1 # $Id: kolab2.schema,v 1.27 2007/10/17 17:57:13 thomas Exp $
2 # (c) 2003, 2004 Tassilo Erlewein <tassilo.erlewein@erfrakon.de>
3 # (c) 2003-2007 Martin Konold <martin.konold@erfrakon.de>
4 # (c) 2003 Achim Frank <achim.frank@erfrakon.de>
5 #
6 # Redistribution and use in source and binary forms, with or without
7 # modification, are permitted provided that the following conditions are met:
8 #
9 # Redistributions of source code must retain the above copyright notice, this
10 # list of conditions and the following disclaimer.
11 #
12 # Redistributions in binary form must reproduce the above copyright notice,
13 # this list of conditions and the following disclaimer in the documentation
14 # and/or other materials provided with the distribution.
15 #
16 # The name of the author may not be used to endorse or promote products derived
17 # from this software without specific prior written permission.
18 #
19 #
20 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
21 # WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
22 # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
23 # EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
24 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
26 # OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
27 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
28 # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
29 # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 # This schema highly depends on the core.schema, cosine.schema and the inetorgperson.schema
32 # as provided by 3rd parties like OpenLDAP.
33 #
34 # slapd.conf then looks like
35 # include /kolab/etc/openldap/schema/core.schema
36 # include /kolab/etc/openldap/schema/cosine.schema
37 # include /kolab/etc/openldap/schema/inetorgperson.schema
38 # include /kolab/etc/openldap/schema/rfc2739.schema
39 # include /kolab/etc/openldap/schema/kolab2.schema
41 #
42 ####################
43 # kolab attributes #
44 ####################
46 # helper attribute to make the kolab root easily findable in
47 # a big ldap directory
48 attributetype ( 1.3.6.1.4.1.19414.2.1.1
49 NAME ( 'k' 'kolab' )
50 DESC 'Kolab attribute'
51 SUP name )
53 # kolabDeleteflag used to be a boolean but describes with Kolab 2
54 # the fqdn of the server which is requested to delete this objects
55 # in its local store
56 attributetype ( 1.3.6.1.4.1.19414.2.1.2
57 NAME 'kolabDeleteflag'
58 DESC 'Per host deletion status'
59 EQUALITY caseIgnoreIA5Match
60 SUBSTR caseIgnoreIA5SubstringsMatch
61 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
63 # alias used to provide alternative rfc822 email addresses for kolab users
64 attributetype ( 1.3.6.1.4.1.19414.2.1.3
65 NAME 'alias'
66 DESC 'RFC1274: RFC822 Mailbox'
67 EQUALITY caseIgnoreIA5Match
68 SUBSTR caseIgnoreIA5SubstringsMatch
69 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
71 # kolabEncryptedPassword is an asymmetrically (RSA) encrypted copy of the
72 # cleartext password. This is required in order to pass the password from
73 # the maintainance/administration application to the kolabHomeServer running the
74 # resource handler application in a secure manner.
75 # Actually this attribute is deprecated as of Kolab 2.1. Instead we grant the
76 # calendar user dn: cn=calendar,cn=internal,dc=yourcompany,dc=com access to
77 # the respective calendar folder using IMAP ACLs.
