python-ldap-3.2.0/0000755000175000017500000000000013441750214015672 5ustar pviktoripviktorin00000000000000python-ldap-3.2.0/LICENCE0000644000175000017500000000104713241006705016656 0ustar pviktoripviktorin00000000000000 The python-ldap package is distributed under Python-style license. Standard disclaimer: This software is made available by the author(s) to the public for free and "as is". All users of this free software are solely and entirely responsible for their own choice and use of this software for their own purposes. By using this software, each user agrees that the author(s) shall not be liable for damages of any kind in relation to its use or performance. The author(s) do not warrant that this software is fit for any purpose. python-ldap-3.2.0/MANIFEST.in0000644000175000017500000000060713327633471017443 0ustar pviktoripviktorin00000000000000include MANIFEST.in Makefile CHANGES INSTALL LICENCE README TODO include tox.ini .coveragerc include Modules/*.c Modules/*.h recursive-include Build *.cfg* recursive-include Lib *.py recursive-include Demo *.py recursive-include Tests *.py *.ldif recursive-include Lib/slapdtest *.pem *.key *.conf *.sh README recursive-include Doc *.rst *.py spelling_wordlist.txt Makefile prune Doc/.build python-ldap-3.2.0/TODO0000644000175000017500000000202013241006705016351 0ustar pviktoripviktorin00000000000000*** List of things to-do in no particular order *** General: - Define common Python style license for all modules - Support Python 3.2+ Modules/ - Specific support for more controls - VLV control - server-side sorting control - Wrap libldif as faster drop-in replacement for module ldif? - Extract response controls in SASL bind responses - Attach response controls to LDAPError instances to deliver the controls to the calling application in case of an error - Attach more useful information to LDAPError instances, e.g. the filter used when doing a search in case of ldap.FILTER_ERROR etc. Lib/ - Unicode support for DNs, filter strings, etc. but not entry attributes! (Everybody asking for the latter should check the mailing list archive first.) - Caching of search requests for each LDAPObject instance - LDIF parser for replication logs and change records Tests/ - Clean up and finish the mess of small test scripts started. - Create a test script that exercises everything with a server holding the BLITS test data set python-ldap-3.2.0/Makefile0000644000175000017500000000444413327633471017350 0ustar pviktoripviktorin00000000000000PYTHON=python3 LCOV_INFO=build/lcov.info LCOV_REPORT=build/lcov_report LCOV_REPORT_OPTIONS=--show-details -no-branch-coverage \ --title "python-ldap LCOV report" SCAN_REPORT=build/scan_report PYTHON_SUPP=/usr/share/doc/python3-devel/valgrind-python.supp AUTOPEP8_OPTS=--aggressive .NOTPARALLEL: .PHONY: all all: .PHONY: clean clean: rm -rf build dist *.egg-info .tox MANIFEST rm -f .coverage .coverage.* find . \( -name '*.py[co]' -or -name '*.so*' -or -name '*.dylib' \) \ -delete find . -depth -name __pycache__ -exec rm -rf {} \; build: mkdir -p build # LCOV report (measuring test coverage for C code) .PHONY: lcov-clean lcov-coverage lcov-report lcov-open lcov lcov-clean: rm -rf $(LCOV_INFO) $(LCOV_REPORT) if [ -d build ]; then find build -name '*.gc??' -delete; fi lcov-coverage: WITH_GCOV=1 tox -e py27,py36 $(LCOV_INFO): build lcov --capture --directory build --output-file $(LCOV_INFO) $(LCOV_REPORT): $(LCOV_INFO) genhtml --output-directory $(LCOV_REPORT) \ $(LCOV_REPORT_OPTIONS) $(LCOV_INFO) lcov-report: $(LCOV_REPORT) lcov-open: $(LCOV_REPORT) xdg-open $(LCOV_REPORT)/index.html lcov: lcov-clean $(MAKE) lcov-coverage $(MAKE) lcov-report # clang-analyzer for static C code analysis .PHONY: scan-build scan-build: scan-build -o $(SCAN_REPORT) --html-title="python-ldap scan report" \ -analyze-headers --view \ $(PYTHON) setup.py clean --all build # valgrind memory checker .PHONY: valgrind $(PYTHON_SUPP): @ >&2 echo "valgrind-python.supp not found" @ >&2 echo "install Python development files and run:" @ >&2 echo " $(MAKE) valgrind PYTHON_SUPP=/your/path/to/valgrind-python.supp" exit 1; valgrind: build $(PYTHON_SUPP) valgrind \ --leak-check=full \ --track-fds=yes \ --suppressions=$(PYTHON_SUPP) \ --suppressions=Misc/python-ldap.supp \ --gen-suppressions=all \ --log-file=build/valgrind.log \ $(PYTHON) setup.py test @grep -A7 "blocks are definitely lost" build/valgrind.log; \ if [ $$? == 0 ]; then \ echo "Found definitive leak, see build/valgrind.log"; \ exit 1; \ fi # Code autoformatter .PHONY: autoformat indent autopep8 autoformat: indent autopep8 indent: indent Modules/*.c Modules/*.h rm -f Modules/*.c~ Modules/*.h~ autopep8: $(PYTHON) -m autopep8 -r -i -j0 $(AUTOPEP8_OPTS) \ Demo Lib Tests setup.py python-ldap-3.2.0/PKG-INFO0000644000175000017500000000345413441750214016775 0ustar pviktoripviktorin00000000000000Metadata-Version: 1.2 Name: python-ldap Version: 3.2.0 Summary: Python modules for implementing LDAP clients Home-page: https://www.python-ldap.org/ Author: python-ldap project Author-email: python-ldap@python.org License: Python style Download-URL: https://pypi.org/project/python-ldap/ Description: python-ldap: python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. Mainly it wraps the OpenLDAP 2.x libs for that purpose. Additionally the package contains modules for other LDAP-related stuff (e.g. processing LDIF, LDAPURLs, LDAPv3 schema, LDAPv3 extended operations and controls, etc.). Platform: UNKNOWN Classifier: Development Status :: 5 - Production/Stable Classifier: Intended Audience :: Developers Classifier: Intended Audience :: System Administrators Classifier: Operating System :: OS Independent Classifier: Operating System :: MacOS :: MacOS X Classifier: Operating System :: Microsoft :: Windows Classifier: Operating System :: POSIX Classifier: Programming Language :: C Classifier: Programming Language :: Python Classifier: Programming Language :: Python :: 2 Classifier: Programming Language :: Python :: 2.7 Classifier: Programming Language :: Python :: 3 Classifier: Programming Language :: Python :: 3.4 Classifier: Programming Language :: Python :: 3.5 Classifier: Programming Language :: Python :: 3.6 Classifier: Programming Language :: Python :: 3.7 Classifier: Topic :: Database Classifier: Topic :: Internet Classifier: Topic :: Software Development :: Libraries :: Python Modules Classifier: Topic :: System :: Systems Administration :: Authentication/Directory :: LDAP Classifier: License :: OSI Approved :: Python Software Foundation License Requires-Python: >=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.* python-ldap-3.2.0/Lib/0000755000175000017500000000000013441750214016400 5ustar pviktoripviktorin00000000000000python-ldap-3.2.0/Lib/slapdtest/0000755000175000017500000000000013441750214020403 5ustar pviktoripviktorin00000000000000python-ldap-3.2.0/Lib/slapdtest/certs/0000755000175000017500000000000013441750214021523 5ustar pviktoripviktorin00000000000000python-ldap-3.2.0/Lib/slapdtest/certs/gencerts.sh0000755000175000017500000000240213327633471023702 0ustar pviktoripviktorin00000000000000#!/bin/sh # Written by Christian Heimes set -e export CAOUTDIR=. export CATMPDIR=tmp rm -rf $CATMPDIR rm -rf ca.pem ca.key server.pem server.key client.pem client.key rm -rf cert9.db key4.db pkcs11.tx mkdir -p $CAOUTDIR mkdir -p $CATMPDIR touch $CATMPDIR/ca.db touch $CATMPDIR/ca.db.attr echo '01' > $CATMPDIR/ca.crt.srl echo '01' > $CATMPDIR/ca.crl.srl # root CA openssl req -new \ -config ca.conf \ -out $CATMPDIR/ca.csr \ -keyout $CAOUTDIR/ca.key \ -batch openssl ca -selfsign \ -config ca.conf \ -in $CATMPDIR/ca.csr \ -out $CAOUTDIR/ca.pem \ -extensions ca_ext \ -days 3563 \ -batch # server cert openssl req -new \ -config server.conf \ -out $CATMPDIR/server.csr \ -keyout $CAOUTDIR/server.key \ -batch openssl ca \ -config ca.conf \ -in $CATMPDIR/server.csr \ -out $CAOUTDIR/server.pem \ -policy match_pol \ -extensions server_ext \ -batch # client cert openssl req -new \ -config client.conf \ -out $CATMPDIR/client.csr \ -keyout $CAOUTDIR/client.key \ -batch openssl ca \ -config ca.conf \ -in $CATMPDIR/client.csr \ -out $CAOUTDIR/client.pem \ -policy match_pol \ -extensions client_ext \ -batch # cleanup rm -rf $CATMPDIR ca.key echo DONE python-ldap-3.2.0/Lib/slapdtest/certs/client.key0000644000175000017500000000325013327633471023523 0ustar pviktoripviktorin00000000000000-----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDGxvbMEbahViK4 P6aoWUkciIf1dEYTBuU8M1eShREUZ3Ytq/ee425pXRyxxDrAa8ygRjqs7tauwhgA KNuPRGyw7hyZ1Ku4vQObwX9rzyHQ6Fj606U4HHbYfAVb0AF7OzLbhNH3isCRtNcm EUSYG1Nkfn9zQkV4pz2KJM4ePt4GyGJV0NhRUdHdwgsWiuRt2EIRPwLXdkf/4svm 2EahAJax+SMaZYe/lg9w9SBxl6DTaF9lFpoPqzeW+KnXCmE8e+qSWea8EjkzIRXa 4KJ/EnUMP2fUL+Je2agGF2YfCId9YvLTQV8YDv7Im1Sp0sbIUDoWX14GDUbZ8cBr wfOyI0TfAgMBAAECggEATWv1eGp1zcU05Lq1+OA938U1316YZJTM+HOu6jy1+FKL 7yIJ4nMG8Db6FCswDv5txwdTl0O3jn2+x2Eik1y9UPSNY0U4VU4Zd7MYJC+bJjk5 XwjMU1yS1aMIm0gbK5pVJrdG6Lm8Y4QiQIt9Qhlyk7PJhGUNlf7ds06+kX0/ETiO vx5SatExeKu5F+JRnGFdAN0106SF5vBum+UbrgOSnJmfwX5VoOXARD21ppxgMzAr JyGBpgBgy++GpV15gXGuA7DVMIADdHw8hV4OuBLjpkUL+ntArjhpUi7TP7VU3WKR uUmvLm9CX1l8O/xZMpt9N1+o71a//7asnz8AMtT6cQKBgQD4FgefUkVnXDA1xKDW 1JbArVQeHiLGlRdLakRUY/HdGj72YgAOLt3UsrON4VQXl0C6rks/8HKCFaMexBlF OecJNWsEVgBEAfsQ+NvrApOQsTszc8Zqna0Kqe2vA0VNa+SAzdHzhBbFcaVkzXJb JB7M0/OIt5IaqXg6Y5eX2eZF1QKBgQDNHkIoJ/2hYtlSgXpGaniM+0XemQJgJXig edAQdGKKfqwmjSFjByDM01ZaidMu5fEkeGhMRE73IbwNw0pWsMXylD6bI6+sk7yQ biM+fslFEEDbgSJe41Jy2eerh5am+dnrMWNhd7QZV1K6tmaqrIzkmIV21/EPXIPp BNHO8GV14wKBgGOybrO/GzcTXChvcXeEDWU3AqPr1mvZhHgBJ56GX69MGdtnvL/2 Y51Th0bQM7wbQ58B5im21j2itl/pzIH+Z/NSbURbz1WFOkEy0SYbbfPq1XCy6Rz1 apHrgiIf/VzErBp7HBFxlrkYF7Bvw7IOzPXhg3AA3Y0rZ66HUWdr4NdVAoGBAJfC E2Bydgy5feC1OypuC9MC9abDviY0kxLoDTCfa2jcX7IGKPWDiJkCo5lI7557Mfax vzjuMR5XLzNfkdih4VKgq9FMjeU5SQHy+tB6LZ+Tbuj4md1qgs3GuskGAEh6Auko GUc7sVwuZ18NJNiR4Ywf7F8JVajv4gi9MB3Tbr3RAoGARSnVu+6rYSQTyEqvbsaB gIW7Ezea5q06GcQF072nk3tNSXuU/52YMlodAJ1UfFPbBAtaa7wEFN8oRG1IyKON MGyf6RD8GoInJjaDihkdCsR28RkchwymG1UMPnPzqRxSAb7da5YuMR8PEioVbL68 dxhsgNi1Wtc2nGqN96qufG0= -----END PRIVATE KEY----- python-ldap-3.2.0/Lib/slapdtest/certs/ca.pem0000644000175000017500000001047513327633471022630 0ustar pviktoripviktorin00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: C=DE, O=python-ldap, OU=slapd-test, CN=Python LDAP Test CA Validity Not Before: Dec 2 11:57:47 2017 GMT Not After : Sep 4 11:57:47 2027 GMT Subject: C=DE, O=python-ldap, OU=slapd-test, CN=Python LDAP Test CA Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:af:1f:cf:0f:c5:95:66:2d:eb:85:cc:21:fc:0d: 0f:44:d8:2f:a8:85:08:ef:60:67:57:fa:0b:c5:e4: b3:fb:f1:6f:cb:30:7a:47:0d:a7:f1:b5:37:81:5f: f6:39:28:e2:f9:4d:6c:2e:a6:5c:0e:3c:db:4d:c9: 2a:64:ce:0d:15:30:c7:75:52:b8:74:c5:0b:00:4c: 2f:94:1b:dd:fb:83:2c:58:02:73:b0:86:3a:6a:aa: 55:f2:d5:49:99:17:a5:e2:44:ec:dd:62:5f:8d:ce: 77:29:0b:8d:87:23:e2:4b:d6:1c:25:f3:06:a9:ee: 33:6f:ac:ed:22:9e:35:ec:55:e7:1b:38:68:7e:46: e3:c3:42:ac:06:0b:0a:7a:84:c9:3d:ef:3d:a5:6e: e9:10:24:c3:28:fe:1f:4a:9a:23:8a:3c:db:0a:66: 5d:07:f8:c5:17:68:53:e4:0e:37:33:c4:d2:ad:58: 62:6b:8a:87:ab:73:eb:bc:2b:ac:07:69:84:8d:e3: c4:a9:78:9b:6c:1e:03:63:df:b4:96:18:bd:3c:2e: be:7f:2c:d5:a8:f8:12:b9:ab:27:52:b0:de:38:62: 3c:54:a7:f3:aa:37:a3:11:12:b2:a7:6f:8d:96:10: ce:01:cb:25:24:a6:51:18:93:69:9b:9e:5c:8a:ff: fe:89 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 3B:1F:32:F4:FE:57:D1:6F:49:91:55:F2:24:F1:0A:66:3B:A5:EE:D4 X509v3 Authority Key Identifier: keyid:3B:1F:32:F4:FE:57:D1:6F:49:91:55:F2:24:F1:0A:66:3B:A5:EE:D4 Signature Algorithm: sha256WithRSAEncryption 0a:e7:dc:38:ce:03:dd:a8:99:11:d0:24:be:ef:1a:18:9d:7c: 95:75:4a:4a:29:44:23:28:fc:66:d5:81:ce:05:c2:c0:6b:71: d6:8d:33:a9:53:a6:1c:f1:4e:50:ae:a3:b1:72:d6:69:53:ad: a9:62:a9:45:27:68:17:35:41:97:ec:e9:65:91:62:12:ed:eb: 45:3a:9b:cc:09:bc:e3:ad:22:6b:13:6b:b0:67:ef:ce:01:83: 5e:6c:95:e2:b3:73:b9:69:9a:33:49:f9:5f:52:4e:39:94:c9: db:93:6f:d8:ba:10:92:ce:fa:12:6b:bc:31:ff:c1:67:70:63: 07:dc:53:7a:3a:a3:51:20:15:44:cf:1c:a9:cd:b7:30:1d:8e: 55:93:8a:56:8c:3d:e9:8b:ae:0c:77:8d:5c:8b:fd:22:d8:4c: 3e:e4:76:e8:d9:e8:c3:98:f4:98:ff:02:60:95:8e:3e:26:7a: e2:fe:2c:0a:a4:52:8d:4c:3d:dd:4c:fd:2f:2c:db:83:4c:2b: 25:24:37:78:9a:07:27:52:f9:1c:c0:65:65:cb:50:77:b4:2d: fa:f4:af:bb:42:1c:43:65:c6:01:6e:f1:4b:fe:b8:4a:3c:29: 8b:b6:84:1e:17:99:61:98:65:fe:f2:e9:ce:bb:ac:87:69:cb: e6:13:42:bf -----BEGIN CERTIFICATE----- MIIDijCCAnKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJERTEU MBIGA1UECgwLcHl0aG9uLWxkYXAxEzARBgNVBAsMCnNsYXBkLXRlc3QxHDAaBgNV BAMME1B5dGhvbiBMREFQIFRlc3QgQ0EwHhcNMTcxMjAyMTE1NzQ3WhcNMjcwOTA0 MTE1NzQ3WjBWMQswCQYDVQQGEwJERTEUMBIGA1UECgwLcHl0aG9uLWxkYXAxEzAR BgNVBAsMCnNsYXBkLXRlc3QxHDAaBgNVBAMME1B5dGhvbiBMREFQIFRlc3QgQ0Ew ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvH88PxZVmLeuFzCH8DQ9E 2C+ohQjvYGdX+gvF5LP78W/LMHpHDafxtTeBX/Y5KOL5TWwuplwOPNtNySpkzg0V MMd1Urh0xQsATC+UG937gyxYAnOwhjpqqlXy1UmZF6XiROzdYl+NzncpC42HI+JL 1hwl8wap7jNvrO0injXsVecbOGh+RuPDQqwGCwp6hMk97z2lbukQJMMo/h9KmiOK PNsKZl0H+MUXaFPkDjczxNKtWGJrioerc+u8K6wHaYSN48SpeJtsHgNj37SWGL08 Lr5/LNWo+BK5qydSsN44YjxUp/OqN6MRErKnb42WEM4ByyUkplEYk2mbnlyK//6J AgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1Ud DgQWBBQ7HzL0/lfRb0mRVfIk8QpmO6Xu1DAfBgNVHSMEGDAWgBQ7HzL0/lfRb0mR VfIk8QpmO6Xu1DANBgkqhkiG9w0BAQsFAAOCAQEACufcOM4D3aiZEdAkvu8aGJ18 lXVKSilEIyj8ZtWBzgXCwGtx1o0zqVOmHPFOUK6jsXLWaVOtqWKpRSdoFzVBl+zp ZZFiEu3rRTqbzAm8460iaxNrsGfvzgGDXmyV4rNzuWmaM0n5X1JOOZTJ25Nv2LoQ ks76Emu8Mf/BZ3BjB9xTejqjUSAVRM8cqc23MB2OVZOKVow96YuuDHeNXIv9IthM PuR26Nnow5j0mP8CYJWOPiZ64v4sCqRSjUw93Uz9Lyzbg0wrJSQ3eJoHJ1L5HMBl ZctQd7Qt+vSvu0IcQ2XGAW7xS/64Sjwpi7aEHheZYZhl/vLpzrush2nL5hNCvw== -----END CERTIFICATE----- python-ldap-3.2.0/Lib/slapdtest/certs/server.key0000644000175000017500000000325013327633471023553 0ustar pviktoripviktorin00000000000000-----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDAgcI7Pj89Aw4r rb+N8j3t1ynJgXRhQNxbxQcQmUCi8AtpGKNXu+aM9u2HxZ677ALfhsEivtQA5QKz Ll5G2G2IQa7uzgIco73OL/kMZIJt7sKfnvfACtSoOlD0IyOzVEEu0AVA7hMHb6Ul I0mCNfdk2FWFbc1nUmIAEBhIODbFoNW+Rc6lz94NsUqArDayvWpAsXkUbubQikpi KNX1OpOOC9GUbEhwI/G90ZnUg9STk/2oxsvwLlYdOhGhpyfl53tTu7eLMBriMxFl UTvkY1GUgPj0fA/giWtCerGOyeKu1hFlbS4LjborsfrlyYPwfwTg3YL4hVnt9fF0 rpjzY1mlAgMBAAECggEAJY6rSEeiqtKXxynEv3rNXkOmIWwiOn8e/sB32mMr2x4d +8kUxR8hocrjGKQTjfJDtTxjHdZBIlOLrU2UkxnSdMzrxidm/hNsCngNjL9nOu9k BSRMjakPSCrodFkOtAPyG6H2BG7uQ3siqxYxVzgUJhaWyMtdUZUfDYgWVLCy7udU 5ML/OTOi7virueMmshjXoyrDug9OpiEMKiLu3ndAaDk/26m05ePAXB6TjW8SFw1B qn7cITSG0G5MZ9pOw0KwT9irY1SdppBHVWIg7dkYWRCni0BPCFewastU+GVKH5PJ +dYSvafhkEGD1bBu484KN9yX1BcHV41ZKR8pGgMM2QKBgQD3/0R2vZsTxoO1CHNI IT7nBnuPIOP45iTFm/SNRY7e4dhQBy6HM6JD3Sr6Iksm8jRoboz+tnAso6l6QHRS 842uqBiOHdnka2RslDmrEun1lJv1MWuPM8JN0o8pYjVG/IRtaAFnYSEk72UoNy2h bHC4OGFNwMbAadVm7DK5OiMfXwKBgQDGuBRxz7jkVZoMbbaeIqmGZAIejWkJweDZ AK+txM+6Sg+Li14t190N3Xf6tyyidKhUAEWaINzLjZB+luxNaDXtxqWzLYHCwQKA qfrjWVeZOS1clLya7jwl1jJqBtBiGKHv9eRL21hgX/9gX3odxqFMvX3vm6L7F1q1 5CNApW0ZewKBgGO8qNcsWBLy8oM7G8n1fOvCwqyEaMrwG/fRSeALCnN+1tUQnljH nkm2yBMC+cB3Bja9xzylOKXrSDyfcWjvBJsqhX2aacggnKnCTxMLL0aR9sr8jipw gYN03Bijo5Oh+MxbWL0v5fmJweATmOljyE1+dzui/QvjRGz5L0kpJXj3AoGBAIa4 3+t1B4WN312TuB4no8Tf4mvyNQcPcS/Nfk0RxD8o3Lcfal8sHMq8ng3Ux6bv7frd IFLo+qfpts+L5HJqNz2X0ljSfkmZ7udp1hTySigwEmfU0rU61H5WZGFrczU+O/Ni Qj+HWrgj/Q/KSxEKy+oqAcpDOtB+Odpc6+V1Aa0nAoGBAItWHP9UjTNFqOfyjZhG qaUiZd1S2KyRR0l/lVcn+rJ46Yg5i+lMGwHMF1xPyWH4ELz+QCUX3doOI4yB2ikg XXFcc8/bqgaR4AfOvP98T86s7+f33kaAKZsgyAFB2cjo+fz8ArTz+GjPeHbiOPaR Ra7+BVwl9GE0+bCdirq+99GO -----END PRIVATE KEY----- python-ldap-3.2.0/Lib/slapdtest/certs/server.conf0000644000175000017500000000047313327633471023714 0ustar pviktoripviktorin00000000000000# Written by Christian Heimes [req] default_bits = 2048 encrypt_key = no default_md = sha256 utf8 = yes string_mask = utf8only prompt = no distinguished_name = server_dn [server_dn] countryName = "DE" organizationName = "python-ldap" organizationalUnitName = "slapd-test" commonName = "server cert for localhost" python-ldap-3.2.0/Lib/slapdtest/certs/server.pem0000644000175000017500000001121713327633471023546 0ustar pviktoripviktorin00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: sha256WithRSAEncryption Issuer: C=DE, O=python-ldap, OU=slapd-test, CN=Python LDAP Test CA Validity Not Before: Dec 2 11:57:48 2017 GMT Not After : Dec 2 11:57:48 2027 GMT Subject: C=DE, O=python-ldap, OU=slapd-test, CN=server cert for localhost Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c0:81:c2:3b:3e:3f:3d:03:0e:2b:ad:bf:8d:f2: 3d:ed:d7:29:c9:81:74:61:40:dc:5b:c5:07:10:99: 40:a2:f0:0b:69:18:a3:57:bb:e6:8c:f6:ed:87:c5: 9e:bb:ec:02:df:86:c1:22:be:d4:00:e5:02:b3:2e: 5e:46:d8:6d:88:41:ae:ee:ce:02:1c:a3:bd:ce:2f: f9:0c:64:82:6d:ee:c2:9f:9e:f7:c0:0a:d4:a8:3a: 50:f4:23:23:b3:54:41:2e:d0:05:40:ee:13:07:6f: a5:25:23:49:82:35:f7:64:d8:55:85:6d:cd:67:52: 62:00:10:18:48:38:36:c5:a0:d5:be:45:ce:a5:cf: de:0d:b1:4a:80:ac:36:b2:bd:6a:40:b1:79:14:6e: e6:d0:8a:4a:62:28:d5:f5:3a:93:8e:0b:d1:94:6c: 48:70:23:f1:bd:d1:99:d4:83:d4:93:93:fd:a8:c6: cb:f0:2e:56:1d:3a:11:a1:a7:27:e5:e7:7b:53:bb: b7:8b:30:1a:e2:33:11:65:51:3b:e4:63:51:94:80: f8:f4:7c:0f:e0:89:6b:42:7a:b1:8e:c9:e2:ae:d6: 11:65:6d:2e:0b:8d:ba:2b:b1:fa:e5:c9:83:f0:7f: 04:e0:dd:82:f8:85:59:ed:f5:f1:74:ae:98:f3:63: 59:a5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: critical TLS Web Server Authentication X509v3 Subject Key Identifier: 1B:78:45:40:0D:50:8A:8B:3B:C1:0A:F8:3F:7A:48:7B:A6:3C:28:09 X509v3 Authority Key Identifier: keyid:3B:1F:32:F4:FE:57:D1:6F:49:91:55:F2:24:F1:0A:66:3B:A5:EE:D4 X509v3 Subject Alternative Name: DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1 Signature Algorithm: sha256WithRSAEncryption ad:08:3f:7d:b1:09:a1:a5:6c:c3:58:80:1d:e5:33:a5:bb:c0: 33:39:95:aa:88:ee:c4:8e:38:3b:59:a7:0e:39:74:6c:fe:11: 33:5e:fa:50:cb:20:4b:67:b7:c9:5e:96:a7:9e:d8:47:46:e1: ab:fe:5d:8b:9a:2d:1a:1b:43:08:f9:93:0f:2a:e3:ce:83:4a: 94:cd:02:f0:8e:25:f2:41:0d:55:10:f5:4c:5b:39:8b:77:5e: ab:78:16:64:a1:48:d5:e1:f6:69:9a:0f:d8:30:a6:cc:92:4d: 81:df:46:74:ab:cf:1d:b7:d4:01:b9:6d:d5:f4:14:b8:d5:54: 84:79:11:42:69:55:7f:74:ce:01:96:2f:3f:51:23:b3:11:fb: 72:dc:4c:b9:a3:89:ef:31:e4:c0:49:06:fa:8d:09:71:e1:c1: 74:a9:ed:f8:96:87:67:16:b5:5d:16:5d:59:70:ff:1c:b5:a1: 6c:d2:22:11:3a:0e:6f:76:9b:69:cb:f3:85:a7:79:ad:53:f5: 34:e8:87:cc:dd:09:51:25:e0:28:ee:79:a0:a3:dc:0a:dd:f0: 1b:e3:c9:5f:14:d3:95:f5:12:4d:23:95:45:2c:3c:32:94:ad: ce:1e:a0:5f:e6:e8:28:c6:f9:c7:fb:57:06:ad:0b:eb:86:ca: 0e:d2:a8:67 -----BEGIN CERTIFICATE----- MIID1TCCAr2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJERTEU MBIGA1UECgwLcHl0aG9uLWxkYXAxEzARBgNVBAsMCnNsYXBkLXRlc3QxHDAaBgNV BAMME1B5dGhvbiBMREFQIFRlc3QgQ0EwHhcNMTcxMjAyMTE1NzQ4WhcNMjcxMjAy MTE1NzQ4WjBcMQswCQYDVQQGEwJERTEUMBIGA1UECgwLcHl0aG9uLWxkYXAxEzAR BgNVBAsMCnNsYXBkLXRlc3QxIjAgBgNVBAMMGXNlcnZlciBjZXJ0IGZvciBsb2Nh bGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAgcI7Pj89Aw4r rb+N8j3t1ynJgXRhQNxbxQcQmUCi8AtpGKNXu+aM9u2HxZ677ALfhsEivtQA5QKz Ll5G2G2IQa7uzgIco73OL/kMZIJt7sKfnvfACtSoOlD0IyOzVEEu0AVA7hMHb6Ul I0mCNfdk2FWFbc1nUmIAEBhIODbFoNW+Rc6lz94NsUqArDayvWpAsXkUbubQikpi KNX1OpOOC9GUbEhwI/G90ZnUg9STk/2oxsvwLlYdOhGhpyfl53tTu7eLMBriMxFl UTvkY1GUgPj0fA/giWtCerGOyeKu1hFlbS4LjborsfrlyYPwfwTg3YL4hVnt9fF0 rpjzY1mlAgMBAAGjgacwgaQwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBaAw FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFBt4RUANUIqLO8EK+D96 SHumPCgJMB8GA1UdIwQYMBaAFDsfMvT+V9FvSZFV8iTxCmY7pe7UMCwGA1UdEQQl MCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAAAAAAAAAAATANBgkqhkiG9w0B AQsFAAOCAQEArQg/fbEJoaVsw1iAHeUzpbvAMzmVqojuxI44O1mnDjl0bP4RM176 UMsgS2e3yV6Wp57YR0bhq/5di5otGhtDCPmTDyrjzoNKlM0C8I4l8kENVRD1TFs5 i3deq3gWZKFI1eH2aZoP2DCmzJJNgd9GdKvPHbfUAblt1fQUuNVUhHkRQmlVf3TO AZYvP1EjsxH7ctxMuaOJ7zHkwEkG+o0JceHBdKnt+JaHZxa1XRZdWXD/HLWhbNIi EToOb3abacvzhad5rVP1NOiHzN0JUSXgKO55oKPcCt3wG+PJXxTTlfUSTSOVRSw8 MpStzh6gX+boKMb5x/tXBq0L64bKDtKoZw== -----END CERTIFICATE----- python-ldap-3.2.0/Lib/slapdtest/certs/gennssdb.sh0000755000175000017500000000144713327633471023703 0ustar pviktoripviktorin00000000000000#!/bin/sh # Written by Christian Heimes set -e CATMPDIR=tmp PASSFILE=${CATMPDIR}/passwd.txt NSSDB=sql:${CAOUTDIR} mkdir -p $CATMPDIR # Create PKCS#12 files for NSSDB import echo "dummy" > $PASSFILE openssl pkcs12 -name "servercert" -in server.pem -inkey server.key \ -caname "testca" -CAfile ca.pem \ -password "file:${PASSFILE}" -export -out server.p12 openssl pkcs12 -name "clientcert" -in client.pem -inkey client.key \ -caname "testca" -CAfile ca.pem \ -password "file:${PASSFILE}" -export -out client.p12 # Create NSS DB certutil -d $NSSDB -N --empty-password certutil -d $NSSDB -A -n "testca" -t CT,, -a -i ca.pem pk12util -d $NSSDB -i server.p12 -w ${PASSFILE} pk12util -d $NSSDB -i client.p12 -w ${PASSFILE} certutil -d $NSSDB -L # cleanup rm -rf $CATMPDIR server.p12 client.p12python-ldap-3.2.0/Lib/slapdtest/certs/ca.conf0000644000175000017500000000314513327633471022770 0ustar pviktoripviktorin00000000000000# Written by Christian Heimes [default] ca = "ca" tmpdir = $ENV::CATMPDIR outdir = $ENV::CAOUTDIR name_opt = multiline,-esc_msb,utf8 [req] default_bits = 2048 encrypt_key = no default_md = sha256 utf8 = yes string_mask = utf8only prompt = no distinguished_name = ca_dn [ca_dn] countryName = "DE" organizationName = "python-ldap" organizationalUnitName = "slapd-test" commonName = "Python LDAP Test CA" [ca] default_ca = python_ldap_ca [python_ldap_ca] certificate = $outdir/$ca.pem private_key = $outdir/$ca.key new_certs_dir = $tmpdir serial = $tmpdir/$ca.crt.srl crlnumber = $tmpdir/$ca.crl.srl database = $tmpdir/$ca.db unique_subject = no default_days = 3652 default_md = sha256 policy = match_pol email_in_dn = no preserve = no name_opt = $name_opt cert_opt = ca_default copy_extensions = none default_crl_days = 3651 [match_pol] countryName = match stateOrProvinceName = optional localityName = optional organizationName = match organizationalUnitName = match commonName = supplied [ca_ext] basicConstraints = critical,CA:true keyUsage = critical,keyCertSign,cRLSign subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always [server_san] DNS.1 = localhost IP.1 = 127.0.0.1 IP.2 = ::1 [server_ext] basicConstraints = critical,CA:false keyUsage = critical,digitalSignature,keyEncipherment extendedKeyUsage = critical,serverAuth subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always subjectAltName = @server_san [client_ext] basicConstraints = critical,CA:false keyUsage = critical,digitalSignature extendedKeyUsage = critical,clientAuth subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always python-ldap-3.2.0/Lib/slapdtest/certs/client.pem0000644000175000017500000001061713327633471023521 0ustar pviktoripviktorin00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 3 (0x3) Signature Algorithm: sha256WithRSAEncryption Issuer: C=DE, O=python-ldap, OU=slapd-test, CN=Python LDAP Test CA Validity Not Before: Dec 2 11:57:48 2017 GMT Not After : Dec 2 11:57:48 2027 GMT Subject: C=DE, O=python-ldap, OU=slapd-test, CN=client Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c6:c6:f6:cc:11:b6:a1:56:22:b8:3f:a6:a8:59: 49:1c:88:87:f5:74:46:13:06:e5:3c:33:57:92:85: 11:14:67:76:2d:ab:f7:9e:e3:6e:69:5d:1c:b1:c4: 3a:c0:6b:cc:a0:46:3a:ac:ee:d6:ae:c2:18:00:28: db:8f:44:6c:b0:ee:1c:99:d4:ab:b8:bd:03:9b:c1: 7f:6b:cf:21:d0:e8:58:fa:d3:a5:38:1c:76:d8:7c: 05:5b:d0:01:7b:3b:32:db:84:d1:f7:8a:c0:91:b4: d7:26:11:44:98:1b:53:64:7e:7f:73:42:45:78:a7: 3d:8a:24:ce:1e:3e:de:06:c8:62:55:d0:d8:51:51: d1:dd:c2:0b:16:8a:e4:6d:d8:42:11:3f:02:d7:76: 47:ff:e2:cb:e6:d8:46:a1:00:96:b1:f9:23:1a:65: 87:bf:96:0f:70:f5:20:71:97:a0:d3:68:5f:65:16: 9a:0f:ab:37:96:f8:a9:d7:0a:61:3c:7b:ea:92:59: e6:bc:12:39:33:21:15:da:e0:a2:7f:12:75:0c:3f: 67:d4:2f:e2:5e:d9:a8:06:17:66:1f:08:87:7d:62: f2:d3:41:5f:18:0e:fe:c8:9b:54:a9:d2:c6:c8:50: 3a:16:5f:5e:06:0d:46:d9:f1:c0:6b:c1:f3:b2:23: 44:df Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: critical TLS Web Client Authentication X509v3 Subject Key Identifier: 67:63:38:F4:B4:BC:F3:6B:BC:74:0E:7C:27:C9:BB:C2:CC:58:AC:16 X509v3 Authority Key Identifier: keyid:3B:1F:32:F4:FE:57:D1:6F:49:91:55:F2:24:F1:0A:66:3B:A5:EE:D4 Signature Algorithm: sha256WithRSAEncryption 76:24:42:6b:33:4f:d6:59:07:48:5b:04:9c:3c:d3:3f:63:80: 75:4d:78:d7:d5:85:b1:77:81:31:a3:91:cb:c9:a3:8c:0e:00: 28:08:74:71:6c:fc:83:8c:80:ec:1c:e8:ee:83:e0:7f:49:3b: f3:42:33:5a:1f:68:0c:a5:41:42:ce:bf:77:29:07:f2:18:a7: 81:17:d7:76:47:04:d9:8a:dd:e8:5a:26:26:ea:a4:76:70:e1: f1:fa:e1:db:bc:f2:24:b2:37:a8:58:2f:e3:66:89:77:02:55: 87:ef:3c:1f:66:ce:4e:86:b3:4c:57:43:86:7f:4c:ab:5a:33: dd:ca:e3:2f:3b:af:b4:43:5a:53:8b:e0:12:da:e7:c0:13:76: b2:68:d5:14:f8:1a:07:ce:8a:87:5c:91:bd:35:d7:83:c6:2a: a4:e0:92:50:01:b9:c2:fa:69:06:5c:8a:80:ee:9c:24:f9:49: 64:e3:59:c1:a6:69:29:ce:b7:89:20:a9:7c:d6:9f:df:2a:d1: a4:98:2a:6d:7b:93:6a:52:e3:ae:de:1a:d8:f3:2e:cf:02:7e: ba:9a:fa:f4:b3:b5:6e:9a:23:10:70:53:53:30:d5:8a:32:35: 01:52:58:6d:9d:f5:8e:bb:b9:76:bd:41:16:88:26:f8:d3:ce: 70:03:c8:59 -----BEGIN CERTIFICATE----- MIIDkjCCAnqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJERTEU MBIGA1UECgwLcHl0aG9uLWxkYXAxEzARBgNVBAsMCnNsYXBkLXRlc3QxHDAaBgNV BAMME1B5dGhvbiBMREFQIFRlc3QgQ0EwHhcNMTcxMjAyMTE1NzQ4WhcNMjcxMjAy MTE1NzQ4WjBJMQswCQYDVQQGEwJERTEUMBIGA1UECgwLcHl0aG9uLWxkYXAxEzAR BgNVBAsMCnNsYXBkLXRlc3QxDzANBgNVBAMMBmNsaWVudDCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAMbG9swRtqFWIrg/pqhZSRyIh/V0RhMG5TwzV5KF ERRndi2r957jbmldHLHEOsBrzKBGOqzu1q7CGAAo249EbLDuHJnUq7i9A5vBf2vP IdDoWPrTpTgcdth8BVvQAXs7MtuE0feKwJG01yYRRJgbU2R+f3NCRXinPYokzh4+ 3gbIYlXQ2FFR0d3CCxaK5G3YQhE/Atd2R//iy+bYRqEAlrH5Ixplh7+WD3D1IHGX oNNoX2UWmg+rN5b4qdcKYTx76pJZ5rwSOTMhFdrgon8SdQw/Z9Qv4l7ZqAYXZh8I h31i8tNBXxgO/sibVKnSxshQOhZfXgYNRtnxwGvB87IjRN8CAwEAAaN4MHYwDAYD VR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUH AwIwHQYDVR0OBBYEFGdjOPS0vPNrvHQOfCfJu8LMWKwWMB8GA1UdIwQYMBaAFDsf MvT+V9FvSZFV8iTxCmY7pe7UMA0GCSqGSIb3DQEBCwUAA4IBAQB2JEJrM0/WWQdI WwScPNM/Y4B1TXjX1YWxd4Exo5HLyaOMDgAoCHRxbPyDjIDsHOjug+B/STvzQjNa H2gMpUFCzr93KQfyGKeBF9d2RwTZit3oWiYm6qR2cOHx+uHbvPIksjeoWC/jZol3 AlWH7zwfZs5OhrNMV0OGf0yrWjPdyuMvO6+0Q1pTi+AS2ufAE3ayaNUU+BoHzoqH XJG9NdeDxiqk4JJQAbnC+mkGXIqA7pwk+Ulk41nBpmkpzreJIKl81p/fKtGkmCpt e5NqUuOu3hrY8y7PAn66mvr0s7VumiMQcFNTMNWKMjUBUlhtnfWOu7l2vUEWiCb4 085wA8hZ -----END CERTIFICATE----- python-ldap-3.2.0/Lib/slapdtest/certs/README0000644000175000017500000000166513327633471022423 0ustar pviktoripviktorin00000000000000python-ldap test certificates ============================= Certificates and keys --------------------- * ``ca.pem``: internal root CA certificate * ``server.pem``: TLS server certificate for slapd, signed by root CA. The server cert is valid for DNS Name ``localhost`` and IPs ``127.0.0.1`` and ``:1``. * ``server.key``: private key for ``server.pem``, no password protection * ``client.pem``: certificate for TLS client cert authentication, signed by root CA. * ``client.key``: private key for ``client.pem``, no password protection Configuration and scripts ------------------------- * ``ca.conf`` contains the CA definition as well as extensions for the client and server certificates. * ``client.conf`` and ``server.conf`` hold the subject and base configuration for server and client certs. * ``gencerts.sh`` creates new CA, client and server certificates. * ``gennssdb.sh`` can be used to create a NSSDB for all certs and keys. python-ldap-3.2.0/Lib/slapdtest/certs/client.conf0000644000175000017500000000045013327633471023657 0ustar pviktoripviktorin00000000000000# Written by Christian Heimes [req] default_bits = 2048 encrypt_key = no default_md = sha256 utf8 = yes string_mask = utf8only prompt = no distinguished_name = client_dn [client_dn] countryName = "DE" organizationName = "python-ldap" organizationalUnitName = "slapd-test" commonName = "client" python-ldap-3.2.0/Lib/slapdtest/__init__.py0000644000175000017500000000057113441750114022516 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ slapdtest - module for spawning test instances of OpenLDAP's slapd server See https://www.python-ldap.org/ for details. """ __version__ = '3.2.0' from slapdtest._slapdtest import SlapdObject, SlapdTestCase, SysLogHandler from slapdtest._slapdtest import requires_ldapi, requires_sasl, requires_tls from slapdtest._slapdtest import skip_unless_ci python-ldap-3.2.0/Lib/slapdtest/_slapdtest.py0000644000175000017500000004631413441744767023147 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ slapdtest - module for spawning test instances of OpenLDAP's slapd server See https://www.python-ldap.org/ for details. """ from __future__ import unicode_literals import os import socket import sys import time import subprocess import logging import atexit from logging.handlers import SysLogHandler import unittest # Switch off processing .ldaprc or ldap.conf before importing _ldap os.environ['LDAPNOINIT'] = '1' import ldap from ldap.compat import quote_plus, which HERE = os.path.abspath(os.path.dirname(__file__)) # a template string for generating simple slapd.conf file SLAPD_CONF_TEMPLATE = r""" serverID %(serverid)s moduleload back_%(database)s %(include_directives)s loglevel %(loglevel)s allow bind_v2 authz-regexp "gidnumber=%(root_gid)s\\+uidnumber=%(root_uid)s,cn=peercred,cn=external,cn=auth" "%(rootdn)s" database %(database)s directory "%(directory)s" suffix "%(suffix)s" rootdn "%(rootdn)s" rootpw "%(rootpw)s" TLSCACertificateFile "%(cafile)s" TLSCertificateFile "%(servercert)s" TLSCertificateKeyFile "%(serverkey)s" # ignore missing client cert but fail with invalid client cert TLSVerifyClient try authz-regexp "C=DE, O=python-ldap, OU=slapd-test, CN=([A-Za-z]+)" "ldap://ou=people,dc=local???