANUAL_IF_CONFLICTS
128 # ACT_MANUAL
129 # In addition one of these values may be prefixed with a primary email
130 # address followed by a colon like
131 # user@domain.tld: ACT_ALWAYS_ACCEPT
132 attributetype ( 1.3.6.1.4.1.19419.1.1.1.4
133 NAME ( 'kolabInvitationPolicy' 'kolabResourceAction' )
134 DESC 'Used by user, group and resource accounts to determine how to respond to invitations'
135 EQUALITY caseIgnoreIA5Match
136 SUBSTR caseIgnoreIA5SubstringsMatch
137 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
139 # time span from now to the future used for the free busy data
140 # measured in days
141 attributetype ( 1.3.6.1.4.1.19419.1.1.1.5
142 NAME 'kolabFreeBusyFuture'
143 DESC 'time in days for fb data towards the future'
144 EQUALITY integerMatch
145 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
147 # time span from now to the past used for the free busy data
148 # measured in days
149 attributetype ( 1.3.6.1.4.1.19419.1.1.1.6
150 NAME 'kolabFreeBusyPast'
151 DESC 'time in days for fb data towards the past'
152 EQUALITY integerMatch
153 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
155 # fqdn of the server as the default SMTP MTA
156 # not used in Kolab 2 currently as in Kolab 2 the
157 # default MTA is equivalent to the kolabHomeServer
158 attributetype ( 1.3.6.1.4.1.19419.1.1.1.7
159 NAME 'kolabHomeMTA'
160 DESC 'fqdn of default MTA'
161 EQUALITY caseIgnoreIA5Match
162 SUBSTR caseIgnoreIA5SubstringsMatch
163 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
165 ######################
166 # postfix attributes #
167 ######################
169 attributetype ( 1.3.6.1.4.1.19414.2.1.501
170 NAME 'postfix-mydomain'
171 EQUALITY caseIgnoreIA5Match
172 SUBSTR caseIgnoreIA5SubstringsMatch
173 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
175 attributetype ( 1.3.6.1.4.1.19414.2.1.502
176 NAME 'postfix-relaydomains'
177 EQUALITY caseIgnoreIA5Match
178 SUBSTR caseIgnoreIA5SubstringsMatch
179 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
181 attributetype ( 1.3.6.1.4.1.19414.2.1.503
182 NAME 'postfix-mydestination'
183 EQUALITY caseIgnoreIA5Match
184 SUBSTR caseIgnoreIA5SubstringsMatch
185 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
187 attributetype ( 1.3.6.1.4.1.19414.2.1.504
188 NAME 'postfix-mynetworks'
189 EQUALITY caseIgnoreIA5Match
190 SUBSTR caseIgnoreIA5SubstringsMatch
191 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
193 attributetype ( 1.3.6.1.4.1.19414.2.1.505
194 NAME 'postfix-relayhost'
195 EQUALITY caseIgnoreIA5Match
196 SUBSTR caseIgnoreIA5SubstringsMatch
197 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
199 attributetype ( 1.3.6.1.4.1.19414.2.1.506
200 NAME 'postfix-transport'
201 EQUALITY caseIgnoreIA5Match
202 SUBSTR caseIgnoreIA5SubstringsMatch
203 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
205 attributetype ( 1.3.6.1.4.1.19414.2.1.507
206 NAME 'postfix-enable-virus-scan'
207 EQUALITY booleanMatch
208 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
210 attributetype ( 1.3.6.1.4.1.19414.2.1.508
211 NAME 'postfix-allow-unauthenticated'
212 EQUALITY booleanMatch
213 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
215 ##########################
216 # cyrus imapd attributes #
217 ##########################
219 attributetype ( 1.3.6.1.4.1.19414.2.1.601
220 NAME 'cyrus-autocreatequota'
221 EQUALITY integerMatch
222 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
224 attributetype ( 1.3.6.1.4.1.19414.2.1.602
225 NAME 'cyrus-admins'
226 EQUALITY caseIgnoreIA5Match
227 SUBSTR caseIgnoreIA5SubstringsMatch
228 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
230 # enable plain imap without ssl
231 attributetype ( 1.3.6.1.4.1.19414.2.1.603
232 NAME 'cyrus-imap'
233 EQUALITY booleanMatch
234 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
236 # enable legacy pop3
237 attributetype ( 1.3.6.1.4.1.19414.2.1.604
238 NAME 'cyrus-pop3'
239 EQUALITY booleanMatch
240 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
242 # user specific quota on the cyrus imap server
243 attributetype ( 1.3.6.1.4.1.19414.2.1.605
244 NAME 'cyrus-userquota'
245 DESC 'Mailbox hard quota limit in MB'
246 EQUALITY integerMatch
247 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
249 # cyrus imapd access control list
250 # acls work with users and groups
251 attributetype ( 1.3.6.1.4.1.19414.2.1.651
252 NAME 'acl'
253 EQUALITY caseIgnoreIA5Match
254 SUBSTR caseIgnoreIA5SubstringsMatch
255 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
257 # enable secure imap
258 attributetype ( 1.3.6.1.4.1.19414.2.1.606
259 NAME 'cyrus-imaps'
260 EQUALITY booleanMatch
261 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
263 # enable secure pop3