78 attributetype ( 1.3.6.1.4.1.19419.2.1.4
79 NAME 'kolabEncryptedPassword'
80 DESC 'base64 encoded public key encrypted Password'
81 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
83 # hostname including the domain name like kolab-master.yourcompany.com
84 attributetype ( 1.3.6.1.4.1.19414.2.1.5
85 NAME ( 'fqhostname' 'fqdnhostname' )
86 DESC 'Fully qualified Hostname including full domain component'
87 EQUALITY caseIgnoreIA5Match
88 SUBSTR caseIgnoreIA5SubstringsMatch
89 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
91 # fqdn of all hosts in a multi-location or cluster setup
92 attributetype ( 1.3.6.1.4.1.19414.2.1.6
93 NAME 'kolabHost'
94 DESC 'Multivalued -- list of hostnames in a Kolab setup'
95 EQUALITY caseIgnoreIA5Match
96 SUBSTR caseIgnoreIA5SubstringsMatch
97 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
99 # fqdn of the server containg the actual user mailbox
100 attributetype ( 1.3.6.1.4.1.19419.1.1.1.1
101 NAME 'kolabHomeServer'
102 DESC 'server which keeps the users mailbox'
103 EQUALITY caseIgnoreIA5Match
104 SUBSTR caseIgnoreIA5SubstringsMatch
105 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
107 # flag for allowing unrestriced length of mails
108 attributetype ( 1.3.6.1.4.1.19419.1.1.1.2
109 NAME 'unrestrictedMailSize'
110 EQUALITY booleanMatch
111 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
113 # Specifies the email delegates.
114 # An email delegate can send email on behalf of the account
115 # which means using the "from" of the account.
116 # Delegates are specified by the syntax of rfc822 email addresses.
117 attributetype ( 1.3.6.1.4.1.19419.1.1.1.3
118 NAME 'kolabDelegate'
119 DESC 'Kolab user allowed to act as delegates - RFC822 Mailbox/Alias'
120 EQUALITY caseIgnoreIA5Match
121 SUBSTR caseIgnoreIA5SubstringsMatch
122 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
124 # For user, group and resource Kolab accounts
125 # Describes how to respond to invitations
126 # We keep the attribute as a string, but actually it can only have one
127 # of the following values:
128 #
129 # ACT_ALWAYS_ACCEPT
130 # ACT_ALWAYS_REJECT
131 # ACT_REJECT_IF_CONFLICTS
132 # ACT_MANUAL_IF_CONFLICTS
133 # ACT_MANUAL
134 # In addition one of these values may be prefixed with a primary email
135 # address followed by a colon like
136 # user@domain.tld: ACT_ALWAYS_ACCEPT
137 attributetype ( 1.3.6.1.4.1.19419.1.1.1.4
138 NAME ( 'kolabInvitationPolicy' 'kolabResourceAction' )
139 DESC 'defines how to respond to invitations'
140 EQUALITY caseIgnoreIA5Match
141 SUBSTR caseIgnoreIA5SubstringsMatch
142 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
144 # time span from now to the future used for the free busy data
145 # measured in days
146 attributetype ( 1.3.6.1.4.1.19419.1.1.1.5
147 NAME 'kolabFreeBusyFuture'
148 DESC 'time in days for fb data towards the future'
149 EQUALITY integerMatch
150 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
151 SINGLE-VALUE )
153 # time span from now to the past used for the free busy data
154 # measured in days
155 attributetype ( 1.3.6.1.4.1.19419.1.1.1.6
156 NAME 'kolabFreeBusyPast'
157 DESC 'time in days for fb data towards the past'
158 EQUALITY integerMatch
159 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
160 SINGLE-VALUE )
162 # fqdn of the server as the default SMTP MTA
163 # not used in Kolab 2 currently as in Kolab 2 the
164 # default MTA is equivalent to the kolabHomeServer
165 attributetype ( 1.3.6.1.4.1.19419.1.1.1.7
166 NAME 'kolabHomeMTA'
167 DESC 'fqdn of default MTA'
168 EQUALITY caseIgnoreIA5Match
169 SUBSTR caseIgnoreIA5SubstringsMatch
170 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
171 SINGLE-VALUE )
173 # Begin date of Kolab vacation period. Sender will
174 # be notified every kolabVacationResendIntervall days
175 # that recipient is absent until kolabVacationEnd.
176 # Values in this syntax are encoded as printable strings,
177 # represented as specified in X.208.
178 # Note that the time zone must be specified.
179 # For Kolab we limit ourself to GMT
180 # YYYYMMDDHHMMZ e.g. 200512311458Z.
181 # see also: rfc 2252.
