[751] | 1 | # Definitions for a Kerberos V KDC schema |
---|
| 2 | # |
---|
| 3 | # $Id: hdb.schema 14958 2005-04-25 17:33:40Z lha $ |
---|
| 4 | # |
---|
| 5 | # This version is compatible with OpenLDAP 1.8 |
---|
| 6 | # |
---|
| 7 | # OID Base is iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) padl(5322) kdcSchema(10) |
---|
| 8 | # |
---|
| 9 | # Syntaxes are under 1.3.6.1.4.1.5322.10.0 |
---|
| 10 | # Attributes types are under 1.3.6.1.4.1.5322.10.1 |
---|
| 11 | # Object classes are under 1.3.6.1.4.1.5322.10.2 |
---|
| 12 | |
---|
| 13 | # Syntax definitions |
---|
| 14 | |
---|
| 15 | #krb5KDCFlagsSyntax SYNTAX ::= { |
---|
| 16 | # WITH SYNTAX INTEGER |
---|
| 17 | #-- initial(0), -- require as-req |
---|
| 18 | #-- forwardable(1), -- may issue forwardable |
---|
| 19 | #-- proxiable(2), -- may issue proxiable |
---|
| 20 | #-- renewable(3), -- may issue renewable |
---|
| 21 | #-- postdate(4), -- may issue postdatable |
---|
| 22 | #-- server(5), -- may be server |
---|
| 23 | #-- client(6), -- may be client |
---|
| 24 | #-- invalid(7), -- entry is invalid |
---|
| 25 | #-- require-preauth(8), -- must use preauth |
---|
| 26 | #-- change-pw(9), -- change password service |
---|
| 27 | #-- require-hwauth(10), -- must use hwauth |
---|
| 28 | #-- ok-as-delegate(11), -- as in TicketFlags |
---|
| 29 | #-- user-to-user(12), -- may use user-to-user auth |
---|
| 30 | #-- immutable(13) -- may not be deleted |
---|
| 31 | # ID { 1.3.6.1.4.1.5322.10.0.1 } |
---|
| 32 | #} |
---|
| 33 | |
---|
| 34 | #krb5PrincipalNameSyntax SYNTAX ::= { |
---|
| 35 | # WITH SYNTAX OCTET STRING |
---|
| 36 | #-- String representations of distinguished names as per RFC1510 |
---|
| 37 | # ID { 1.3.6.1.4.1.5322.10.0.2 } |
---|
| 38 | #} |
---|
| 39 | |
---|
| 40 | # Attribute type definitions |
---|
| 41 | |
---|
| 42 | attributetype ( 1.3.6.1.4.1.5322.10.1.1 |
---|
| 43 | NAME 'krb5PrincipalName' |
---|
| 44 | DESC 'The unparsed Kerberos principal name' |
---|
| 45 | EQUALITY caseExactIA5Match |
---|
| 46 | SINGLE-VALUE |
---|
| 47 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) |
---|
| 48 | |
---|
| 49 | attributetype ( 1.3.6.1.4.1.5322.10.1.2 |
---|
| 50 | NAME 'krb5KeyVersionNumber' |
---|
| 51 | EQUALITY integerMatch |
---|
| 52 | SINGLE-VALUE |
---|
| 53 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) |
---|
| 54 | |
---|
| 55 | attributetype ( 1.3.6.1.4.1.5322.10.1.3 |
---|
| 56 | NAME 'krb5MaxLife' |
---|
| 57 | EQUALITY integerMatch |
---|
| 58 | SINGLE-VALUE |
---|
| 59 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) |
---|
| 60 | |
---|
| 61 | attributetype ( 1.3.6.1.4.1.5322.10.1.4 |
---|
| 62 | NAME 'krb5MaxRenew' |
---|
| 63 | EQUALITY integerMatch |
---|
| 64 | SINGLE-VALUE |
---|
| 65 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) |
---|
| 66 | |
---|
| 67 | attributetype ( 1.3.6.1.4.1.5322.10.1.5 |
---|
