Added storage RDN properties.

[gosa.git] / gosa-plugins / kolab / contrib / kolab2.schema

# $Id: kolab2.schema,v 1.35 2009/02/09 15:32:37 thomas Exp $
# (c) 2003, 2004 Tassilo Erlewein <tassilo.erlewein@erfrakon.de>
# (c) 2003-2007  Martin Konold <martin.konold@erfrakon.de>
# (c) 2003 Achim Frank <achim.frank@erfrakon.de>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
#
# Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# The name of the author may not be used to endorse or promote products derived
# from this software without specific prior written permission.
#
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

# This schema highly depends on the core.schema, cosine.schema and the inetorgperson.schema
# as provided by 3rd parties like OpenLDAP.
#
# slapd.conf then looks like
# include /kolab/etc/openldap/schema/core.schema
# include /kolab/etc/openldap/schema/cosine.schema
# include /kolab/etc/openldap/schema/inetorgperson.schema
# include /kolab/etc/openldap/schema/rfc2739.schema
# include /kolab/etc/openldap/schema/kolab2.schema

#
####################
# kolab attributes #
####################

# helper attribute to make the kolab root easily findable in 
# a big ldap directory
attributetype ( 1.3.6.1.4.1.19414.2.1.1
  NAME ( 'k' 'kolab' )
  DESC 'Kolab attribute'
  SUP name )

# kolabDeleteflag used to be a boolean but describes with Kolab 2 
# the fqdn of the server which is requested to delete this objects
# in its local store
attributetype ( 1.3.6.1.4.1.19414.2.1.2
  NAME 'kolabDeleteflag'
  DESC 'Per host deletion status'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

# alias used to provide alternative rfc822 email addresses for kolab users
attributetype ( 1.3.6.1.4.1.19414.2.1.3
  NAME 'alias'
  DESC 'RFC1274: RFC822 Mailbox'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

# kolabEncryptedPassword is an asymmetrically (RSA) encrypted copy of the
# cleartext password. This is required in order to pass the password from
# the maintainance/administration application to the kolabHomeServer running the
# resource handler application in a secure manner.
# Actually this attribute is deprecated as of Kolab 2.1. Instead we grant the 
# calendar user dn: cn=calendar,cn=internal,dc=yourcompany,dc=com access to 
# the respective calendar folder using IMAP ACLs.
attributetype ( 1.3.6.1.4.1.19419.2.1.4
  NAME 'kolabEncryptedPassword'
  DESC 'base64 encoded public key encrypted Password'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

# hostname including the domain name like kolab-master.yourcompany.com
attributetype ( 1.3.6.1.4.1.19414.2.1.5
  NAME ( 'fqhostname' 'fqdnhostname' )
  DESC 'Fully qualified Hostname including full domain component'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

# fqdn of all hosts in a multi-location or cluster setup
attributetype ( 1.3.6.1.4.1.19414.2.1.6
  NAME 'kolabHost'
  DESC 'Multivalued -- list of hostnames in a Kolab setup'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

# fqdn of the server containg the actual user mailbox
attributetype ( 1.3.6.1.4.1.19419.1.1.1.1
  NAME 'kolabHomeServer'
  DESC 'server which keeps the users mailbox'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

# flag for allowing unrestriced length of mails
attributetype ( 1.3.6.1.4.1.19419.1.1.1.2
  NAME 'unrestrictedMailSize'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

# Specifies the email delegates.
# An email delegate can send email on behalf of the account  
# which means using the "from" of the account.
# Delegates are specified by the syntax of rfc822 email addresses.
attributetype ( 1.3.6.1.4.1.19419.1.1.1.3
  NAME 'kolabDelegate'
  DESC 'Kolab user allowed to act as delegates - RFC822 Mailbox/Alias'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

# For user, group and resource Kolab accounts
# Describes how to respond to invitations
# We keep the attribute as a string, but actually it can only have one
# of the following values:
#
#  ACT_ALWAYS_ACCEPT
#  ACT_ALWAYS_REJECT
#  ACT_REJECT_IF_CONFLICTS
#  ACT_MANUAL_IF_CONFLICTS
#  ACT_MANUAL
# In addition one of these values may be prefixed with a primary email 
# address followed by a colon like
# user@domain.tld: ACT_ALWAYS_ACCEPT
attributetype ( 1.3.6.1.4.1.19419.1.1.1.4
  NAME ( 'kolabInvitationPolicy' 'kolabResourceAction' )
  DESC 'defines how to respond to invitations'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

