1 # $Id: kolab2.schema,v 1.35 2009/02/09 15:32:37 thomas Exp $
2 # (c) 2003, 2004 Tassilo Erlewein <tassilo.erlewein@erfrakon.de>
3 # (c) 2003-2007 Martin Konold <martin.konold@erfrakon.de>
4 # (c) 2003 Achim Frank <achim.frank@erfrakon.de>
5 #
6 # Redistribution and use in source and binary forms, with or without
7 # modification, are permitted provided that the following conditions are met:
8 #
9 # Redistributions of source code must retain the above copyright notice, this
10 # list of conditions and the following disclaimer.
11 #
12 # Redistributions in binary form must reproduce the above copyright notice,
13 # this list of conditions and the following disclaimer in the documentation
14 # and/or other materials provided with the distribution.
15 #
16 # The name of the author may not be used to endorse or promote products derived
17 # from this software without specific prior written permission.
18 #
19 #
20 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
21 # WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
22 # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
23 # EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
24 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
26 # OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
27 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
28 # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
29 # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 # This schema highly depends on the core.schema, cosine.schema and the inetorgperson.schema
32 # as provided by 3rd parties like OpenLDAP.
33 #
34 # slapd.conf then looks like
35 # include /kolab/etc/openldap/schema/core.schema
36 # include /kolab/etc/openldap/schema/cosine.schema
37 # include /kolab/etc/openldap/schema/inetorgperson.schema
38 # include /kolab/etc/openldap/schema/rfc2739.schema
39 # include /kolab/etc/openldap/schema/kolab2.schema
41 #
42 ####################
43 # kolab attributes #
44 ####################
46 # helper attribute to make the kolab root easily findable in
47 # a big ldap directory
48 attributetype ( 1.3.6.1.4.1.19414.2.1.1
49 NAME ( 'k' 'kolab' )
50 DESC 'Kolab attribute'
51 SUP name )
53 # kolabDeleteflag used to be a boolean but describes with Kolab 2
54 # the fqdn of the server which is requested to delete this objects
55 # in its local store
56 attributetype ( 1.3.6.1.4.1.19414.2.1.2
57 NAME 'kolabDeleteflag'
58 DESC 'Per host deletion status'
59 EQUALITY caseIgnoreIA5Match
60 SUBSTR caseIgnoreIA5SubstringsMatch
61 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
63 # alias used to provide alternative rfc822 email addresses for kolab users
64 attributetype ( 1.3.6.1.4.1.19414.2.1.3
65 NAME 'alias'
66 DESC 'RFC1274: RFC822 Mailbox'
67 EQUALITY caseIgnoreIA5Match
68 SUBSTR caseIgnoreIA5SubstringsMatch
69 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
71 # kolabEncryptedPassword is an asymmetrically (RSA) encrypted copy of the
72 # cleartext password. This is required in order to pass the password from
73 # the maintainance/administration application to the kolabHomeServer running the
74 # resource handler application in a secure manner.
75 # Actually this attribute is deprecated as of Kolab 2.1. Instead we grant the
76 # calendar user dn: cn=calendar,cn=internal,dc=yourcompany,dc=com access to
77 # the respective calendar folder using IMAP ACLs.
78 attributetype ( 1.3.6.1.4.1.19419.2.1.4
79 NAME 'kolabEncryptedPassword'
80 DESC 'base64 encoded public key encrypted Password'
81 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
83 # hostname including the domain name like kolab-master.yourcompany.com
84 attributetype ( 1.3.6.1.4.1.19414.2.1.5
85 NAME ( 'fqhostname' 'fqdnhostname' )
86 DESC 'Fully qualified Hostname including full domain component'
87 EQUALITY caseIgnoreIA5Match
88 SUBSTR caseIgnoreIA5SubstringsMatch
89 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
91 # fqdn of all hosts in a multi-location or cluster setup
92 attributetype ( 1.3.6.1.4.1.19414.2.1.6
93 NAME 'kolabHost'
94 DESC 'Multivalued -- list of hostnames in a Kolab setup'
95 EQUALITY caseIgnoreIA5Match
96 SUBSTR caseIgnoreIA5SubstringsMatch
97 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
99 # fqdn of the server containg the actual user mailbox
100 attributetype ( 1.3.6.1.4.1.19419.1.1.1.1
101 NAME 'kolabHomeServer'
102 DESC 'server which keeps the users mailbox'
103 EQUALITY caseIgnoreIA5Match
104 SUBSTR caseIgnoreIA5SubstringsMatch
105 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
107 # flag for allowing unrestriced length of mails
108 attributetype ( 1.3.6.1.4.1.19419.1.1.1.2
109 NAME 'unrestrictedMailSize'
110 EQUALITY booleanMatch
111 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
113 # Specifies the email delegates.