($1)" """ LOCALHOST = '127.0.0.1' CI_DISABLED = set(os.environ.get('CI_DISABLED', '').split(':')) if 'LDAPI' in CI_DISABLED: HAVE_LDAPI = False else: HAVE_LDAPI = hasattr(socket, 'AF_UNIX') def identity(test_item): """Identity decorator """ return test_item def skip_unless_ci(reason, feature=None): """Skip test unless test case is executed on CI like Travis CI """ if not os.environ.get('CI', False): return unittest.skip(reason) elif feature in CI_DISABLED: return unittest.skip(reason) else: # Don't skip on Travis return identity def requires_tls(): """Decorator for TLS tests Tests are not skipped on CI (e.g. Travis CI) """ if not ldap.TLS_AVAIL: return skip_unless_ci("test needs ldap.TLS_AVAIL", feature='TLS') else: return identity def requires_sasl(): if not ldap.SASL_AVAIL: return skip_unless_ci( "test needs ldap.SASL_AVAIL", feature='SASL') else: return identity def requires_ldapi(): if not HAVE_LDAPI: return skip_unless_ci( "test needs ldapi support (AF_UNIX)", feature='LDAPI') else: return identity def _add_sbin(path): """Add /sbin and related directories to a command search path""" directories = path.split(os.pathsep) if sys.platform != 'win32': for sbin in '/usr/local/sbin', '/sbin', '/usr/sbin': if sbin not in directories: directories.append(sbin) return os.pathsep.join(directories) def combined_logger( log_name, log_level=logging.WARN, sys_log_format='%(levelname)s %(message)s', console_log_format='%(asctime)s %(levelname)s %(message)s', ): """ Returns a combined SysLogHandler/StreamHandler logging instance with formatters """ if 'LOGLEVEL' in os.environ: log_level = os.environ['LOGLEVEL'] try: log_level = int(log_level) except ValueError: pass # for writing to syslog new_logger = logging.getLogger(log_name) if sys_log_format and os.path.exists('/dev/log'): my_syslog_formatter = logging.Formatter( fmt=' '.join((log_name, sys_log_format))) my_syslog_handler = logging.handlers.SysLogHandler( address='/dev/log', facility=SysLogHandler.LOG_DAEMON, ) my_syslog_handler.setFormatter(my_syslog_formatter) new_logger.addHandler(my_syslog_handler) if console_log_format: my_stream_formatter = logging.Formatter(fmt=console_log_format) my_stream_handler = logging.StreamHandler() my_stream_handler.setFormatter(my_stream_formatter) new_logger.addHandler(my_stream_handler) new_logger.setLevel(log_level) return new_logger # end of combined_logger() class SlapdObject(object): """ Controller class for a slapd instance, OpenLDAP's server. This class creates a temporary data store for slapd, runs it listening on a private Unix domain socket and TCP port, and initializes it with a top-level entry and the root user. When a reference to an instance of this class is lost, the slapd server is shut down. An instance can be used as a context manager. When exiting the context manager, the slapd server is shut down and the temporary data store is removed. .. versionchanged:: 3.1 Added context manager functionality """ slapd_conf_template = SLAPD_CONF_TEMPLATE database = 'mdb' suffix = 'dc=slapd-test,dc=python-ldap,dc=org' root_cn = 'Manager' root_pw = 'password' slapd_loglevel = 'stats stats2' local_host = '127.0.0.1' testrunsubdirs = ( 'schema', ) openldap_schema_files = ( 'core.schema', ) TMPDIR = os.environ.get('TMP', os.getcwd()) if 'SCHEMA' in os.environ: SCHEMADIR = os.environ['SCHEMA'] elif os.path.isdir("/etc/openldap/schema"): SCHEMADIR = "/etc/openldap/schema" elif os.path.isdir("/etc/ldap/schema"): SCHEMADIR = "/etc/ldap/schema" else: SCHEMADIR = None BIN_PATH = os.environ.get('BIN', os.environ.get('PATH', os.defpath)) SBIN_PATH = os.environ.get('SBIN', _add_sbin(BIN_PATH)) # time in secs to wait before trying to access slapd via LDAP (again) _start_sleep = 1.5 # create loggers once, multiple calls mess up refleak tests _log = combined_logger('python-ldap-test') def __init__(self): self._proc = None self._port = self._avail_tcp_port() self.server_id = self._port % 4096 self.testrundir = os.path.join(self.TMPDIR, 'python-ldap-test-%d' % self._port) self._schema_prefix = os.path.join(self.testrundir, 'schema') self._slapd_conf = os.path.join(self.testrundir, 'slapd.conf') self._db_directory = os.path.join(self.testrundir, "openldap-data") self.ldap_uri = "ldap://%s:%d/" % (LOCALHOST, self._port) if HAVE_LDAPI: ldapi_path = os.path.join(self.testrundir, 'ldapi') self.ldapi_uri = "ldapi://%s" % quote_plus(ldapi_path) self.default_ldap_uri = self.ldapi_uri # use SASL/EXTERNAL via LDAPI when invoking OpenLDAP CLI tools self.cli_sasl_external = ldap.SASL_AVAIL else: self.ldapi_uri = None self.default_ldap_uri = self.ldap_uri # Use simple bind via LDAP uri self.cli_sasl_external = False self._find_commands() if self.SCHEMADIR is None: raise ValueError('SCHEMADIR is None, ldap schemas are missing.') # TLS certs self.cafile = os.path.join(HERE, 'certs/ca.pem') self.servercert = os.path.join(HERE, 'certs/server.pem') self.serverkey = os.path.join(HERE, 'certs/server.key') self.clientcert = os.path.join(HERE, 'certs/client.pem') self.clientkey = os.path.join(HERE, 'certs/client.key') @property def root_dn(self): return 'cn={self.root_cn},{self.suffix}'.format(self=self) def _find_commands(self): self.PATH_LDAPADD = self._find_command('ldapadd') self.PATH_LDAPDELETE = self._find_command('ldapdelete') self.PATH_LDAPMODIFY = self._find_command('ldapmodify') self.PATH_LDAPWHOAMI = self._find_command('ldapwhoami') self.PATH_SLAPD = os.environ.get('SLAPD', None) if not self.PATH_SLAPD: self.PATH_SLAPD = self._find_command('slapd', in_sbin=True) self.PATH_SLAPTEST = self._find_command('slaptest', in_sbin=True) def _find_command(self, cmd, in_sbin=False): if in_sbin: path = self.SBIN_PATH var_name = 'SBIN' else: path = self.BIN_PATH var_name = 'BIN' command = which(cmd, path=path) if command is None: raise ValueError( "Command '{}' not found. Set the {} environment variable to " "override slapdtest's search path.".format(cmd, var_name) ) return command def setup_rundir(self): """ creates rundir structure for setting up a custom directory structure you have to override this method """ os.mkdir(self.testrundir) os.mkdir(self._db_directory) self._create_sub_dirs(self.testrunsubdirs) self._ln_schema_files(self.openldap_schema_files, self.SCHEMADIR) def _cleanup_rundir(self): """ Recursively delete whole directory specified by `path' """ # cleanup_rundir() is called in atexit handler. Until Python 3.4, # the rest of the world is already destroyed. import os, os.path if not os.path.exists(self.testrundir): return self._log.debug('clean-up %s', self.testrundir) for dirpath, dirnames, filenames in os.walk( self.testrundir, topdown=False ): for filename in filenames: self._log.debug('remove %s', os.path.join(dirpath, filename)) os.remove(os.path.join(dirpath, filename)) for dirname in dirnames: self._log.debug('rmdir %s', os.path.join(dirpath, dirname)) os.rmdir(os.path.join(dirpath, dirname)) os.rmdir(self.testrundir) self._log.info('cleaned-up %s', self.testrundir) def _avail_tcp_port(self): """ find an available port for TCP connection """ sock = socket.socket() try: sock.bind((self.local_host, 0)) port = sock.getsockname()[1] finally: sock.close() self._log.info('Found available port %d', port) return port def gen_config(self): """ generates a slapd.conf and returns it as one string for generating specific static configuration files you have to override this method """ include_directives = '\n'.join( 'include "{schema_prefix}/{schema_file}"'.format( schema_prefix=self._schema_prefix, schema_file=schema_file, ) for schema_file in self.openldap_schema_files ) config_dict = { 'serverid': hex(self.server_id), 'schema_prefix':self._schema_prefix, 'include_directives': include_directives, 'loglevel': self.slapd_loglevel, 'database': self.database, 'directory': self._db_directory, 'suffix': self.suffix, 'rootdn': self.root_dn, 'rootpw': self.root_pw, 'root_uid': os.getuid(), 'root_gid': os.getgid(), 'cafile': self.cafile, 'servercert': self.servercert, 'serverkey': self.serverkey, } return self.slapd_conf_template % config_dict def _create_sub_dirs(self, dir_names): """ create sub-directories beneath self.testrundir """ for dname in dir_names: dir_name = os.path.join(self.testrundir, dname) self._log.debug('Create directory %s', dir_name) os.mkdir(dir_name) def _ln_schema_files(self, file_names, source_dir): """ write symbolic links to original schema files """ for fname in file_names: ln_source = os.path.join(source_dir, fname) ln_target = os.path.join(self._schema_prefix, fname) self._log.debug('Create symlink %s -> %s', ln_source, ln_target) os.symlink(ln_source, ln_target) def _write_config(self): """Writes the slapd.conf file out, and returns the path to it.""" self._log.debug('Writing config to %s', self._slapd_conf) with open(self._slapd_conf, 'w') as config_file: config_file.write(self.gen_config()) self._log.info('Wrote config to %s', self._slapd_conf) def _test_config(self): self._log.debug('testing config %s', self._slapd_conf) popen_list = [ self.PATH_SLAPTEST, "-f", self._slapd_conf, '-u', ] if self._log.isEnabledFor(logging.DEBUG): popen_list.append('-v') popen_list.extend(['-d', 'config']) else: popen_list.append('-Q') proc = subprocess.Popen(popen_list) if proc.wait() != 0: raise RuntimeError("configuration test failed") self._log.info("config ok: %s", self._slapd_conf) def _start_slapd(self): """ Spawns/forks the slapd process """ urls = [self.ldap_uri] if self.ldapi_uri: urls.append(self.ldapi_uri) slapd_args = [ self.PATH_SLAPD, '-f', self._slapd_conf, '-F', self.testrundir, '-h', ' '.join(urls), ] if self._log.isEnabledFor(logging.DEBUG): slapd_args.extend(['-d', '-1']) else: slapd_args.extend(['-d', '0']) self._log.info('starting slapd: %r', ' '.join(slapd_args)) self._proc = subprocess.Popen(slapd_args) # Waits until the LDAP server socket is open, or slapd crashed # no cover to avoid spurious coverage changes, see # https://github.com/python-ldap/python-ldap/issues/127 for _ in range(10): # pragma: no cover if self._proc.poll() is not None: self._stopped() raise RuntimeError("slapd exited before opening port") time.sleep(self._start_sleep) try: self._log.debug( "slapd connection check to %s", self.default_ldap_uri ) self.ldapwhoami() except RuntimeError: pass else: return raise RuntimeError("slapd did not start properly") def start(self): """ Starts the slapd server process running, and waits for it to come up. """ if self._proc is None: # prepare directory structure atexit.register(self.stop) self._cleanup_rundir() self.setup_rundir() self._write_config() self._test_config() self._start_slapd() self._log.debug( 'slapd with pid=%d listening on %s and %s', self._proc.pid, self.ldap_uri, self.ldapi_uri ) def stop(self): """ Stops the slapd server, and waits for it to terminate and cleans up """ if self._proc is not None: self._log.debug('stopping slapd with pid %d', self._proc.pid) self._proc.terminate() self.wait() self._cleanup_rundir() if hasattr(atexit, 'unregister'): # Python 3 atexit.unregister(self.stop) elif hasattr(atexit, '_exithandlers'): # Python 2, can be None during process shutdown try: atexit._exithandlers.remove(self.stop) except ValueError: pass def restart(self): """ Restarts the slapd server with same data """ self._proc.terminate() self.wait() self._start_slapd() def wait(self): """Waits for the slapd process to terminate by itself.""" if self._proc: self._proc.wait() self._stopped() def _stopped(self): """Called when the slapd server is known to have terminated""" if self._proc is not None: self._log.info('slapd[%d] terminated', self._proc.pid) self._proc = None def _cli_auth_args(self): if self.cli_sasl_external: authc_args = [ '-Y', 'EXTERNAL', ] if not self._log.isEnabledFor(logging.DEBUG): authc_args.append('-Q') else: authc_args = [ '-x', '-D', self.root_dn, '-w', self.root_pw, ] return authc_args # no cover to avoid spurious coverage changes def _cli_popen(self, ldapcommand, extra_args=None, ldap_uri=None, stdin_data=None): # pragma: no cover if ldap_uri is None: ldap_uri = self.default_ldap_uri args = [ ldapcommand, '-H', ldap_uri, ] + self._cli_auth_args() + (extra_args or []) self._log.debug('Run command: %r', ' '.join(args)) proc = subprocess.Popen( args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE ) self._log.debug('stdin_data=%r', stdin_data) stdout_data, stderr_data = proc.communicate(stdin_data) if stdout_data is not None: self._log.debug('stdout_data=%r', stdout_data) if stderr_data is not None: self._log.debug('stderr_data=%r', stderr_data) if proc.wait() != 0: raise RuntimeError( '{!r} process failed:\n{!r}\n{!r}'.format( args, stdout_data, stderr_data ) ) return stdout_data, stderr_data def ldapwhoami(self, extra_args=None): """ Runs ldapwhoami on this slapd instance """ self._cli_popen(self.PATH_LDAPWHOAMI, extra_args=extra_args) def ldapadd(self, ldif, extra_args=None): """ Runs ldapadd on this slapd instance, passing it the ldif content """ self._cli_popen(self.PATH_LDAPADD, extra_args=extra_args, stdin_data=ldif.encode('utf-8')) def ldapmodify(self, ldif, extra_args=None): """ Runs ldapadd on this slapd instance, passing it the ldif content """ self._cli_popen(self.PATH_LDAPMODIFY, extra_args=extra_args, stdin_data=ldif.encode('utf-8')) def ldapdelete(self, dn, recursive=False, extra_args=None): """ Runs ldapdelete on this slapd instance, deleting 'dn' """ if extra_args is None: extra_args = [] if recursive: extra_args.append('-r') extra_args.append(dn) self._cli_popen(self.PATH_LDAPDELETE, extra_args=extra_args) def __enter__(self): self.start() return self def __exit__(self, exc_type, exc_value, traceback): self.stop() class SlapdTestCase(unittest.TestCase): """ test class which also clones or initializes a running slapd """ server_class = SlapdObject server = None ldap_object_class = None def _open_ldap_conn(self, who=None, cred=None, **kwargs): """ return a LDAPObject instance after simple bind """ ldap_conn = self.ldap_object_class(self.server.ldap_uri, **kwargs) ldap_conn.protocol_version = 3 #ldap_conn.set_option(ldap.OPT_REFERRALS, 0) ldap_conn.simple_bind_s(who or self.server.root_dn, cred or self.server.root_pw) return ldap_conn @classmethod def setUpClass(cls): cls.server = cls.server_class() cls.server.start() @classmethod def tearDownClass(cls): cls.server.stop() python-ldap-3.2.0/Lib/ldif.py0000644000175000017500000004746613441750123017710 0ustar pviktoripviktorin00000000000000""" ldif - generate and parse LDIF data (see RFC 2849) See https://www.python-ldap.org/ for details. """ from __future__ import unicode_literals __version__ = '3.2.0' __all__ = [ # constants 'ldif_pattern', # functions 'CreateLDIF','ParseLDIF', # classes 'LDIFWriter', 'LDIFParser', 'LDIFRecordList', 'LDIFCopy', ] import re from base64 import b64encode, b64decode from io import StringIO import warnings from ldap.compat import urlparse, urlopen attrtype_pattern = r'[\w;.-]+(;[\w_-]+)*' attrvalue_pattern = r'(([^,]|\\,)+|".*?")' attrtypeandvalue_pattern = attrtype_pattern + r'[ ]*=[ ]*' + attrvalue_pattern rdn_pattern = attrtypeandvalue_pattern + r'([ ]*\+[ ]*' + attrtypeandvalue_pattern + r')*[ ]*' dn_pattern = rdn_pattern + r'([ ]*,[ ]*' + rdn_pattern + r')*[ ]*' dn_regex = re.compile('^%s$' % dn_pattern) ldif_pattern = '^((dn(:|::) %(dn_pattern)s)|(%(attrtype_pattern)s(:|::) .*)$)+' % vars() MOD_OP_INTEGER = { 'add':0, # ldap.MOD_ADD 'delete':1, # ldap.MOD_DELETE 'replace':2, # ldap.MOD_REPLACE 'increment':3, # ldap.MOD_INCREMENT } MOD_OP_STR = { 0:'add',1:'delete',2:'replace',3:'increment' } CHANGE_TYPES = ['add','delete','modify','modrdn'] valid_changetype_dict = {} for c in CHANGE_TYPES: valid_changetype_dict[c]=None def is_dn(s): """ returns 1 if s is a LDAP DN """ if s=='': return 1 rm = dn_regex.match(s) return rm!=None and rm.group(0)==s SAFE_STRING_PATTERN = b'(^(\000|\n|\r| |:|<)|[\000\n\r\200-\377]+|[ ]+$)' safe_string_re = re.compile(SAFE_STRING_PATTERN) def list_dict(l): """ return a dictionary with all items of l being the keys of the dictionary """ return {i: None for i in l} class LDIFWriter: """ Write LDIF entry or change records to file object Copy LDIF input to a file output object containing all data retrieved via URLs """ def __init__(self,output_file,base64_attrs=None,cols=76,line_sep='\n'): """ output_file file object for output; should be opened in *text* mode base64_attrs list of attribute types to be base64-encoded in any case cols Specifies how many columns a line may have before it's folded into many lines. line_sep String used as line separator """ self._output_file = output_file self._base64_attrs = list_dict([a.lower() for a in (base64_attrs or [])]) self._cols = cols self._last_line_sep = line_sep self.records_written = 0 def _unfold_lines(self,line): """ Write string line as one or more folded lines """ # Check maximum line length line_len = len(line) if line_len<=self._cols: self._output_file.write(line) self._output_file.write(self._last_line_sep) else: # Fold line pos = self._cols self._output_file.write(line[0:min(line_len,self._cols)]) self._output_file.write(self._last_line_sep) while pos=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.* python-ldap-3.2.0/Lib/python_ldap.egg-info/requires.txt0000644000175000017500000000004413441750214025011 0ustar pviktoripviktorin00000000000000pyasn1>=0.3.7 pyasn1_modules>=0.1.5 python-ldap-3.2.0/Lib/python_ldap.egg-info/top_level.txt0000644000175000017500000000004213441750214025141 0ustar pviktoripviktorin00000000000000_ldap ldap ldapurl ldif slapdtest python-ldap-3.2.0/Lib/python_ldap.egg-info/not-zip-safe0000644000175000017500000000000113441750214024641 0ustar pviktoripviktorin00000000000000 python-ldap-3.2.0/Lib/python_ldap.egg-info/dependency_links.txt0000644000175000017500000000000113441750214026461 0ustar pviktoripviktorin00000000000000 python-ldap-3.2.0/Lib/python_ldap.egg-info/SOURCES.txt0000644000175000017500000000771413441750214024310 0ustar pviktoripviktorin00000000000000.coveragerc CHANGES INSTALL LICENCE MANIFEST.in Makefile README TODO setup.cfg setup.py tox.ini Build/setup.cfg.mingw Build/setup.cfg.suse-linux Build/setup.cfg.win32 Demo/initialize.py Demo/ldapcontrols.py Demo/ldapurl_search.py Demo/matchedvalues.py Demo/ms_ad_bind.py Demo/options.py Demo/page_control.py Demo/paged_search_ext_s.py Demo/passwd_ext_op.py Demo/pickle_ldapobject.py Demo/reconnect.py Demo/rename.py Demo/resiter.py Demo/sasl_bind.py Demo/schema.py Demo/schema_tree.py Demo/simple.py Demo/simplebrowse.py Demo/Lib/ldap/async/deltree.py Demo/Lib/ldap/async/ldifwriter.py Demo/Lib/ldap/async/sizelimit.py Demo/Lib/ldapurl/urlsearch.py Demo/Lib/ldif/ldifcopy.py Demo/pyasn1/dds.py Demo/pyasn1/derefcontrol.py Demo/pyasn1/noopsearch.py Demo/pyasn1/ppolicy.py Demo/pyasn1/psearch.py Demo/pyasn1/readentrycontrol.py Demo/pyasn1/sessiontrack.py Demo/pyasn1/sss_highest_number.py Demo/pyasn1/syncrepl.py Doc/Makefile Doc/bytes_mode.rst Doc/conf.py Doc/contributing.rst Doc/fake_ldap_module_for_documentation.py Doc/faq.rst Doc/index.rst Doc/installing.rst Doc/resources.rst Doc/sample_workflow.rst Doc/spelling_wordlist.txt Doc/reference/index.rst Doc/reference/ldap-async.rst Doc/reference/ldap-controls.rst Doc/reference/ldap-dn.rst Doc/reference/ldap-extop.rst Doc/reference/ldap-filter.rst Doc/reference/ldap-modlist.rst Doc/reference/ldap-resiter.rst Doc/reference/ldap-sasl.rst Doc/reference/ldap-schema.rst Doc/reference/ldap-syncrepl.rst Doc/reference/ldap.rst Doc/reference/ldapurl.rst Doc/reference/ldif.rst Doc/reference/slapdtest.rst Lib/ldapurl.py Lib/ldif.py Lib/ldap/__init__.py Lib/ldap/async.py Lib/ldap/asyncsearch.py Lib/ldap/cidict.py Lib/ldap/compat.py Lib/ldap/constants.py Lib/ldap/dn.py Lib/ldap/filter.py Lib/ldap/functions.py Lib/ldap/ldapobject.py Lib/ldap/logger.py Lib/ldap/modlist.py Lib/ldap/pkginfo.py Lib/ldap/resiter.py Lib/ldap/sasl.py Lib/ldap/syncrepl.py Lib/ldap/controls/__init__.py Lib/ldap/controls/deref.py Lib/ldap/controls/libldap.py Lib/ldap/controls/openldap.py Lib/ldap/controls/pagedresults.py Lib/ldap/controls/ppolicy.py Lib/ldap/controls/psearch.py Lib/ldap/controls/pwdpolicy.py Lib/ldap/controls/readentry.py Lib/ldap/controls/sessiontrack.py Lib/ldap/controls/simple.py Lib/ldap/controls/sss.py Lib/ldap/controls/vlv.py Lib/ldap/extop/__init__.py Lib/ldap/extop/dds.py Lib/ldap/schema/__init__.py Lib/ldap/schema/models.py Lib/ldap/schema/subentry.py Lib/ldap/schema/tokenizer.py Lib/python_ldap.egg-info/PKG-INFO Lib/python_ldap.egg-info/SOURCES.txt Lib/python_ldap.egg-info/dependency_links.txt Lib/python_ldap.egg-info/not-zip-safe Lib/python_ldap.egg-info/requires.txt Lib/python_ldap.egg-info/top_level.txt Lib/slapdtest/__init__.py Lib/slapdtest/_slapdtest.py Lib/slapdtest/certs/README Lib/slapdtest/certs/ca.conf Lib/slapdtest/certs/ca.pem Lib/slapdtest/certs/client.conf Lib/slapdtest/certs/client.key Lib/slapdtest/certs/client.pem Lib/slapdtest/certs/gencerts.sh Lib/slapdtest/certs/gennssdb.sh Lib/slapdtest/certs/server.conf Lib/slapdtest/certs/server.key Lib/slapdtest/certs/server.pem Modules/LDAPObject.c Modules/LDAPObject.h Modules/berval.c Modules/berval.h Modules/common.c Modules/common.h Modules/constants.c Modules/constants.h Modules/constants_generated.h Modules/functions.c Modules/functions.h Modules/ldapcontrol.c Modules/ldapcontrol.h Modules/ldapmodule.c Modules/message.c Modules/message.h Modules/options.c Modules/options.h Tests/__init__.py Tests/t_bind.py Tests/t_cext.py Tests/t_cidict.py Tests/t_edit.py Tests/t_ldap_asyncsearch.py Tests/t_ldap_controls_libldap.py Tests/t_ldap_controls_ppolicy.py Tests/t_ldap_controls_sss.py Tests/t_ldap_dn.py Tests/t_ldap_filter.py Tests/t_ldap_functions.py Tests/t_ldap_modlist.py Tests/t_ldap_options.py Tests/t_ldap_sasl.py Tests/t_ldap_schema_subentry.py Tests/t_ldap_schema_tokenizer.py Tests/t_ldap_syncrepl.py Tests/t_ldapobject.py Tests/t_ldapurl.py Tests/t_ldif.py Tests/t_slapdobject.py Tests/t_untested_mods.py Tests/data/subschema-ipa.demo1.freeipa.org.ldif Tests/data/subschema-openldap-all.ldifpython-ldap-3.2.0/Lib/ldap/0000755000175000017500000000000013441750214017320 5ustar pviktoripviktorin00000000000000python-ldap-3.2.0/Lib/ldap/async.py0000644000175000017500000000051713441744754021026 0ustar pviktoripviktorin00000000000000""" ldap.asyncsearch - handle async LDAP search operations See https://www.python-ldap.org/ for details. """ import warnings from ldap.asyncsearch import * from ldap.asyncsearch import __version__ warnings.warn( "'ldap.async module' is deprecated, import 'ldap.asyncsearch' instead.", DeprecationWarning, stacklevel=2 ) python-ldap-3.2.0/Lib/ldap/syncrepl.py0000644000175000017500000004420613441744767021557 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ ldap.syncrepl - for implementing syncrepl consumer (see RFC 4533) See https://www.python-ldap.org/ for project details. """ from uuid import UUID # Imports from pyasn1 from pyasn1.type import tag, namedtype, namedval, univ, constraint from pyasn1.codec.ber import encoder, decoder from ldap.pkginfo import __version__, __author__, __license__ from ldap.controls import RequestControl, ResponseControl, KNOWN_RESPONSE_CONTROLS __all__ = [ 'SyncreplConsumer', ] class SyncUUID(univ.OctetString): """ syncUUID ::= OCTET STRING (SIZE(16)) """ subtypeSpec = constraint.ValueSizeConstraint(16, 16) class SyncCookie(univ.OctetString): """ syncCookie ::= OCTET STRING """ class SyncRequestMode(univ.Enumerated): """ mode ENUMERATED { -- 0 unused refreshOnly (1), -- 2 reserved refreshAndPersist (3) }, """ namedValues = namedval.NamedValues( ('refreshOnly', 1), ('refreshAndPersist', 3) ) subtypeSpec = univ.Enumerated.subtypeSpec + constraint.SingleValueConstraint(1, 3) class SyncRequestValue(univ.Sequence): """ syncRequestValue ::= SEQUENCE { mode ENUMERATED { -- 0 unused refreshOnly (1), -- 2 reserved refreshAndPersist (3) }, cookie syncCookie OPTIONAL, reloadHint BOOLEAN DEFAULT FALSE } """ componentType = namedtype.NamedTypes( namedtype.NamedType('mode', SyncRequestMode()), namedtype.OptionalNamedType('cookie', SyncCookie()), namedtype.DefaultedNamedType('reloadHint', univ.Boolean(False)) ) class SyncRequestControl(RequestControl): """ The Sync Request Control is an LDAP Control [RFC4511] where the controlType is the object identifier 1.3.6.1.4.1.4203.1.9.1.1 and the controlValue, an OCTET STRING, contains a BER-encoded syncRequestValue. The criticality field is either TRUE or FALSE. [..] The Sync Request Control is only applicable to the SearchRequest Message. """ controlType = '1.3.6.1.4.1.4203.1.9.1.1' def __init__(self, criticality=1, cookie=None, mode='refreshOnly', reloadHint=False): self.criticality = criticality self.cookie = cookie self.mode = mode self.reloadHint = reloadHint def encodeControlValue(self): rcv = SyncRequestValue() rcv.setComponentByName('mode', SyncRequestMode(self.mode)) if self.cookie is not None: rcv.setComponentByName('cookie', SyncCookie(self.cookie)) if self.reloadHint: rcv.setComponentByName('reloadHint', univ.Boolean(self.reloadHint)) return encoder.encode(rcv) class SyncStateOp(univ.Enumerated): """ state ENUMERATED { present (0), add (1), modify (2), delete (3) }, """ namedValues = namedval.NamedValues( ('present', 0), ('add', 1), ('modify', 2), ('delete', 3) ) subtypeSpec = univ.Enumerated.subtypeSpec + constraint.SingleValueConstraint(0, 1, 2, 3) class SyncStateValue(univ.Sequence): """ syncStateValue ::= SEQUENCE { state ENUMERATED { present (0), add (1), modify (2), delete (3) }, entryUUID syncUUID, cookie syncCookie OPTIONAL } """ componentType = namedtype.NamedTypes( namedtype.NamedType('state', SyncStateOp()), namedtype.NamedType('entryUUID', SyncUUID()), namedtype.OptionalNamedType('cookie', SyncCookie()) ) class SyncStateControl(ResponseControl): """ The Sync State Control is an LDAP Control [RFC4511] where the controlType is the object identifier 1.3.6.1.4.1.4203.1.9.1.2 and the controlValue, an OCTET STRING, contains a BER-encoded SyncStateValue. The criticality is FALSE. [..] The Sync State Control is only applicable to SearchResultEntry and SearchResultReference Messages. """ controlType = '1.3.6.1.4.1.4203.1.9.1.2' opnames = ('present', 'add', 'modify', 'delete') def decodeControlValue(self, encodedControlValue): d = decoder.decode(encodedControlValue, asn1Spec=SyncStateValue()) state = d[0].getComponentByName('state') uuid = UUID(bytes=bytes(d[0].getComponentByName('entryUUID'))) cookie = d[0].getComponentByName('cookie') if cookie is not None and cookie.hasValue(): self.cookie = str(cookie) else: self.cookie = None self.state = self.