182 # Currently this attribute is not used in Kolab.
183 attributetype ( 1.3.6.1.4.1.19419.1.1.1.8
184 NAME 'kolabVacationBeginDateTime'
185 DESC 'Begin date of vacation'
186 EQUALITY generalizedTimeMatch
187 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
188 SINGLE-VALUE )
190 # End date of Kolab vacation period. Sender will
191 # be notified every kolabVacationResendIntervall days
192 # that recipient is absent starting from kolabVacationBeginDateTime.
193 # Values in this syntax are encoded as printable strings,
194 # represented as specified in X.208.
195 # Note that the time zone must be specified.
196 # For Kolab we limit ourself to GMT
197 # YYYYMMDDHHMMZ e.g. 200601012258Z.
198 # see also: rfc 2252.
199 # Currently this attribute is not used in Kolab.
200 attributetype ( 1.3.6.1.4.1.19419.1.1.1.9
201 NAME 'kolabVacationEndDateTime'
202 DESC 'End date of vacation'
203 EQUALITY generalizedTimeMatch
204 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
205 SINGLE-VALUE )
207 # Intervall in days after which senders get
208 # another vacation message.
209 # Currently this attribute is not used in Kolab.
210 attributetype ( 1.3.6.1.4.1.19419.1.1.1.10
211 NAME 'kolabVacationResendInterval'
212 DESC 'Vacation notice interval in days'
213 EQUALITY integerMatch
214 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
215 SINGLE-VALUE )
217 # Email recipient addresses which are handled by the
218 # vacation script. There can be multiple kolabVacationAddress
219 # entries for each kolabInetOrgPerson.
220 # Default is the primary email address and all
221 # email aliases of the kolabInetOrgPerson.
222 # Currently this attribute is not used in Kolab.
223 attributetype ( 1.3.6.1.4.1.19419.1.1.1.11
224 NAME 'kolabVacationAddress'
225 DESC 'Email address for vacation to response upon'
226 EQUALITY caseIgnoreIA5Match
227 SUBSTR caseIgnoreIA5SubstringsMatch
228 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
230 # Enable sending vacation notices in reaction
231 # unsolicited commercial email.
232 # Default is no.
233 # Currently this attribute is not used in Kolab.
234 attributetype ( 1.3.6.1.4.1.19419.1.1.1.12
235 NAME 'kolabVacationReplyToUCE'
236 DESC 'Enable vacation notices to UCE'
237 EQUALITY booleanMatch
238 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
239 SINGLE-VALUE )
241 # Email recipient domains which are handled by the
242 # vacation script. There can be multiple kolabVacationReactDomain
243 # entries for each kolabInetOrgPerson
244 # Default is to handle all domains.
245 # Currently this attribute is not used in Kolab.
246 attributetype ( 1.3.6.1.4.1.19419.1.1.1.13
247 NAME 'kolabVacationReactDomain'
248 DESC 'Multivalued -- Email domain for vacation to response upon'
249 EQUALITY caseIgnoreIA5Match
250 SUBSTR caseIgnoreIA5SubstringsMatch
251 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
253 # Forward all incoming emails except UCE if kolabForwardUCE
254 # is not set to this email address.
255 # There can be multiple kolabForwardAddress entries for
256 # each kolabInetOrgPerson.
257 # Currently this attribute is not used in Kolab.
258 attributetype ( 1.3.6.1.4.1.19419.1.1.1.14
259 NAME 'kolabForwardAddress'
260 DESC 'Forward email to this address'
261 EQUALITY caseIgnoreIA5Match
262 SUBSTR caseIgnoreIA5SubstringsMatch
263 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
265 # Keep local copy when forwarding emails to list of
266 # kolabForwardAddress.
267 # Default is no.
268 # Currently this attribute is not used in Kolab.
