From fb0f3bb47da5184f7f3708bf0b06b5a1db9719d8 Mon Sep 17 00:00:00 2001 From: cajus Date: Wed, 22 Jun 2005 16:04:13 +0000 Subject: [PATCH] Modified schema files to make GOsa and Kolab style more compatible: * moved to SUP groupOfNames instead of SUP top for gosaGroupOfNames * made kolabGroupOfNames SUP gosaGroupOfNames * made kolabSharedFolder SUP posixGroup to fit our concepts git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@806 594d385d-05f5-0310-b6e9-bd551577e9d8 --- contrib/openldap/gosa+samba3.schema | 5 +- contrib/openldap/gosa.schema | 5 +- contrib/openldap/kolab2.schema | 189 +++++++++++++++++++++++++--- 3 files changed, 176 insertions(+), 23 deletions(-) diff --git a/contrib/openldap/gosa+samba3.schema b/contrib/openldap/gosa+samba3.schema index e32e3bcaa..d4689c47a 100644 --- a/contrib/openldap/gosa+samba3.schema +++ b/contrib/openldap/gosa+samba3.schema @@ -266,9 +266,8 @@ objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.11 NAME 'gosaUserTemplate' SUP top AUXI objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.12 NAME 'gosaGroupOfNames' DESC 'GOsa object grouping (v2.4)' - SUP top STRUCTURAL - MUST ( cn $ gosaGroupObjects ) - MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description $ member ) ) + SUP groupOfNames STRUCTURAL + MUST ( cn $ gosaGroupObjects )) objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.13 NAME 'gosaWebdavAccount' DESC 'GOsa webdav enabling account (v2.4)' diff --git a/contrib/openldap/gosa.schema b/contrib/openldap/gosa.schema index cc6724876..778ad5676 100644 --- a/contrib/openldap/gosa.schema +++ b/contrib/openldap/gosa.schema @@ -265,9 +265,8 @@ objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.11 NAME 'gosaUserTemplate' SUP top AUXI objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.12 NAME 'gosaGroupOfNames' DESC 'GOsa object grouping (v2.4)' - SUP top STRUCTURAL - MUST ( cn $ gosaGroupObjects ) - MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description $ member ) ) + SUP groupOfNames STRUCTURAL + MUST ( cn $ gosaGroupObjects )) objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.13 NAME 'gosaWebdavAccount' DESC 'GOsa webdav enabling account (v2.4)' diff --git a/contrib/openldap/kolab2.schema b/contrib/openldap/kolab2.schema index d4f9633e3..769ce1ba9 100644 --- a/contrib/openldap/kolab2.schema +++ b/contrib/openldap/kolab2.schema @@ -1,4 +1,4 @@ -# $Id: kolab2.schema,v 1.5 2005/03/18 00:29:24 martin Exp $ +# $Id: kolab2.schema,v 1.12 2005/06/11 16:40:23 martin Exp $ # (c) 2003, 2004 Tassilo Erlewein # (c) 2003, 2004 Martin Konold # (c) 2003 Achim Frank @@ -106,9 +106,10 @@ attributetype ( 1.3.6.1.4.1.19419.1.1.1.2 EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) -# allow delegates to act in your name (vacation/secretary boss use case) -# we use the syntax of rfc822 email addresses in order identify -# users allow to act in the name of others +# Specifies the email delegates. +# An email delegate can send email on behalf of the account +# which means using the "from" of the account. +# Delegates are specified by the syntax of rfc822 email addresses. attributetype ( 1.3.6.1.4.1.19419.1.1.1.3 NAME 'kolabDelegate' DESC 'Kolab user allowed to act as delegates - RFC822 Mailbox/Alias' @@ -162,6 +163,113 @@ attributetype ( 1.3.6.1.4.1.19419.1.1.1.7 SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) +# Begin date of Kolab vacation period. Sender will +# be notified every kolabVacationResendIntervall days +# that recipient is absent until kolabVacationEnd. +# Values in this syntax are encoded as printable strings, +# represented as specified in X.208. +# Note that the time zone