264 attributetype ( 1.3.6.1.4.1.19414.2.1.607
265 NAME 'cyrus-pop3s'
266 EQUALITY booleanMatch
267 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
269 # enable sieve support (required for forward and vacation services)
270 attributetype ( 1.3.6.1.4.1.19414.2.1.608
271 NAME 'cyrus-sieve'
272 EQUALITY booleanMatch
273 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
275 # installation wide percentage which determines when to send a
276 # warning to the user
277 attributetype ( 1.3.6.1.4.1.19414.2.1.609
278 NAME 'cyrus-quotawarn'
279 EQUALITY integerMatch
280 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
282 #############################
283 # apache and php attributes #
284 #############################
286 # enable plain http (no ssl)
287 attributetype ( 1.3.6.1.4.1.19414.2.1.701
288 NAME 'apache-http'
289 EQUALITY booleanMatch
290 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
292 # Allow freebusy download without authenticating first
293 attributetype ( 1.3.6.1.4.1.19414.2.1.702
294 NAME 'apache-allow-unauthenticated-fb'
295 EQUALITY booleanMatch
296 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
298 ######################
299 # proftpd attributes #
300 ######################
302 attributetype ( 1.3.6.1.4.1.19414.2.1.901
303 NAME 'proftpd-defaultquota'
304 EQUALITY integerMatch
305 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
307 attributetype ( 1.3.6.1.4.1.19414.2.1.902
308 NAME 'proftpd-ftp'
309 EQUALITY booleanMatch
310 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
312 attributetype ( 1.3.6.1.4.1.19414.2.1.903
313 NAME 'proftpd-userPassword'
314 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
316 ########################
317 # kolab object classes #
318 ########################
320 # main kolab server configuration
321 # storing global values and user specific default values
322 # like kolabFreeBusyFuture and kolabFreeBusyPast
323 objectclass ( 1.3.6.1.4.1.19414.2.2.1
324 NAME 'kolab'
325 DESC 'Kolab server configuration'
326 SUP top STRUCTURAL
327 MUST k
328 MAY ( kolabHost $
329 postfix-mydomain $
330 postfix-relaydomains $
331 postfix-mydestination $
332 postfix-mynetworks $
333 postfix-relayhost $
334 postfix-transport $
335 postfix-enable-virus-scan $
336 postfix-allow-unauthenticated $
337 cyrus-autocreatequota $
338 cyrus-quotawarn $
339 cyrus-autocreatequota $
340 cyrus-admins $
341 cyrus-imap $
342 cyrus-pop3 $
343 cyrus-imaps $
344 cyrus-pop3s $
345 cyrus-sieve $
346 apache-http $
347 apache-allow-unauthenticated-fb $
348 proftpd-ftp $
349 proftpd-defaultquota $
350 kolabFreeBusyFuture $
351 kolabFreeBusyPast $
352 uid $
353 userPassword ) )
355 # shared folders are typically visible to everyone subscribed to
356 # the server without the need for an extra login
357 objectclass ( 1.3.6.1.4.1.19414.2.2.9
358 NAME 'kolabSharedFolder'
359 DESC 'Kolab public shared folder'
360 SUP top STRUCTURAL
361 MUST cn
362 MAY ( acl $
363 cyrus-userquota $
364 kolabHomeServer $
365 kolabDeleteflag ) )
367 # used as a plain node for the LDAP tree. In contrast to unix filesystem directories
368 # LDAP nodes can and often do also have contents/attributes. We use kolabNamedObject
369 # in order to put more structure in the directory tree.
370 objectclass ( 1.3.6.1.4.1.5322.13.1.1
371 NAME 'kolabNamedObject'
372 SUP top STRUCTURAL
373 MAY (cn $ ou) )
375 # kolab account
376 # we use an auxiliary in order to ease integration
377 # with existing inetOrgPerson objects
378 # Please note that userPassword is a may
379 # attribute in the schema but is mandatory for
380 # Kolab
381 objectclass ( 1.3.6.1.4.1.19414.3.2.2
382 NAME 'kolabInetOrgPerson'
383 DESC 'Kolab Internet Organizational Person'
384 SUP top AUXILIARY
385 MAY ( c $
386 alias $
387 kolabHomeServer $
388 kolabHomeMTA $
389 unrestrictedMailSize $
390 kolabDelegate $
391 kolabEncryptedPassword $
392 cyrus-userquota $
393 kolabInvitationPolicy $
394 kolabFreeBusyFuture $
395 calFBURL $
396 kolabDeleteflag ) )
398 # kolab organization with country support
399 objectclass ( 1.3.6.1.4.1.19414.3.2.3
400 NAME 'kolabOrganization'
401 DESC 'RFC2256: a Kolab organization'
402 SUP organization STRUCTURAL
403 MAY ( c $
404 mail $
405 kolabDeleteflag $
406 alias ) )
408 # kolab organizational unit with country support
409 objectclass ( 1.3.6.1.4.1.19414.3.2.4
410 NAME 'kolabOrganizationalUnit'
411 DESC 'a Kolab organizational unit'
412 SUP organizationalUnit STRUCTURAL
413 MAY ( c $
414 mail $
415 kolabDeleteflag $
416 alias ) )
418 # kolab groupOfNames with extra kolabDeleteflag
419 objectclass ( 1.3.6.1.4.1.19414.3.2.5
420 NAME 'kolabGroupOfNames'
421 DESC 'Kolab group of names (DNs) derived from RFC2256'
422 SUP groupOfNames STRUCTURAL
423 MAY kolabDeleteflag )