__class__.opnames[int(state)] self.entryUUID = str(uuid) KNOWN_RESPONSE_CONTROLS[SyncStateControl.controlType] = SyncStateControl class SyncDoneValue(univ.Sequence): """ syncDoneValue ::= SEQUENCE { cookie syncCookie OPTIONAL, refreshDeletes BOOLEAN DEFAULT FALSE } """ componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('cookie', SyncCookie()), namedtype.DefaultedNamedType('refreshDeletes', univ.Boolean(False)) ) class SyncDoneControl(ResponseControl): """ The Sync Done Control is an LDAP Control [RFC4511] where the controlType is the object identifier 1.3.6.1.4.1.4203.1.9.1.3 and the controlValue contains a BER-encoded syncDoneValue. The criticality is FALSE (and hence absent). [..] The Sync Done Control is only applicable to the SearchResultDone Message. """ controlType = '1.3.6.1.4.1.4203.1.9.1.3' def decodeControlValue(self, encodedControlValue): d = decoder.decode(encodedControlValue, asn1Spec=SyncDoneValue()) cookie = d[0].getComponentByName('cookie') if cookie.hasValue(): self.cookie = str(cookie) else: self.cookie = None refresh_deletes = d[0].getComponentByName('refreshDeletes') if refresh_deletes.hasValue(): self.refreshDeletes = bool(refresh_deletes) else: self.refreshDeletes = None KNOWN_RESPONSE_CONTROLS[SyncDoneControl.controlType] = SyncDoneControl class RefreshDelete(univ.Sequence): """ refreshDelete [1] SEQUENCE { cookie syncCookie OPTIONAL, refreshDone BOOLEAN DEFAULT TRUE }, """ componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('cookie', SyncCookie()), namedtype.DefaultedNamedType('refreshDone', univ.Boolean(True)) ) class RefreshPresent(univ.Sequence): """ refreshPresent [2] SEQUENCE { cookie syncCookie OPTIONAL, refreshDone BOOLEAN DEFAULT TRUE }, """ componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('cookie', SyncCookie()), namedtype.DefaultedNamedType('refreshDone', univ.Boolean(True)) ) class SyncUUIDs(univ.SetOf): """ syncUUIDs SET OF syncUUID """ componentType = SyncUUID() class SyncIdSet(univ.Sequence): """ syncIdSet [3] SEQUENCE { cookie syncCookie OPTIONAL, refreshDeletes BOOLEAN DEFAULT FALSE, syncUUIDs SET OF syncUUID } """ componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('cookie', SyncCookie()), namedtype.DefaultedNamedType('refreshDeletes', univ.Boolean(False)), namedtype.NamedType('syncUUIDs', SyncUUIDs()) ) class SyncInfoValue(univ.Choice): """ syncInfoValue ::= CHOICE { newcookie [0] syncCookie, refreshDelete [1] SEQUENCE { cookie syncCookie OPTIONAL, refreshDone BOOLEAN DEFAULT TRUE }, refreshPresent [2] SEQUENCE { cookie syncCookie OPTIONAL, refreshDone BOOLEAN DEFAULT TRUE }, syncIdSet [3] SEQUENCE { cookie syncCookie OPTIONAL, refreshDeletes BOOLEAN DEFAULT FALSE, syncUUIDs SET OF syncUUID } } """ componentType = namedtype.NamedTypes( namedtype.NamedType( 'newcookie', SyncCookie().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0) ) ), namedtype.NamedType( 'refreshDelete', RefreshDelete().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1) ) ), namedtype.NamedType( 'refreshPresent', RefreshPresent().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2) ) ), namedtype.NamedType( 'syncIdSet', SyncIdSet().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3) ) ) ) class SyncInfoMessage: """ The Sync Info Message is an LDAP Intermediate Response Message [RFC4511] where responseName is the object identifier 1.3.6.1.4.1.4203.1.9.1.4 and responseValue contains a BER-encoded syncInfoValue. The criticality is FALSE (and hence absent). """ responseName = '1.3.6.1.4.1.4203.1.9.1.4' def __init__(self, encodedMessage): d = decoder.decode(encodedMessage, asn1Spec=SyncInfoValue()) self.newcookie = None self.refreshDelete = None self.refreshPresent = None self.syncIdSet = None for attr in ['newcookie', 'refreshDelete', 'refreshPresent', 'syncIdSet']: comp = d[0].getComponentByName(attr) if comp is not None and comp.hasValue(): if attr == 'newcookie': self.newcookie = str(comp) return val = {} cookie = comp.getComponentByName('cookie') if cookie.hasValue(): val['cookie'] = str(cookie) if attr.startswith('refresh'): val['refreshDone'] = bool(comp.getComponentByName('refreshDone')) elif attr == 'syncIdSet': uuids = [] ids = comp.getComponentByName('syncUUIDs') for i in range(len(ids)): uuid = UUID(bytes=bytes(ids.getComponentByPosition(i))) uuids.append(str(uuid)) val['syncUUIDs'] = uuids val['refreshDeletes'] = bool(comp.getComponentByName('refreshDeletes')) setattr(self, attr, val) return class SyncreplConsumer: """ SyncreplConsumer - LDAP syncrepl consumer object. """ def syncrepl_search(self, base, scope, mode='refreshOnly', cookie=None, **search_args): """ Starts syncrepl search operation. base, scope, and search_args are passed along to self.search_ext unmodified (aside from adding a Sync Request control to any serverctrls provided). mode provides syncrepl mode. Can be 'refreshOnly' to finish after synchronization, or 'refreshAndPersist' to persist (continue to receive updates) after synchronization. cookie: an opaque value representing the replication state of the client. Subclasses should override the syncrepl_set_cookie() and syncrepl_get_cookie() methods to store the cookie appropriately, rather than passing it. Only a single syncrepl search may be active on a SyncreplConsumer object. Multiple concurrent syncrepl searches require multiple separate SyncreplConsumer objects and thus multiple connections (LDAPObject instances). """ if cookie is None: cookie = self.syncrepl_get_cookie() syncreq = SyncRequestControl(cookie=cookie, mode=mode) if 'serverctrls' in search_args: search_args['serverctrls'] += [syncreq] else: search_args['serverctrls'] = [syncreq] self.__refreshDone = False return self.search_ext(base, scope, **search_args) def syncrepl_poll(self, msgid=-1, timeout=None, all=0): """ polls for and processes responses to the syncrepl_search() operation. Returns False when operation finishes, True if it is in progress, or raises an exception on error. If timeout is specified, raises ldap.TIMEOUT in the event of a timeout. If all is set to a nonzero value, poll() will return only when finished or when an exception is raised. """ while True: type, msg, mid, ctrls, n, v = self.result4( msgid=msgid, timeout=timeout, add_intermediates=1, add_ctrls=1, all=0, ) if type == 101: # search result. This marks the end of a refreshOnly session. # look for a SyncDone control, save the cookie, and if necessary # delete non-present entries. for c in ctrls: if c.__class__.__name__ != 'SyncDoneControl': continue self.syncrepl_present(None, refreshDeletes=c.refreshDeletes) if c.cookie is not None: self.syncrepl_set_cookie(c.cookie) return False elif type == 100: # search entry with associated SyncState control for m in msg: dn, attrs, ctrls = m for c in ctrls: if c.__class__.__name__ != 'SyncStateControl': continue if c.state == 'present': self.syncrepl_present([c.entryUUID]) elif c.state == 'delete': self.syncrepl_delete([c.entryUUID]) else: self.syncrepl_entry(dn, attrs, c.entryUUID) if self.__refreshDone is False: self.syncrepl_present([c.entryUUID]) if c.cookie is not None: self.syncrepl_set_cookie(c.cookie) break elif type == 121: # Intermediate message. If it is a SyncInfoMessage, parse it for m in msg: rname, resp, ctrls = m if rname != SyncInfoMessage.responseName: continue sim = SyncInfoMessage(resp) if sim.newcookie is not None: self.syncrepl_set_cookie(sim.newcookie) elif sim.refreshPresent is not None: self.syncrepl_present(None, refreshDeletes=False) if 'cookie' in sim.refreshPresent: self.syncrepl_set_cookie(sim.refreshPresent['cookie']) if sim.refreshPresent['refreshDone']: self.__refreshDone = True self.syncrepl_refreshdone() elif sim.refreshDelete is not None: self.syncrepl_present(None, refreshDeletes=True) if 'cookie' in sim.refreshDelete: self.syncrepl_set_cookie(sim.refreshDelete['cookie']) if sim.refreshDelete['refreshDone']: self.__refreshDone = True self.syncrepl_refreshdone() elif sim.syncIdSet is not None: if sim.syncIdSet['refreshDeletes'] is True: self.syncrepl_delete(sim.syncIdSet['syncUUIDs']) else: self.syncrepl_present(sim.syncIdSet['syncUUIDs']) if 'cookie' in sim.syncIdSet: self.syncrepl_set_cookie(sim.syncIdSet['cookie']) if all == 0: return True # virtual methods -- subclass must override these to do useful work def syncrepl_set_cookie(self, cookie): """ Called by syncrepl_poll() to store a new cookie provided by the server. """ pass def syncrepl_get_cookie(self): """ Called by syncrepl_search() to retrieve the cookie stored by syncrepl_set_cookie() """ pass def syncrepl_present(self, uuids, refreshDeletes=False): """ Called by syncrepl_poll() whenever entry UUIDs are presented to the client. syncrepl_present() is given a list of entry UUIDs (uuids) and a flag (refreshDeletes) which indicates whether the server explicitly deleted non-present entries during the refresh operation. If called with a list of uuids, the syncrepl_present() implementation should record those uuids as present in the directory. If called with uuids set to None and refreshDeletes set to False, syncrepl_present() should delete all non-present entries from the local mirror, and reset the list of recorded uuids. If called with uuids set to None and refreshDeletes set to True, syncrepl_present() should reset the list of recorded uuids, without deleting any entries. """ pass def syncrepl_delete(self, uuids): """ Called by syncrepl_poll() to delete entries. A list of UUIDs of the entries to be deleted is given in the uuids parameter. """ pass def syncrepl_entry(self, dn, attrs, uuid): """ Called by syncrepl_poll() for any added or modified entries. The provided uuid is used to identify the provided entry in any future modification (including dn modification), deletion, and presentation operations. """ pass def syncrepl_refreshdone(self): """ Called by syncrepl_poll() between refresh and persist phase. It indicates that initial synchronization is done and persist phase follows. """ pass python-ldap-3.2.0/Lib/ldap/constants.py0000644000175000017500000002564613441744767021743 0ustar pviktoripviktorin00000000000000"""Definitions for constants exported by OpenLDAP This file lists all constants we know about, even those that aren't available in the OpenLDAP version python-ldap is compiled against. The information serves two purposes: - Generate a C header with the constants - Provide support for building documentation without compiling python-ldap """ # This module cannot import anything from ldap. # When building documentation, it is used to initialize ldap.__init__. from __future__ import print_function class Constant(object): """Base class for a definition of an OpenLDAP constant """ def __init__(self, name, optional=False, requirements=(), doc=None): self.name = name if optional: self_requirement = 'defined(LDAP_{})'.format(self.name) requirements = list(requirements) + [self_requirement] self.requirements = requirements self.doc = self.__doc__ = doc class Error(Constant): """Definition for an OpenLDAP error code This is a constant at the C level; in Python errors are provided as exception classes. """ c_template = 'add_err({self.name});' class Int(Constant): """Definition for an OpenLDAP integer constant""" c_template = 'add_int({self.name});' class TLSInt(Int): """Definition for a TLS integer constant -- requires HAVE_TLS""" def __init__(self, *args, **kwargs): requrements = list(kwargs.get('requirements', ())) kwargs['requirements'] = ['HAVE_TLS'] + requrements super(TLSInt, self).__init__(*args, **kwargs) class Feature(Constant): """Definition for a feature: 0 or 1 based on a C #ifdef """ c_template = '\n'.join([ '', '#ifdef {self.c_feature}', 'if (PyModule_AddIntConstant(m, "{self.name}", 1) != 0) return -1;', '#else', 'if (PyModule_AddIntConstant(m, "{self.name}", 0) != 0) return -1;', '#endif', '', ]) def __init__(self, name, c_feature, **kwargs): super(Feature, self).__init__(name, **kwargs) self.c_feature = c_feature class Str(Constant): c_template = 'add_string({self.name});' API_2004 = 'LDAP_API_VERSION >= 2004' CONSTANTS = ( Error('ADMINLIMIT_EXCEEDED'), Error('AFFECTS_MULTIPLE_DSAS'), Error('ALIAS_DEREF_PROBLEM'), Error('ALIAS_PROBLEM'), Error('ALREADY_EXISTS'), Error('AUTH_METHOD_NOT_SUPPORTED'), Error('AUTH_UNKNOWN'), Error('BUSY'), Error('CLIENT_LOOP'), Error('COMPARE_FALSE'), Error('COMPARE_TRUE'), Error('CONFIDENTIALITY_REQUIRED'), Error('CONNECT_ERROR'), Error('CONSTRAINT_VIOLATION'), Error('CONTROL_NOT_FOUND'), Error('DECODING_ERROR'), Error('ENCODING_ERROR'), Error('FILTER_ERROR'), Error('INAPPROPRIATE_AUTH'), Error('INAPPROPRIATE_MATCHING'), Error('INSUFFICIENT_ACCESS'), Error('INVALID_CREDENTIALS'), Error('INVALID_DN_SYNTAX'), Error('INVALID_SYNTAX'), Error('IS_LEAF'), Error('LOCAL_ERROR'), Error('LOOP_DETECT'), Error('MORE_RESULTS_TO_RETURN'), Error('NAMING_VIOLATION'), Error('NO_MEMORY'), Error('NO_OBJECT_CLASS_MODS'), Error('NO_OBJECT_CLASS_MODS'), Error('NO_RESULTS_RETURNED'), Error('NO_SUCH_ATTRIBUTE'), Error('NO_SUCH_OBJECT'), Error('NOT_ALLOWED_ON_NONLEAF'), Error('NOT_ALLOWED_ON_RDN'), Error('NOT_SUPPORTED'), Error('OBJECT_CLASS_VIOLATION'), Error('OPERATIONS_ERROR'), Error('OTHER'), Error('PARAM_ERROR'), Error('PARTIAL_RESULTS'), Error('PROTOCOL_ERROR'), Error('REFERRAL'), Error('REFERRAL_LIMIT_EXCEEDED'), Error('RESULTS_TOO_LARGE'), Error('SASL_BIND_IN_PROGRESS'), Error('SERVER_DOWN'), Error('SIZELIMIT_EXCEEDED'), Error('STRONG_AUTH_NOT_SUPPORTED'), Error('STRONG_AUTH_REQUIRED'), Error('SUCCESS'), Error('TIMELIMIT_EXCEEDED'), Error('TIMEOUT'), Error('TYPE_OR_VALUE_EXISTS'), Error('UNAVAILABLE'), Error('UNAVAILABLE_CRITICAL_EXTENSION'), Error('UNDEFINED_TYPE'), Error('UNWILLING_TO_PERFORM'), Error('USER_CANCELLED'), Error('VLV_ERROR'), Error('X_PROXY_AUTHZ_FAILURE'), Error('CANCELLED', requirements=['defined(LDAP_API_FEATURE_CANCEL)']), Error('NO_SUCH_OPERATION', requirements=['defined(LDAP_API_FEATURE_CANCEL)']), Error('TOO_LATE', requirements=['defined(LDAP_API_FEATURE_CANCEL)']), Error('CANNOT_CANCEL', requirements=['defined(LDAP_API_FEATURE_CANCEL)']), Error('ASSERTION_FAILED', optional=True), Error('PROXIED_AUTHORIZATION_DENIED', optional=True), # simple constants Int('API_VERSION'), Int('VENDOR_VERSION'), Int('PORT'), Int('VERSION1'), Int('VERSION2'), Int('VERSION3'), Int('VERSION_MIN'), Int('VERSION'), Int('VERSION_MAX'), Int('TAG_MESSAGE'), Int('TAG_MSGID'), Int('REQ_BIND'), Int('REQ_UNBIND'), Int('REQ_SEARCH'), Int('REQ_MODIFY'), Int('REQ_ADD'), Int('REQ_DELETE'), Int('REQ_MODRDN'), Int('REQ_COMPARE'), Int('REQ_ABANDON'), Int('TAG_LDAPDN'), Int('TAG_LDAPCRED'), Int('TAG_CONTROLS'), Int('TAG_REFERRAL'), Int('REQ_EXTENDED'), Int('TAG_NEWSUPERIOR', requirements=[API_2004]), Int('TAG_EXOP_REQ_OID', requirements=[API_2004]), Int('TAG_EXOP_REQ_VALUE', requirements=[API_2004]), Int('TAG_EXOP_RES_OID', requirements=[API_2004]), Int('TAG_EXOP_RES_VALUE', requirements=[API_2004]), Int('TAG_SASL_RES_CREDS', requirements=[API_2004, 'defined(HAVE_SASL)']), Int('SASL_AUTOMATIC'), Int('SASL_INTERACTIVE'), Int('SASL_QUIET'), # reversibles Int('RES_BIND'), Int('RES_SEARCH_ENTRY'), Int('RES_SEARCH_RESULT'), Int('RES_MODIFY'), Int('RES_ADD'), Int('RES_DELETE'), Int('RES_MODRDN'), Int('RES_COMPARE'), Int('RES_ANY'), Int('RES_SEARCH_REFERENCE'), Int('RES_EXTENDED'), Int('RES_UNSOLICITED'), Int('RES_INTERMEDIATE'), # non-reversibles Int('AUTH_NONE'), Int('AUTH_SIMPLE'), Int('SCOPE_BASE'), Int('SCOPE_ONELEVEL'), Int('SCOPE_SUBTREE'), Int('SCOPE_SUBORDINATE', optional=True), Int('MOD_ADD'), Int('MOD_DELETE'), Int('MOD_REPLACE'), Int('MOD_INCREMENT'), Int('MOD_BVALUES'), Int('MSG_ONE'), Int('MSG_ALL'), Int('MSG_RECEIVED'), # (error constants handled above) Int('DEREF_NEVER'), Int('DEREF_SEARCHING'), Int('DEREF_FINDING'), Int('DEREF_ALWAYS'), Int('NO_LIMIT'), Int('OPT_API_INFO'), Int('OPT_DEREF'), Int('OPT_SIZELIMIT'), Int('OPT_TIMELIMIT'), Int('OPT_REFERRALS', optional=True), Int('OPT_ERROR_NUMBER'), Int('OPT_RESTART'), Int('OPT_PROTOCOL_VERSION'), Int('OPT_SERVER_CONTROLS'), Int('OPT_CLIENT_CONTROLS'), Int('OPT_API_FEATURE_INFO'), Int('OPT_HOST_NAME'), Int('OPT_DESC'), Int('OPT_DIAGNOSTIC_MESSAGE'), Int('OPT_ERROR_STRING'), Int('OPT_MATCHED_DN'), Int('OPT_DEBUG_LEVEL'), Int('OPT_TIMEOUT'), Int('OPT_REFHOPLIMIT'), Int('OPT_NETWORK_TIMEOUT'), Int('OPT_URI'), Int('OPT_DEFBASE', optional=True), TLSInt('OPT_X_TLS', optional=True), TLSInt('OPT_X_TLS_CTX'), TLSInt('OPT_X_TLS_CACERTFILE'), TLSInt('OPT_X_TLS_CACERTDIR'), TLSInt('OPT_X_TLS_CERTFILE'), TLSInt('OPT_X_TLS_KEYFILE'), TLSInt('OPT_X_TLS_REQUIRE_CERT'), TLSInt('OPT_X_TLS_CIPHER_SUITE'), TLSInt('OPT_X_TLS_RANDOM_FILE'), TLSInt('OPT_X_TLS_DHFILE'), TLSInt('OPT_X_TLS_NEVER'), TLSInt('OPT_X_TLS_HARD'), TLSInt('OPT_X_TLS_DEMAND'), TLSInt('OPT_X_TLS_ALLOW'), TLSInt('OPT_X_TLS_TRY'), TLSInt('OPT_X_TLS_PEERCERT', optional=True), TLSInt('OPT_X_TLS_VERSION', optional=True), TLSInt('OPT_X_TLS_CIPHER', optional=True), TLSInt('OPT_X_TLS_PEERCERT', optional=True), # only available if OpenSSL supports it => might cause # backward compatibility problems TLSInt('OPT_X_TLS_CRLCHECK', optional=True), TLSInt('OPT_X_TLS_CRLFILE', optional=True), TLSInt('OPT_X_TLS_CRL_NONE'), TLSInt('OPT_X_TLS_CRL_PEER'), TLSInt('OPT_X_TLS_CRL_ALL'), TLSInt('OPT_X_TLS_NEWCTX', optional=True), TLSInt('OPT_X_TLS_PROTOCOL_MIN', optional=True), TLSInt('OPT_X_TLS_PACKAGE', optional=True), Int('OPT_X_SASL_MECH'), Int('OPT_X_SASL_REALM'), Int('OPT_X_SASL_AUTHCID'), Int('OPT_X_SASL_AUTHZID'), Int('OPT_X_SASL_SSF'), Int('OPT_X_SASL_SSF_EXTERNAL'), Int('OPT_X_SASL_SECPROPS'), Int('OPT_X_SASL_SSF_MIN'), Int('OPT_X_SASL_SSF_MAX'), Int('OPT_X_SASL_NOCANON', optional=True), Int('OPT_X_SASL_USERNAME', optional=True), Int('OPT_CONNECT_ASYNC', optional=True), Int('OPT_X_KEEPALIVE_IDLE', optional=True), Int('OPT_X_KEEPALIVE_PROBES', optional=True), Int('OPT_X_KEEPALIVE_INTERVAL', optional=True), Int('DN_FORMAT_LDAP'), Int('DN_FORMAT_LDAPV3'), Int('DN_FORMAT_LDAPV2'), Int('DN_FORMAT_DCE'), Int('DN_FORMAT_UFN'), Int('DN_FORMAT_AD_CANONICAL'), # Int('DN_FORMAT_LBER'), # for testing only Int('DN_FORMAT_MASK'), Int('DN_PRETTY'), Int('DN_SKIP'), Int('DN_P_NOLEADTRAILSPACES'), Int('DN_P_NOSPACEAFTERRDN'), Int('DN_PEDANTIC'), Int('AVA_NULL'), Int('AVA_STRING'), Int('AVA_BINARY'), Int('AVA_NONPRINTABLE'), Int('OPT_SUCCESS'), # XXX - these should be errors Int('URL_ERR_BADSCOPE'), Int('URL_ERR_MEM'), # Int('LIBLDAP_R'), Feature('LIBLDAP_R', 'HAVE_LIBLDAP_R'), Feature('SASL_AVAIL', 'HAVE_SASL'), Feature('TLS_AVAIL', 'HAVE_TLS'), Str("CONTROL_MANAGEDSAIT"), Str("CONTROL_PROXY_AUTHZ"), Str("CONTROL_SUBENTRIES"), Str("CONTROL_VALUESRETURNFILTER"), Str("CONTROL_ASSERT"), Str("CONTROL_PRE_READ"), Str("CONTROL_POST_READ"), Str("CONTROL_SORTREQUEST"), Str("CONTROL_SORTRESPONSE"), Str("CONTROL_PAGEDRESULTS"), Str("CONTROL_SYNC"), Str("CONTROL_SYNC_STATE"), Str("CONTROL_SYNC_DONE"), Str("SYNC_INFO"), Str("CONTROL_PASSWORDPOLICYREQUEST"), Str("CONTROL_PASSWORDPOLICYRESPONSE"), Str("CONTROL_RELAX"), ) def print_header(): # pragma: no cover """Print the C header file to standard output""" print('/*') print(' * Generated with:') print(' * python Lib/ldap/constants.py > Modules/constants_generated.h') print(' *') print(' * Please do any modifications there, then re-generate this file') print(' */') print('') current_requirements = [] def pop_requirement(): popped = current_requirements.pop() print('#endif') print() for definition in CONSTANTS: while not set(current_requirements).issubset(definition.requirements): pop_requirement() for requirement in definition.requirements: if requirement not in current_requirements: current_requirements.append(requirement) print() print('#if {}'.format(requirement)) print(definition.c_template.format(self=definition)) while current_requirements: pop_requirement() if __name__ == '__main__': print_header() python-ldap-3.2.0/Lib/ldap/schema/0000755000175000017500000000000013441750214020560 5ustar pviktoripviktorin00000000000000python-ldap-3.2.0/Lib/ldap/schema/subentry.py0000644000175000017500000003723513441744767023037 0ustar pviktoripviktorin00000000000000""" ldap.schema.subentry - subschema subentry handling See https://www.python-ldap.org/ for details. """ import copy import ldap.cidict,ldap.schema from ldap.compat import urlopen from ldap.schema.models import * import ldapurl import ldif SCHEMA_CLASS_MAPPING = ldap.cidict.cidict() SCHEMA_ATTR_MAPPING = {} for o in list(vars().values()): if hasattr(o,'schema_attribute'): SCHEMA_CLASS_MAPPING[o.schema_attribute] = o SCHEMA_ATTR_MAPPING[o] = o.schema_attribute SCHEMA_ATTRS = SCHEMA_CLASS_MAPPING.keys() class SubschemaError(ValueError): pass class OIDNotUnique(SubschemaError): def __init__(self,desc): self.desc = desc def __str__(self): return 'OID not unique for %s' % (self.desc) class NameNotUnique(SubschemaError): def __init__(self,desc): self.desc = desc def __str__(self): return 'NAME not unique for %s' % (self.desc) class SubSchema: """ Arguments: sub_schema_sub_entry Dictionary usually returned by LDAP search or the LDIF parser containing the sub schema sub entry check_uniqueness Defines whether uniqueness of OIDs and NAME is checked. 0 no check 1 check but add schema description with work-around 2 check and raise exception if non-unique OID or NAME is found Class attributes: sed Dictionary holding the subschema information as pre-parsed SchemaElement objects (do not access directly!) name2oid Dictionary holding the mapping from NAMEs to OIDs (do not access directly!) non_unique_oids List of OIDs used at least twice in the subschema non_unique_names List of NAMEs used at least twice in the subschema for the same schema element """ def __init__(self,sub_schema_sub_entry,check_uniqueness=1): # Initialize all dictionaries self.name2oid = {} self.sed = {} self.non_unique_oids = {} self.non_unique_names = {} for c in SCHEMA_CLASS_MAPPING.values(): self.name2oid[c] = ldap.cidict.cidict() self.sed[c] = {} self.non_unique_names[c] = ldap.cidict.cidict() # Transform entry dict to case-insensitive dict e = ldap.cidict.cidict(sub_schema_sub_entry) # Build the schema registry in dictionaries for attr_type in SCHEMA_ATTRS: for attr_value in filter(None,e.get(attr_type,[])): se_class = SCHEMA_CLASS_MAPPING[attr_type] se_instance = se_class(attr_value) se_id = se_instance.get_id() if check_uniqueness and se_id in self.sed[se_class]: self.non_unique_oids[se_id] = None if check_uniqueness==1: # Add to subschema by adding suffix to ID suffix_counter = 1 new_se_id = se_id while new_se_id in self.sed[se_class]: new_se_id = ';'.join((se_id,str(suffix_counter))) suffix_counter += 1 else: se_id = new_se_id elif check_uniqueness>=2: raise OIDNotUnique(attr_value) # Store the schema element instance in the central registry self.sed[se_class][se_id] = se_instance if hasattr(se_instance,'names'): for name in ldap.cidict.cidict({}.fromkeys(se_instance.names)).keys(): if check_uniqueness and name in self.name2oid[se_class]: self.non_unique_names[se_class][se_id] = None raise NameNotUnique(attr_value) else: self.name2oid[se_class][name] = se_id # Turn dict into list maybe more handy for applications self.non_unique_oids = self.non_unique_oids.keys() return # subSchema.__init__() def ldap_entry(self): """ Returns a dictionary containing the sub schema sub entry """ # Initialize the dictionary with empty lists entry = {} # Collect the schema elements and store them in # entry's attributes for se_class, elements in self.sed.items(): for se in elements.values(): se_str = str(se) try: entry[SCHEMA_ATTR_MAPPING[se_class]].append(se_str) except KeyError: entry[SCHEMA_ATTR_MAPPING[se_class]] = [ se_str ] return entry def listall(self,schema_element_class,schema_element_filters=None): """ Returns a list of OIDs of all available schema elements of a given schema element class. """ avail_se = self.sed[schema_element_class] if schema_element_filters: result = [] for se_key, se in avail_se.items(): for fk,fv in schema_element_filters: try: if getattr(se,fk) in fv: result.append(se_key) except AttributeError: pass else: result = avail_se.keys() return result def tree(self,schema_element_class,schema_element_filters=None): """ Returns a ldap.cidict.cidict dictionary representing the tree structure of the schema elements. """ assert schema_element_class in [ObjectClass,AttributeType] avail_se = self.listall(schema_element_class,schema_element_filters) top_node = '_' tree = ldap.cidict.cidict({top_node:[]}) # 1. Pass: Register all nodes for se in avail_se: tree[se] = [] # 2. Pass: Register all sup references for se_oid in avail_se: se_obj = self.get_obj(schema_element_class,se_oid,None) if se_obj.__class__!=schema_element_class: # Ignore schema elements not matching schema_element_class. # This helps with falsely assigned OIDs. continue assert se_obj.__class__==schema_element_class, \ "Schema element referenced by %s must be of class %s but was %s" % ( se_oid,schema_element_class.__name__,se_obj.__class__ ) for s in se_obj.sup or ('_',): sup_oid = self.getoid(schema_element_class,s) try: tree[sup_oid].append(se_oid) except: pass return tree def getoid(self,se_class,nameoroid,raise_keyerror=0): """ Get an OID by name or OID """ nameoroid_stripped = nameoroid.split(';')[0].strip() if nameoroid_stripped in self.sed[se_class]: # name_or_oid is already a registered OID return nameoroid_stripped else: try: result_oid = self.name2oid[se_class][nameoroid_stripped] except KeyError: if raise_keyerror: raise KeyError('No registered %s-OID for nameoroid %s' % (se_class.__name__,repr(nameoroid_stripped))) else: result_oid = nameoroid_stripped return result_oid def get_inheritedattr(self,se_class,nameoroid,name): """ Get a possibly inherited attribute specified by name of a schema element specified by nameoroid. Returns None if class attribute is not set at all. Raises KeyError if no schema element is found by nameoroid. """ se = self.sed[se_class][self.getoid(se_class,nameoroid)] try: result = getattr(se,name) except AttributeError: result = None if result is None and se.sup: result = self.get_inheritedattr(se_class,se.sup[0],name) return result def get_obj(self,se_class,nameoroid,default=None,raise_keyerror=0): """ Get a schema element by name or OID """ se_oid = self.getoid(se_class,nameoroid) try: se_obj = self.sed[se_class][se_oid] except KeyError: if raise_keyerror: raise KeyError('No ldap.schema.%s instance with nameoroid %s and se_oid %s' % ( se_class.