269 attributetype ( 1.3.6.1.4.1.19419.1.1.1.15
270 NAME 'kolabForwardKeepCopy'
271 DESC 'Keep copy when forwarding'
272 EQUALITY booleanMatch
273 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
274 SINGLE-VALUE )
276 # Enable forwarding of UCE.
277 # Default is yes.
278 # Currently this attribute is not used in Kolab.
279 attributetype ( 1.3.6.1.4.1.19419.1.1.1.16
280 NAME 'kolabForwardUCE'
281 DESC 'Enable forwarding of mails known as UCE'
282 EQUALITY booleanMatch
283 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
284 SINGLE-VALUE )
286 # comment when creating or deleting a kolab object
287 # a comment might be appropriate. This is most useful
288 # for tracability when users get moved to the graveyard
289 # instead of being really deleted. Every entry must be prefixed
290 # with an ISO 8601 date string e.g 200604301458Z. All times must
291 # be in zulu timezone.
292 attributetype ( 1.3.6.1.4.1.19419.1.1.1.17
293 NAME 'kolabComment'
294 DESC 'multi-value comment'
295 EQUALITY caseIgnoreMatch
296 SUBSTR caseIgnoreSubstringsMatch
297 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
299 # describes the allowed or disallowed smtp addresses for
300 # recipients. If this attribute is not set for a user no
301 # kolab recipient policy does apply.
302 # example entries:
303 # .tld - allow mail to every recipient for this tld
304 # domain.tld - allow mail to everyone in domain.tld
305 # .domain.tld - allow mail to everyone in domain.tld and its subdomains
306 # user@domain.tld - allow mail to explicit user@domain.tld
307 # user@ - allow mail to this user but any domain
308 # -.tld - disallow mail to every recipient for this tld
309 # -domain.tld - disallow mail to everyone in domain.tld
310 # -.domain.tld - disallow mail to everyone in domain.tld and its subdomains
311 # -user@domain.tld - disallow mail to explicit user@domain.tld
312 # -user@ - disallow mail to this user but any domain
313 attributetype ( 1.3.6.1.4.1.19419.1.1.1.18
314 NAME 'kolabAllowSMTPRecipient'
315 DESC 'SMTP address allowed for destination (multi-valued)'
316 EQUALITY caseIgnoreIA5Match
317 SUBSTR caseIgnoreIA5SubstringsMatch
318 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} )
320 # kolabFolderType describes the kind of Kolab folder
321 # as defined in the kolab format specification.
322 # We will annotate all folders with an entry
323 # /vendor/kolab/folder-type containing the attribute
324 # value.shared set to: <type>[.<subtype>].
325 # The <type> can be: mail, event, journal, task, note,
326 # or contact. The <subtype> for a mail folder can be
327 # inbox, drafts, sentitems, or junkemail (this one holds
328 # spam mails). For the other <type>s, it can only be
329 # default, or not set. For other types of folders
330 # supported by the clients, these should be prefixed with
331 # "k-" for KMail, "h-" for Horde and "o-" for Outlook, and
332 # look like for example "kolab.o-voicemail". Other third-party
333 # clients shall use the "x-" prefix.
334 # We then use the ANNOTATEMORE IMAP extension to
335 # associate the folder type with a folder.