must be specified. +# For Kolab we limit ourself to GMT +# YYYYMMDDHHMMZ e.g. 200512311458Z. +# see also: rfc 2252. +# Currently this attribute is not used in Kolab. +attributetype ( 1.3.6.1.4.1.19419.1.1.1.8 + NAME 'kolabVacationBeginDateTime' + DESC 'Begin date of vacation' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) + +# End date of Kolab vacation period. Sender will +# be notified every kolabVacationResendIntervall days +# that recipient is absent starting from kolabVacationBeginDateTime. +# Values in this syntax are encoded as printable strings, +# represented as specified in X.208. +# Note that the time zone must be specified. +# For Kolab we limit ourself to GMT +# YYYYMMDDHHMMZ e.g. 200601012258Z. +# see also: rfc 2252. +# Currently this attribute is not used in Kolab. +attributetype ( 1.3.6.1.4.1.19419.1.1.1.9 + NAME 'kolabVacationEndDateTime' + DESC 'End date of vacation' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) + +# Intervall in days after which senders get +# another vacation message. +# Currently this attribute is not used in Kolab. +attributetype ( 1.3.6.1.4.1.19419.1.1.1.10 + NAME 'kolabVacationResendInterval' + DESC 'Vacation notice interval in days' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27) + +# Email recipient addresses which are handled by the +# vacation script. There can be multiple kolabVacationAddress +# entries for each kolabInetOrgPerson. +# Default is the primary email address and all +# email aliases of the kolabInetOrgPerson. +# Currently this attribute is not used in Kolab. +attributetype ( 1.3.6.1.4.1.19419.1.1.1.11 + NAME 'kolabVacationAddress' + DESC 'Email address for vacation to response upon' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +# Enable sending vacation notices in reaction +# unsolicited commercial email. +# Default is no. +# Currently this attribute is not used in Kolab. +attributetype ( 1.3.6.1.4.1.19419.1.1.1.12 + NAME 'kolabVacationReplyToUCE' + DESC 'Enable vacation notices to UCE' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7) + +# Email recipient domains which are handled by the +# vacation script. There can be multiple kolabVacationReactDomain +# entries for each kolabInetOrgPerson +# Default is to handle all domains. +# Currently this attribute is not used in Kolab. +attributetype ( 1.3.6.1.4.1.19419.1.1.1.13 + NAME 'kolabVacationReactDomain' + DESC 'Multivalued -- Email domain for vacation to response upon' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +# Forward all incoming emails except UCE if kolabForwardUCE +# is not set to this email address. +# There can be multiple kolabForwardAddress entries for +# each kolabInetOrgPerson. +# Currently this attribute is not used in Kolab. +attributetype ( 1.3.6.1.4.1.19419.1.1.1.14 + NAME 'kolabForwardAddress' + DESC 'Forward email to this address' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +# Keep local copy when forwarding emails to list of +# kolabForwardAddress. +# Default is no. +# Currently this attribute is not used in Kolab. +attributetype ( 1.3.6.1.4.1.19419.1.1.1.15 + NAME 'kolabForwardKeepCopy' + DESC 'Keep copy when forwarding' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + +# Enable forwarding of UCE. +# Default is yes. +# Currently this attribute is not used in Kolab. +attributetype ( 1.3.6.1.4.1.19419.1.1.1.16 + NAME 'kolabForwardUCE' + DESC 'Enable forwarding of mails known as UCE' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + ###################### # postfix attributes # ###################### @@ -212,6 +320,12 @@ attributetype ( 1.3.6.1.4.1.19414.2.1.508 EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) +attributetype ( 1.3.6.1.4.1.19414.2.1.509 + NAME 'postfix-virtual' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + ########################## # cyrus imapd attributes # ########################## @@ -295,6 +409,30 @@ attributetype ( 1.3.6.1.4.1.19414.2.1.702 EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) +########################## +# kolabfilter attributes # +########################## + +# enable trustable From: +attributetype ( 1.3.6.1.4.1.19414.2.1.750 + NAME 'kolabfilter-verify-from-header' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + +# should Sender header be allowed instead of From +# when present? +attributetype ( 1.3.6.1.4.1.19414.2.1.751 + NAME 'kolabfilter-allow-sender-header' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + +# Should reject messages with From headers that dont match +# the envelope? Default is to rewrite the header +attributetype ( 1.3.6.1.4.1.19414.2.1.752 + NAME 'kolabfilter-reject-forged-from-header' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + ###################### # proftpd attributes # ###################### @@ -325,15 +463,16 @@ objectclass ( 1.3.6.1.4.1.19414.2.2.1 DESC 'Kolab server configuration' SUP top STRUCTURAL MUST k - MAY ( kolabHost $ + MAY ( kolabHost $ postfix-mydomain $ postfix-relaydomains $ postfix-mydestination $ postfix-mynetworks $ postfix-relayhost $ postfix-transport $ + postfix-virtual $ postfix-enable-virus-scan $ - postfix-allow-unauthenticated $ + postfix-allow-unauthenticated $ cyrus-autocreatequota $ cyrus-quotawarn $ cyrus-autocreatequota $ @@ -344,7 +483,10 @@ objectclass ( 1.3.6.1.4.1.19414.2.2.1 cyrus-pop3s $ cyrus-sieve $ apache-http $ - apache-allow-unauthenticated-fb $ + apache-allow-unauthenticated-fb $ + kolabfilter-verify-from-header $ + kolabfilter-allow-sender-header $ + kolabfilter-reject-forged-from-header $ proftpd-ftp $ proftpd-defaultquota $ kolabFreeBusyFuture $ @@ -357,7 +499,7 @@ objectclass ( 1.3.6.1.4.1.19414.2.2.1 objectclass ( 1.3.6.1.4.1.19414.2.2.9 NAME 'kolabSharedFolder' DESC 'Kolab public shared folder' - SUP top STRUCTURAL + SUP posixGroup STRUCTURAL MUST cn MAY ( acl $ cyrus-userquota $ @@ -384,15 +526,24 @@ objectclass ( 1.3.6.1.4.1.19414.3.2.2 SUP top AUXILIARY MAY ( c $ alias $ - kolabHomeServer $ + kolabHomeServer $ kolabHomeMTA $ unrestrictedMailSize $ kolabDelegate $ kolabEncryptedPassword $ - cyrus-userquota $ - kolabInvitationPolicy $ + cyrus-userquota $ + kolabInvitationPolicy $ kolabFreeBusyFuture $ calFBURL $ + kolabVacationBeginDateTime $ + kolabVacationEndDateTime $ + kolabVacationResendInterval $ + kolabVacationAddress $ + kolabVacationReplyToUCE $ + kolabVacationReactDomain $ + kolabForwardAddress $ + kolabForwardKeepCopy $ + kolabForwardUCE $ kolabDeleteflag ) ) # kolab organization with country support @@ -415,9 +566,13 @@ objectclass ( 1.3.6.1.4.1.19414.3.2.4 kolabDeleteflag $ alias ) ) -# kolab groupOfNames with extra kolabDeleteflag -objectclass ( 1.3.6.1.4.1.19414.3.2.5 - NAME 'kolabGroupOfNames' - DESC 'Kolab group of names (DNs) derived from RFC2256' - SUP groupOfNames STRUCTURAL - MAY kolabDeleteflag ) +# kolab groupOfNames with extra kolabDeleteflag and the required attribute mail. +# The mail attribute for kolab objects of the type kolabGroupOfNames is not arbitrary but +# MUST be a single attribute of the form cn@kolabdomain (e.g. employees@mydomain.com). The +# mail attribute MUST be worldwide unique. +objectclass ( 1.3.6.1.4.1.19414.3.2.5 + NAME 'kolabGroupOfNames' + DESC 'Kolab group of names (DNs) derived from RFC2256' + SUP gosaGroupOfNames STRUCTURAL + MAY ( mail $ + kolabDeleteflag ) ) -- 2.30.2