__name__,repr(nameoroid),repr(se_oid)) ) else: se_obj = default return se_obj def get_inheritedobj(self,se_class,nameoroid,inherited=None): """ Get a schema element by name or OID with all class attributes set including inherited class attributes """ inherited = inherited or [] se = copy.copy(self.sed[se_class].get(self.getoid(se_class,nameoroid))) if se and hasattr(se,'sup'): for class_attr_name in inherited: setattr(se,class_attr_name,self.get_inheritedattr(se_class,nameoroid,class_attr_name)) return se def get_syntax(self,nameoroid): """ Get the syntax of an attribute type specified by name or OID """ at_oid = self.getoid(AttributeType,nameoroid) try: at_obj = self.get_inheritedobj(AttributeType,at_oid) except KeyError: return None else: return at_obj.syntax def get_structural_oc(self,oc_list): """ Returns OID of structural object class in oc_list if any is present. Returns None else. """ # Get tree of all STRUCTURAL object classes oc_tree = self.tree(ObjectClass,[('kind',[0])]) # Filter all STRUCTURAL object classes struct_ocs = {} for oc_nameoroid in oc_list: oc_se = self.get_obj(ObjectClass,oc_nameoroid,None) if oc_se and oc_se.kind==0: struct_ocs[oc_se.oid] = None result = None # Build a copy of the oid list, to be cleaned as we go. struct_oc_list = list(struct_ocs) while struct_oc_list: oid = struct_oc_list.pop() for child_oid in oc_tree[oid]: if self.getoid(ObjectClass,child_oid) in struct_ocs: break else: result = oid return result def get_applicable_aux_classes(self,nameoroid): """ Return a list of the applicable AUXILIARY object classes for a STRUCTURAL object class specified by 'nameoroid' if the object class is governed by a DIT content rule. If there's no DIT content rule all available AUXILIARY object classes are returned. """ content_rule = self.get_obj(DITContentRule,nameoroid) if content_rule: # Return AUXILIARY object classes from DITContentRule instance return content_rule.aux else: # list all AUXILIARY object classes return self.listall(ObjectClass,[('kind',[2])]) def attribute_types( self,object_class_list,attr_type_filter=None,raise_keyerror=1,ignore_dit_content_rule=0 ): """ Returns a 2-tuple of all must and may attributes including all inherited attributes of superior object classes by walking up classes along the SUP attribute. The attributes are stored in a ldap.cidict.cidict dictionary. object_class_list list of strings specifying object class names or OIDs attr_type_filter list of 2-tuples containing lists of class attributes which has to be matched raise_keyerror All KeyError exceptions for non-existent schema elements are ignored ignore_dit_content_rule A DIT content rule governing the structural object class is ignored """ AttributeType = ldap.schema.AttributeType ObjectClass = ldap.schema.ObjectClass # Map object_class_list to object_class_oids (list of OIDs) object_class_oids = [ self.getoid(ObjectClass,o) for o in object_class_list ] # Initialize oid_cache = {} r_must,r_may = ldap.cidict.cidict(),ldap.cidict.cidict() if '1.3.6.1.4.1.1466.101.120.111' in object_class_oids: # Object class 'extensibleObject' MAY carry every attribute type for at_obj in self.sed[AttributeType].values(): r_may[at_obj.oid] = at_obj # Loop over OIDs of all given object classes while object_class_oids: object_class_oid = object_class_oids.pop(0) # Check whether the objectClass with this OID # has already been processed if object_class_oid in oid_cache: continue # Cache this OID as already being processed oid_cache[object_class_oid] = None try: object_class = self.sed[ObjectClass][object_class_oid] except KeyError: if raise_keyerror: raise # Ignore this object class continue assert isinstance(object_class,ObjectClass) assert hasattr(object_class,'must'),ValueError(object_class_oid) assert hasattr(object_class,'may'),ValueError(object_class_oid) for a in object_class.must: se_oid = self.getoid(AttributeType,a,raise_keyerror=raise_keyerror) r_must[se_oid] = self.get_obj(AttributeType,se_oid,raise_keyerror=raise_keyerror) for a in object_class.may: se_oid = self.getoid(AttributeType,a,raise_keyerror=raise_keyerror) r_may[se_oid] = self.get_obj(AttributeType,se_oid,raise_keyerror=raise_keyerror) object_class_oids.extend([ self.getoid(ObjectClass,o) for o in object_class.sup ]) # Process DIT content rules if not ignore_dit_content_rule: structural_oc = self.get_structural_oc(object_class_list) if structural_oc: # Process applicable DIT content rule try: dit_content_rule = self.get_obj(DITContentRule,structural_oc,raise_keyerror=1) except KeyError: # Not DIT content rule found for structural objectclass pass else: for a in dit_content_rule.must: se_oid = self.getoid(AttributeType,a,raise_keyerror=raise_keyerror) r_must[se_oid] = self.get_obj(AttributeType,se_oid,raise_keyerror=raise_keyerror) for a in dit_content_rule.may: se_oid = self.getoid(AttributeType,a,raise_keyerror=raise_keyerror) r_may[se_oid] = self.get_obj(AttributeType,se_oid,raise_keyerror=raise_keyerror) for a in dit_content_rule.nots: a_oid = self.getoid(AttributeType,a,raise_keyerror=raise_keyerror) try: del r_may[a_oid] except KeyError: pass # Remove all mandantory attribute types from # optional attribute type list for a in list(r_may.keys()): if a in r_must: del r_may[a] # Apply attr_type_filter to results if attr_type_filter: for l in [r_must,r_may]: for a in list(l.keys()): for afk,afv in attr_type_filter: try: schema_attr_type = self.sed[AttributeType][a] except KeyError: if raise_keyerror: raise KeyError('No attribute type found in sub schema by name %s' % (a)) # If there's no schema element for this attribute type # but still KeyError is to be ignored we filter it away del l[a] break else: if not getattr(schema_attr_type,afk) in afv: del l[a] break return r_must,r_may # attribute_types() def urlfetch(uri,trace_level=0): """ Fetches a parsed schema entry by uri. If uri is a LDAP URL the LDAP server is queried directly. Otherwise uri is assumed to point to a LDIF file which is loaded with urllib. """ uri = uri.strip() if uri.startswith(('ldap:', 'ldaps:', 'ldapi:')): ldap_url = ldapurl.LDAPUrl(uri) l=ldap.initialize(ldap_url.initializeUrl(),trace_level) l.protocol_version = ldap.VERSION3 l.simple_bind_s(ldap_url.who or u'', ldap_url.cred or u'') subschemasubentry_dn = l.search_subschemasubentry_s(ldap_url.dn) if subschemasubentry_dn is None: s_temp = None else: if ldap_url.attrs is None: schema_attrs = SCHEMA_ATTRS else: schema_attrs = ldap_url.attrs s_temp = l.read_subschemasubentry_s( subschemasubentry_dn,attrs=schema_attrs ) l.unbind_s() del l else: ldif_file = urlopen(uri) ldif_parser = ldif.LDIFRecordList(ldif_file,max_entries=1) ldif_parser.parse() subschemasubentry_dn,s_temp = ldif_parser.all_records[0] # Work-around for mixed-cased attribute names subschemasubentry_entry = ldap.cidict.cidict() s_temp = s_temp or {} for at,av in s_temp.items(): if at in SCHEMA_CLASS_MAPPING: try: subschemasubentry_entry[at].extend(av) except KeyError: subschemasubentry_entry[at] = av # Finally parse the schema if subschemasubentry_dn!=None: parsed_sub_schema = ldap.schema.SubSchema(subschemasubentry_entry) else: parsed_sub_schema = None return subschemasubentry_dn, parsed_sub_schema python-ldap-3.2.0/Lib/ldap/schema/tokenizer.py0000644000175000017500000000440213441744767023164 0ustar pviktoripviktorin00000000000000""" ldap.schema.tokenizer - Low-level parsing functions for schema element strings See https://www.python-ldap.org/ for details. """ import re TOKENS_FINDALL = re.compile( r"(\()" # opening parenthesis r"|" # or r"(\))" # closing parenthesis r"|" # or r"([^'$()\s]+)" # string of length >= 1 without '$() or whitespace r"|" # or r"('.*?'(?!\w))" # any string or empty string surrounded by single quotes # except if right quote is succeeded by alphanumeric char r"|" # or r"([^\s]+?)", # residue, all non-whitespace strings ).findall def split_tokens(s): """ Returns list of syntax elements with quotes and spaces stripped. """ parts = [] parens = 0 for opar, cpar, unquoted, quoted, residue in TOKENS_FINDALL(s): if unquoted: parts.append(unquoted) elif quoted: parts.append(quoted[1:-1]) elif opar: parens += 1 parts.append(opar) elif cpar: parens -= 1 parts.append(cpar) elif residue == '$': if not parens: raise ValueError("'$' outside parenthesis in %r" % (s)) else: raise ValueError(residue, s) if parens: raise ValueError("Unbalanced parenthesis in %r" % (s)) return parts def extract_tokens(l,known_tokens): """ Returns dictionary of known tokens with all values """ assert l[0].strip()=="(" and l[-1].strip()==")",ValueError(l) result = {} result.update(known_tokens) i = 0 l_len = len(l) while i= (3, 0) and isinstance(schema_element_str, bytes): schema_element_str = schema_element_str.decode('utf-8') if schema_element_str: l = split_tokens(schema_element_str) self.set_id(l[1]) d = extract_tokens(l,self.token_defaults) self._set_attrs(l,d) def _set_attrs(self,l,d): self.desc = d['DESC'][0] return def set_id(self,element_id): self.oid = element_id def get_id(self): return self.oid def key_attr(self,key,value,quoted=0): assert value is None or type(value)==str,TypeError("value has to be of str, was %r" % value) if value: if quoted: return " %s '%s'" % (key,value.replace("'","\\'")) else: return " %s %s" % (key,value) else: return "" def key_list(self,key,values,sep=' ',quoted=0): assert type(values)==tuple,TypeError("values has to be a tuple, was %r" % values) if not values: return '' if quoted: quoted_values = [ "'%s'" % value.replace("'","\\'") for value in values ] else: quoted_values = values if len(values)==1: return ' %s %s' % (key,quoted_values[0]) else: return ' %s ( %s )' % (key,sep.join(quoted_values)) def __str__(self): result = [str(self.oid)] result.append(self.key_attr('DESC',self.desc,quoted=1)) return '( %s )' % ''.join(result) class ObjectClass(SchemaElement): """ Arguments: schema_element_str String containing an ObjectClassDescription Class attributes: oid OID assigned to the object class names All NAMEs of the object class (tuple of strings) desc Description text (DESC) of the object class (string, or None if missing) obsolete Integer flag (0 or 1) indicating whether the object class is marked as OBSOLETE in the schema must NAMEs or OIDs of all attributes an entry of the object class must have (tuple of strings) may NAMEs or OIDs of additional attributes an entry of the object class may have (tuple of strings) kind Kind of an object class: 0 = STRUCTURAL, 1 = ABSTRACT, 2 = AUXILIARY sup NAMEs or OIDs of object classes this object class is derived from (tuple of strings) x_origin Value of the X-ORIGIN extension flag (tuple of strings) Although it's not official, X-ORIGIN is used in several LDAP server implementations to indicate the source of the associated schema element """ schema_attribute = u'objectClasses' token_defaults = { 'NAME':(()), 'DESC':(None,), 'OBSOLETE':None, 'SUP':(()), 'STRUCTURAL':None, 'AUXILIARY':None, 'ABSTRACT':None, 'MUST':(()), 'MAY':(), 'X-ORIGIN':() } def _set_attrs(self,l,d): self.obsolete = d['OBSOLETE']!=None self.names = d['NAME'] self.desc = d['DESC'][0] self.must = d['MUST'] self.may = d['MAY'] self.x_origin = d['X-ORIGIN'] # Default is STRUCTURAL, see RFC2552 or draft-ietf-ldapbis-syntaxes self.kind = 0 if d['ABSTRACT']!=None: self.kind = 1 elif d['AUXILIARY']!=None: self.kind = 2 if self.kind==0 and not d['SUP'] and self.oid!='2.5.6.0': # STRUCTURAL object classes are sub-classes of 'top' by default self.sup = ('top',) else: self.sup = d['SUP'] return def __str__(self): result = [str(self.oid)] result.append(self.key_list('NAME',self.names,quoted=1)) result.append(self.key_attr('DESC',self.desc,quoted=1)) result.append(self.key_list('SUP',self.sup,sep=' $ ')) result.append({0:'',1:' OBSOLETE'}[self.obsolete]) result.append({0:' STRUCTURAL',1:' ABSTRACT',2:' AUXILIARY'}[self.kind]) result.append(self.key_list('MUST',self.must,sep=' $ ')) result.append(self.key_list('MAY',self.may,sep=' $ ')) result.append(self.key_list('X-ORIGIN',self.x_origin,quoted=1)) return '( %s )' % ''.join(result) AttributeUsage = ldap.cidict.cidict({ 'userApplication':0, # work-around for non-compliant schema 'userApplications':0, 'directoryOperation':1, 'distributedOperation':2, 'dSAOperation':3, }) class AttributeType(SchemaElement): """ Arguments: schema_element_str String containing an AttributeTypeDescription Class attributes: oid OID assigned to the attribute type (string) names All NAMEs of the attribute type (tuple of strings) desc Description text (DESC) of the attribute type (string, or None if missing) obsolete Integer flag (0 or 1) indicating whether the attribute type is marked as OBSOLETE in the schema single_value Integer flag (0 or 1) indicating whether the attribute must have only one value syntax OID of the LDAP syntax assigned to the attribute type no_user_mod Integer flag (0 or 1) indicating whether the attribute is modifiable by a client application equality NAME or OID of the matching rule used for checking whether attribute values are equal (string, or None if missing) substr NAME or OID of the matching rule used for checking whether an attribute value contains another value (string, or None if missing) ordering NAME or OID of the matching rule used for checking whether attribute values are lesser-equal than (string, or None if missing) usage USAGE of an attribute type: 0 = userApplications 1 = directoryOperation, 2 = distributedOperation, 3 = dSAOperation sup NAMEs or OIDs of attribute types this attribute type is derived from (tuple of strings) x_origin Value of the X-ORIGIN extension flag (tuple of strings). Although it's not official, X-ORIGIN is used in several LDAP server implementations to indicate the source of the associated schema element """ schema_attribute = u'attributeTypes' token_defaults = { 'NAME':(()), 'DESC':(None,), 'OBSOLETE':None, 'SUP':(()), 'EQUALITY':(None,), 'ORDERING':(None,), 'SUBSTR':(None,), 'SYNTAX':(None,), 'SINGLE-VALUE':None, 'COLLECTIVE':None, 'NO-USER-MODIFICATION':None, 'USAGE':('userApplications',), 'X-ORIGIN':(), 'X-ORDERED':(None,), } def _set_attrs(self,l,d): self.names = d['NAME'] self.desc = d['DESC'][0] self.obsolete = d['OBSOLETE']!=None self.sup = d['SUP'] self.equality = d['EQUALITY'][0] self.ordering = d['ORDERING'][0] self.substr = d['SUBSTR'][0] self.x_origin = d['X-ORIGIN'] self.x_ordered = d['X-ORDERED'][0] try: syntax = d['SYNTAX'][0] except IndexError: self.syntax = None self.syntax_len = None else: if syntax is None: self.syntax = None self.syntax_len = None else: try: self.syntax,syntax_len = d['SYNTAX'][0].split("{") except ValueError: self.syntax = d['SYNTAX'][0] self.syntax_len = None for i in l: if i.startswith("{") and i.endswith("}"): self.syntax_len = int(i[1:-1]) else: self.syntax_len = int(syntax_len[:-1]) self.single_value = d['SINGLE-VALUE']!=None self.collective = d['COLLECTIVE']!=None self.no_user_mod = d['NO-USER-MODIFICATION']!=None self.usage = AttributeUsage.get(d['USAGE'][0],0) return def __str__(self): result = [str(self.oid)] result.append(self.key_list('NAME',self.names,quoted=1)) result.append(self.key_attr('DESC',self.desc,quoted=1)) result.append(self.key_list('SUP',self.sup,sep=' $ ')) result.append({0:'',1:' OBSOLETE'}[self.obsolete]) result.append(self.key_attr('EQUALITY',self.equality)) result.append(self.key_attr('ORDERING',self.ordering)) result.append(self.key_attr('SUBSTR',self.substr)) result.append(self.key_attr('SYNTAX',self.syntax)) if self.syntax_len!=None: result.append(('{%d}' % (self.syntax_len))*(self.syntax_len>0)) result.append({0:'',1:' SINGLE-VALUE'}[self.single_value]) result.append({0:'',1:' COLLECTIVE'}[self.collective]) result.append({0:'',1:' NO-USER-MODIFICATION'}[self.no_user_mod]) result.append( { 0:"", 1:" USAGE directoryOperation", 2:" USAGE distributedOperation", 3:" USAGE dSAOperation", }[self.usage] ) result.append(self.key_list('X-ORIGIN',self.x_origin,quoted=1)) result.append(self.key_attr('X-ORDERED',self.x_ordered,quoted=1)) return '( %s )' % ''.join(result) class LDAPSyntax(SchemaElement): """ SyntaxDescription oid OID assigned to the LDAP syntax desc Description text (DESC) of the LDAP syntax (string, or None if missing) not_human_readable Integer flag (0 or 1) indicating whether the attribute type is marked as not human-readable (X-NOT-HUMAN-READABLE) """ schema_attribute = u'ldapSyntaxes' token_defaults = { 'DESC':(None,), 'X-NOT-HUMAN-READABLE':(None,), 'X-BINARY-TRANSFER-REQUIRED':(None,), 'X-SUBST':(None,), } def _set_attrs(self,l,d): self.desc = d['DESC'][0] self.x_subst = d['X-SUBST'][0] self.not_human_readable = \ self.oid in NOT_HUMAN_READABLE_LDAP_SYNTAXES or \ d['X-NOT-HUMAN-READABLE'][0]=='TRUE' self.x_binary_transfer_required = d['X-BINARY-TRANSFER-REQUIRED'][0]=='TRUE' return def __str__(self): result = [str(self.oid)] result.append(self.key_attr('DESC',self.desc,quoted=1)) result.append(self.key_attr('X-SUBST',self.x_subst,quoted=1)) result.append( {0:'',1:" X-NOT-HUMAN-READABLE 'TRUE'"}[self.not_human_readable] ) return '( %s )' % ''.join(result) class MatchingRule(SchemaElement): """ Arguments: schema_element_str String containing an MatchingRuleDescription Class attributes: oid OID assigned to the matching rule names All NAMEs of the matching rule (tuple of strings) desc Description text (DESC) of the matching rule obsolete Integer flag (0 or 1) indicating whether the matching rule is marked as OBSOLETE in the schema syntax OID of the LDAP syntax this matching rule is usable with (string, or None if missing) """ schema_attribute = u'matchingRules' token_defaults = { 'NAME':(()), 'DESC':(None,), 'OBSOLETE':None, 'SYNTAX':(None,), } def _set_attrs(self,l,d): self.names = d['NAME'] self.desc = d['DESC'][0] self.obsolete = d['OBSOLETE']!=None self.syntax = d['SYNTAX'][0] return def __str__(self): result = [str(self.oid)] result.append(self.key_list('NAME',self.names,quoted=1)) result.append(self.key_attr('DESC',self.desc,quoted=1)) result.append({0:'',1:' OBSOLETE'}[self.obsolete]) result.append(self.key_attr('SYNTAX',self.syntax)) return '( %s )' % ''.join(result) class MatchingRuleUse(SchemaElement): """ Arguments: schema_element_str String containing an MatchingRuleUseDescription Class attributes: oid OID of the accompanying matching rule names All NAMEs of the matching rule (tuple of strings) desc Description text (DESC) of the matching rule (string, or None if missing) obsolete Integer flag (0 or 1) indicating whether the matching rule is marked as OBSOLETE in the schema applies NAMEs or OIDs of attribute types for which this matching rule is used (tuple of strings) """ schema_attribute = u'matchingRuleUse' token_defaults = { 'NAME':(()), 'DESC':(None,), 'OBSOLETE':None, 'APPLIES':(()), } def _set_attrs(self,l,d): self.names = d['NAME'] self.desc = d['DESC'][0] self.obsolete = d['OBSOLETE']!=None self.applies = d['APPLIES'] return def __str__(self): result = [str(self.oid)] result.append(self.key_list('NAME',self.names,quoted=1)) result.append(self.key_attr('DESC',self.desc,quoted=1)) result.append({0:'',1:' OBSOLETE'}[self.obsolete]) result.append(self.key_list('APPLIES',self.applies,sep=' $ ')) return '( %s )' % ''.join(result) class DITContentRule(SchemaElement): """ Arguments: schema_element_str String containing an DITContentRuleDescription Class attributes: oid OID of the accompanying structural object class names All NAMEs of the DIT content rule (tuple of strings) desc Description text (DESC) of the DIT content rule (string, or None if missing) obsolete Integer flag (0 or 1) indicating whether the DIT content rule is marked as OBSOLETE in the schema aux NAMEs or OIDs of all auxiliary object classes usable in an entry of the object class (tuple of strings) must NAMEs or OIDs of all attributes an entry of the object class must have, which may extend the list of required attributes of the object classes of an entry. (tuple of strings) may NAMEs or OIDs of additional attributes an entry of the object class may have. which may extend the list of optional attributes of the object classes of an entry. (tuple of strings) nots NAMEs or OIDs of attributes which may not be present in an entry of the object class. (tuple of strings) """ schema_attribute = u'dITContentRules' token_defaults = { 'NAME':(()), 'DESC':(None,), 'OBSOLETE':None, 'AUX':(()), 'MUST':(()), 'MAY':(()), 'NOT':(()), } def _set_attrs(self,l,d): self.names = d['NAME'] self.desc = d['DESC'][0] self.obsolete = d['OBSOLETE']!=None self.aux = d['AUX'] self.must = d['MUST'] self.may = d['MAY'] self.nots = d['NOT'] return def __str__(self): result = [str(self.oid)] result.append(self.key_list('NAME',self.names,quoted=1)) result.append(self.key_attr('DESC',self.desc,quoted=1)) result.append({0:'',1:' OBSOLETE'}[self.obsolete]) result.append(self.key_list('AUX',self.aux,sep=' $ ')) result.append(self.key_list('MUST',self.must,sep=' $ ')) result.append(self.key_list('MAY',self.may,sep=' $ ')) result.append(self.key_list('NOT',self.nots,sep=' $ ')) return '( %s )' % ''.join(result) class DITStructureRule(SchemaElement): """ Arguments: schema_element_str String containing an DITStructureRuleDescription Class attributes: ruleid rule ID of the DIT structure rule (only locally unique) names All NAMEs of the DIT structure rule (tuple of strings) desc Description text (DESC) of the DIT structure rule (string, or None if missing) obsolete Integer flag (0 or 1) indicating whether the DIT content rule is marked as OBSOLETE in the schema form NAMEs or OIDs of associated name forms (tuple of strings) sup NAMEs or OIDs of allowed structural object classes of superior entries in the DIT (tuple of strings) """ schema_attribute = u'dITStructureRules' token_defaults = { 'NAME':(()), 'DESC':(None,), 'OBSOLETE':None, 'FORM':(None,), 'SUP':(()), } def set_id(self,element_id): self.ruleid = element_id def get_id(self): return self.ruleid def _set_attrs(self,l,d): self.names = d['NAME'] self.desc = d['DESC'][0] self.obsolete = d['OBSOLETE']!=None self.form = d['FORM'][0] self.sup = d['SUP'] return def __str__(self): result = [str(self.ruleid)] result.append(self.key_list('NAME',self.names,quoted=1)) result.append(self.key_attr('DESC',self.desc,quoted=1)) result.append({0:'',1:' OBSOLETE'}[self.obsolete]) result.append(self.key_attr('FORM',self.form,quoted=0)) result.append(self.key_list('SUP',self.sup,sep=' $ ')) return '( %s )' % ''.join(result) class NameForm(SchemaElement): """ Arguments: schema_element_str String containing an NameFormDescription Class attributes: oid OID of the name form names All NAMEs of the name form (tuple of strings) desc Description text (DESC) of the name form (string, or None if missing) obsolete Integer flag (0 or 1) indicating whether the name form is marked as OBSOLETE in the schema form NAMEs or OIDs of associated name forms (tuple of strings) oc NAME or OID of structural object classes this name form is usable with (string) must NAMEs or OIDs of all attributes an RDN must contain (tuple of strings) may NAMEs or OIDs of additional attributes an RDN may contain (tuple of strings) """ schema_attribute = u'nameForms' token_defaults = { 'NAME':(()), 'DESC':(None,), 'OBSOLETE':None, 'OC':(None,), 'MUST':(()), 'MAY':(()), } def _set_attrs(self,l,d): self.names = d['NAME'] self.desc = d['DESC'][0] self.obsolete = d['OBSOLETE']!=None self.oc = d['OC'][0] self.must = d['MUST'] self.may = d['MAY'] return def __str__(self): result = [str(self.oid)] result.append(self.key_list('NAME',self.names,quoted=1)) result.append(self.key_attr('DESC',self.desc,quoted=1)) result.append({0:'',1:' OBSOLETE'}[self.obsolete]) result.append(self.key_attr('OC',self.oc)) result.append(self.key_list('MUST',self.must,sep=' $ ')) result.append(self.key_list('MAY',self.may,sep=' $ ')) return '( %s )' % ''.join(result) class Entry(IterableUserDict): """ Schema-aware implementation of an LDAP entry class. Mainly it holds the attributes in a string-keyed dictionary with the OID as key. """ def __init__(self,schema,dn,entry): self._keytuple2attrtype = {} self._attrtype2keytuple = {} self._s = schema self.dn = dn IterableUserDict.IterableUserDict.__init__(self,{}) self.update(entry) def _at2key(self,nameoroid): """ Return tuple of OID and all sub-types of attribute type specified in nameoroid. """ try: # Mapping already in cache return self._attrtype2keytuple[nameoroid] except KeyError: # Mapping has to be constructed oid = self._s.getoid(ldap.schema.AttributeType,nameoroid) l = nameoroid.lower().split(';') l[0] = oid t = tuple(l) self._attrtype2keytuple[nameoroid] = t return t def update(self,dict): for key, value in dict.values(): self[key] = value def __contains__(self,nameoroid): return self._at2key(nameoroid) in self.data def __getitem__(self,nameoroid): return self.data[self._at2key(nameoroid)] def __setitem__(self,nameoroid,attr_values): k = self._at2key(nameoroid) self._keytuple2attrtype[k] = nameoroid self.data[k] = attr_values def __delitem__(self,nameoroid): k = self._at2key(nameoroid) del self.data[k] del self._attrtype2keytuple[nameoroid] del self._keytuple2attrtype[k] def has_key(self,nameoroid): k = self._at2key(nameoroid) return k in self.data def keys(self): return self._keytuple2attrtype.values() def items(self): return [ (k,self[k]) for k in self.keys() ] def attribute_types( self,attr_type_filter=None,raise_keyerror=1 ): """ Convenience wrapper around SubSchema.attribute_types() which passes object classes of this particular entry as argument to SubSchema.attribute_types() """ return self._s.attribute_types( self.get('objectClass',[]),attr_type_filter,raise_keyerror ) python-ldap-3.2.0/Lib/ldap/resiter.py0000644000175000017500000000233313441744767021370 0ustar pviktoripviktorin00000000000000""" ldap.resiter - processing LDAP results with iterators See https://www.python-ldap.org/ for details. """ from ldap.pkginfo import __version__, __author__, __license__ class ResultProcessor: """ Mix-in class used with ldap.ldapopbject.LDAPObject or derived classes. """ def allresults(self, msgid, timeout=-1, add_ctrls=0): """ Generator function which returns an iterator for processing all LDAP operation results of the given msgid like retrieved with LDAPObject.result3() -> 4-tuple """ result_type, result_list, result_msgid, result_serverctrls, _, _ = \ self.result4( msgid, 0, timeout, add_ctrls=add_ctrls ) while result_type and result_list: yield ( result_type, result_list, result_msgid, result_serverctrls ) result_type, result_list, result_msgid, result_serverctrls, _, _ = \ self.result4( msgid, 0, timeout, add_ctrls=add_ctrls ) return # allresults() python-ldap-3.2.0/Lib/ldap/pkginfo.py0000644000175000017500000000027413441750111021326 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ meta attributes for packaging which does not import any dependencies """ __version__ = '3.2.0' __author__ = u'python-ldap project' __license__ = 'Python style' python-ldap-3.2.0/Lib/ldap/cidict.py0000644000175000017500000000367713441744767021166 0ustar pviktoripviktorin00000000000000""" This is a convenience wrapper for dictionaries returned from LDAP servers containing attribute names of variable case. See https://www.python-ldap.org/ for details. """ from ldap import __version__ from ldap.compat import IterableUserDict class cidict(IterableUserDict): """ Case-insensitive but case-respecting dictionary. """ def __init__(self,default=None): self._keys = {} IterableUserDict.__init__(self,{}) self.update(default or {}) def __getitem__(self,key): return self.data[key.lower()] def __setitem__(self,key,value): lower_key = key.lower() self._keys[lower_key] = key self.data[lower_key] = value def __delitem__(self,key): lower_key = key.lower() del self._keys[lower_key] del self.data[lower_key] def update(self,dict): for key, value in dict.items(): self[key] = value def has_key(self,key): return key in self def __contains__(self,key): return IterableUserDict.__contains__(self, key.lower()) def __iter__(self): return iter(self.keys()) def keys(self): return self._keys.values() def items(self): result = [] for k in self._keys.values(): result.append((k,self[k])) return result def strlist_minus(a,b): """ Return list of all items in a which are not in b (a - b). a,b are supposed to be lists of case-insensitive strings. """ temp = cidict() for elt in b: temp[elt] = elt result = [ elt for elt in a if elt not in temp ] return result def strlist_intersection(a,b): """ Return intersection of two lists of case-insensitive strings a,b. """ temp = cidict() for elt in a: temp[elt] = elt result = [ temp[elt] for elt in b if elt in temp ] return result def strlist_union(a,b): """ Return union of two lists of case-insensitive strings a,b. """ temp = cidict() for elt in a: temp[elt] = elt for elt in b: temp[elt] = elt return temp.values() python-ldap-3.2.0/Lib/ldap/functions.py0000644000175000017500000000630713441744767021730 0ustar pviktoripviktorin00000000000000""" functions.py - wraps functions of module _ldap See https://www.python-ldap.org/ for details. """ from ldap import __version__ __all__ = [ 'open','initialize','init', 'explode_dn','explode_rdn', 'get_option','set_option', 'escape_str', 'strf_secs','strp_secs', ] import sys,pprint,time,_ldap,ldap from calendar import timegm from ldap import LDAPError from ldap.dn import explode_dn,explode_rdn from ldap.ldapobject import LDAPObject if __debug__: # Tracing is only supported in debugging mode import traceback # See _raise_byteswarning in ldapobject.py _LDAP_WARN_SKIP_FRAME = True def _ldap_function_call(lock,func,*args,**kwargs): """ Wrapper function which locks and logs calls to function lock Instance of threading.Lock or compatible func Function to call with arguments passed in via *args and **kwargs """ if lock: lock.acquire() if __debug__: if ldap._trace_level>=1: ldap._trace_file.write('*** %s.