336 attributetype ( 1.3.6.1.4.1.19414.2.1.7
337 NAME 'kolabFolderType'
338 DESC 'type of a kolab folder'
339 EQUALITY caseIgnoreIA5Match
340 SUBSTR caseIgnoreIA5SubstringsMatch
341 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
342 SINGLE-VALUE )
344 ######################
345 # postfix attributes #
346 ######################
348 attributetype ( 1.3.6.1.4.1.19414.2.1.501
349 NAME 'postfix-mydomain'
350 EQUALITY caseIgnoreIA5Match
351 SUBSTR caseIgnoreIA5SubstringsMatch
352 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
354 attributetype ( 1.3.6.1.4.1.19414.2.1.502
355 NAME 'postfix-relaydomains'
356 EQUALITY caseIgnoreIA5Match
357 SUBSTR caseIgnoreIA5SubstringsMatch
358 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
360 attributetype ( 1.3.6.1.4.1.19414.2.1.503
361 NAME 'postfix-mydestination'
362 EQUALITY caseIgnoreIA5Match
363 SUBSTR caseIgnoreIA5SubstringsMatch
364 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
366 attributetype ( 1.3.6.1.4.1.19414.2.1.504
367 NAME 'postfix-mynetworks'
368 EQUALITY caseIgnoreIA5Match
369 SUBSTR caseIgnoreIA5SubstringsMatch
370 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
372 attributetype ( 1.3.6.1.4.1.19414.2.1.505
373 NAME 'postfix-relayhost'
374 EQUALITY caseIgnoreIA5Match
375 SUBSTR caseIgnoreIA5SubstringsMatch
376 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
378 attributetype ( 1.3.6.1.4.1.19414.2.1.506
379 NAME 'postfix-transport'
380 EQUALITY caseIgnoreIA5Match
381 SUBSTR caseIgnoreIA5SubstringsMatch
382 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
384 attributetype ( 1.3.6.1.4.1.19414.2.1.507
385 NAME 'postfix-enable-virus-scan'
386 EQUALITY booleanMatch
387 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
388 SINGLE-VALUE )
390 attributetype ( 1.3.6.1.4.1.19414.2.1.508
391 NAME 'postfix-allow-unauthenticated'
392 EQUALITY booleanMatch
393 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
394 SINGLE-VALUE )
396 attributetype ( 1.3.6.1.4.1.19414.2.1.509
397 NAME 'postfix-virtual'
398 EQUALITY caseIgnoreIA5Match
399 SUBSTR caseIgnoreIA5SubstringsMatch
400 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
402 attributetype ( 1.3.6.1.4.1.19414.2.1.510
403 NAME 'postfix-relayport'
404 EQUALITY caseIgnoreIA5Match
405 SUBSTR caseIgnoreIA5SubstringsMatch
406 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
408 ##########################
409 # cyrus imapd attributes #
410 ##########################
412 attributetype ( 1.3.6.1.4.1.19414.2.1.601
413 NAME 'cyrus-autocreatequota'
414 EQUALITY integerMatch
415 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
416 SINGLE-VALUE )
418 attributetype ( 1.3.6.1.4.1.19414.2.1.602
419 NAME 'cyrus-admins'
420 EQUALITY caseIgnoreIA5Match
421 SUBSTR caseIgnoreIA5SubstringsMatch
422 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
424 # enable plain imap without ssl
425 attributetype ( 1.3.6.1.4.1.19414.2.1.603
426 NAME 'cyrus-imap'
427 EQUALITY booleanMatch
428 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
429 SINGLE-VALUE )
431 # enable legacy pop3
432 attributetype ( 1.3.6.1.4.1.19414.2.1.604
433 NAME 'cyrus-pop3'
434 EQUALITY booleanMatch
435 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
437 # user specific quota on the cyrus imap server
438 attributetype ( 1.3.6.1.4.1.19414.2.1.605
439 NAME 'cyrus-userquota'
440 DESC 'Mailbox hard quota limit in MB'
441 EQUALITY integerMatch
442 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
444 # cyrus imapd access control list
445 # acls work with users and groups
446 #attributetype ( 1.3.6.1.4.1.19414.2.1.651
447 # NAME 'acl'
448 # EQUALITY caseIgnoreIA5Match
449 # SUBSTR caseIgnoreIA5SubstringsMatch
450 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
452 # enable secure imap
453 attributetype ( 1.3.6.1.4.1.19414.2.1.606
454 NAME 'cyrus-imaps'
455 EQUALITY booleanMatch
456 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
458 # enable secure pop3
459 attributetype ( 1.3.6.1.4.1.19414.2.1.607
460 NAME 'cyrus-pop3s'
461 EQUALITY booleanMatch
462 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
464 # enable sieve support (required for forward and vacation services)