114 # An email delegate can send email on behalf of the account
115 # which means using the "from" of the account.
116 # Delegates are specified by the syntax of rfc822 email addresses.
117 attributetype ( 1.3.6.1.4.1.19419.1.1.1.3
118 NAME 'kolabDelegate'
119 DESC 'Kolab user allowed to act as delegates - RFC822 Mailbox/Alias'
120 EQUALITY caseIgnoreIA5Match
121 SUBSTR caseIgnoreIA5SubstringsMatch
122 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
124 # For user, group and resource Kolab accounts
125 # Describes how to respond to invitations
126 # We keep the attribute as a string, but actually it can only have one
127 # of the following values:
128 #
129 # ACT_ALWAYS_ACCEPT
130 # ACT_ALWAYS_REJECT
131 # ACT_REJECT_IF_CONFLICTS
132 # ACT_MANUAL_IF_CONFLICTS
133 # ACT_MANUAL
134 # In addition one of these values may be prefixed with a primary email
135 # address followed by a colon like
136 # user@domain.tld: ACT_ALWAYS_ACCEPT
137 attributetype ( 1.3.6.1.4.1.19419.1.1.1.4
138 NAME ( 'kolabInvitationPolicy' 'kolabResourceAction' )
139 DESC 'defines how to respond to invitations'
140 EQUALITY caseIgnoreIA5Match
141 SUBSTR caseIgnoreIA5SubstringsMatch
142 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
144 # time span from now to the future used for the free busy data
145 # measured in days
146 attributetype ( 1.3.6.1.4.1.19419.1.1.1.5
147 NAME 'kolabFreeBusyFuture'
148 DESC 'time in days for fb data towards the future'
149 EQUALITY integerMatch
150 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
151 SINGLE-VALUE )
153 # time span from now to the past used for the free busy data
154 # measured in days
155 attributetype ( 1.3.6.1.4.1.19419.1.1.1.6
156 NAME 'kolabFreeBusyPast'
157 DESC 'time in days for fb data towards the past'
158 EQUALITY integerMatch
159 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
160 SINGLE-VALUE )
162 # fqdn of the server as the default SMTP MTA
163 # not used in Kolab 2 currently as in Kolab 2 the
164 # default MTA is equivalent to the kolabHomeServer
165 attributetype ( 1.3.6.1.4.1.19419.1.1.1.7
166 NAME 'kolabHomeMTA'
167 DESC 'fqdn of default MTA'
168 EQUALITY caseIgnoreIA5Match
169 SUBSTR caseIgnoreIA5SubstringsMatch
170 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
171 SINGLE-VALUE )
173 # Begin date of Kolab vacation period. Sender will
174 # be notified every kolabVacationResendIntervall days
175 # that recipient is absent until kolabVacationEnd.
176 # Values in this syntax are encoded as printable strings,
177 # represented as specified in X.208.
178 # Note that the time zone must be specified.
179 # For Kolab we limit ourself to GMT
180 # YYYYMMDDHHMMZ e.g. 200512311458Z.
181 # see also: rfc 2252.
182 # Currently this attribute is not used in Kolab.
183 attributetype ( 1.3.6.1.4.1.19419.1.1.1.8
184 NAME 'kolabVacationBeginDateTime'
185 DESC 'Begin date of vacation'
186 EQUALITY generalizedTimeMatch
187 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
188 SINGLE-VALUE )
190 # End date of Kolab vacation period. Sender will
191 # be notified every kolabVacationResendIntervall days
192 # that recipient is absent starting from kolabVacationBeginDateTime.
