-
Notifications
You must be signed in to change notification settings - Fork 0
/
schema.ldif
125 lines (124 loc) · 6.24 KB
/
schema.ldif
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
# FreeIPA tokens schema
# BaseOID: TBD
# We use ipatoken as "namespace"
# See RFC 4517 for Syntax OID definitions
dn: cn=schema
#
# Token related attributes
#
attributetypes: ( 2.16.840.1.113730.3.8.16.1 NAME 'ipatokenUniqueID'
DESC 'Token Unique Identifier'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
X-ORIGIN 'FreeIPA' )
attributetypes: ( 2.16.840.1.113730.3.8.16.2 NAME 'ipatokenDisabled'
DESC 'Optional, marks token as Disabled'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE
X-ORIGIN 'FreeIPA' )
attributetypes: ( 2.16.840.1.113730.3.8.16.3 NAME 'ipatokenNotBefore'
DESC 'Token validity date'
EQUALITY generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE
X-ORIGIN 'FreeIPA' )
attributetypes: ( 2.16.840.1.113730.3.8.16.4 NAME 'ipatokenNotAfter'
DESC 'Token expiration date'
EQUALITY generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE
X-ORIGIN 'FreeIPA' )
attributetypes: ( 2.16.840.1.113730.3.8.16.5 NAME 'ipatokenVendor'
DESC 'Optional Vendor identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
X-ORIGIN 'FreeIPA' )
attributetypes: ( 2.16.840.1.113730.3.8.16.6 NAME 'ipatokenModel'
DESC 'Optional Model identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
X-ORIGIN 'FreeIPA' )
attributetypes: ( 2.16.840.1.113730.3.8.16.7 NAME 'ipatokenSerial'
DESC 'OTP Token Serial number'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
X-ORIGIN 'FreeIPA' )
attributetypes: ( 2.16.840.1.113730.3.8.16.8 NAME 'ipatokenOTPkey'
DESC 'OTP Token Key'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
SINGLE-VALUE
X-ORIGIN 'FreeIPA' )
attributetypes: ( 2.16.840.1.113730.3.8.16.9 NAME 'ipatokenOTPalgorithm'
DESC 'OTP Token Algorithm'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
X-ORIGIN 'FreeIPA' )
attributetypes: ( 2.16.840.1.113730.3.8.16.10 NAME 'ipatokenOTPdigits'
DESC 'OTP Token Number of digits'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
X-ORIGIN 'FreeIPA' )
attributetypes: ( 2.16.840.1.113730.3.8.16.11 NAME 'ipatokenOTPclockOffset'
DESC 'OTP Token clock offset'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
X-ORIGIN 'FreeIPA' )
attributetypes: ( 2.16.840.1.113730.3.8.16.12 NAME 'ipatokenTOTPtimeStep'
DESC 'TOTP time-step'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
X-ORIGIN 'FreeIPA' )
attributetypes: ( 2.16.840.1.113730.3.8.16.13 NAME 'ipatokenOwner'
DESC 'User entry that owns this token'
SUP distinguishedName
SINGLE-VALUE
X-ORIGIN 'FreeIPA' )
attributetypes: ( 2.16.840.1.113730.3.8.16.14 NAME 'ipatokenLostNotAfter'
DESC 'Token lost status expiration date'
EQUALITY generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE
X-ORIGIN 'FreeIPA' )
attributetypes: ( 2.16.840.1.113730.3.8.16.15 NAME 'ipatokenHOTPcounter'
DESC 'HOTP Counter'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
X-ORIGIN 'FreeIPA' )
#
# Token related objectclasses
#
objectclasses: ( 2.16.840.1.113730.3.8.17.1 NAME 'ipaToken' SUP top STRUCTURAL
DESC 'Abstract token class for tokens'
MUST ( ipatokenUniqueID )
MAY ( description $ ipatokenOwner $ ipatokenDisabled $ ipatokenNotBefore $
ipatokenNotAfter $ ipatokenVendor $ ipatokenModel $ ipatokenSerial $ ipatokenLostNotAfter)
X-ORIGIN 'FreeIPA' )
objectClasses: ( 2.16.840.1.113730.3.8.17.2 NAME 'ipatokenTOTP' DESC 'TOTP Token Type' SUP ipaToken STRUC
TURAL MAY ( ipatokenOTPkey $ ipatokenOTPalgorithm $ ipatokenOTPdigits $
ipatokenOTPclockOffset $ ipatokenTOTPtimeStep)
X-ORIGIN 'PSKCParser' )
objectClasses: ( 2.16.840.1.113730.3.8.17.3 NAME 'ipatokenHOTP' DESC 'HOTP Token Type' SUP ipaToken STRUC
TURAL MAY ( ipatokenOTPkey $ ipatokenOTPalgorithm $ ipatokenOTPdigits $
ipatokenOTPclockOffset $ ipatokenHOTPcounter)
X-ORIGIN 'PSKCParser' )
objectClasses: ( 2.16.840.1.113730.3.8.17.4 NAME 'ipatokenMixed' DESC 'Mixed token type' SUP ipaToken STRUC
TURAL MAY ( ipatokenOTPkey $ ipatokenOTPalgorithm $ ipatokenOTPdigits $
ipatokenOTPclockOffset $ ipatokenHOTPcounter $ ipatokenTOTPtimeStep)
X-ORIGIN 'PSKCParser' )
objectClasses: ( 2.16.840.1.113730.3.8.17.5 NAME 'ipatokenOTP' DESC 'OTP Token Type' SUP ipaToken STRUC
TURAL MAY ( ipatokenOTPkey $ ipatokenOTPalgorithm $ ipatokenOTPdigits $
ipatokenOTPclockOffset)
X-ORIGIN 'PSKCParser' )