| 68 | NAME 'krb5KDCFlags' |
---|
| 69 | EQUALITY integerMatch |
---|
| 70 | SINGLE-VALUE |
---|
| 71 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) |
---|
| 72 | |
---|
| 73 | attributetype ( 1.3.6.1.4.1.5322.10.1.6 |
---|
| 74 | NAME 'krb5EncryptionType' |
---|
| 75 | EQUALITY integerMatch |
---|
| 76 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) |
---|
| 77 | |
---|
| 78 | attributetype ( 1.3.6.1.4.1.5322.10.1.7 |
---|
| 79 | NAME 'krb5ValidStart' |
---|
| 80 | EQUALITY generalizedTimeMatch |
---|
| 81 | ORDERING generalizedTimeOrderingMatch |
---|
| 82 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 |
---|
| 83 | SINGLE-VALUE ) |
---|
| 84 | |
---|
| 85 | attributetype ( 1.3.6.1.4.1.5322.10.1.8 |
---|
| 86 | NAME 'krb5ValidEnd' |
---|
| 87 | EQUALITY generalizedTimeMatch |
---|
| 88 | ORDERING generalizedTimeOrderingMatch |
---|
| 89 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 |
---|
| 90 | SINGLE-VALUE ) |
---|
| 91 | |
---|
| 92 | attributetype ( 1.3.6.1.4.1.5322.10.1.9 |
---|
| 93 | NAME 'krb5PasswordEnd' |
---|
| 94 | EQUALITY generalizedTimeMatch |
---|
| 95 | ORDERING generalizedTimeOrderingMatch |
---|
| 96 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 |
---|
| 97 | SINGLE-VALUE ) |
---|
| 98 | |
---|
| 99 | # this is temporary; keys will eventually |
---|
| 100 | # be child entries or compound attributes. |
---|
| 101 | attributetype ( 1.3.6.1.4.1.5322.10.1.10 |
---|
| 102 | NAME 'krb5Key' |
---|
| 103 | DESC 'Encoded ASN1 Key as an octet string' |
---|
| 104 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) |
---|
| 105 | |
---|
| 106 | attributetype ( 1.3.6.1.4.1.5322.10.1.11 |
---|
| 107 | NAME 'krb5PrincipalRealm' |
---|
| 108 | DESC 'Distinguished name of krb5Realm entry' |
---|
| 109 | SUP distinguishedName ) |
---|
| 110 | |
---|
| 111 | attributetype ( 1.3.6.1.4.1.5322.10.1.12 |
---|
| 112 | NAME 'krb5RealmName' |
---|
| 113 | EQUALITY octetStringMatch |
---|
| 114 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) |
---|
| 115 | |
---|
| 116 | # Object class definitions |
---|
| 117 | |
---|
| 118 | objectclass ( 1.3.6.1.4.1.5322.10.2.1 |
---|
| 119 | NAME 'krb5Principal' |
---|
| 120 | SUP top |
---|
| 121 | AUXILIARY |
---|
| 122 | MUST ( krb5PrincipalName ) |
---|
| 123 | MAY ( cn $ krb5PrincipalRealm ) ) |
---|
| 124 | |
---|
| 125 | objectclass ( 1.3.6.1.4.1.5322.10.2.2 |
---|
| 126 | NAME 'krb5KDCEntry' |
---|
| 127 | SUP krb5Principal |
---|
| 128 | AUXILIARY |
---|
| 129 | MUST ( krb5KeyVersionNumber ) |
---|
| 130 | MAY ( krb5ValidStart $ krb5ValidEnd $ krb5PasswordEnd $ |
---|
| 131 | krb5MaxLife $ krb5MaxRenew $ krb5KDCFlags $ |
---|
| 132 | krb5EncryptionType $ krb5Key ) ) |
---|
| 133 | |
---|
| 134 | objectclass ( 1.3.6.1.4.1.5322.10.2.3 |
---|
| 135 | NAME 'krb5Realm' |
---|
| 136 | SUP top |
---|
| 137 | AUXILIARY |
---|
| 138 | MUST ( krb5RealmName ) ) |
---|
| 139 | |
---|