193 # Values in this syntax are encoded as printable strings,
194 # represented as specified in X.208.
195 # Note that the time zone must be specified.
196 # For Kolab we limit ourself to GMT
197 # YYYYMMDDHHMMZ e.g. 200601012258Z.
198 # see also: rfc 2252.
199 # Currently this attribute is not used in Kolab.
200 attributetype ( 1.3.6.1.4.1.19419.1.1.1.9
201 NAME 'kolabVacationEndDateTime'
202 DESC 'End date of vacation'
203 EQUALITY generalizedTimeMatch
204 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
205 SINGLE-VALUE )
207 # Intervall in days after which senders get
208 # another vacation message.
209 # Currently this attribute is not used in Kolab.
210 attributetype ( 1.3.6.1.4.1.19419.1.1.1.10
211 NAME 'kolabVacationResendInterval'
212 DESC 'Vacation notice interval in days'
213 EQUALITY integerMatch
214 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
215 SINGLE-VALUE )
217 # Email recipient addresses which are handled by the
218 # vacation script. There can be multiple kolabVacationAddress
219 # entries for each kolabInetOrgPerson.
220 # Default is the primary email address and all
221 # email aliases of the kolabInetOrgPerson.
222 # Currently this attribute is not used in Kolab.
223 attributetype ( 1.3.6.1.4.1.19419.1.1.1.11
224 NAME 'kolabVacationAddress'
225 DESC 'Email address for vacation to response upon'
226 EQUALITY caseIgnoreIA5Match
227 SUBSTR caseIgnoreIA5SubstringsMatch
228 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
230 # Enable sending vacation notices in reaction
231 # unsolicited commercial email.
232 # Default is no.
233 # Currently this attribute is not used in Kolab.
234 attributetype ( 1.3.6.1.4.1.19419.1.1.1.12
235 NAME 'kolabVacationReplyToUCE'
236 DESC 'Enable vacation notices to UCE'
237 EQUALITY booleanMatch
238 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
239 SINGLE-VALUE )
241 # Email recipient domains which are handled by the
242 # vacation script. There can be multiple kolabVacationReactDomain
243 # entries for each kolabInetOrgPerson
244 # Default is to handle all domains.
245 # Currently this attribute is not used in Kolab.
246 attributetype ( 1.3.6.1.4.1.19419.1.1.1.13
247 NAME 'kolabVacationReactDomain'
248 DESC 'Multivalued -- Email domain for vacation to response upon'
249 EQUALITY caseIgnoreIA5Match
250 SUBSTR caseIgnoreIA5SubstringsMatch
251 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
253 # Forward all incoming emails except UCE if kolabForwardUCE
254 # is not set to this email address.
255 # There can be multiple kolabForwardAddress entries for
256 # each kolabInetOrgPerson.
257 # Currently this attribute is not used in Kolab.
258 attributetype ( 1.3.6.1.4.1.19419.1.1.1.14
259 NAME 'kolabForwardAddress'
260 DESC 'Forward email to this address'
261 EQUALITY caseIgnoreIA5Match
262 SUBSTR caseIgnoreIA5SubstringsMatch
263 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
265 # Keep local copy when forwarding emails to list of
266 # kolabForwardAddress.
267 # Default is no.
268 # Currently this attribute is not used in Kolab.
269 attributetype ( 1.3.6.1.4.1.19419.1.1.1.15
270 NAME 'kolabForwardKeepCopy'
271 DESC 'Keep copy when forwarding'
272 EQUALITY booleanMatch
273 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
274 SINGLE-VALUE )
276 # Enable forwarding of UCE.
277 # Default is yes.
278 # Currently this attribute is not used in Kolab.
279 attributetype ( 1.3.6.1.4.1.19419.1.1.1.16
280 NAME 'kolabForwardUCE'
281 DESC 'Enable forwarding of mails known as UCE'
282 EQUALITY booleanMatch
283 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
284 SINGLE-VALUE )
286 # comment when creating or deleting a kolab object
287 # a comment might be appropriate. This is most useful
288 # for tracability when users get moved to the graveyard
289 # instead of being really deleted. Every entry must be prefixed
290 # with an ISO 8601 date string e.g 200604301458Z. All times must
291 # be in zulu timezone.