465 attributetype ( 1.3.6.1.4.1.19414.2.1.608
466 NAME 'cyrus-sieve'
467 EQUALITY booleanMatch
468 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
470 # installation wide percentage which determines when to send a
471 # warning to the user
472 attributetype ( 1.3.6.1.4.1.19414.2.1.609
473 NAME 'cyrus-quotawarn'
474 EQUALITY integerMatch
475 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
477 #############################
478 # apache and php attributes #
479 #############################
481 # enable plain http (no ssl)
482 attributetype ( 1.3.6.1.4.1.19414.2.1.701
483 NAME 'apache-http'
484 EQUALITY booleanMatch
485 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
487 # Allow freebusy download without authenticating first
488 attributetype ( 1.3.6.1.4.1.19414.2.1.702
489 NAME 'apache-allow-unauthenticated-fb'
490 EQUALITY booleanMatch
491 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
493 ##########################
494 # kolabfilter attributes #
495 ##########################
497 # enable trustable From:
498 attributetype ( 1.3.6.1.4.1.19414.2.1.750
499 NAME 'kolabfilter-verify-from-header'
500 EQUALITY booleanMatch
501 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
503 # should Sender header be allowed instead of From
504 # when present?
505 attributetype ( 1.3.6.1.4.1.19414.2.1.751
506 NAME 'kolabfilter-allow-sender-header'
507 EQUALITY booleanMatch
508 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
510 # Should reject messages with From headers that dont match
511 # the envelope? Default is to rewrite the header
512 attributetype ( 1.3.6.1.4.1.19414.2.1.752
513 NAME 'kolabfilter-reject-forged-from-header'
514 EQUALITY booleanMatch
515 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
517 # Enable the Kolab Policy Daemon. If false or not
518 # set don't use the Kolab Policy Daemon
519 attributetype ( 1.3.6.1.4.1.19414.2.1.800
520 NAME 'kolabPolicyDaemon'
521 EQUALITY booleanMatch
522 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
524 ######################################################
525 # proftpd attributes (unused since Kolab Server 2.2) #
526 ######################################################
528 attributetype ( 1.3.6.1.4.1.19414.2.1.901
529 NAME 'proftpd-defaultquota'
530 EQUALITY integerMatch
531 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
533 attributetype ( 1.3.6.1.4.1.19414.2.1.902
534 NAME 'proftpd-ftp'
535 EQUALITY booleanMatch
536 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
538 attributetype ( 1.3.6.1.4.1.19414.2.1.903
539 NAME 'proftpd-userPassword'
540 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
542 ########################
543 # kolab object classes #
544 ########################
546 # main kolab server configuration
547 # storing global values and user specific default values
548 # like kolabFreeBusyFuture and kolabFreeBusyPast
549 objectclass ( 1.3.6.1.4.1.19414.2.2.1
550 NAME 'kolab'
551 DESC 'Kolab server configuration'
552 SUP top STRUCTURAL
553 MUST k
554 MAY ( kolabHost $
555 postfix-mydomain $
556 postfix-relaydomains $
557 postfix-mydestination $
558 postfix-mynetworks $
559 postfix-relayhost $
560 postfix-relayport $
561 postfix-transport $
562 postfix-virtual $
563 postfix-enable-virus-scan $
564 postfix-allow-unauthenticated $
565 cyrus-quotawarn $
566 cyrus-autocreatequota $
567 cyrus-admins $
568 cyrus-imap $
569 cyrus-pop3 $
570 cyrus-imaps $
571 cyrus-pop3s $
572 cyrus-sieve $
573 apache-http $
574 apache-allow-unauthenticated-fb $
575 kolabfilter-verify-from-header $
576 kolabfilter-allow-sender-header $
577 kolabfilter-reject-forged-from-header $
578 kolabPolicyDaemon $
579 proftpd-ftp $
580 proftpd-defaultquota $
581 kolabFreeBusyFuture $
582 kolabFreeBusyPast $
583 uid $
584 userPassword ) )
586 # public folders are typically visible to everyone subscribed to
587 # the server without the need for an extra login. Subfolders are
588 # defined using the hiarchy seperator '/' e.g. "sf/sub1". Please note
589 # that the term public folder is prefered to shared folder because
590 # normal user mailboxes can also share folders using acls.