%s %s\n' % ( '_ldap',func.__name__, pprint.pformat((args,kwargs)) )) if ldap._trace_level>=9: traceback.print_stack(limit=ldap._trace_stack_limit,file=ldap._trace_file) try: try: result = func(*args,**kwargs) finally: if lock: lock.release() except LDAPError as e: if __debug__ and ldap._trace_level>=2: ldap._trace_file.write('=> LDAPError: %s\n' % (str(e))) raise if __debug__ and ldap._trace_level>=2: ldap._trace_file.write('=> result:\n%s\n' % (pprint.pformat(result))) return result def initialize( uri, trace_level=0, trace_file=sys.stdout, trace_stack_limit=None, bytes_mode=None, **kwargs ): """ Return LDAPObject instance by opening LDAP connection to LDAP host specified by LDAP URL Parameters: uri LDAP URL containing at least connection scheme and hostport, e.g. ldap://localhost:389 trace_level If non-zero a trace output of LDAP calls is generated. trace_file File object where to write the trace output to. Default is to use stdout. bytes_mode Whether to enable :ref:`bytes_mode` for backwards compatibility under Py2. Additional keyword arguments (such as ``bytes_strictness``) are passed to ``LDAPObject``. """ return LDAPObject( uri, trace_level, trace_file, trace_stack_limit, bytes_mode, **kwargs) def get_option(option): """ get_option(name) -> value Get the value of an LDAP global option. """ return _ldap_function_call(None,_ldap.get_option,option) def set_option(option,invalue): """ set_option(name, value) Set the value of an LDAP global option. """ return _ldap_function_call(None,_ldap.set_option,option,invalue) def escape_str(escape_func,s,*args): """ Applies escape_func() to all items of `args' and returns a string based on format string `s'. """ return s % tuple(escape_func(v) for v in args) def strf_secs(secs): """ Convert seconds since epoch to a string compliant to LDAP syntax GeneralizedTime """ return time.strftime('%Y%m%d%H%M%SZ', time.gmtime(secs)) def strp_secs(dt_str): """ Convert LDAP syntax GeneralizedTime to seconds since epoch """ return timegm(time.strptime(dt_str, '%Y%m%d%H%M%SZ')) python-ldap-3.2.0/Lib/ldap/modlist.py0000644000175000017500000000672113441744767021373 0ustar pviktoripviktorin00000000000000""" ldap.modlist - create add/modify modlist's See https://www.python-ldap.org/ for details. """ from ldap import __version__ import ldap def addModlist(entry,ignore_attr_types=None): """Build modify list for call of method LDAPObject.add()""" ignore_attr_types = {v.lower() for v in ignore_attr_types or []} modlist = [] for attrtype, value in entry.items(): if attrtype.lower() in ignore_attr_types: # This attribute type is ignored continue # Eliminate empty attr value strings in list attrvaluelist = [item for item in value if item is not None] if attrvaluelist: modlist.append((attrtype, value)) return modlist # addModlist() def modifyModlist( old_entry,new_entry,ignore_attr_types=None,ignore_oldexistent=0,case_ignore_attr_types=None ): """ Build differential modify list for calling LDAPObject.modify()/modify_s() old_entry Dictionary holding the old entry new_entry Dictionary holding what the new entry should be ignore_attr_types List of attribute type names to be ignored completely ignore_oldexistent If non-zero attribute type names which are in old_entry but are not found in new_entry at all are not deleted. This is handy for situations where your application sets attribute value to '' for deleting an attribute. In most cases leave zero. case_ignore_attr_types List of attribute type names for which comparison will be made case-insensitive """ ignore_attr_types = {v.lower() for v in ignore_attr_types or []} case_ignore_attr_types = {v.lower() for v in case_ignore_attr_types or []} modlist = [] attrtype_lower_map = {} for a in old_entry.keys(): attrtype_lower_map[a.lower()]=a for attrtype, value in new_entry.items(): attrtype_lower = attrtype.lower() if attrtype_lower in ignore_attr_types: # This attribute type is ignored continue # Filter away null-strings new_value = [item for item in value if item is not None] if attrtype_lower in attrtype_lower_map: old_value = old_entry.get(attrtype_lower_map[attrtype_lower],[]) old_value = [item for item in old_value if item is not None] del attrtype_lower_map[attrtype_lower] else: old_value = [] if not old_value and new_value: # Add a new attribute to entry modlist.append((ldap.MOD_ADD,attrtype,new_value)) elif old_value and new_value: # Replace existing attribute replace_attr_value = len(old_value)!=len(new_value) if not replace_attr_value: if attrtype_lower in case_ignore_attr_types: old_value_set = {v.lower() for v in old_value} new_value_set = {v.lower() for v in new_value} else: old_value_set = set(old_value) new_value_set = set(new_value) replace_attr_value = new_value_set != old_value_set if replace_attr_value: modlist.append((ldap.MOD_DELETE,attrtype,None)) modlist.append((ldap.MOD_ADD,attrtype,new_value)) elif old_value and not new_value: # Completely delete an existing attribute modlist.append((ldap.MOD_DELETE,attrtype,None)) if not ignore_oldexistent: # Remove all attributes of old_entry which are not present # in new_entry at all for a, val in attrtype_lower_map.items(): if a in ignore_attr_types: # This attribute type is ignored continue attrtype = val modlist.append((ldap.MOD_DELETE,attrtype,None)) return modlist # modifyModlist() python-ldap-3.2.0/Lib/ldap/extop/0000755000175000017500000000000013441750214020457 5ustar pviktoripviktorin00000000000000python-ldap-3.2.0/Lib/ldap/extop/dds.py0000644000175000017500000000405513441744767021627 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ ldap.extop.dds - Classes for Dynamic Entries extended operations (see RFC 2589) See https://www.python-ldap.org/ for details. """ from ldap.extop import ExtendedRequest,ExtendedResponse # Imports from pyasn1 from pyasn1.type import namedtype,univ,tag from pyasn1.codec.der import encoder,decoder from pyasn1_modules.rfc2251 import LDAPDN class RefreshRequest(ExtendedRequest): requestName = '1.3.6.1.4.1.1466.101.119.1' defaultRequestTtl = 86400 class RefreshRequestValue(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType( 'entryName', LDAPDN().subtype( implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,0) ) ), namedtype.NamedType( 'requestTtl', univ.Integer().subtype( implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,1) ) ), ) def __init__(self,requestName=None,entryName=None,requestTtl=None): self.entryName = entryName self.requestTtl = requestTtl or self.defaultRequestTtl def encodedRequestValue(self): p = self.RefreshRequestValue() p.setComponentByName( 'entryName', LDAPDN(self.entryName).subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple,0) ) ) p.setComponentByName( 'requestTtl', univ.Integer(self.requestTtl).subtype( implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,1) ) ) return encoder.encode(p) class RefreshResponse(ExtendedResponse): responseName = '1.3.6.1.4.1.1466.101.119.1' class RefreshResponseValue(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType( 'responseTtl', univ.Integer().subtype( implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,1) ) ) ) def decodeResponseValue(self,value): respValue,_ = decoder.decode(value,asn1Spec=self.RefreshResponseValue()) self.responseTtl = int(respValue.getComponentByName('responseTtl')) return self.responseTtl python-ldap-3.2.0/Lib/ldap/extop/__init__.py0000644000175000017500000000341413441744767022612 0ustar pviktoripviktorin00000000000000""" controls.py - support classes for LDAPv3 extended operations See https://www.python-ldap.org/ for details. Description: The ldap.extop module provides base classes for LDAPv3 extended operations. Each class provides support for a certain extended operation request and response. """ from ldap import __version__ class ExtendedRequest: """ Generic base class for a LDAPv3 extended operation request requestName OID as string of the LDAPv3 extended operation request requestValue value of the LDAPv3 extended operation request (here it is the BER-encoded ASN.1 request value) """ def __init__(self,requestName,requestValue): self.requestName = requestName self.requestValue = requestValue def __repr__(self): return '%s(%s,%s)' % (self.__class__.__name__,self.requestName,self.requestValue) def encodedRequestValue(self): """ returns the BER-encoded ASN.1 request value composed by class attributes set before """ return self.requestValue class ExtendedResponse: """ Generic base class for a LDAPv3 extended operation response requestName OID as string of the LDAPv3 extended operation response encodedResponseValue BER-encoded ASN.1 value of the LDAPv3 extended operation response """ def __init__(self,responseName,encodedResponseValue): self.responseName = responseName self.responseValue = self.decodeResponseValue(encodedResponseValue) def __repr__(self): return '%s(%s,%s)' % (self.__class__.__name__,self.responseName,self.responseValue) def decodeResponseValue(self,value): """ decodes the BER-encoded ASN.1 extended operation response value and sets the appropriate class attributes """ return value # Import sub-modules from ldap.extop.dds import * python-ldap-3.2.0/Lib/ldap/asyncsearch.py0000644000175000017500000001672413441744767022227 0ustar pviktoripviktorin00000000000000""" ldap.asyncsearch - handle async LDAP search operations See https://www.python-ldap.org/ for details. """ import ldap from ldap import __version__ import ldif SEARCH_RESULT_TYPES = { ldap.RES_SEARCH_ENTRY, ldap.RES_SEARCH_RESULT, ldap.RES_SEARCH_REFERENCE, } ENTRY_RESULT_TYPES = { ldap.RES_SEARCH_ENTRY, ldap.RES_SEARCH_RESULT, } class WrongResultType(Exception): def __init__(self,receivedResultType,expectedResultTypes): self.receivedResultType = receivedResultType self.expectedResultTypes = expectedResultTypes Exception.__init__(self) def __str__(self): return 'Received wrong result type %s (expected one of %s).' % ( self.receivedResultType, ', '.join(self.expectedResultTypes), ) class AsyncSearchHandler: """ Class for stream-processing LDAP search results Arguments: l LDAPObject instance """ def __init__(self,l): self._l = l self._msgId = None self._afterFirstResult = 1 def startSearch( self, searchRoot, searchScope, filterStr, attrList=None, attrsOnly=0, timeout=-1, sizelimit=0, serverctrls=None, clientctrls=None ): """ searchRoot See parameter base of method LDAPObject.search() searchScope See parameter scope of method LDAPObject.search() filterStr See parameter filter of method LDAPObject.search() attrList=None See parameter attrlist of method LDAPObject.search() attrsOnly See parameter attrsonly of method LDAPObject.search() timeout Maximum time the server shall use for search operation sizelimit Maximum number of entries a server should return (request client-side limit) serverctrls list of server-side LDAP controls clientctrls list of client-side LDAP controls """ self._msgId = self._l.search_ext( searchRoot,searchScope,filterStr, attrList,attrsOnly,serverctrls,clientctrls,timeout,sizelimit ) self._afterFirstResult = 1 return # startSearch() def preProcessing(self): """ Do anything you want after starting search but before receiving and processing results """ def afterFirstResult(self): """ Do anything you want right after successfully receiving but before processing first result """ def postProcessing(self): """ Do anything you want after receiving and processing all results """ def processResults(self,ignoreResultsNumber=0,processResultsCount=0,timeout=-1): """ ignoreResultsNumber Don't process the first ignoreResultsNumber results. processResultsCount If non-zero this parameters indicates the number of results processed is limited to processResultsCount. timeout See parameter timeout of ldap.LDAPObject.result() """ self.preProcessing() result_counter = 0 end_result_counter = ignoreResultsNumber+processResultsCount go_ahead = 1 partial = 0 self.beginResultsDropped = 0 self.endResultBreak = result_counter try: result_type,result_list = None,None while go_ahead: while result_type is None and not result_list: result_type,result_list,result_msgid,result_serverctrls = self._l.result3(self._msgId,0,timeout) if self._afterFirstResult: self.afterFirstResult() self._afterFirstResult = 0 if not result_list: break if result_type not in SEARCH_RESULT_TYPES: raise WrongResultType(result_type,SEARCH_RESULT_TYPES) # Loop over list of search results for result_item in result_list: if result_counter= 1: _trace_file.write("*** id=%d, challenge=%s, prompt=%s, defresult=%s\n-> %s\n" % ( cb_id, challenge, prompt, repr(defresult), repr(self.cb_value_dict.get(cb_result)) )) if not isinstance(cb_result, bytes): cb_result = cb_result.encode('utf-8') return cb_result class cram_md5(sasl): """ This class handles SASL CRAM-MD5 authentication. """ def __init__(self, authc_id, password, authz_id=""): auth_dict = { CB_AUTHNAME: authc_id, CB_PASS: password, CB_USER: authz_id, } sasl.__init__(self, auth_dict, "CRAM-MD5") class digest_md5(sasl): """ This class handles SASL DIGEST-MD5 authentication. """ def __init__(self, authc_id, password, authz_id=""): auth_dict = { CB_AUTHNAME: authc_id, CB_PASS: password, CB_USER: authz_id, } sasl.__init__(self, auth_dict, "DIGEST-MD5") class gssapi(sasl): """ This class handles SASL GSSAPI (i.e. Kerberos V) authentication. """ def __init__(self, authz_id=""): sasl.__init__(self, {CB_USER: authz_id}, "GSSAPI") class external(sasl): """ This class handles SASL EXTERNAL authentication (i.e. X.509 client certificate) """ def __init__(self, authz_id=""): sasl.__init__(self, {CB_USER: authz_id}, "EXTERNAL") python-ldap-3.2.0/Lib/ldap/filter.py0000644000175000017500000000454213441744767021204 0ustar pviktoripviktorin00000000000000""" filters.py - misc stuff for handling LDAP filter strings (see RFC2254) See https://www.python-ldap.org/ for details. Compatibility: - Tested with Python 2.0+ """ from ldap import __version__ from ldap.functions import strf_secs import time def escape_filter_chars(assertion_value,escape_mode=0): """ Replace all special characters found in assertion_value by quoted notation. escape_mode If 0 only special chars mentioned in RFC 4515 are escaped. If 1 all NON-ASCII chars are escaped. If 2 all chars are escaped. """ if escape_mode: r = [] if escape_mode==1: for c in assertion_value: if c < '0' or c > 'z' or c in "\\*()": c = "\\%02x" % ord(c) r.append(c) elif escape_mode==2: for c in assertion_value: r.append("\\%02x" % ord(c)) else: raise ValueError('escape_mode must be 0, 1 or 2.') s = ''.join(r) else: s = assertion_value.replace('\\', r'\5c') s = s.replace(r'*', r'\2a') s = s.replace(r'(', r'\28') s = s.replace(r')', r'\29') s = s.replace('\x00', r'\00') return s def filter_format(filter_template,assertion_values): """ filter_template String containing %s as placeholder for assertion values. assertion_values List or tuple of assertion values. Length must match count of %s in filter_template. """ return filter_template % tuple(escape_filter_chars(v) for v in assertion_values) def time_span_filter( filterstr='', from_timestamp=0, until_timestamp=None, delta_attr='modifyTimestamp', ): """ If last_run_timestr is non-zero filterstr will be extended """ if until_timestamp is None: until_timestamp = time.time() if from_timestamp < 0: from_timestamp = until_timestamp + from_timestamp if from_timestamp > until_timestamp: raise ValueError('from_timestamp %r must not be greater than until_timestamp %r' % ( from_timestamp, until_timestamp )) return ( '(&' '{filterstr}' '({delta_attr}>={from_timestr})' '(!({delta_attr}>={until_timestr}))' ')' ).format( filterstr=filterstr, delta_attr=delta_attr, from_timestr=strf_secs(from_timestamp), until_timestr=strf_secs(until_timestamp), ) # end of time_span_filter() python-ldap-3.2.0/Lib/ldap/dn.py0000644000175000017500000000622613441744767020321 0ustar pviktoripviktorin00000000000000""" dn.py - misc stuff for handling distinguished names (see RFC 4514) See https://www.python-ldap.org/ for details. """ import sys from ldap.pkginfo import __version__ import _ldap assert _ldap.__version__==__version__, \ ImportError('ldap %s and _ldap %s version mismatch!' % (__version__,_ldap.__version__)) import ldap.functions def escape_dn_chars(s): """ Escape all DN special characters found in s with a back-slash (see RFC 4514, section 2.4) """ if s: s = s.replace('\\','\\\\') s = s.replace(',' ,'\\,') s = s.replace('+' ,'\\+') s = s.replace('"' ,'\\"') s = s.replace('<' ,'\\<') s = s.replace('>' ,'\\>') s = s.replace(';' ,'\\;') s = s.replace('=' ,'\\=') s = s.replace('\000' ,'\\\000') if s[0]=='#' or s[0]==' ': s = ''.join(('\\',s)) if s[-1]==' ': s = ''.join((s[:-1],'\\ ')) return s def str2dn(dn,flags=0): """ This function takes a DN as string as parameter and returns a decomposed DN. It's the inverse to dn2str(). flags describes the format of the dn See also the OpenLDAP man-page ldap_str2dn(3) """ if not dn: return [] if sys.version_info[0] < 3 and isinstance(dn, unicode): dn = dn.encode('utf-8') return ldap.functions._ldap_function_call(None,_ldap.str2dn,dn,flags) def dn2str(dn): """ This function takes a decomposed DN as parameter and returns a single string. It's the inverse to str2dn() but will always return a DN in LDAPv3 format compliant to RFC 4514. """ return ','.join([ '+'.join([ '='.join((atype,escape_dn_chars(avalue or ''))) for atype,avalue,dummy in rdn]) for rdn in dn ]) def explode_dn(dn, notypes=False, flags=0): """ explode_dn(dn [, notypes=False [, flags=0]]) -> list This function takes a DN and breaks it up into its component parts. The notypes parameter is used to specify that only the component's attribute values be returned and not the attribute types. """ if not dn: return [] dn_decomp = str2dn(dn,flags) rdn_list = [] for rdn in dn_decomp: if notypes: rdn_list.append('+'.join([ escape_dn_chars(avalue or '') for atype,avalue,dummy in rdn ])) else: rdn_list.append('+'.join([ '='.join((atype,escape_dn_chars(avalue or ''))) for atype,avalue,dummy in rdn ])) return rdn_list def explode_rdn(rdn, notypes=False, flags=0): """ explode_rdn(rdn [, notypes=0 [, flags=0]]) -> list This function takes a RDN and breaks it up into its component parts if it is a multi-valued RDN. The notypes parameter is used to specify that only the component's attribute values be returned and not the attribute types. """ if not rdn: return [] rdn_decomp = str2dn(rdn,flags)[0] if notypes: return [avalue or '' for atype,avalue,dummy in rdn_decomp] else: return ['='.join((atype,escape_dn_chars(avalue or ''))) for atype,avalue,dummy in rdn_decomp] def is_dn(s,flags=0): """ Returns True is `s' can be parsed by ldap.dn.str2dn() like as a distinguished host_name (DN), otherwise False is returned. """ try: str2dn(s,flags) except Exception: return False else: return True python-ldap-3.2.0/Lib/ldap/compat.py0000644000175000017500000001045113441744754021172 0ustar pviktoripviktorin00000000000000"""Compatibility wrappers for Py2/Py3.""" import sys import os if sys.version_info[0] < 3: from UserDict import UserDict, IterableUserDict from urllib import quote from urllib import quote_plus from urllib import unquote as urllib_unquote from urllib import urlopen from urlparse import urlparse def unquote(uri): """Specialized unquote that uses UTF-8 for parsing.""" uri = uri.encode('ascii') unquoted = urllib_unquote(uri) return unquoted.decode('utf-8') # Old-style of re-raising an exception is SyntaxError in Python 3, # so hide behind exec() so the Python 3 parser doesn't see it exec('''def reraise(exc_type, exc_value, exc_traceback): """Re-raise an exception given information from sys.exc_info() Note that unlike six.reraise, this does not support replacing the traceback. All arguments must come from a single sys.exc_info() call. """ raise exc_type, exc_value, exc_traceback ''') else: from collections import UserDict IterableUserDict = UserDict from urllib.parse import quote, quote_plus, unquote, urlparse from urllib.request import urlopen def reraise(exc_type, exc_value, exc_traceback): """Re-raise an exception given information from sys.exc_info() Note that unlike six.reraise, this does not support replacing the traceback. All arguments must come from a single sys.exc_info() call. """ # In Python 3, all exception info is contained in one object. raise exc_value try: from shutil import which except ImportError: # shutil.which() from Python 3.6 # "Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, # 2011, 2012, 2013, 2014, 2015, 2016, 2017 Python Software Foundation; # All Rights Reserved" def which(cmd, mode=os.F_OK | os.X_OK, path=None): """Given a command, mode, and a PATH string, return the path which conforms to the given mode on the PATH, or None if there is no such file. `mode` defaults to os.F_OK | os.X_OK. `path` defaults to the result of os.environ.get("PATH"), or can be overridden with a custom search path. """ # Check that a given file can be accessed with the correct mode. # Additionally check that `file` is not a directory, as on Windows # directories pass the os.access check. def _access_check(fn, mode): return (os.path.exists(fn) and os.access(fn, mode) and not os.path.isdir(fn)) # If we're given a path with a directory part, look it up directly rather # than referring to PATH directories. This includes checking relative to the # current directory, e.g. ./script if os.path.dirname(cmd): if _access_check(cmd, mode): return cmd return None if path is None: path = os.environ.get("PATH", os.defpath) if not path: return None path = path.split(os.pathsep) if sys.platform == "win32": # The current directory takes precedence on Windows. if not os.curdir in path: path.insert(0, os.curdir) # PATHEXT is necessary to check on Windows. pathext = os.environ.get("PATHEXT", "").split(os.pathsep) # See if the given file matches any of the expected path extensions. # This will allow us to short circuit when given "python.exe". # If it does match, only test that one, otherwise we have to try # others. if any(cmd.lower().endswith(ext.lower()) for ext in pathext): files = [cmd] else: files = [cmd + ext for ext in pathext] else: # On other platforms you don't have things like PATHEXT to tell you # what file suffixes are executable, so just pass on cmd as-is. files = [cmd] seen = set() for dir in path: normdir = os.path.normcase(dir) if not normdir in seen: seen.add(normdir) for thefile in files: name = os.path.join(dir, thefile) if _access_check(name, mode): return name return None python-ldap-3.2.0/Lib/ldap/ldapobject.py0000644000175000017500000013744513441744767022037 0ustar pviktoripviktorin00000000000000""" ldapobject.py - wraps class _ldap.LDAPObject See https://www.python-ldap.org/ for details. """ from __future__ import unicode_literals from os import strerror from ldap.pkginfo import __version__, __author__, __license__ __all__ = [ 'LDAPObject', 'SimpleLDAPObject', 'ReconnectLDAPObject', 'LDAPBytesWarning' ] if __debug__: # Tracing is only supported in debugging mode import traceback import sys,time,pprint,_ldap,ldap,ldap.sasl,ldap.functions import warnings from ldap.schema import SCHEMA_ATTRS from ldap.controls import LDAPControl,DecodeControlTuples,RequestControlTuples from ldap.extop import ExtendedRequest,ExtendedResponse from ldap.compat import reraise from ldap import LDAPError PY2 = sys.version_info[0] <= 2 if PY2: text_type = unicode else: text_type = str # See SimpleLDAPObject._bytesify_input _LDAP_WARN_SKIP_FRAME = True class LDAPBytesWarning(BytesWarning): """python-ldap bytes mode warning """ def _raise_byteswarning(message): """Raise LDAPBytesWarning """ # Call stacks that raise the warning tend to be complicated, so # getting a useful stacklevel is tricky. # We walk stack frames, ignoring functions in uninteresting files, # based on the _LDAP_WARN_SKIP_FRAME marker in globals(). stacklevel = 2 try: getframe = sys._getframe except AttributeError: pass else: frame = sys._getframe(stacklevel) while frame and frame.f_globals.get('_LDAP_WARN_SKIP_FRAME'): stacklevel += 1 frame = frame.f_back warnings.warn(message, LDAPBytesWarning, stacklevel=stacklevel+1) class NO_UNIQUE_ENTRY(ldap.NO_SUCH_OBJECT): """ Exception raised if a LDAP search returned more than entry entry although assumed to return a unique single search result. """ class SimpleLDAPObject: """ This basic class wraps all methods of the underlying C API object. The arguments are same as for the :func:`~ldap.initialize()` function. """ CLASSATTR_OPTION_MAPPING = { "protocol_version": ldap.OPT_PROTOCOL_VERSION, "deref": ldap.OPT_DEREF, "referrals": ldap.OPT_REFERRALS, "timelimit": ldap.OPT_TIMELIMIT, "sizelimit": ldap.OPT_SIZELIMIT, "network_timeout": ldap.OPT_NETWORK_TIMEOUT, "error_number":ldap.OPT_ERROR_NUMBER, "error_string":ldap.OPT_ERROR_STRING, "matched_dn":ldap.OPT_MATCHED_DN, } def __init__( self,uri, trace_level=0,trace_file=None,trace_stack_limit=5,bytes_mode=None, bytes_strictness=None, ): self._trace_level = trace_level or ldap._trace_level self._trace_file = trace_file or ldap._trace_file self._trace_stack_limit = trace_stack_limit self._uri = uri self._ldap_object_lock = self._ldap_lock('opcall') self._l = ldap.functions._ldap_function_call(ldap._ldap_module_lock,_ldap.initialize,uri) self.timeout = -1 self.protocol_version = ldap.VERSION3 # Bytes mode # ---------- if PY2: if bytes_mode is None: bytes_mode = True if bytes_strictness is None: _raise_byteswarning( "Under Python 2, python-ldap uses bytes by default. " "This will be removed in Python 3 (no bytes for " "DN/RDN/field names). " "Please call initialize(..., bytes_mode=False) explicitly.") bytes_strictness = 'warn' else: if bytes_strictness is None: bytes_strictness = 'error' else: if bytes_mode: raise ValueError("bytes_mode is *not* supported under Python 3.") bytes_mode = False bytes_strictness = 'error' self.bytes_mode = bytes_mode self.bytes_strictness = bytes_strictness def _bytesify_input(self, arg_name, value): """Adapt a value following bytes_mode in Python 2. In Python 3, returns the original value unmodified. With bytes_mode ON, takes bytes or None and returns bytes or None. With bytes_mode OFF, takes unicode or None and returns bytes or None. For the wrong argument type (unicode or bytes, respectively), behavior depends on the bytes_strictness setting. In all cases, bytes or None are returned (or an exception is raised). """ if not PY2: return value if value is None: return value elif self.bytes_mode: if isinstance(value, bytes): return value elif self.bytes_strictness == 'silent': pass elif self.bytes_strictness == 'warn': _raise_byteswarning( "Received non-bytes value for '{}' in bytes mode; " "please choose an explicit " "option for bytes_mode on your LDAP connection".format(arg_name)) else: raise TypeError( "All provided fields *must* be bytes when bytes mode is on; " "got type '{}' for '{}'.".format(type(value).__name__, arg_name) ) return value.encode('utf-8') else: if isinstance(value, unicode): return value.encode('utf-8') elif self.bytes_strictness == 'silent': pass elif self.bytes_strictness == 'warn': _raise_byteswarning( "Received non-text value for '{}' with bytes_mode off and " "bytes_strictness='warn'".format(arg_name)) else: raise TypeError( "All provided fields *must* be text when bytes mode is off; " "got type '{}' for '{}'.".format(type(value).