292 attributetype ( 1.3.6.1.4.1.19419.1.1.1.17
293 NAME 'kolabComment'
294 DESC 'multi-value comment'
295 EQUALITY caseIgnoreMatch
296 SUBSTR caseIgnoreSubstringsMatch
297 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
299 # describes the allowed or disallowed smtp addresses for
300 # recipients. If this attribute is not set for a user no
301 # kolab recipient policy does apply.
302 # example entries:
303 # .tld - allow mail to every recipient for this tld
304 # domain.tld - allow mail to everyone in domain.tld
305 # .domain.tld - allow mail to everyone in domain.tld and its subdomains
306 # user@domain.tld - allow mail to explicit user@domain.tld
307 # user@ - allow mail to this user but any domain
308 # -.tld - disallow mail to every recipient for this tld
309 # -domain.tld - disallow mail to everyone in domain.tld
310 # -.domain.tld - disallow mail to everyone in domain.tld and its subdomains
311 # -user@domain.tld - disallow mail to explicit user@domain.tld
312 # -user@ - disallow mail to this user but any domain
313 attributetype ( 1.3.6.1.4.1.19419.1.1.1.18
314 NAME 'kolabAllowSMTPRecipient'
315 DESC 'SMTP address allowed for destination (multi-valued)'
316 EQUALITY caseIgnoreIA5Match
317 SUBSTR caseIgnoreIA5SubstringsMatch
318 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} )
320 # Create the user mailbox on the kolabHomeServer only.
321 # Default is no.
322 attributetype ( 1.3.6.1.4.1.19414.1.1.1.19
323 NAME 'kolabHomeServerOnly'
324 DESC 'Create the user mailbox on the kolabHomeServer only'
325 EQUALITY booleanMatch
326 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
327 SINGLE-VALUE )
329 # kolabFolderType describes the kind of Kolab folder
330 # as defined in the kolab format specification.
331 # We will annotate all folders with an entry
332 # /vendor/kolab/folder-type containing the attribute
333 # value.shared set to: <type>[.<subtype>].
334 # The <type> can be: mail, event, journal, task, note,
335 # or contact. The <subtype> for a mail folder can be
336 # inbox, drafts, sentitems, or junkemail (this one holds
337 # spam mails). For the other <type>s, it can only be
338 # default, or not set. For other types of folders
339 # supported by the clients, these should be prefixed with
340 # "k-" for KMail, "h-" for Horde and "o-" for Outlook, and
341 # look like for example "kolab.o-voicemail". Other third-party
342 # clients shall use the "x-" prefix.
343 # We then use the ANNOTATEMORE IMAP extension to
344 # associate the folder type with a folder.
345 attributetype ( 1.3.6.1.4.1.19414.2.1.7
346 NAME 'kolabFolderType'
347 DESC 'type of a kolab folder'
348 EQUALITY caseIgnoreIA5Match
349 SUBSTR caseIgnoreIA5SubstringsMatch
350 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
351 SINGLE-VALUE )
353 ######################
354 # postfix attributes #
355 ######################
357 attributetype ( 1.3.6.1.4.1.19414.2.1.501
358 NAME 'postfix-mydomain'
359 EQUALITY caseIgnoreIA5Match
360 SUBSTR caseIgnoreIA5SubstringsMatch
361 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
363 attributetype ( 1.3.6.1.4.1.19414.2.1.502
364 NAME 'postfix-relaydomains'
365 EQUALITY caseIgnoreIA5Match
366 SUBSTR caseIgnoreIA5SubstringsMatch
367 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
369 attributetype ( 1.3.6.1.4.1.19414.2.1.503
370 NAME 'postfix-mydestination'
371 EQUALITY caseIgnoreIA5Match
372 SUBSTR caseIgnoreIA5SubstringsMatch
373 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
375 attributetype ( 1.3.6.1.4.1.19414.2.1.504
376 NAME 'postfix-mynetworks'
377 EQUALITY caseIgnoreIA5Match
378 SUBSTR caseIgnoreIA5SubstringsMatch
379 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
381 attributetype ( 1.3.6.1.4.1.19414.2.1.505
382 NAME 'postfix-relayhost'
383 EQUALITY caseIgnoreIA5Match
384 SUBSTR caseIgnoreIA5SubstringsMatch
385 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
387 attributetype ( 1.3.6.1.4.1.19414.2.1.506
388 NAME 'postfix-transport'