# time span from now to the future used for the free busy data
# measured in days
attributetype ( 1.3.6.1.4.1.19419.1.1.1.5
  NAME 'kolabFreeBusyFuture' 
  DESC 'time in days for fb data towards the future'
  EQUALITY integerMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
  SINGLE-VALUE )

# time span from now to the past used for the free busy data
# measured in days
attributetype ( 1.3.6.1.4.1.19419.1.1.1.6
  NAME 'kolabFreeBusyPast'
  DESC 'time in days for fb data towards the past'
  EQUALITY integerMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
  SINGLE-VALUE )

# fqdn of the server as the default SMTP MTA
# not used in Kolab 2 currently as in Kolab 2 the
# default MTA is equivalent to the kolabHomeServer
attributetype ( 1.3.6.1.4.1.19419.1.1.1.7
  NAME 'kolabHomeMTA'
  DESC 'fqdn of default MTA'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
  SINGLE-VALUE )

# Begin date of Kolab vacation period. Sender will
# be notified every kolabVacationResendIntervall days
# that recipient is absent until kolabVacationEnd.
# Values in this syntax are encoded as printable strings,
# represented as specified in X.208.
# Note that the time zone must be specified.
# For Kolab we limit ourself to  GMT
# YYYYMMDDHHMMZ e.g. 200512311458Z.
# see also: rfc 2252.
# Currently this attribute is not used in Kolab.
attributetype ( 1.3.6.1.4.1.19419.1.1.1.8
  NAME 'kolabVacationBeginDateTime'
  DESC 'Begin date of vacation'
  EQUALITY generalizedTimeMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
  SINGLE-VALUE )

# End date of Kolab vacation period. Sender will
# be notified every kolabVacationResendIntervall days
# that recipient is absent starting from kolabVacationBeginDateTime.
# Values in this syntax are encoded as printable strings,
# represented as specified in X.208.
# Note that the time zone must be specified.
# For Kolab we limit ourself to  GMT
# YYYYMMDDHHMMZ e.g. 200601012258Z.
# see also: rfc 2252.
# Currently this attribute is not used in Kolab.
attributetype ( 1.3.6.1.4.1.19419.1.1.1.9
  NAME 'kolabVacationEndDateTime'
  DESC 'End date of vacation'
  EQUALITY generalizedTimeMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
  SINGLE-VALUE )

# Intervall in days after which senders get 
# another vacation message.
# Currently this attribute is not used in Kolab.
attributetype ( 1.3.6.1.4.1.19419.1.1.1.10
  NAME 'kolabVacationResendInterval'
  DESC 'Vacation notice interval in days'
  EQUALITY integerMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
  SINGLE-VALUE )

# Email recipient addresses which are handled by the
# vacation script. There can be multiple kolabVacationAddress
# entries for each kolabInetOrgPerson.
# Default is the primary email address and all
# email aliases of the kolabInetOrgPerson.
# Currently this attribute is not used in Kolab.
attributetype ( 1.3.6.1.4.1.19419.1.1.1.11
  NAME 'kolabVacationAddress'
  DESC 'Email address for vacation to response upon'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

# Enable sending vacation notices in reaction
# unsolicited commercial email.
# Default is no.
# Currently this attribute is not used in Kolab.
attributetype ( 1.3.6.1.4.1.19419.1.1.1.12
  NAME 'kolabVacationReplyToUCE'
  DESC 'Enable vacation notices to UCE'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
  SINGLE-VALUE )

# Email recipient domains which are handled by the
# vacation script. There can be multiple kolabVacationReactDomain
# entries for each kolabInetOrgPerson
# Default is to handle all domains.
# Currently this attribute is not used in Kolab.
attributetype ( 1.3.6.1.4.1.19419.1.1.1.13
  NAME 'kolabVacationReactDomain'
  DESC 'Multivalued -- Email domain for vacation to response upon'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )  

# Forward all incoming emails except UCE if kolabForwardUCE
# is not set to this email address.
# There can be multiple kolabForwardAddress entries for 
# each kolabInetOrgPerson.
# Currently this attribute is not used in Kolab.
attributetype ( 1.3.6.1.4.1.19419.1.1.1.14
  NAME 'kolabForwardAddress'
  DESC 'Forward email to this address'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

# Keep local copy when forwarding emails to list of
# kolabForwardAddress. 
# Default is no.
# Currently this attribute is not used in Kolab.
attributetype ( 1.3.6.1.4.1.19419.1.1.1.15
  NAME 'kolabForwardKeepCopy'
  DESC 'Keep copy when forwarding'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
  SINGLE-VALUE )