591 objectclass ( 1.3.6.1.4.1.19414.2.2.9
592 NAME 'kolabSharedFolder'
593 DESC 'Kolab public shared folder'
594 SUP top AUXILIARY
595 MUST cn
596 MAY ( acl $
597 alias $
598 cyrus-userquota $
599 kolabHomeServer $
600 kolabFolderType $
601 kolabDeleteflag ) )
603 # kolabNamedObject is used as a plain node for the LDAP tree.
604 # In contrast to unix filesystem directories LDAP nodes can
605 # and often do also have contents/attributes. We use the
606 # kolabNamedObject in order to put some structure in the
607 # LDAP directory tree.
608 objectclass ( 1.3.6.1.4.1.5322.13.1.1
609 NAME 'kolabNamedObject'
610 SUP top STRUCTURAL
611 MAY (cn $ ou) )
613 # kolab account
614 # we use an auxiliary in order to ease integration
615 # with existing inetOrgPerson objects
616 # Please note that userPassword is a may
617 # attribute in the schema but is mandatory for
618 # Kolab
619 objectclass ( 1.3.6.1.4.1.19414.3.2.2
620 NAME 'kolabInetOrgPerson'
621 DESC 'Kolab Internet Organizational Person'
622 SUP top AUXILIARY
623 MAY ( c $
624 alias $
625 kolabHomeServer $
626 kolabHomeMTA $
627 unrestrictedMailSize $
628 kolabDelegate $
629 kolabEncryptedPassword $
630 cyrus-userquota $
631 kolabInvitationPolicy $
632 kolabFreeBusyFuture $
633 calFBURL $
634 kolabVacationBeginDateTime $
635 kolabVacationEndDateTime $
636 kolabVacationResendInterval $
637 kolabVacationAddress $
638 kolabVacationReplyToUCE $
639 kolabVacationReactDomain $
640 kolabForwardAddress $
641 kolabForwardKeepCopy $
642 kolabForwardUCE $
643 kolabAllowSMTPRecipient $
644 kolabDeleteflag $
645 kolabComment ) )
647 # kolab organization with country support
648 objectclass ( 1.3.6.1.4.1.19414.3.2.3
649 NAME 'kolabOrganization'
650 DESC 'RFC2256: a Kolab organization'
651 SUP organization STRUCTURAL
652 MAY ( c $
653 mail $
654 kolabDeleteflag $
655 alias ) )
657 # kolab organizational unit with country support
658 objectclass ( 1.3.6.1.4.1.19414.3.2.4
659 NAME 'kolabOrganizationalUnit'
660 DESC 'a Kolab organizational unit'
661 SUP organizationalUnit STRUCTURAL
662 MAY ( c $
663 mail $
664 kolabDeleteflag $
665 alias ) )
667 # kolab groupOfNames with extra kolabDeleteflag and the required
668 # attribute mail.
669 # The mail attribute for kolab objects of the type kolabGroupOfNames
670 # is not arbitrary but MUST be a single attribute of the form
671 # of an valid SMTP address with the CN as the local part.
672 # E.g cn@kolabdomain (e.g. employees@mydomain.com). The
673 # mail attribute MUST be globally unique.
674 objectclass ( 1.3.6.1.4.1.19414.3.2.5
675 NAME 'kolabGroupOfNames'
676 DESC 'Kolab group of names (DNs) derived from RFC2256'
677 SUP top AUXILIARY
678 MAY ( mail $
679 kolabDeleteflag $
680 member ) )