389 EQUALITY caseIgnoreIA5Match
390 SUBSTR caseIgnoreIA5SubstringsMatch
391 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
393 attributetype ( 1.3.6.1.4.1.19414.2.1.507
394 NAME 'postfix-enable-virus-scan'
395 EQUALITY booleanMatch
396 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
397 SINGLE-VALUE )
399 attributetype ( 1.3.6.1.4.1.19414.2.1.508
400 NAME 'postfix-allow-unauthenticated'
401 EQUALITY booleanMatch
402 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
403 SINGLE-VALUE )
405 attributetype ( 1.3.6.1.4.1.19414.2.1.509
406 NAME 'postfix-virtual'
407 EQUALITY caseIgnoreIA5Match
408 SUBSTR caseIgnoreIA5SubstringsMatch
409 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
411 attributetype ( 1.3.6.1.4.1.19414.2.1.510
412 NAME 'postfix-relayport'
413 EQUALITY caseIgnoreIA5Match
414 SUBSTR caseIgnoreIA5SubstringsMatch
415 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
417 attributetype ( 1.3.6.1.4.1.19414.2.1.511
418 NAME 'postfix-message-size-limit'
419 EQUALITY integerMatch
420 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
422 ##########################
423 # cyrus imapd attributes #
424 ##########################
426 attributetype ( 1.3.6.1.4.1.19414.2.1.601
427 NAME 'cyrus-autocreatequota'
428 EQUALITY integerMatch
429 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
430 SINGLE-VALUE )
432 attributetype ( 1.3.6.1.4.1.19414.2.1.602
433 NAME 'cyrus-admins'
434 EQUALITY caseIgnoreIA5Match
435 SUBSTR caseIgnoreIA5SubstringsMatch
436 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
438 # enable plain imap without ssl
439 attributetype ( 1.3.6.1.4.1.19414.2.1.603
440 NAME 'cyrus-imap'
441 EQUALITY booleanMatch
442 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
443 SINGLE-VALUE )
445 # enable legacy pop3
446 attributetype ( 1.3.6.1.4.1.19414.2.1.604
447 NAME 'cyrus-pop3'
448 EQUALITY booleanMatch
449 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
451 # user specific quota on the cyrus imap server
452 attributetype ( 1.3.6.1.4.1.19414.2.1.605
453 NAME 'cyrus-userquota'
454 DESC 'Mailbox hard quota limit in MB'
455 EQUALITY integerMatch
456 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
458 # cyrus imapd access control list
459 # acls work with users and groups
460 #attributetype ( 1.3.6.1.4.1.19414.2.1.651
461 # NAME 'acl'
462 # EQUALITY caseIgnoreIA5Match
463 # SUBSTR caseIgnoreIA5SubstringsMatch
464 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
466 # enable secure imap
467 attributetype ( 1.3.6.1.4.1.19414.2.1.606
468 NAME 'cyrus-imaps'
469 EQUALITY booleanMatch
470 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
472 # enable secure pop3
473 attributetype ( 1.3.6.1.4.1.19414.2.1.607
474 NAME 'cyrus-pop3s'
475 EQUALITY booleanMatch
476 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
478 # enable sieve support (required for forward and vacation services)
479 attributetype ( 1.3.6.1.4.1.19414.2.1.608
480 NAME 'cyrus-sieve'
481 EQUALITY booleanMatch
482 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
484 # installation wide percentage which determines when to send a
485 # warning to the user
486 attributetype ( 1.3.6.1.4.1.19414.2.1.609
487 NAME 'cyrus-quotawarn'
488 EQUALITY integerMatch
489 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
491 # enable smmap support
492 attributetype ( 1.3.6.1.4.1.19414.2.1.610
493 NAME 'cyrus-smmap'
494 EQUALITY booleanMatch
495 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
497 # enable fulldirhash support
498 attributetype ( 1.3.6.1.4.1.19414.2.1.611
499 NAME 'cyrus-fulldirhash'
500 EQUALITY booleanMatch
501 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
503 # enable hashimapspool support
504 attributetype ( 1.3.6.1.4.1.19414.2.1.612
505 NAME 'cyrus-hashimapspool'
506 EQUALITY booleanMatch
507 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
509 # enable squatter support
510 attributetype ( 1.3.6.1.4.1.19414.2.1.613