# Enable forwarding of UCE. 
# Default is yes.
# Currently this attribute is not used in Kolab.
attributetype ( 1.3.6.1.4.1.19419.1.1.1.16
  NAME 'kolabForwardUCE'
  DESC 'Enable forwarding of mails known as UCE'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 
  SINGLE-VALUE )

# comment when creating or deleting a kolab object
# a comment might be appropriate. This is most useful
# for tracability when users get moved to the graveyard 
# instead of being really deleted. Every entry must be prefixed
# with an ISO 8601 date string e.g 200604301458Z. All times must 
# be in zulu timezone.
attributetype ( 1.3.6.1.4.1.19419.1.1.1.17
  NAME 'kolabComment'
  DESC 'multi-value comment'
  EQUALITY caseIgnoreMatch
  SUBSTR caseIgnoreSubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )

# describes the allowed or disallowed smtp addresses for 
# recipients. If this attribute is not set for a user no
# kolab recipient policy does apply.
# example entries:
# .tld             - allow mail to every recipient for this tld
# domain.tld       - allow mail to everyone in domain.tld
# .domain.tld      - allow mail to everyone in domain.tld and its subdomains
# user@domain.tld  - allow mail to explicit user@domain.tld
# user@            - allow mail to this user but any domain
# -.tld            - disallow mail to every recipient for this tld
# -domain.tld      - disallow mail to everyone in domain.tld
# -.domain.tld     - disallow mail to everyone in domain.tld and its subdomains
# -user@domain.tld - disallow mail to explicit user@domain.tld
# -user@           - disallow mail to this user but any domain
attributetype ( 1.3.6.1.4.1.19419.1.1.1.18
  NAME 'kolabAllowSMTPRecipient'
  DESC 'SMTP address allowed for destination (multi-valued)'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} )

# Create the user mailbox on the kolabHomeServer only.
# Default is no.
attributetype ( 1.3.6.1.4.1.19414.1.1.1.19
  NAME 'kolabHomeServerOnly'
  DESC 'Create the user mailbox on the kolabHomeServer only'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 
  SINGLE-VALUE )

# kolabFolderType describes the kind of Kolab folder
# as defined in the kolab format specification. 
# We will annotate all folders with an entry 
# /vendor/kolab/folder-type containing the attribute 
# value.shared set to: <type>[.<subtype>]. 
# The <type> can be: mail, event, journal, task, note, 
# or contact. The <subtype> for a mail folder can be 
# inbox, drafts, sentitems, or junkemail (this one holds 
# spam mails). For the other <type>s, it can only be 
# default, or not set.  For other types of folders 
# supported by the clients, these should be prefixed with 
# "k-" for KMail, "h-" for Horde and "o-" for Outlook, and 
# look like for example "kolab.o-voicemail". Other third-party
# clients shall use the "x-" prefix.
# We then use the ANNOTATEMORE IMAP extension to 
# associate the folder type with a folder.
attributetype ( 1.3.6.1.4.1.19414.2.1.7
  NAME 'kolabFolderType'
  DESC 'type of a kolab folder'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
  SINGLE-VALUE )

######################
# postfix attributes #
######################

attributetype ( 1.3.6.1.4.1.19414.2.1.501
  NAME 'postfix-mydomain'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

attributetype ( 1.3.6.1.4.1.19414.2.1.502
  NAME 'postfix-relaydomains'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

attributetype ( 1.3.6.1.4.1.19414.2.1.503
  NAME 'postfix-mydestination'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

attributetype ( 1.3.6.1.4.1.19414.2.1.504
  NAME 'postfix-mynetworks'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

attributetype ( 1.3.6.1.4.1.19414.2.1.505
  NAME 'postfix-relayhost'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

attributetype ( 1.3.6.1.4.1.19414.2.1.506
  NAME 'postfix-transport'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

attributetype ( 1.3.6.1.4.1.19414.2.1.507
  NAME 'postfix-enable-virus-scan'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
  SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.19414.2.1.508
  NAME 'postfix-allow-unauthenticated'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 
  SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.19414.2.1.509
  NAME 'postfix-virtual'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

attributetype ( 1.3.6.1.4.1.19414.2.1.510
  NAME 'postfix-relayport'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

attributetype ( 1.3.6.1.4.1.19414.2.1.511
  NAME 'postfix-message-size-limit'
  EQUALITY integerMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )

##########################
# cyrus imapd attributes #
##########################

attributetype ( 1.3.6.1.4.1.19414.2.1.601
  NAME 'cyrus-autocreatequota'
  EQUALITY integerMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
  SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.19414.2.1.602
  NAME 'cyrus-admins'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

# enable plain imap without ssl 
attributetype ( 1.3.6.1.4.1.19414.2.1.603
  NAME 'cyrus-imap'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 
  SINGLE-VALUE )

# enable legacy pop3
attributetype ( 1.3.6.1.4.1.19414.2.1.604
  NAME 'cyrus-pop3'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

# user specific quota on the cyrus imap server
attributetype ( 1.3.6.1.4.1.19414.2.1.605
  NAME 'cyrus-userquota'
  DESC 'Mailbox hard quota limit in MB'
  EQUALITY integerMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )

# cyrus imapd access control list
# acls work with users and groups
#attributetype ( 1.3.6.1.4.1.19414.2.1.651
#  NAME 'acl'
#  EQUALITY caseIgnoreIA5Match
#  SUBSTR caseIgnoreIA5SubstringsMatch
#  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

# enable secure imap 
attributetype ( 1.3.6.1.4.1.19414.2.1.606
  NAME 'cyrus-imaps'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

# enable secure pop3
attributetype ( 1.3.6.1.4.1.19414.2.1.607
  NAME 'cyrus-pop3s'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

# enable sieve support (required for forward and vacation services)
attributetype ( 1.3.6.1.4.1.19414.2.1.608
  NAME 'cyrus-sieve'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

# installation wide percentage which determines when to send a 
# warning to the user
attributetype ( 1.3.6.1.4.1.19414.2.1.609
  NAME 'cyrus-quotawarn'
  EQUALITY integerMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )

# enable smmap support
attributetype ( 1.3.6.1.4.1.19414.2.1.610
  NAME 'cyrus-smmap'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

# enable fulldirhash support
attributetype ( 1.3.6.1.4.1.19414.2.1.611
  NAME 'cyrus-fulldirhash'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

# enable hashimapspool support
attributetype ( 1.3.6.1.4.1.19414.2.1.612
  NAME 'cyrus-hashimapspool'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

# enable squatter support
attributetype ( 1.3.6.1.4.1.19414.2.1.613
  NAME 'cyrus-squatter'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )


#############################
# apache and php attributes #
#############################

# enable plain http (no ssl)
attributetype ( 1.3.6.1.4.1.19414.2.1.701
  NAME 'apache-http'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

# Allow freebusy download without authenticating first
attributetype ( 1.3.6.1.4.1.19414.2.1.702
  NAME 'apache-allow-unauthenticated-fb'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

##########################
# kolabfilter attributes #
##########################

# enable trustable From:
attributetype ( 1.3.6.1.4.1.19414.2.1.750
  NAME 'kolabfilter-verify-from-header'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

# should Sender header be allowed instead of From
# when present?
attributetype ( 1.3.6.1.4.1.19414.2.1.751
  NAME 'kolabfilter-allow-sender-header'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

# Should reject messages with From headers that dont match
# the envelope? Default is to rewrite the header
attributetype ( 1.3.6.1.4.1.19414.2.1.752
  NAME 'kolabfilter-reject-forged-from-header'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

# Enable the Kolab Policy Daemon. If false or not
# set don't use the Kolab Policy Daemon
attributetype ( 1.3.6.1.4.1.19414.2.1.800
  NAME 'kolabPolicyDaemon'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

######################################################
# proftpd attributes (unused since Kolab Server 2.2) #
######################################################

attributetype ( 1.3.6.1.4.1.19414.2.1.901
  NAME 'proftpd-defaultquota'
  EQUALITY integerMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )

attributetype ( 1.3.6.1.4.1.19414.2.1.902
  NAME 'proftpd-ftp'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

attributetype ( 1.3.6.1.4.1.19414.2.1.903
  NAME 'proftpd-userPassword'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