__name__, arg_name) ) return value def _bytesify_modlist(self, arg_name, modlist, with_opcode): """Adapt a modlist according to bytes_mode. A modlist is a tuple of (op, attr, value), where: - With bytes_mode ON, attr is checked to be bytes - With bytes_mode OFF, attr is converted from unicode to bytes - value is *always* bytes """ if not PY2: return modlist if with_opcode: return tuple( (op, self._bytesify_input(arg_name, attr), val) for op, attr, val in modlist ) else: return tuple( (self._bytesify_input(arg_name, attr), val) for attr, val in modlist ) def _unbytesify_text_value(self, value): """Adapt a 'known text, UTF-8 encoded' returned value following bytes_mode. With bytes_mode ON, takes bytes or None and returns bytes or None. With bytes_mode OFF, takes bytes or None and returns unicode or None. This function should only be applied on field *values*; distinguished names or field *names* are already natively handled in result4. """ if value is None: return value # Preserve logic of assertions only under Python 2 if PY2: assert isinstance(value, bytes), "Expected bytes value, got text instead (%r)" % (value,) if self.bytes_mode: return value else: return value.decode('utf-8') def _maybe_rebytesify_text(self, value): """Re-encodes text to bytes if needed by bytes_mode. Takes unicode (and checks for it), and returns: - bytes under bytes_mode - unicode otherwise. """ if not PY2: return value if value is None: return value assert isinstance(value, text_type), "Should return text, got bytes instead (%r)" % (value,) if not self.bytes_mode: return value else: return value.encode('utf-8') def _bytesify_result_value(self, result_value): """Applies bytes_mode to a result value. Such a value can either be: - a dict mapping an attribute name to its list of values (where attribute names are unicode and values bytes) - a list of referals (which are unicode) """ if not PY2: return result_value if hasattr(result_value, 'items'): # It's a attribute_name: [values] dict return { self._maybe_rebytesify_text(key): value for (key, value) in result_value.items() } elif isinstance(result_value, bytes): return result_value else: # It's a list of referals # Example value: # [u'ldap://DomainDnsZones.xxxx.root.local/DC=DomainDnsZones,DC=xxxx,DC=root,DC=local'] return [self._maybe_rebytesify_text(referal) for referal in result_value] def _bytesify_results(self, results, with_ctrls=False): """Converts a "results" object according to bytes_mode. Takes: - a list of (dn, {field: [values]}) if with_ctrls is False - a list of (dn, {field: [values]}, ctrls) if with_ctrls is True And, if bytes_mode is on, converts dn and fields to bytes. """ if not PY2: return results if with_ctrls: return [ (self._maybe_rebytesify_text(dn), self._bytesify_result_value(fields), ctrls) for (dn, fields, ctrls) in results ] else: return [ (self._maybe_rebytesify_text(dn), self._bytesify_result_value(fields)) for (dn, fields) in results ] def _ldap_lock(self,desc=''): if ldap.LIBLDAP_R: return ldap.LDAPLock(desc='%s within %s' %(desc,repr(self))) else: return ldap._ldap_module_lock def _ldap_call(self,func,*args,**kwargs): """ Wrapper method mainly for serializing calls into OpenLDAP libs and trace logs """ self._ldap_object_lock.acquire() if __debug__: if self._trace_level>=1: self._trace_file.write('*** %s %s - %s\n%s\n' % ( repr(self), self._uri, '.'.join((self.__class__.__name__,func.__name__)), pprint.pformat((args,kwargs)) )) if self._trace_level>=9: traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file) diagnostic_message_success = None try: try: result = func(*args,**kwargs) if __debug__ and self._trace_level>=2: if func.__name__!="unbind_ext": diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE) finally: self._ldap_object_lock.release() except LDAPError as e: exc_type,exc_value,exc_traceback = sys.exc_info() try: if 'info' not in e.args[0] and 'errno' in e.args[0]: e.args[0]['info'] = strerror(e.args[0]['errno']) except IndexError: pass if __debug__ and self._trace_level>=2: self._trace_file.write('=> LDAPError - %s: %s\n' % (e.__class__.__name__,str(e))) try: reraise(exc_type, exc_value, exc_traceback) finally: exc_type = exc_value = exc_traceback = None else: if __debug__ and self._trace_level>=2: if not diagnostic_message_success is None: self._trace_file.write('=> diagnosticMessage: %s\n' % (repr(diagnostic_message_success))) self._trace_file.write('=> result:\n%s\n' % (pprint.pformat(result))) return result def __setattr__(self,name,value): if name in self.CLASSATTR_OPTION_MAPPING: self.set_option(self.CLASSATTR_OPTION_MAPPING[name],value) else: self.__dict__[name] = value def __getattr__(self,name): if name in self.CLASSATTR_OPTION_MAPPING: return self.get_option(self.CLASSATTR_OPTION_MAPPING[name]) elif name in self.__dict__: return self.__dict__[name] else: raise AttributeError('%s has no attribute %s' % ( self.__class__.__name__,repr(name) )) def fileno(self): """ Returns file description of LDAP connection. Just a convenience wrapper for LDAPObject.get_option(ldap.OPT_DESC) """ return self.get_option(ldap.OPT_DESC) def abandon_ext(self,msgid,serverctrls=None,clientctrls=None): """ abandon_ext(msgid[,serverctrls=None[,clientctrls=None]]) -> None abandon(msgid) -> None Abandons or cancels an LDAP operation in progress. The msgid should be the message id of an outstanding LDAP operation as returned by the asynchronous methods search(), modify() etc. The caller can expect that the result of an abandoned operation will not be returned from a future call to result(). """ return self._ldap_call(self._l.abandon_ext,msgid,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) def abandon(self,msgid): return self.abandon_ext(msgid,None,None) def cancel(self,cancelid,serverctrls=None,clientctrls=None): """ cancel(cancelid[,serverctrls=None[,clientctrls=None]]) -> int Send cancels extended operation for an LDAP operation specified by cancelid. The cancelid should be the message id of an outstanding LDAP operation as returned by the asynchronous methods search(), modify() etc. The caller can expect that the result of an abandoned operation will not be returned from a future call to result(). In opposite to abandon() this extended operation gets an result from the server and thus should be preferred if the server supports it. """ return self._ldap_call(self._l.cancel,cancelid,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) def cancel_s(self,cancelid,serverctrls=None,clientctrls=None): msgid = self.cancel(cancelid,serverctrls,clientctrls) try: res = self.result(msgid,all=1,timeout=self.timeout) except (ldap.CANCELLED,ldap.SUCCESS): res = None return res def add_ext(self,dn,modlist,serverctrls=None,clientctrls=None): """ add_ext(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> int This function adds a new entry with a distinguished name specified by dn which means it must not already exist. The parameter modlist is similar to the one passed to modify(), except that no operation integer need be included in the tuples. """ if PY2: dn = self._bytesify_input('dn', dn) modlist = self._bytesify_modlist('modlist', modlist, with_opcode=False) return self._ldap_call(self._l.add_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) def add_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None): msgid = self.add_ext(dn,modlist,serverctrls,clientctrls) resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) return resp_type, resp_data, resp_msgid, resp_ctrls def add(self,dn,modlist): """ add(dn, modlist) -> int This function adds a new entry with a distinguished name specified by dn which means it must not already exist. The parameter modlist is similar to the one passed to modify(), except that no operation integer need be included in the tuples. """ return self.add_ext(dn,modlist,None,None) def add_s(self,dn,modlist): return self.add_ext_s(dn,modlist,None,None) def simple_bind(self,who=None,cred=None,serverctrls=None,clientctrls=None): """ simple_bind([who='' [,cred='']]) -> int """ if PY2: who = self._bytesify_input('who', who) cred = self._bytesify_input('cred', cred) return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) def simple_bind_s(self,who=None,cred=None,serverctrls=None,clientctrls=None): """ simple_bind_s([who='' [,cred='']]) -> 4-tuple """ msgid = self.simple_bind(who,cred,serverctrls,clientctrls) resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) return resp_type, resp_data, resp_msgid, resp_ctrls def bind(self,who,cred,method=ldap.AUTH_SIMPLE): """ bind(who, cred, method) -> int """ assert method==ldap.AUTH_SIMPLE,'Only simple bind supported in LDAPObject.bind()' return self.simple_bind(who,cred) def bind_s(self,who,cred,method=ldap.AUTH_SIMPLE): """ bind_s(who, cred, method) -> None """ msgid = self.bind(who,cred,method) return self.result(msgid,all=1,timeout=self.timeout) def sasl_interactive_bind_s(self,who,auth,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET): """ sasl_interactive_bind_s(who, auth [,serverctrls=None[,clientctrls=None[,sasl_flags=ldap.SASL_QUIET]]]) -> None """ return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags) def sasl_non_interactive_bind_s(self,sasl_mech,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET,authz_id=''): """ Send a SASL bind request using a non-interactive SASL method (e.g. GSSAPI, EXTERNAL) """ auth = ldap.sasl.sasl( {ldap.sasl.CB_USER:authz_id}, sasl_mech ) self.sasl_interactive_bind_s('',auth,serverctrls,clientctrls,sasl_flags) def sasl_external_bind_s(self,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET,authz_id=''): """ Send SASL bind request using SASL mech EXTERNAL """ self.sasl_non_interactive_bind_s('EXTERNAL',serverctrls,clientctrls,sasl_flags,authz_id) def sasl_gssapi_bind_s(self,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET,authz_id=''): """ Send SASL bind request using SASL mech GSSAPI """ self.sasl_non_interactive_bind_s('GSSAPI',serverctrls,clientctrls,sasl_flags,authz_id) def sasl_bind_s(self,dn,mechanism,cred,serverctrls=None,clientctrls=None): """ sasl_bind_s(dn, mechanism, cred [,serverctrls=None[,clientctrls=None]]) -> int|str """ return self._ldap_call(self._l.sasl_bind_s,dn,mechanism,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) def compare_ext(self,dn,attr,value,serverctrls=None,clientctrls=None): """ compare_ext(dn, attr, value [,serverctrls=None[,clientctrls=None]]) -> int compare_ext_s(dn, attr, value [,serverctrls=None[,clientctrls=None]]) -> bool compare(dn, attr, value) -> int compare_s(dn, attr, value) -> bool Perform an LDAP comparison between the attribute named attr of entry dn, and the value value. The synchronous form returns True or False. The asynchronous form returns the message id of the initiates request, and the result of the asynchronous compare can be obtained using result(). Note that this latter technique yields the answer by raising the exception objects COMPARE_TRUE or COMPARE_FALSE. A design bug in the library prevents value from containing nul characters. """ if PY2: dn = self._bytesify_input('dn', dn) attr = self._bytesify_input('attr', attr) return self._ldap_call(self._l.compare_ext,dn,attr,value,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) def compare_ext_s(self,dn,attr,value,serverctrls=None,clientctrls=None): msgid = self.compare_ext(dn,attr,value,serverctrls,clientctrls) try: ldap_res = self.result3(msgid,all=1,timeout=self.timeout) except ldap.COMPARE_TRUE: return True except ldap.COMPARE_FALSE: return False raise ldap.PROTOCOL_ERROR( 'Compare operation returned wrong result: %r' % (ldap_res) ) def compare(self,dn,attr,value): return self.compare_ext(dn,attr,value,None,None) def compare_s(self,dn,attr,value): return self.compare_ext_s(dn,attr,value,None,None) def delete_ext(self,dn,serverctrls=None,clientctrls=None): """ delete(dn) -> int delete_s(dn) -> None delete_ext(dn[,serverctrls=None[,clientctrls=None]]) -> int delete_ext_s(dn[,serverctrls=None[,clientctrls=None]]) -> tuple Performs an LDAP delete operation on dn. The asynchronous form returns the message id of the initiated request, and the result can be obtained from a subsequent call to result(). """ dn = self._bytesify_input('dn', dn) return self._ldap_call(self._l.delete_ext,dn,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) def delete_ext_s(self,dn,serverctrls=None,clientctrls=None): msgid = self.delete_ext(dn,serverctrls,clientctrls) resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) return resp_type, resp_data, resp_msgid, resp_ctrls def delete(self,dn): return self.delete_ext(dn,None,None) def delete_s(self,dn): return self.delete_ext_s(dn,None,None) def extop(self,extreq,serverctrls=None,clientctrls=None): """ extop(extreq[,serverctrls=None[,clientctrls=None]]]) -> int extop_s(extreq[,serverctrls=None[,clientctrls=None[,extop_resp_class=None]]]]) -> (respoid,respvalue) Performs an LDAP extended operation. The asynchronous form returns the message id of the initiated request, and the result can be obtained from a subsequent call to extop_result(). The extreq is an instance of class ldap.extop.ExtendedRequest. If argument extop_resp_class is set to a sub-class of ldap.extop.ExtendedResponse this class is used to return an object of this class instead of a raw BER value in respvalue. """ return self._ldap_call(self._l.extop,extreq.requestName,extreq.encodedRequestValue(),RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) def extop_result(self,msgid=ldap.RES_ANY,all=1,timeout=None): resulttype,msg,msgid,respctrls,respoid,respvalue = self.result4(msgid,all=1,timeout=self.timeout,add_ctrls=1,add_intermediates=1,add_extop=1) return (respoid,respvalue) def extop_s(self,extreq,serverctrls=None,clientctrls=None,extop_resp_class=None): msgid = self.extop(extreq,serverctrls,clientctrls) res = self.extop_result(msgid,all=1,timeout=self.timeout) if extop_resp_class: respoid,respvalue = res if extop_resp_class.responseName!=respoid: raise ldap.PROTOCOL_ERROR("Wrong OID in extended response! Expected %s, got %s" % (extop_resp_class.responseName,respoid)) return extop_resp_class(extop_resp_class.responseName,respvalue) else: return res def modify_ext(self,dn,modlist,serverctrls=None,clientctrls=None): """ modify_ext(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> int """ if PY2: dn = self._bytesify_input('dn', dn) modlist = self._bytesify_modlist('modlist', modlist, with_opcode=True) return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) def modify_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None): msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls) resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) return resp_type, resp_data, resp_msgid, resp_ctrls def modify(self,dn,modlist): """ modify(dn, modlist) -> int modify_s(dn, modlist) -> None modify_ext(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> int modify_ext_s(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> tuple Performs an LDAP modify operation on an entry's attributes. dn is the DN of the entry to modify, and modlist is the list of modifications to make to the entry. Each element of the list modlist should be a tuple of the form (mod_op,mod_type,mod_vals), where mod_op is the operation (one of MOD_ADD, MOD_DELETE, MOD_INCREMENT or MOD_REPLACE), mod_type is a string indicating the attribute type name, and mod_vals is either a string value or a list of string values to add, delete, increment by or replace respectively. For the delete operation, mod_vals may be None indicating that all attributes are to be deleted. The asynchronous modify() returns the message id of the initiated request. """ return self.modify_ext(dn,modlist,None,None) def modify_s(self,dn,modlist): return self.modify_ext_s(dn,modlist,None,None) def modrdn(self,dn,newrdn,delold=1): """ modrdn(dn, newrdn [,delold=1]) -> int modrdn_s(dn, newrdn [,delold=1]) -> None Perform a modify RDN operation. These routines take dn, the DN of the entry whose RDN is to be changed, and newrdn, the new RDN to give to the entry. The optional parameter delold is used to specify whether the old RDN should be kept as an attribute of the entry or not. The asynchronous version returns the initiated message id. This operation is emulated by rename() and rename_s() methods since the modrdn2* routines in the C library are deprecated. """ return self.rename(dn,newrdn,None,delold) def modrdn_s(self,dn,newrdn,delold=1): return self.rename_s(dn,newrdn,None,delold) def passwd(self,user,oldpw,newpw,serverctrls=None,clientctrls=None): if PY2: user = self._bytesify_input('user', user) oldpw = self._bytesify_input('oldpw', oldpw) newpw = self._bytesify_input('newpw', newpw) return self._ldap_call(self._l.passwd,user,oldpw,newpw,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) def passwd_s(self,user,oldpw,newpw,serverctrls=None,clientctrls=None): msgid = self.passwd(user,oldpw,newpw,serverctrls,clientctrls) return self.extop_result(msgid,all=1,timeout=self.timeout) def rename(self,dn,newrdn,newsuperior=None,delold=1,serverctrls=None,clientctrls=None): """ rename(dn, newrdn [, newsuperior=None [,delold=1][,serverctrls=None[,clientctrls=None]]]) -> int rename_s(dn, newrdn [, newsuperior=None] [,delold=1][,serverctrls=None[,clientctrls=None]]) -> None Perform a rename entry operation. These routines take dn, the DN of the entry whose RDN is to be changed, newrdn, the new RDN, and newsuperior, the new parent DN, to give to the entry. If newsuperior is None then only the RDN is modified. The optional parameter delold is used to specify whether the old RDN should be kept as an attribute of the entry or not. The asynchronous version returns the initiated message id. This actually corresponds to the rename* routines in the LDAP-EXT C API library. """ if PY2: dn = self._bytesify_input('dn', dn) newrdn = self._bytesify_input('newrdn', newrdn) newsuperior = self._bytesify_input('newsuperior', newsuperior) return self._ldap_call(self._l.rename,dn,newrdn,newsuperior,delold,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) def rename_s(self,dn,newrdn,newsuperior=None,delold=1,serverctrls=None,clientctrls=None): msgid = self.rename(dn,newrdn,newsuperior,delold,serverctrls,clientctrls) resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) return resp_type, resp_data, resp_msgid, resp_ctrls def result(self,msgid=ldap.RES_ANY,all=1,timeout=None): """ result([msgid=RES_ANY [,all=1 [,timeout=None]]]) -> (result_type, result_data) This method is used to wait for and return the result of an operation previously initiated by one of the LDAP asynchronous operation routines (e.g. search(), modify(), etc.) They all returned an invocation identifier (a message id) upon successful initiation of their operation. This id is guaranteed to be unique across an LDAP session, and can be used to request the result of a specific operation via the msgid parameter of the result() method. If the result of a specific operation is required, msgid should be set to the invocation message id returned when the operation was initiated; otherwise RES_ANY should be supplied. The all parameter only has meaning for search() responses and is used to select whether a single entry of the search response should be returned, or to wait for all the results of the search before returning. A search response is made up of zero or more search entries followed by a search result. If all is 0, search entries will be returned one at a time as they come in, via separate calls to result(). If all is 1, the search response will be returned in its entirety, i.e. after all entries and the final search result have been received. For all set to 0, result tuples trickle in (with the same message id), and with the result type RES_SEARCH_ENTRY, until the final result which has a result type of RES_SEARCH_RESULT and a (usually) empty data field. When all is set to 1, only one result is returned, with a result type of RES_SEARCH_RESULT, and all the result tuples listed in the data field. The method returns a tuple of the form (result_type, result_data). The result_type is one of the constants RES_*. See search() for a description of the search result's result_data, otherwise the result_data is normally meaningless. The result() method will block for timeout seconds, or indefinitely if timeout is negative. A timeout of 0 will effect a poll. The timeout can be expressed as a floating-point value. If timeout is None the default in self.timeout is used. If a timeout occurs, a TIMEOUT exception is raised, unless polling (timeout = 0), in which case (None, None) is returned. """ resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout) return resp_type, resp_data def result2(self,msgid=ldap.RES_ANY,all=1,timeout=None): resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout) return resp_type, resp_data, resp_msgid def result3(self,msgid=ldap.RES_ANY,all=1,timeout=None,resp_ctrl_classes=None): resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4( msgid,all,timeout, add_ctrls=0,add_intermediates=0,add_extop=0, resp_ctrl_classes=resp_ctrl_classes ) return resp_type, resp_data, resp_msgid, decoded_resp_ctrls def result4(self,msgid=ldap.RES_ANY,all=1,timeout=None,add_ctrls=0,add_intermediates=0,add_extop=0,resp_ctrl_classes=None): if timeout is None: timeout = self.timeout ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) if ldap_result is None: resp_type, resp_data, resp_msgid, resp_ctrls, resp_name, resp_value = (None,None,None,None,None,None) else: if len(ldap_result)==4: resp_type, resp_data, resp_msgid, resp_ctrls = ldap_result resp_name, resp_value = None,None else: resp_type, resp_data, resp_msgid, resp_ctrls, resp_name, resp_value = ldap_result if add_ctrls: resp_data = [ (t,r,DecodeControlTuples(c,resp_ctrl_classes)) for t,r,c in resp_data ] decoded_resp_ctrls = DecodeControlTuples(resp_ctrls,resp_ctrl_classes) if resp_data is not None: resp_data = self._bytesify_results(resp_data, with_ctrls=add_ctrls) return resp_type, resp_data, resp_msgid, decoded_resp_ctrls, resp_name, resp_value def search_ext(self,base,scope,filterstr=None,attrlist=None,attrsonly=0,serverctrls=None,clientctrls=None,timeout=-1,sizelimit=0): """ search(base, scope [,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0]]]) -> int search_s(base, scope [,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0]]]) search_st(base, scope [,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0 [,timeout=-1]]]]) search_ext(base,scope,[,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0 [,serverctrls=None [,clientctrls=None [,timeout=-1 [,sizelimit=0]]]]]]]) search_ext_s(base,scope,[,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0 [,serverctrls=None [,clientctrls=None [,timeout=-1 [,sizelimit=0]]]]]]]) Perform an LDAP search operation, with base as the DN of the entry at which to start the search, scope being one of SCOPE_BASE (to search the object itself), SCOPE_ONELEVEL (to search the object's immediate children), or SCOPE_SUBTREE (to search the object and all its descendants). filter is a string representation of the filter to apply in the search (see RFC 4515). Each result tuple is of the form (dn,entry), where dn is a string containing the DN (distinguished name) of the entry, and entry is a dictionary containing the attributes. Attributes types are used as string dictionary keys and attribute values are stored in a list as dictionary value. The DN in dn is extracted using the underlying ldap_get_dn(), which may raise an exception of the DN is malformed. If attrsonly is non-zero, the values of attrs will be meaningless (they are not transmitted in the result). The retrieved attributes can be limited with the attrlist parameter. If attrlist is None, all the attributes of each entry are returned. serverctrls=None clientctrls=None The synchronous form with timeout, search_st() or search_ext_s(), will block for at most timeout seconds (or indefinitely if timeout is negative). A TIMEOUT exception is raised if no result is received within the time. The amount of search results retrieved can be limited with the sizelimit parameter if non-zero. """ if PY2: base = self._bytesify_input('base', base) if filterstr is None: # workaround for default argument, # see https://github.com/python-ldap/python-ldap/issues/147 if self.bytes_mode: filterstr = b'(objectClass=*)' else: filterstr = u'(objectClass=*)' else: filterstr = self._bytesify_input('filterstr', filterstr) if attrlist is not None: attrlist = tuple(self._bytesify_input('attrlist', a) for a in attrlist) else: if filterstr is None: filterstr = '(objectClass=*)' return self._ldap_call( self._l.search_ext, base,scope,filterstr, attrlist,attrsonly, RequestControlTuples(serverctrls), RequestControlTuples(clientctrls), timeout,sizelimit, ) def search_ext_s(self,base,scope,filterstr=None,attrlist=None,attrsonly=0,serverctrls=None,clientctrls=None,timeout=-1,sizelimit=0): msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit) return self.result(msgid,all=1,timeout=timeout)[1] def search(self,base,scope,filterstr=None,attrlist=None,attrsonly=0): return self.search_ext(base,scope,filterstr,attrlist,attrsonly,None,None) def search_s(self,base,scope,filterstr=None,attrlist=None,attrsonly=0): return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout) def search_st(self,base,scope,filterstr=None,attrlist=None,attrsonly=0,timeout=-1): return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout) def start_tls_s(self): """ start_tls_s() -> None Negotiate TLS with server. The `version' attribute must have been set to VERSION3 before calling start_tls_s. If TLS could not be started an exception will be raised. """ return self._ldap_call(self._l.start_tls_s) def unbind_ext(self,serverctrls=None,clientctrls=None): """ unbind() -> int unbind_s() -> None unbind_ext() -> int unbind_ext_s() -> None This call is used to unbind from the directory, terminate the current association, and free resources. Once called, the connection to the LDAP server is closed and the LDAP object is invalid. Further invocation of methods on the object will yield an exception. The unbind and unbind_s methods are identical, and are synchronous in nature """ res = self._ldap_call(self._l.unbind_ext,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) try: del self._l except AttributeError: pass return res def unbind_ext_s(self,serverctrls=None,clientctrls=None): msgid = self.unbind_ext(serverctrls,clientctrls) if msgid!=None: result = self.result3(msgid,all=1,timeout=self.timeout) else: result = None if __debug__ and self._trace_level>=1: try: self._trace_file.flush() except AttributeError: pass return result def unbind(self): return self.unbind_ext(None,None) def unbind_s(self): return self.unbind_ext_s(None,None) def whoami_s(self,serverctrls=None,clientctrls=None): return self._ldap_call(self._l.whoami_s,serverctrls,clientctrls) def get_option(self,option): result = self._ldap_call(self._l.get_option,option) if option==ldap.OPT_SERVER_CONTROLS or option==ldap.OPT_CLIENT_CONTROLS: result = DecodeControlTuples(result) return result def set_option(self,option,invalue): if option==ldap.OPT_SERVER_CONTROLS or option==ldap.OPT_CLIENT_CONTROLS: invalue = RequestControlTuples(invalue) return self._ldap_call(self._l.set_option,option,invalue) def search_subschemasubentry_s(self,dn=None): """ Returns the distinguished name of the sub schema sub entry for a part of a DIT specified by dn. None as result indicates that the DN of the sub schema sub entry could not be determined. Returns: None or text/bytes depending on bytes_mode. """ if self.bytes_mode: empty_dn = b'' attrname = b'subschemaSubentry' else: empty_dn = u'' attrname = u'subschemaSubentry' if dn is None: dn = empty_dn try: r = self.search_s( dn,ldap.SCOPE_BASE,None,[attrname] ) except (ldap.NO_SUCH_OBJECT,ldap.NO_SUCH_ATTRIBUTE,ldap.INSUFFICIENT_ACCESS): r = [] except ldap.UNDEFINED_TYPE: return None try: if r: e = ldap.cidict.cidict(r[0][1]) search_subschemasubentry_dn = e.get(attrname,[None])[0] if search_subschemasubentry_dn is None: if dn: # Try to find sub schema sub entry in root DSE return self.search_subschemasubentry_s(dn=empty_dn) else: # If dn was already root DSE we can return here return None else: # With legacy bytes mode, return bytes; otherwise, since this is a DN, # RFCs impose that the field value *can* be decoded to UTF-8. return self._unbytesify_text_value(search_subschemasubentry_dn) except IndexError: return None def read_s(self,dn,filterstr=None,attrlist=None,serverctrls=None,clientctrls=None,timeout=-1): """ Reads and returns a single entry specified by `dn'. Other attributes just like those passed to `search_ext_s()' """ r = self.search_ext_s( dn, ldap.SCOPE_BASE, filterstr, attrlist=attrlist, serverctrls=serverctrls, clientctrls=clientctrls, timeout=timeout, ) if r: return r[0][1] else: return None def read_subschemasubentry_s(self,subschemasubentry_dn,attrs=None): """ Returns the sub schema sub entry's data """ if self.bytes_mode: filterstr = b'(objectClass=subschema)' if attrs is None: attrs = [attr.encode('utf-8') for attr in SCHEMA_ATTRS] else: filterstr = u'(objectClass=subschema)' if attrs is None: attrs = SCHEMA_ATTRS try: subschemasubentry = self.read_s( subschemasubentry_dn, filterstr=filterstr, attrlist=attrs ) except ldap.NO_SUCH_OBJECT: return None else: return subschemasubentry def find_unique_entry(self,base,scope=ldap.SCOPE_SUBTREE,filterstr=None,attrlist=None,attrsonly=0,serverctrls=None,clientctrls=None,timeout=-1): """ Returns a unique entry, raises exception if not unique """ r = self.search_ext_s( base, scope, filterstr, attrlist=attrlist, attrsonly=attrsonly, serverctrls=serverctrls, clientctrls=clientctrls, timeout=timeout, sizelimit=2, ) if len(r)!