511 NAME 'cyrus-squatter'
512 EQUALITY booleanMatch
513 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
516 #############################
517 # apache and php attributes #
518 #############################
520 # enable plain http (no ssl)
521 attributetype ( 1.3.6.1.4.1.19414.2.1.701
522 NAME 'apache-http'
523 EQUALITY booleanMatch
524 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
526 # Allow freebusy download without authenticating first
527 attributetype ( 1.3.6.1.4.1.19414.2.1.702
528 NAME 'apache-allow-unauthenticated-fb'
529 EQUALITY booleanMatch
530 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
532 ##########################
533 # kolabfilter attributes #
534 ##########################
536 # enable trustable From:
537 attributetype ( 1.3.6.1.4.1.19414.2.1.750
538 NAME 'kolabfilter-verify-from-header'
539 EQUALITY booleanMatch
540 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
542 # should Sender header be allowed instead of From
543 # when present?
544 attributetype ( 1.3.6.1.4.1.19414.2.1.751
545 NAME 'kolabfilter-allow-sender-header'
546 EQUALITY booleanMatch
547 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
549 # Should reject messages with From headers that dont match
550 # the envelope? Default is to rewrite the header
551 attributetype ( 1.3.6.1.4.1.19414.2.1.752
552 NAME 'kolabfilter-reject-forged-from-header'
553 EQUALITY booleanMatch
554 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
556 # Enable the Kolab Policy Daemon. If false or not
557 # set don't use the Kolab Policy Daemon
558 attributetype ( 1.3.6.1.4.1.19414.2.1.800
559 NAME 'kolabPolicyDaemon'
560 EQUALITY booleanMatch
561 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
563 ######################################################
564 # proftpd attributes (unused since Kolab Server 2.2) #
565 ######################################################
567 attributetype ( 1.3.6.1.4.1.19414.2.1.901
568 NAME 'proftpd-defaultquota'
569 EQUALITY integerMatch
570 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
572 attributetype ( 1.3.6.1.4.1.19414.2.1.902
573 NAME 'proftpd-ftp'
574 EQUALITY booleanMatch
575 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
577 attributetype ( 1.3.6.1.4.1.19414.2.1.903
578 NAME 'proftpd-userPassword'
579 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
581 ########################
582 # kolab object classes #
583 ########################
585 # main kolab server configuration
586 # storing global values and user specific default values
587 # like kolabFreeBusyFuture and kolabFreeBusyPast
588 objectclass ( 1.3.6.1.4.1.19414.2.2.1
589 NAME 'kolab'
590 DESC 'Kolab server configuration'
591 SUP top STRUCTURAL
592 MUST k
593 MAY ( kolabHost $
594 postfix-mydomain $
595 postfix-relaydomains $
596 postfix-mydestination $
597 postfix-mynetworks $
598 postfix-relayhost $
599 postfix-relayport $
600 postfix-transport $
601 postfix-virtual $
602 postfix-enable-virus-scan $
603 postfix-allow-unauthenticated $
604 postfix-message-size-limit $
605 cyrus-quotawarn $
606 cyrus-autocreatequota $
607 cyrus-admins $
608 cyrus-imap $
609 cyrus-pop3 $
610 cyrus-imaps $
611 cyrus-pop3s $
612 cyrus-sieve $
613 cyrus-smmap $
614 cyrus-fulldirhash $
615 cyrus-hashimapspool $
616 cyrus-squatter $
617 apache-http $
618 apache-allow-unauthenticated-fb $
619 kolabfilter-verify-from-header $
620 kolabfilter-allow-sender-header $
621 kolabfilter-reject-forged-from-header $
622 kolabPolicyDaemon $
623 proftpd-ftp $
624 proftpd-defaultquota $
625 kolabFreeBusyFuture $
626 kolabFreeBusyPast $
627 uid $
628 userPassword ) )
630 # public folders are typically visible to everyone subscribed to
631 # the server without the need for an extra login. Subfolders are
632 # defined using the hiarchy seperator '/' e.g. "sf/sub1". Please note
633 # that the term public folder is prefered to shared folder because
634 # normal user mailboxes can also share folders using acls.