########################
# kolab object classes #
########################

# main kolab server configuration
# storing global values and user specific default values
# like kolabFreeBusyFuture and kolabFreeBusyPast
objectclass ( 1.3.6.1.4.1.19414.2.2.1
  NAME 'kolab'
  DESC 'Kolab server configuration'
  SUP top STRUCTURAL
  MUST k
  MAY ( kolabHost $
        postfix-mydomain $
        postfix-relaydomains $
        postfix-mydestination $
        postfix-mynetworks $
        postfix-relayhost $
        postfix-relayport $
        postfix-transport $
        postfix-virtual $
        postfix-enable-virus-scan $
        postfix-allow-unauthenticated $
        postfix-message-size-limit $
        cyrus-quotawarn $
        cyrus-autocreatequota $
        cyrus-admins $
        cyrus-imap $
        cyrus-pop3 $
        cyrus-imaps $
        cyrus-pop3s $
        cyrus-sieve $
        cyrus-smmap $
        cyrus-fulldirhash $
        cyrus-hashimapspool $
        cyrus-squatter $
        apache-http $
        apache-allow-unauthenticated-fb $
        kolabfilter-verify-from-header $
        kolabfilter-allow-sender-header $
        kolabfilter-reject-forged-from-header $
        kolabPolicyDaemon $
        proftpd-ftp $
        proftpd-defaultquota $
        kolabFreeBusyFuture $
        kolabFreeBusyPast $
        uid $
        userPassword ) )

# public folders are typically visible to everyone subscribed to 
# the server without the need for an extra login. Subfolders are
# defined using the hiarchy seperator '/' e.g. "sf/sub1". Please note
# that the term public folder is prefered to shared folder because 
# normal user mailboxes can also share folders using acls.
objectclass ( 1.3.6.1.4.1.19414.2.2.9 
  NAME 'kolabSharedFolder'
  DESC 'Kolab public shared folder'
  SUP top AUXILIARY
  MUST cn
  MAY ( acl $
        alias $
        cyrus-userquota $
        kolabHomeServer $
        kolabFolderType $
        kolabDeleteflag ) )

# kolabNamedObject is used as a plain node for the LDAP tree. 
# In contrast to unix filesystem directories LDAP nodes can 
# and often do also have contents/attributes. We use the 
# kolabNamedObject in order to put some structure in the 
# LDAP directory tree.
objectclass ( 1.3.6.1.4.1.5322.13.1.1 
  NAME 'kolabNamedObject'
  SUP top STRUCTURAL
  MAY (cn $ ou) )

# kolab account
# we use an auxiliary in order to ease integration
# with existing inetOrgPerson objects
# Please note that userPassword is a may 
# attribute in the schema but is mandatory for
# Kolab 
objectclass ( 1.3.6.1.4.1.19414.3.2.2
  NAME 'kolabInetOrgPerson'
  DESC 'Kolab Internet Organizational Person'
  SUP top AUXILIARY
  MAY ( c $
        alias $
        kolabHomeServer $
        kolabHomeServerOnly $
        kolabHomeMTA $
        unrestrictedMailSize $
        kolabDelegate $
        kolabEncryptedPassword $
        cyrus-userquota $
        kolabInvitationPolicy $
        kolabFreeBusyFuture $
        calFBURL $
        kolabVacationBeginDateTime $
        kolabVacationEndDateTime $
        kolabVacationResendInterval $
        kolabVacationAddress $
        kolabVacationReplyToUCE $
        kolabVacationReactDomain $
        kolabForwardAddress $
        kolabForwardKeepCopy $
        kolabForwardUCE $
        kolabAllowSMTPRecipient $
        kolabDeleteflag $
        kolabComment ) )

# kolab organization with country support
objectclass ( 1.3.6.1.4.1.19414.3.2.3 
  NAME 'kolabOrganization'
  DESC 'RFC2256: a Kolab organization'
  SUP organization STRUCTURAL
  MAY ( c $
        mail $
        kolabDeleteflag $
        alias ) )

# kolab organizational unit with country support
objectclass ( 1.3.6.1.4.1.19414.3.2.4 
  NAME 'kolabOrganizationalUnit'
  DESC 'a Kolab organizational unit'
  SUP organizationalUnit STRUCTURAL
  MAY ( c $
        mail $
        kolabDeleteflag $
        alias ) )

# kolab groupOfNames with extra kolabDeleteflag and the required 
# attribute mail.
# The mail attribute for kolab objects of the type kolabGroupOfNames
# is not arbitrary but MUST be a single attribute of the form
# of an valid SMTP address with the CN as the local part.
# E.g cn@kolabdomain (e.g. employees@mydomain.com). The
# mail attribute MUST be globally unique.
objectclass ( 1.3.6.1.4.1.19414.3.2.5
  NAME 'kolabGroupOfNames'
  DESC 'Kolab group of names (DNs) derived from RFC2256'
  SUP top AUXILIARY
  MAY ( mail $
        kolabDeleteflag $
        member ) )