=1: raise NO_UNIQUE_ENTRY('No or non-unique search result for %s' % (repr(filterstr))) return r[0] def read_rootdse_s(self, filterstr=None, attrlist=None): """ convenience wrapper around read_s() for reading rootDSE """ if self.bytes_mode: base = b'' attrlist = attrlist or [b'*', b'+'] else: base = u'' attrlist = attrlist or [u'*', u'+'] ldap_rootdse = self.read_s( base, filterstr=filterstr, attrlist=attrlist, ) return ldap_rootdse # read_rootdse_s() def get_naming_contexts(self): """ returns all attribute values of namingContexts in rootDSE if namingContexts is not present (not readable) then empty list is returned """ if self.bytes_mode: name = b'namingContexts' else: name = u'namingContexts' return self.read_rootdse_s( attrlist=[name] ).get(name, []) class ReconnectLDAPObject(SimpleLDAPObject): """ :py:class:`SimpleLDAPObject` subclass whose synchronous request methods automatically reconnect and re-try in case of server failure (:exc:`ldap.SERVER_DOWN`). The first arguments are same as for the :py:func:`~ldap.initialize()` function. For automatic reconnects it has additional arguments: * retry_max: specifies the number of reconnect attempts before re-raising the :py:exc:`ldap.SERVER_DOWN` exception. * retry_delay: specifies the time in seconds between reconnect attempts. This class also implements the pickle protocol. """ __transient_attrs__ = { '_l', '_ldap_object_lock', '_trace_file', '_reconnect_lock', '_last_bind', } def __init__( self,uri, trace_level=0,trace_file=None,trace_stack_limit=5,bytes_mode=None, bytes_strictness=None, retry_max=1, retry_delay=60.0 ): """ Parameters like SimpleLDAPObject.__init__() with these additional arguments: retry_max Maximum count of reconnect trials retry_delay Time span to wait between two reconnect trials """ self._uri = uri self._options = [] self._last_bind = None SimpleLDAPObject.__init__(self, uri, trace_level, trace_file, trace_stack_limit, bytes_mode, bytes_strictness=bytes_strictness) self._reconnect_lock = ldap.LDAPLock(desc='reconnect lock within %s' % (repr(self))) self._retry_max = retry_max self._retry_delay = retry_delay self._start_tls = 0 self._reconnects_done = 0 def __getstate__(self): """return data representation for pickled object""" state = { k: v for k,v in self.__dict__.items() if k not in self.__transient_attrs__ } state['_last_bind'] = self._last_bind[0].__name__, self._last_bind[1], self._last_bind[2] return state def __setstate__(self,d): """set up the object from pickled data""" hardfail = d.get('bytes_mode_hardfail') if hardfail: d.setdefault('bytes_strictness', 'error') else: d.setdefault('bytes_strictness', 'warn') self.__dict__.update(d) self._last_bind = getattr(SimpleLDAPObject, self._last_bind[0]), self._last_bind[1], self._last_bind[2] self._ldap_object_lock = self._ldap_lock() self._reconnect_lock = ldap.LDAPLock(desc='reconnect lock within %s' % (repr(self))) # XXX cannot pickle file, use default trace file self._trace_file = ldap._trace_file self.reconnect(self._uri) def _store_last_bind(self,method,*args,**kwargs): self._last_bind = (method,args,kwargs) def _apply_last_bind(self): if self._last_bind!=None: func,args,kwargs = self._last_bind func(self,*args,**kwargs) else: # Send explicit anon simple bind request to provoke ldap.SERVER_DOWN in method reconnect() SimpleLDAPObject.simple_bind_s(self, None, None) def _restore_options(self): """Restore all recorded options""" for k,v in self._options: SimpleLDAPObject.set_option(self,k,v) def passwd_s(self,*args,**kwargs): return self._apply_method_s(SimpleLDAPObject.passwd_s,*args,**kwargs) def reconnect(self,uri,retry_max=1,retry_delay=60.0): # Drop and clean up old connection completely # Reconnect self._reconnect_lock.acquire() try: reconnect_counter = retry_max while reconnect_counter: counter_text = '%d. (of %d)' % (retry_max-reconnect_counter+1,retry_max) if __debug__ and self._trace_level>=1: self._trace_file.write('*** Trying %s reconnect to %s...\n' % ( counter_text,uri )) try: # Do the connect self._l = ldap.functions._ldap_function_call(ldap._ldap_module_lock,_ldap.initialize,uri) self._restore_options() # StartTLS extended operation in case this was called before if self._start_tls: SimpleLDAPObject.start_tls_s(self) # Repeat last simple or SASL bind self._apply_last_bind() except (ldap.SERVER_DOWN,ldap.TIMEOUT): if __debug__ and self._trace_level>=1: self._trace_file.write('*** %s reconnect to %s failed\n' % ( counter_text,uri )) reconnect_counter = reconnect_counter-1 if not reconnect_counter: raise if __debug__ and self._trace_level>=1: self._trace_file.write('=> delay %s...\n' % (retry_delay)) time.sleep(retry_delay) SimpleLDAPObject.unbind_s(self) else: if __debug__ and self._trace_level>=1: self._trace_file.write('*** %s reconnect to %s successful => repeat last operation\n' % ( counter_text,uri )) self._reconnects_done = self._reconnects_done + 1 break finally: self._reconnect_lock.release() return # reconnect() def _apply_method_s(self,func,*args,**kwargs): if not hasattr(self,'_l'): self.reconnect(self._uri,retry_max=self._retry_max,retry_delay=self._retry_delay) try: return func(self,*args,**kwargs) except ldap.SERVER_DOWN: SimpleLDAPObject.unbind_s(self) # Try to reconnect self.reconnect(self._uri,retry_max=self._retry_max,retry_delay=self._retry_delay) # Re-try last operation return func(self,*args,**kwargs) def set_option(self,option,invalue): self._options.append((option,invalue)) return SimpleLDAPObject.set_option(self,option,invalue) def bind_s(self,*args,**kwargs): res = self._apply_method_s(SimpleLDAPObject.bind_s,*args,**kwargs) self._store_last_bind(SimpleLDAPObject.bind_s,*args,**kwargs) return res def simple_bind_s(self,*args,**kwargs): res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs) self._store_last_bind(SimpleLDAPObject.simple_bind_s,*args,**kwargs) return res def start_tls_s(self,*args,**kwargs): res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs) self._start_tls = 1 return res def sasl_interactive_bind_s(self,*args,**kwargs): """ sasl_interactive_bind_s(who, auth) -> None """ res = self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs) self._store_last_bind(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs) return res def sasl_bind_s(self,*args,**kwargs): res = self._apply_method_s(SimpleLDAPObject.sasl_bind_s,*args,**kwargs) self._store_last_bind(SimpleLDAPObject.sasl_bind_s,*args,**kwargs) return res def add_ext_s(self,*args,**kwargs): return self._apply_method_s(SimpleLDAPObject.add_ext_s,*args,**kwargs) def cancel_s(self,*args,**kwargs): return self._apply_method_s(SimpleLDAPObject.cancel_s,*args,**kwargs) def compare_ext_s(self,*args,**kwargs): return self._apply_method_s(SimpleLDAPObject.compare_ext_s,*args,**kwargs) def delete_ext_s(self,*args,**kwargs): return self._apply_method_s(SimpleLDAPObject.delete_ext_s,*args,**kwargs) def extop_s(self,*args,**kwargs): return self._apply_method_s(SimpleLDAPObject.extop_s,*args,**kwargs) def modify_ext_s(self,*args,**kwargs): return self._apply_method_s(SimpleLDAPObject.modify_ext_s,*args,**kwargs) def rename_s(self,*args,**kwargs): return self._apply_method_s(SimpleLDAPObject.rename_s,*args,**kwargs) def search_ext_s(self,*args,**kwargs): return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs) def whoami_s(self,*args,**kwargs): return self._apply_method_s(SimpleLDAPObject.whoami_s,*args,**kwargs) # The class called LDAPObject will be used as default for # ldap.open() and ldap.initialize() LDAPObject = SimpleLDAPObject python-ldap-3.2.0/Lib/ldap/__init__.py0000644000175000017500000000600113441744767021446 0ustar pviktoripviktorin00000000000000""" ldap - base module See https://www.python-ldap.org/ for details. """ # This is also the overall release version number from ldap.pkginfo import __version__, __author__, __license__ import os import sys if __debug__: # Tracing is only supported in debugging mode import atexit import traceback _trace_level = int(os.environ.get("PYTHON_LDAP_TRACE_LEVEL", 0)) _trace_file = os.environ.get("PYTHON_LDAP_TRACE_FILE") if _trace_file is None: _trace_file = sys.stderr else: _trace_file = open(_trace_file, 'a') atexit.register(_trace_file.close) _trace_stack_limit = None else: # Any use of the _trace attributes should be guarded by `if __debug__`, # so they should not be needed here. # But, providing different API for debug mode is unnecessarily fragile. _trace_level = 0 _trace_file = sys.stderr _trace_stack_limit = None import _ldap assert _ldap.__version__==__version__, \ ImportError('ldap %s and _ldap %s version mismatch!' % (__version__,_ldap.__version__)) from _ldap import * # call into libldap to initialize it right now LIBLDAP_API_INFO = _ldap.get_option(_ldap.OPT_API_INFO) OPT_NAMES_DICT = {} for k,v in vars(_ldap).items(): if k.startswith('OPT_'): OPT_NAMES_DICT[v]=k class DummyLock: """Define dummy class with methods compatible to threading.Lock""" def __init__(self): pass def acquire(self): pass def release(self): pass try: # Check if Python installation was build with thread support import thread except ImportError: LDAPLockBaseClass = DummyLock else: import threading LDAPLockBaseClass = threading.Lock class LDAPLock: """ Mainly a wrapper class to log all locking events. Note that this cumbersome approach with _lock attribute was taken since threading.Lock is not suitable for sub-classing. """ _min_trace_level = 3 def __init__(self,lock_class=None,desc=''): """ lock_class Class compatible to threading.Lock desc Description shown in debug log messages """ self._desc = desc self._lock = (lock_class or LDAPLockBaseClass)() def acquire(self): if __debug__: global _trace_level if _trace_level>=self._min_trace_level: _trace_file.write('***%s.acquire() %s %s\n' % (self.__class__.__name__,repr(self),self._desc)) return self._lock.acquire() def release(self): if __debug__: global _trace_level if _trace_level>=self._min_trace_level: _trace_file.write('***%s.release() %s %s\n' % (self.__class__.__name__,repr(self),self._desc)) return self._lock.release() # Create module-wide lock for serializing all calls into underlying LDAP lib _ldap_module_lock = LDAPLock(desc='Module wide') from ldap.functions import initialize,get_option,set_option,escape_str,strf_secs,strp_secs from ldap.ldapobject import NO_UNIQUE_ENTRY, LDAPBytesWarning from ldap.dn import explode_dn,explode_rdn,str2dn,dn2str del str2dn del dn2str # More constants # For compatibility of 2.3 and 2.4 OpenLDAP API OPT_DIAGNOSTIC_MESSAGE = OPT_ERROR_STRING python-ldap-3.2.0/Lib/ldap/logger.py0000644000175000017500000000060413441744767021171 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ Helper class for using logging as trace file object """ import logging class logging_file_class(object): def __init__(self, logging_level): self._logging_level = logging_level def write(self, msg): logging.log(self._logging_level, msg[:-1]) def flush(self): return logging_file_obj = logging_file_class(logging.DEBUG) python-ldap-3.2.0/Lib/ldap/controls/0000755000175000017500000000000013441750214021163 5ustar pviktoripviktorin00000000000000python-ldap-3.2.0/Lib/ldap/controls/readentry.py0000644000175000017500000000471413441744767023560 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ ldap.controls.readentry - classes for the Read Entry controls (see RFC 4527) See https://www.python-ldap.org/ for project details. """ import ldap from pyasn1.codec.ber import encoder,decoder from ldap.controls import LDAPControl,KNOWN_RESPONSE_CONTROLS from pyasn1_modules.rfc2251 import AttributeDescriptionList,SearchResultEntry class ReadEntryControl(LDAPControl): """ Base class for read entry control described in RFC 4527 attrList list of attribute type names requested Class attributes with values extracted from the response control: dn string holding the distinguished name of the LDAP entry entry dictionary holding the LDAP entry """ def __init__(self,criticality=False,attrList=None): self.criticality,self.attrList,self.entry = criticality,attrList or [],None def encodeControlValue(self): attributeSelection = AttributeDescriptionList() for i in range(len(self.attrList)): attributeSelection.setComponentByPosition(i,self.attrList[i]) return encoder.encode(attributeSelection) def decodeControlValue(self,encodedControlValue): decodedEntry,_ = decoder.decode(encodedControlValue,asn1Spec=SearchResultEntry()) self.dn = str(decodedEntry[0]) self.entry = {} for attr in decodedEntry[1]: self.entry[str(attr[0])] = [ str(attr_value) for attr_value in attr[1] ] class PreReadControl(ReadEntryControl): """ Class for pre-read control described in RFC 4527 attrList list of attribute type names requested Class attributes with values extracted from the response control: dn string holding the distinguished name of the LDAP entry before the operation was done by the server entry dictionary holding the LDAP entry before the operation was done by the server """ controlType = ldap.CONTROL_PRE_READ KNOWN_RESPONSE_CONTROLS[PreReadControl.controlType] = PreReadControl class PostReadControl(ReadEntryControl): """ Class for post-read control described in RFC 4527 attrList list of attribute type names requested Class attributes with values extracted from the response control: dn string holding the distinguished name of the LDAP entry after the operation was done by the server entry dictionary holding the LDAP entry after the operation was done by the server """ controlType = ldap.CONTROL_POST_READ KNOWN_RESPONSE_CONTROLS[PostReadControl.controlType] = PostReadControl python-ldap-3.2.0/Lib/ldap/controls/openldap.py0000644000175000017500000000427513441744767023367 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ ldap.controls.openldap - classes for OpenLDAP-specific controls See https://www.python-ldap.org/ for project details. """ import ldap.controls from ldap.controls import ValueLessRequestControl,ResponseControl from pyasn1.type import univ from pyasn1.codec.ber import decoder __all__ = [ 'SearchNoOpControl', 'SearchNoOpMixIn', ] class SearchNoOpControl(ValueLessRequestControl,ResponseControl): """ No-op control attached to search operations implementing sort of a count operation see https://www.openldap.org/its/index.cgi?findid=6598 """ controlType = '1.3.6.1.4.1.4203.666.5.18' def __init__(self,criticality=False): self.criticality = criticality class SearchNoOpControlValue(univ.Sequence): pass def decodeControlValue(self,encodedControlValue): decodedValue,_ = decoder.decode(encodedControlValue,asn1Spec=self.SearchNoOpControlValue()) self.resultCode = int(decodedValue[0]) self.numSearchResults = int(decodedValue[1]) self.numSearchContinuations = int(decodedValue[2]) ldap.controls.KNOWN_RESPONSE_CONTROLS[SearchNoOpControl.controlType] = SearchNoOpControl class SearchNoOpMixIn: """ Mix-in class to be used with class LDAPObject and friends. It adds a convenience method noop_search_st() to LDAPObject for easily using the no-op search control. """ def noop_search_st(self,base,scope=ldap.SCOPE_SUBTREE,filterstr='(objectClass=*)',timeout=-1): try: msg_id = self.search_ext( base, scope, filterstr=filterstr, attrlist=['1.1'], timeout=timeout, serverctrls=[SearchNoOpControl(criticality=True)], ) _,_,_,search_response_ctrls = self.result3(msg_id,all=1,timeout=timeout) except ( ldap.TIMEOUT, ldap.TIMELIMIT_EXCEEDED, ldap.SIZELIMIT_EXCEEDED, ldap.ADMINLIMIT_EXCEEDED ) as e: self.abandon(msg_id) raise e else: noop_srch_ctrl = [ c for c in search_response_ctrls if c.controlType==SearchNoOpControl.controlType ] if noop_srch_ctrl: return noop_srch_ctrl[0].numSearchResults,noop_srch_ctrl[0].numSearchContinuations else: return (None,None) python-ldap-3.2.0/Lib/ldap/controls/vlv.py0000644000175000017500000001242413441744767022367 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ ldap.controls.vlv - classes for Virtual List View (see draft-ietf-ldapext-ldapv3-vlv) See https://www.python-ldap.org/ for project details. """ __all__ = [ 'VLVRequestControl', 'VLVResponseControl', ] import ldap from ldap.ldapobject import LDAPObject from ldap.controls import (RequestControl, ResponseControl, KNOWN_RESPONSE_CONTROLS, DecodeControlTuples) from pyasn1.type import univ, namedtype, tag, namedval, constraint from pyasn1.codec.ber import encoder, decoder class ByOffsetType(univ.Sequence): tagSet = univ.Sequence.tagSet.tagImplicitly( tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)) componentType = namedtype.NamedTypes( namedtype.NamedType('offset', univ.Integer()), namedtype.NamedType('contentCount', univ.Integer())) class TargetType(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('byOffset', ByOffsetType()), namedtype.NamedType('greaterThanOrEqual', univ.OctetString().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))) class VirtualListViewRequestType(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('beforeCount', univ.Integer()), namedtype.NamedType('afterCount', univ.Integer()), namedtype.NamedType('target', TargetType()), namedtype.OptionalNamedType('contextID', univ.OctetString())) class VLVRequestControl(RequestControl): controlType = '2.16.840.1.113730.3.4.9' def __init__( self, criticality=False, before_count=0, after_count=0, offset=None, content_count=None, greater_than_or_equal=None, context_id=None, ): RequestControl.__init__(self,self.controlType,criticality) assert (offset is not None and content_count is not None) or \ greater_than_or_equal, \ ValueError( 'offset and content_count must be set together or greater_than_or_equal must be used' ) self.before_count = before_count self.after_count = after_count self.offset = offset self.content_count = content_count self.greater_than_or_equal = greater_than_or_equal self.context_id = context_id def encodeControlValue(self): p = VirtualListViewRequestType() p.setComponentByName('beforeCount', self.before_count) p.setComponentByName('afterCount', self.after_count) if self.offset is not None and self.content_count is not None: by_offset = ByOffsetType() by_offset.setComponentByName('offset', self.offset) by_offset.setComponentByName('contentCount', self.content_count) target = TargetType() target.setComponentByName('byOffset', by_offset) elif self.greater_than_or_equal: target = TargetType() target.setComponentByName('greaterThanOrEqual', self.greater_than_or_equal) else: raise NotImplementedError p.setComponentByName('target', target) return encoder.encode(p) KNOWN_RESPONSE_CONTROLS[VLVRequestControl.controlType] = VLVRequestControl class VirtualListViewResultType(univ.Enumerated): namedValues = namedval.NamedValues( ('success', 0), ('operationsError', 1), ('protocolError', 3), ('unwillingToPerform', 53), ('insufficientAccessRights', 50), ('adminLimitExceeded', 11), ('innapropriateMatching', 18), ('sortControlMissing', 60), ('offsetRangeError', 61), ('other', 80), ) class VirtualListViewResponseType(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('targetPosition', univ.Integer()), namedtype.NamedType('contentCount', univ.Integer()), namedtype.NamedType('virtualListViewResult', VirtualListViewResultType()), namedtype.OptionalNamedType('contextID', univ.OctetString())) class VLVResponseControl(ResponseControl): controlType = '2.16.840.1.113730.3.4.10' def __init__(self,criticality=False): ResponseControl.__init__(self,self.controlType,criticality) def decodeControlValue(self,encoded): p, rest = decoder.decode(encoded, asn1Spec=VirtualListViewResponseType()) assert not rest, 'all data could not be decoded' self.targetPosition = int(p.getComponentByName('targetPosition')) self.contentCount = int(p.getComponentByName('contentCount')) virtual_list_view_result = p.getComponentByName('virtualListViewResult') self.virtualListViewResult = int(virtual_list_view_result) context_id = p.getComponentByName('contextID') if context_id.hasValue(): self.contextID = str(context_id) else: self.contextID = None # backward compatibility class attributes self.target_position = self.targetPosition self.content_count = self.contentCount self.result = self.virtualListViewResult self.context_id = self.contextID KNOWN_RESPONSE_CONTROLS[VLVResponseControl.controlType] = VLVResponseControl python-ldap-3.2.0/Lib/ldap/controls/libldap.py0000644000175000017500000000437213441744767023172 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ controls.libldap - LDAP controls wrapper classes with en-/decoding done by OpenLDAP functions See https://www.python-ldap.org/ for details. """ from ldap.pkginfo import __version__ import _ldap assert _ldap.__version__==__version__, \ ImportError('ldap %s and _ldap %s version mismatch!' % (__version__,_ldap.__version__)) import ldap from ldap.controls import RequestControl,LDAPControl,KNOWN_RESPONSE_CONTROLS class AssertionControl(RequestControl): """ LDAP Assertion control, as defined in RFC 4528 filterstr LDAP filter string specifying which assertions have to match so that the server processes the operation """ controlType = ldap.CONTROL_ASSERT def __init__(self,criticality=True,filterstr='(objectClass=*)'): self.criticality = criticality self.filterstr = filterstr def encodeControlValue(self): return _ldap.encode_assertion_control(self.filterstr) KNOWN_RESPONSE_CONTROLS[ldap.CONTROL_ASSERT] = AssertionControl class MatchedValuesControl(RequestControl): """ LDAP Matched Values control, as defined in RFC 3876 filterstr LDAP filter string specifying which attribute values should be returned """ controlType = ldap.CONTROL_VALUESRETURNFILTER def __init__(self,criticality=False,filterstr='(objectClass=*)'): self.criticality = criticality self.filterstr = filterstr def encodeControlValue(self): return _ldap.encode_valuesreturnfilter_control(self.filterstr) KNOWN_RESPONSE_CONTROLS[ldap.CONTROL_VALUESRETURNFILTER] = MatchedValuesControl class SimplePagedResultsControl(LDAPControl): """ LDAP Control Extension for Simple Paged Results Manipulation size Page size requested (number of entries to be returned) cookie Cookie string received with last page """ controlType = ldap.CONTROL_PAGEDRESULTS def __init__(self,criticality=False,size=None,cookie=None): self.criticality = criticality self.size,self.cookie = size,cookie def encodeControlValue(self): return _ldap.encode_page_control(self.size,self.cookie) def decodeControlValue(self,encodedControlValue): self.size,self.cookie = _ldap.decode_page_control(encodedControlValue) KNOWN_RESPONSE_CONTROLS[ldap.CONTROL_PAGEDRESULTS] = SimplePagedResultsControl python-ldap-3.2.0/Lib/ldap/controls/simple.py0000644000175000017500000000753613441744767023061 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ ldap.controls.simple - classes for some very simple LDAP controls See https://www.python-ldap.org/ for details. """ import struct,ldap from ldap.controls import RequestControl,ResponseControl,LDAPControl,KNOWN_RESPONSE_CONTROLS class ValueLessRequestControl(RequestControl): """ Base class for controls without a controlValue. The presence of the control in a LDAPv3 request changes the server's behaviour when processing the request simply based on the controlType. controlType OID of the request control criticality criticality request control """ def __init__(self,controlType=None,criticality=False): self.controlType = controlType self.criticality = criticality def encodeControlValue(self): return None class OctetStringInteger(LDAPControl): """ Base class with controlValue being unsigend integer values integerValue Integer to be sent as OctetString """ def __init__(self,controlType=None,criticality=False,integerValue=None): self.controlType = controlType self.criticality = criticality self.integerValue = integerValue def encodeControlValue(self): return struct.pack('!Q',self.integerValue) def decodeControlValue(self,encodedControlValue): self.integerValue = struct.unpack('!Q',encodedControlValue)[0] class BooleanControl(LDAPControl): """ Base class for simple request controls with boolean control value. Constructor argument and class attribute: booleanValue Boolean (True/False or 1/0) which is the boolean controlValue. """ boolean2ber = { 1:'\x01\x01\xFF', 0:'\x01\x01\x00' } ber2boolean = { '\x01\x01\xFF':1, '\x01\x01\x00':0 } def __init__(self,controlType=None,criticality=False,booleanValue=False): self.controlType = controlType self.criticality = criticality self.booleanValue = booleanValue def encodeControlValue(self): return self.boolean2ber[int(self.booleanValue)] def decodeControlValue(self,encodedControlValue): self.booleanValue = self.ber2boolean[encodedControlValue] class ManageDSAITControl(ValueLessRequestControl): """ Manage DSA IT Control """ def __init__(self,criticality=False): ValueLessRequestControl.__init__(self,ldap.CONTROL_MANAGEDSAIT,criticality=False) KNOWN_RESPONSE_CONTROLS[ldap.CONTROL_MANAGEDSAIT] = ManageDSAITControl class RelaxRulesControl(ValueLessRequestControl): """ Relax Rules Control """ def __init__(self,criticality=False): ValueLessRequestControl.__init__(self,ldap.CONTROL_RELAX,criticality=False) KNOWN_RESPONSE_CONTROLS[ldap.CONTROL_RELAX] = RelaxRulesControl class ProxyAuthzControl(RequestControl): """ Proxy Authorization Control authzId string containing the authorization ID indicating the identity on behalf which the server should process the request """ def __init__(self,criticality,authzId): RequestControl.__init__(self,ldap.CONTROL_PROXY_AUTHZ,criticality,authzId) class AuthorizationIdentityRequestControl(ValueLessRequestControl): """ Authorization Identity Request and Response Controls """ controlType = '2.16.840.1.113730.3.4.16' def __init__(self,criticality): ValueLessRequestControl.__init__(self,self.controlType,criticality) class AuthorizationIdentityResponseControl(ResponseControl): """ Authorization Identity Request and Response Controls Class attributes: authzId decoded authorization identity """ controlType = '2.16.840.1.113730.3.4.15' def decodeControlValue(self,encodedControlValue): self.authzId = encodedControlValue KNOWN_RESPONSE_CONTROLS[AuthorizationIdentityResponseControl.controlType] = AuthorizationIdentityResponseControl class GetEffectiveRightsControl(RequestControl): """ Get Effective Rights Control """ def __init__(self,criticality,authzId=None): RequestControl.