635 objectclass ( 1.3.6.1.4.1.19414.2.2.9
636 NAME 'kolabSharedFolder'
637 DESC 'Kolab public shared folder'
638 SUP top AUXILIARY
639 MUST cn
640 MAY ( acl $
641 alias $
642 cyrus-userquota $
643 kolabHomeServer $
644 kolabFolderType $
645 kolabDeleteflag ) )
647 # kolabNamedObject is used as a plain node for the LDAP tree.
648 # In contrast to unix filesystem directories LDAP nodes can
649 # and often do also have contents/attributes. We use the
650 # kolabNamedObject in order to put some structure in the
651 # LDAP directory tree.
652 objectclass ( 1.3.6.1.4.1.5322.13.1.1
653 NAME 'kolabNamedObject'
654 SUP top STRUCTURAL
655 MAY (cn $ ou) )
657 # kolab account
658 # we use an auxiliary in order to ease integration
659 # with existing inetOrgPerson objects
660 # Please note that userPassword is a may
661 # attribute in the schema but is mandatory for
662 # Kolab
663 objectclass ( 1.3.6.1.4.1.19414.3.2.2
664 NAME 'kolabInetOrgPerson'
665 DESC 'Kolab Internet Organizational Person'
666 SUP top AUXILIARY
667 MAY ( c $
668 alias $
669 kolabHomeServer $
670 kolabHomeServerOnly $
671 kolabHomeMTA $
672 unrestrictedMailSize $
673 kolabDelegate $
674 kolabEncryptedPassword $
675 cyrus-userquota $
676 kolabInvitationPolicy $
677 kolabFreeBusyFuture $
678 calFBURL $
679 kolabVacationBeginDateTime $
680 kolabVacationEndDateTime $
681 kolabVacationResendInterval $
682 kolabVacationAddress $
683 kolabVacationReplyToUCE $
684 kolabVacationReactDomain $
685 kolabForwardAddress $
686 kolabForwardKeepCopy $
687 kolabForwardUCE $
688 kolabAllowSMTPRecipient $
689 kolabDeleteflag $
690 kolabComment ) )
692 # kolab organization with country support
693 objectclass ( 1.3.6.1.4.1.19414.3.2.3
694 NAME 'kolabOrganization'
695 DESC 'RFC2256: a Kolab organization'
696 SUP organization STRUCTURAL
697 MAY ( c $
698 mail $
699 kolabDeleteflag $
700 alias ) )
702 # kolab organizational unit with country support
703 objectclass ( 1.3.6.1.4.1.19414.3.2.4
704 NAME 'kolabOrganizationalUnit'
705 DESC 'a Kolab organizational unit'
706 SUP organizationalUnit STRUCTURAL
707 MAY ( c $
708 mail $
709 kolabDeleteflag $
710 alias ) )
712 # kolab groupOfNames with extra kolabDeleteflag and the required
713 # attribute mail.
714 # The mail attribute for kolab objects of the type kolabGroupOfNames
715 # is not arbitrary but MUST be a single attribute of the form
716 # of an valid SMTP address with the CN as the local part.
717 # E.g cn@kolabdomain (e.g. employees@mydomain.com). The
718 # mail attribute MUST be globally unique.
719 objectclass ( 1.3.6.1.4.1.19414.3.2.5
720 NAME 'kolabGroupOfNames'
721 DESC 'Kolab group of names (DNs) derived from RFC2256'
722 SUP top AUXILIARY
723 MAY ( mail $
724 kolabDeleteflag $
725 member ) )