__init__(self,'1.3.6.1.4.1.42.2.27.9.5.2',criticality,authzId) python-ldap-3.2.0/Lib/ldap/controls/sss.py0000644000175000017500000001146013441744767022367 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ ldap.controls.sss - classes for Server Side Sorting (see RFC 2891) See https://www.python-ldap.org/ for project details. """ __all__ = [ 'SSSRequestControl', 'SSSResponseControl', ] import sys import ldap from ldap.ldapobject import LDAPObject from ldap.controls import (RequestControl, ResponseControl, KNOWN_RESPONSE_CONTROLS, DecodeControlTuples) from pyasn1.type import univ, namedtype, tag, namedval, constraint from pyasn1.codec.ber import encoder, decoder PY2 = sys.version_info[0] <= 2 if not PY2: basestring = str # SortKeyList ::= SEQUENCE OF SEQUENCE { # attributeType AttributeDescription, # orderingRule [0] MatchingRuleId OPTIONAL, # reverseOrder [1] BOOLEAN DEFAULT FALSE } class SortKeyType(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('attributeType', univ.OctetString()), namedtype.OptionalNamedType('orderingRule', univ.OctetString().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0) ) ), namedtype.DefaultedNamedType('reverseOrder', univ.Boolean(False).subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))) class SortKeyListType(univ.SequenceOf): componentType = SortKeyType() class SSSRequestControl(RequestControl): '''Order result server side >>> s = SSSRequestControl(ordering_rules=['-cn']) ''' controlType = '1.2.840.113556.1.4.473' def __init__( self, criticality=False, ordering_rules=None, ): RequestControl.__init__(self,self.controlType,criticality) self.ordering_rules = ordering_rules if isinstance(ordering_rules, basestring): ordering_rules = [ordering_rules] for rule in ordering_rules: rule = rule.split(':') assert len(rule) < 3, 'syntax for ordering rule: [-][:ordering-rule]' def asn1(self): p = SortKeyListType() for i, rule in enumerate(self.ordering_rules): q = SortKeyType() reverse_order = rule.startswith('-') if reverse_order: rule = rule[1:] if ':' in rule: attribute_type, ordering_rule = rule.split(':') else: attribute_type, ordering_rule = rule, None q.setComponentByName('attributeType', attribute_type) if ordering_rule: q.setComponentByName('orderingRule', ordering_rule) if reverse_order: q.setComponentByName('reverseOrder', 1) p.setComponentByPosition(i, q) return p def encodeControlValue(self): return encoder.encode(self.asn1()) class SortResultType(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('sortResult', univ.Enumerated().subtype( namedValues=namedval.NamedValues( ('success', 0), ('operationsError', 1), ('timeLimitExceeded', 3), ('strongAuthRequired', 8), ('adminLimitExceeded', 11), ('noSuchAttribute', 16), ('inappropriateMatching', 18), ('insufficientAccessRights', 50), ('busy', 51), ('unwillingToPerform', 53), ('other', 80)), subtypeSpec=univ.Enumerated.subtypeSpec + constraint.SingleValueConstraint( 0, 1, 3, 8, 11, 16, 18, 50, 51, 53, 80))), namedtype.OptionalNamedType('attributeType', univ.OctetString().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0) ) )) class SSSResponseControl(ResponseControl): controlType = '1.2.840.113556.1.4.474' def __init__(self,criticality=False): ResponseControl.__init__(self,self.controlType,criticality) def decodeControlValue(self, encoded): p, rest = decoder.decode(encoded, asn1Spec=SortResultType()) assert not rest, 'all data could not be decoded' sort_result = p.getComponentByName('sortResult') self.sortResult = int(sort_result) attribute_type = p.getComponentByName('attributeType') if attribute_type.hasValue(): self.attributeType = attribute_type else: self.attributeType = None # backward compatibility class attributes self.result = self.sortResult self.attribute_type_error = self.attributeType KNOWN_RESPONSE_CONTROLS[SSSResponseControl.controlType] = SSSResponseControl python-ldap-3.2.0/Lib/ldap/controls/pwdpolicy.py0000644000175000017500000000214013441744767023564 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ ldap.controls.pwdpolicy - classes for Password Policy controls (see https://tools.ietf.org/html/draft-vchu-ldap-pwd-policy) See https://www.python-ldap.org/ for project details. """ __all__ = [ 'PasswordExpiringControl', 'PasswordExpiredControl', ] # Imports from python-ldap 2.4+ import ldap.controls from ldap.controls import RequestControl,ResponseControl,ValueLessRequestControl,KNOWN_RESPONSE_CONTROLS class PasswordExpiringControl(ResponseControl): """ Indicates time in seconds when password will expire """ controlType = '2.16.840.1.113730.3.4.5' def decodeControlValue(self,encodedControlValue): self.gracePeriod = int(encodedControlValue) KNOWN_RESPONSE_CONTROLS[PasswordExpiringControl.controlType] = PasswordExpiringControl class PasswordExpiredControl(ResponseControl): """ Indicates that password is expired """ controlType = '2.16.840.1.113730.3.4.4' def decodeControlValue(self,encodedControlValue): self.passwordExpired = encodedControlValue=='0' KNOWN_RESPONSE_CONTROLS[PasswordExpiredControl.controlType] = PasswordExpiredControl python-ldap-3.2.0/Lib/ldap/controls/deref.py0000644000175000017500000000671513441744767022653 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ ldap.controls.deref - classes for (see https://tools.ietf.org/html/draft-masarati-ldap-deref) See https://www.python-ldap.org/ for project details. """ __all__ = [ 'DEREF_CONTROL_OID', 'DereferenceControl', ] import ldap.controls from ldap.controls import LDAPControl,KNOWN_RESPONSE_CONTROLS import pyasn1_modules.rfc2251 from pyasn1.type import namedtype,univ,tag from pyasn1.codec.ber import encoder,decoder from pyasn1_modules.rfc2251 import LDAPDN,AttributeDescription,AttributeDescriptionList,AttributeValue DEREF_CONTROL_OID = '1.3.6.1.4.1.4203.666.5.16' # Request types #--------------------------------------------------------------------------- # For compatibility with ASN.1 declaration in I-D AttributeList = AttributeDescriptionList class DerefSpec(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType( 'derefAttr', AttributeDescription() ), namedtype.NamedType( 'attributes', AttributeList() ), ) class DerefSpecs(univ.SequenceOf): componentType = DerefSpec() # Response types #--------------------------------------------------------------------------- class AttributeValues(univ.SetOf): componentType = AttributeValue() class PartialAttribute(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('type', AttributeDescription()), namedtype.NamedType('vals', AttributeValues()), ) class PartialAttributeList(univ.SequenceOf): componentType = PartialAttribute() tagSet = univ.Sequence.tagSet.tagImplicitly( tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,0) ) class DerefRes(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('derefAttr', AttributeDescription()), namedtype.NamedType('derefVal', LDAPDN()), namedtype.OptionalNamedType('attrVals', PartialAttributeList()), ) class DerefResultControlValue(univ.SequenceOf): componentType = DerefRes() class DereferenceControl(LDAPControl): controlType = DEREF_CONTROL_OID def __init__(self,criticality=False,derefSpecs=None): LDAPControl.__init__(self,self.controlType,criticality) self.derefSpecs = derefSpecs or {} def _derefSpecs(self): deref_specs = DerefSpecs() i = 0 for deref_attr,deref_attribute_names in self.derefSpecs.items(): deref_spec = DerefSpec() deref_attributes = AttributeList() for j in range(len(deref_attribute_names)): deref_attributes.setComponentByPosition(j,deref_attribute_names[j]) deref_spec.setComponentByName('derefAttr',AttributeDescription(deref_attr)) deref_spec.setComponentByName('attributes',deref_attributes) deref_specs.setComponentByPosition(i,deref_spec) i += 1 return deref_specs def encodeControlValue(self): return encoder.encode(self._derefSpecs()) def decodeControlValue(self,encodedControlValue): decodedValue,_ = decoder.decode(encodedControlValue,asn1Spec=DerefResultControlValue()) self.derefRes = {} for deref_res in decodedValue: deref_attr,deref_val,deref_vals = deref_res[0],deref_res[1],deref_res[2] partial_attrs_dict = { str(tv[0]): [str(v) for v in tv[1]] for tv in deref_vals or [] } try: self.derefRes[str(deref_attr)].append((str(deref_val),partial_attrs_dict)) except KeyError: self.derefRes[str(deref_attr)] = [(str(deref_val),partial_attrs_dict)] KNOWN_RESPONSE_CONTROLS[DereferenceControl.controlType] = DereferenceControl python-ldap-3.2.0/Lib/ldap/controls/__init__.py0000644000175000017500000001037613441744767023323 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ controls.py - support classes for LDAP controls See https://www.python-ldap.org/ for details. Description: The ldap.controls module provides LDAPControl classes. Each class provides support for a certain control. """ from ldap.pkginfo import __version__ import _ldap assert _ldap.__version__==__version__, \ ImportError('ldap %s and _ldap %s version mismatch!' % (__version__,_ldap.__version__)) import ldap from pyasn1.error import PyAsn1Error __all__ = [ 'KNOWN_RESPONSE_CONTROLS', # Classes 'AssertionControl', 'BooleanControl', 'LDAPControl', 'ManageDSAITControl', 'MatchedValuesControl', 'RelaxRulesControl', 'RequestControl', 'ResponseControl', 'SimplePagedResultsControl', 'ValueLessRequestControl', # Functions 'RequestControlTuples', 'DecodeControlTuples', ] # response control OID to class registry KNOWN_RESPONSE_CONTROLS = {} class RequestControl: """ Base class for all request controls controlType OID as string of the LDAPv3 extended request control criticality sets the criticality of the control (boolean) encodedControlValue control value of the LDAPv3 extended request control (here it is the BER-encoded ASN.1 control value) """ def __init__(self,controlType=None,criticality=False,encodedControlValue=None): self.controlType = controlType self.criticality = criticality self.encodedControlValue = encodedControlValue def encodeControlValue(self): """ sets class attribute encodedControlValue to the BER-encoded ASN.1 control value composed by class attributes set before """ return self.encodedControlValue class ResponseControl: """ Base class for all response controls controlType OID as string of the LDAPv3 extended response control criticality sets the criticality of the received control (boolean) """ def __init__(self,controlType=None,criticality=False): self.controlType = controlType self.criticality = criticality def decodeControlValue(self,encodedControlValue): """ decodes the BER-encoded ASN.1 control value and sets the appropriate class attributes """ self.encodedControlValue = encodedControlValue class LDAPControl(RequestControl,ResponseControl): """ Base class for combined request/response controls mainly for backward-compatibility to python-ldap 2.3.x """ def __init__(self,controlType=None,criticality=False,controlValue=None,encodedControlValue=None): self.controlType = controlType self.criticality = criticality self.controlValue = controlValue self.encodedControlValue = encodedControlValue def RequestControlTuples(ldapControls): """ Return list of readily encoded 3-tuples which can be directly passed to C module _ldap ldapControls sequence-type of RequestControl objects """ if ldapControls is None: return None else: result = [ (c.controlType,c.criticality,c.encodeControlValue()) for c in ldapControls ] return result def DecodeControlTuples(ldapControlTuples,knownLDAPControls=None): """ Returns list of readily decoded ResponseControl objects ldapControlTuples Sequence-type of 3-tuples returned by _ldap.result4() containing the encoded ASN.1 control values of response controls. knownLDAPControls Dictionary mapping extended control's OID to ResponseControl class of response controls known by the application. If None ldap.controls.KNOWN_RESPONSE_CONTROLS is used here. """ knownLDAPControls = knownLDAPControls or KNOWN_RESPONSE_CONTROLS result = [] for controlType,criticality,encodedControlValue in ldapControlTuples or []: try: control = knownLDAPControls[controlType]() except KeyError: if criticality: raise ldap.UNAVAILABLE_CRITICAL_EXTENSION('Received unexpected critical response control with controlType %s' % (repr(controlType))) else: control.controlType,control.criticality = controlType,criticality try: control.decodeControlValue(encodedControlValue) except PyAsn1Error: if criticality: raise else: result.append(control) return result # Import the standard sub-modules from ldap.controls.simple import * from ldap.controls.libldap import * python-ldap-3.2.0/Lib/ldap/controls/psearch.py0000644000175000017500000001034313441744767023203 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ ldap.controls.psearch - classes for Persistent Search Control (see https://tools.ietf.org/html/draft-ietf-ldapext-psearch) See https://www.python-ldap.org/ for project details. """ __all__ = [ 'PersistentSearchControl', 'EntryChangeNotificationControl', 'CHANGE_TYPES_INT', 'CHANGE_TYPES_STR', ] # Imports from python-ldap 2.4+ import ldap.controls from ldap.controls import RequestControl,ResponseControl,KNOWN_RESPONSE_CONTROLS # Imports from pyasn1 from pyasn1.type import namedtype,namedval,univ,constraint from pyasn1.codec.ber import encoder,decoder from pyasn1_modules.rfc2251 import LDAPDN #--------------------------------------------------------------------------- # Constants and classes for Persistent Search Control #--------------------------------------------------------------------------- CHANGE_TYPES_INT = { 'add':1, 'delete':2, 'modify':4, 'modDN':8, } CHANGE_TYPES_STR = {v: k for k,v in CHANGE_TYPES_INT.items()} class PersistentSearchControl(RequestControl): """ Implements the request control for persistent search. changeTypes List of strings specifying the types of changes returned by the server. Setting to None requests all changes. changesOnly Boolean which indicates whether only changes are returned by the server. returnECs Boolean which indicates whether the server should return an Entry Change Notification response control """ class PersistentSearchControlValue(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('changeTypes',univ.Integer()), namedtype.NamedType('changesOnly',univ.Boolean()), namedtype.NamedType('returnECs',univ.Boolean()), ) controlType = "2.16.840.1.113730.3.4.3" def __init__(self,criticality=True,changeTypes=None,changesOnly=False,returnECs=True): self.criticality,self.changesOnly,self.returnECs = \ criticality,changesOnly,returnECs self.changeTypes = changeTypes or CHANGE_TYPES_INT.values() def encodeControlValue(self): if not type(self.changeTypes)==type(0): # Assume a sequence type of integers to be OR-ed changeTypes_int = 0 for ct in self.changeTypes: changeTypes_int = changeTypes_int|CHANGE_TYPES_INT.get(ct,ct) self.changeTypes = changeTypes_int p = self.PersistentSearchControlValue() p.setComponentByName('changeTypes',univ.Integer(self.changeTypes)) p.setComponentByName('changesOnly',univ.Boolean(self.changesOnly)) p.setComponentByName('returnECs',univ.Boolean(self.returnECs)) return encoder.encode(p) class ChangeType(univ.Enumerated): namedValues = namedval.NamedValues( ('add',1), ('delete',2), ('modify',4), ('modDN',8), ) subtypeSpec = univ.Enumerated.subtypeSpec + constraint.SingleValueConstraint(1,2,4,8) class EntryChangeNotificationValue(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('changeType',ChangeType()), namedtype.OptionalNamedType('previousDN', LDAPDN()), namedtype.OptionalNamedType('changeNumber',univ.Integer()), ) class EntryChangeNotificationControl(ResponseControl): """ Implements the response control for persistent search. Class attributes with values extracted from the response control: changeType String indicating the type of change causing this result to be returned by the server previousDN Old DN of the entry in case of a modrdn change changeNumber A change serial number returned by the server (optional). """ controlType = "2.16.840.1.113730.3.4.7" def decodeControlValue(self,encodedControlValue): ecncValue,_ = decoder.decode(encodedControlValue,asn1Spec=EntryChangeNotificationValue()) self.changeType = int(ecncValue.getComponentByName('changeType')) previousDN = ecncValue.getComponentByName('previousDN') if previousDN.hasValue(): self.previousDN = str(previousDN) else: self.previousDN = None changeNumber = ecncValue.getComponentByName('changeNumber') if changeNumber.hasValue(): self.changeNumber = int(changeNumber) else: self.changeNumber = None return (self.changeType,self.previousDN,self.changeNumber) KNOWN_RESPONSE_CONTROLS[EntryChangeNotificationControl.controlType] = EntryChangeNotificationControl python-ldap-3.2.0/Lib/ldap/controls/sessiontrack.py0000644000175000017500000000435613441744767024275 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ ldap.controls.sessiontrack - class for session tracking control (see draft-wahl-ldap-session) See https://www.python-ldap.org/ for project details. """ from ldap.controls import RequestControl from pyasn1.type import namedtype,univ from pyasn1.codec.ber import encoder from pyasn1_modules.rfc2251 import LDAPString,LDAPOID # OID constants SESSION_TRACKING_CONTROL_OID = "1.3.6.1.4.1.21008.108.63.1" SESSION_TRACKING_FORMAT_OID_RADIUS_ACCT_SESSION_ID = SESSION_TRACKING_CONTROL_OID+".1" SESSION_TRACKING_FORMAT_OID_RADIUS_ACCT_MULTI_SESSION_ID = SESSION_TRACKING_CONTROL_OID+".2" SESSION_TRACKING_FORMAT_OID_USERNAME = SESSION_TRACKING_CONTROL_OID+".3" class SessionTrackingControl(RequestControl): """ Class for Session Tracking Control Because criticality MUST be false for this control it cannot be set from the application. sessionSourceIp IP address of the request source as string sessionSourceName Name of the request source as string formatOID OID as string specifying the format sessionTrackingIdentifier String containing a specific tracking ID """ class SessionIdentifierControlValue(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('sessionSourceIp',LDAPString()), namedtype.NamedType('sessionSourceName',LDAPString()), namedtype.NamedType('formatOID',LDAPOID()), namedtype.NamedType('sessionTrackingIdentifier',LDAPString()), ) controlType = SESSION_TRACKING_CONTROL_OID def __init__(self,sessionSourceIp,sessionSourceName,formatOID,sessionTrackingIdentifier): # criticality MUST be false for this control self.criticality = False self.sessionSourceIp,self.sessionSourceName,self.formatOID,self.sessionTrackingIdentifier = \ sessionSourceIp,sessionSourceName,formatOID,sessionTrackingIdentifier def encodeControlValue(self): s = self.SessionIdentifierControlValue() s.setComponentByName('sessionSourceIp',LDAPString(self.sessionSourceIp)) s.setComponentByName('sessionSourceName',LDAPString(self.sessionSourceName)) s.setComponentByName('formatOID',LDAPOID(self.formatOID)) s.setComponentByName('sessionTrackingIdentifier',LDAPString(self.sessionTrackingIdentifier)) return encoder.encode(s) python-ldap-3.2.0/Lib/ldap/controls/ppolicy.py0000644000175000017500000000535413441744767023243 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ ldap.controls.ppolicy - classes for Password Policy controls (see https://tools.ietf.org/html/draft-behera-ldap-password-policy) See https://www.python-ldap.org/ for project details. """ __all__ = [ 'PasswordPolicyControl' ] # Imports from python-ldap 2.4+ from ldap.controls import ( ResponseControl, ValueLessRequestControl, KNOWN_RESPONSE_CONTROLS ) # Imports from pyasn1 from pyasn1.type import tag,namedtype,namedval,univ,constraint from pyasn1.codec.der import decoder class PasswordPolicyWarning(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('timeBeforeExpiration',univ.Integer().subtype( implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,0) )), namedtype.NamedType('graceAuthNsRemaining',univ.Integer().subtype( implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,1) )), ) class PasswordPolicyError(univ.Enumerated): namedValues = namedval.NamedValues( ('passwordExpired',0), ('accountLocked',1), ('changeAfterReset',2), ('passwordModNotAllowed',3), ('mustSupplyOldPassword',4), ('insufficientPasswordQuality',5), ('passwordTooShort',6), ('passwordTooYoung',7), ('passwordInHistory',8) ) subtypeSpec = univ.Enumerated.subtypeSpec + constraint.SingleValueConstraint(0,1,2,3,4,5,6,7,8) class PasswordPolicyResponseValue(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType( 'warning', PasswordPolicyWarning().subtype( implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,0) ), ), namedtype.OptionalNamedType( 'error',PasswordPolicyError().subtype( implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,1) ) ), ) class PasswordPolicyControl(ValueLessRequestControl,ResponseControl): controlType = '1.3.6.1.4.1.42.2.27.8.5.1' def __init__(self,criticality=False): self.criticality = criticality def decodeControlValue(self,encodedControlValue): ppolicyValue,_ = decoder.decode(encodedControlValue,asn1Spec=PasswordPolicyResponseValue()) self.timeBeforeExpiration = None self.graceAuthNsRemaining = None self.error = None warning = ppolicyValue.getComponentByName('warning') if warning.hasValue(): if 'timeBeforeExpiration' in warning: self.timeBeforeExpiration = int( warning.getComponentByName('timeBeforeExpiration')) if 'graceAuthNsRemaining' in warning: self.graceAuthNsRemaining = int( warning.getComponentByName('graceAuthNsRemaining')) error = ppolicyValue.getComponentByName('error') if error.hasValue(): self.error = int(error) KNOWN_RESPONSE_CONTROLS[PasswordPolicyControl.controlType] = PasswordPolicyControl python-ldap-3.2.0/Lib/ldap/controls/pagedresults.py0000644000175000017500000000277413441744767024271 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ ldap.controls.paged - classes for Simple Paged control (see RFC 2696) See https://www.python-ldap.org/ for project details. """ __all__ = [ 'SimplePagedResultsControl' ] # Imports from python-ldap 2.4+ import ldap.controls from ldap.controls import RequestControl,ResponseControl,KNOWN_RESPONSE_CONTROLS # Imports from pyasn1 from pyasn1.type import tag,namedtype,univ,constraint from pyasn1.codec.ber import encoder,decoder from pyasn1_modules.rfc2251 import LDAPString class PagedResultsControlValue(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('size',univ.Integer()), namedtype.NamedType('cookie',LDAPString()), ) class SimplePagedResultsControl(RequestControl,ResponseControl): controlType = '1.2.840.113556.1.4.319' def __init__(self,criticality=False,size=10,cookie=''): self.criticality = criticality self.size = size self.cookie = cookie or '' def encodeControlValue(self): pc = PagedResultsControlValue() pc.setComponentByName('size',univ.Integer(self.size)) pc.setComponentByName('cookie',LDAPString(self.cookie)) return encoder.encode(pc) def decodeControlValue(self,encodedControlValue): decodedValue,_ = decoder.decode(encodedControlValue,asn1Spec=PagedResultsControlValue()) self.size = int(decodedValue.getComponentByName('size')) self.cookie = bytes(decodedValue.getComponentByName('cookie')) KNOWN_RESPONSE_CONTROLS[SimplePagedResultsControl.controlType] = SimplePagedResultsControl python-ldap-3.2.0/Lib/ldapurl.py0000644000175000017500000002666413441750117020435 0ustar pviktoripviktorin00000000000000""" ldapurl - handling of LDAP URLs as described in RFC 4516 See https://www.python-ldap.org/ for details. """ __version__ = '3.2.0' __all__ = [ # constants 'SEARCH_SCOPE','SEARCH_SCOPE_STR', 'LDAP_SCOPE_BASE','LDAP_SCOPE_ONELEVEL','LDAP_SCOPE_SUBTREE', # functions 'isLDAPUrl', # classes 'LDAPUrlExtension','LDAPUrlExtensions','LDAPUrl' ] from ldap.compat import UserDict, quote, unquote LDAP_SCOPE_BASE = 0 LDAP_SCOPE_ONELEVEL = 1 LDAP_SCOPE_SUBTREE = 2 LDAP_SCOPE_SUBORDINATES = 3 SEARCH_SCOPE_STR = { None:'', LDAP_SCOPE_BASE:'base', LDAP_SCOPE_ONELEVEL:'one', LDAP_SCOPE_SUBTREE:'sub', LDAP_SCOPE_SUBORDINATES:'subordinates', } SEARCH_SCOPE = { '':None, # the search scope strings defined in RFC 4516 'base':LDAP_SCOPE_BASE, 'one':LDAP_SCOPE_ONELEVEL, 'sub':LDAP_SCOPE_SUBTREE, # from draft-sermersheim-ldap-subordinate-scope 'subordinates':LDAP_SCOPE_SUBORDINATES, } # Some widely used types StringType = type('') TupleType=type(()) def isLDAPUrl(s): """ Returns 1 if s is a LDAP URL, 0 else """ s_lower = s.lower() return \ s_lower.startswith('ldap://') or \ s_lower.startswith('ldaps://') or \ s_lower.startswith('ldapi://') def ldapUrlEscape(s): """Returns URL encoding of string s""" return quote(s).replace(',','%2C').replace('/','%2F') class LDAPUrlExtension(object): """ Class for parsing and unparsing LDAP URL extensions as described in RFC 4516. Usable class attributes: critical Boolean integer marking the extension as critical extype Type of extension exvalue Value of extension """ def __init__(self,extensionStr=None,critical=0,extype=None,exvalue=None): self.critical = critical self.extype = extype self.exvalue = exvalue if extensionStr: self._parse(extensionStr) def _parse(self,extension): extension = extension.strip() if not extension: # Don't parse empty strings self.extype,self.exvalue = None,None return self.critical = extension[0]=='!' if extension[0]=='!': extension = extension[1:].strip() try: self.extype,self.exvalue = extension.split('=',1) except ValueError: # No value, just the extype self.extype,self.exvalue = extension,None else: self.exvalue = unquote(self.exvalue.strip()) self.extype = self.extype.strip() def unparse(self): if self.exvalue is None: return '%s%s' % ('!'*(self.critical>0),self.extype) else: return '%s%s=%s' % ( '!'*(self.critical>0), self.extype,quote(self.exvalue or '') ) def __str__(self): return self.unparse() def __repr__(self): return '<%s.%s instance at %s: %s>' % ( self.__class__.__module__, self.__class__.__name__, hex(id(self)), self.__dict__ ) def __eq__(self,other): return \ (self.critical==other.critical) and \ (self.extype==other.extype) and \ (self.exvalue==other.exvalue) def __ne__(self,other): return not self.__eq__(other) class LDAPUrlExtensions(UserDict): """ Models a collection of LDAP URL extensions as dictionary type """ def __init__(self,default=None): UserDict.__init__(self) for k,v in (default or {}).items(): self[k]=v def __setitem__(self,name,value): """ value Either LDAPUrlExtension instance, (critical,exvalue) or string'ed exvalue """ assert isinstance(value,LDAPUrlExtension) assert name==value.extype self.data[name] = value def values(self): return [ self[k] for k in self.keys() ] def __str__(self): return ','.join(str(v) for v in self.values()) def __repr__(self): return '<%s.%s instance at %s: %s>' % ( self.__class__.__module__, self.__class__.__name__, hex(id(self)), self.data ) def __eq__(self,other): assert isinstance(other,self.__class__),TypeError( "other has to be instance of %s" % (self.__class__) ) return self.data==other.data def parse(self,extListStr): for extension_str in extListStr.strip().split(','): if extension_str: e = LDAPUrlExtension(extension_str) self[e.extype] = e def unparse(self): return ','.join([ v.unparse() for v in self.values() ]) class LDAPUrl(object): """ Class for parsing and unparsing LDAP URLs as described in RFC 4516. Usable class attributes: urlscheme URL scheme (either ldap, ldaps or ldapi) hostport LDAP host (default '') dn String holding distinguished name (default '') attrs list of attribute types (default None) scope integer search scope for ldap-module filterstr String representation of LDAP Search Filters (see RFC 4515) extensions Dictionary used as extensions store who Maps automagically to bindname LDAP URL extension cred Maps automagically to X-BINDPW LDAP URL extension """ attr2extype = {'who':'bindname','cred':'X-BINDPW'} def __init__( self, ldapUrl=None, urlscheme='ldap', hostport='',dn='',attrs=None,scope=None,filterstr=None, extensions=None, who=None,cred=None ): self.urlscheme=urlscheme self.hostport=hostport self.dn=dn self.attrs=attrs self.scope=scope self.filterstr=filterstr self.extensions=(extensions or LDAPUrlExtensions({})) if ldapUrl!=None: self._parse(ldapUrl) if who!=None: self.who = who if cred!=None: self.cred = cred def __eq__(self,other): return \ self.urlscheme==other.urlscheme and \ self.hostport==other.hostport and \ self.dn==other.dn and \ self.attrs==other.attrs and \ self.scope==other.scope and \ self.filterstr==other.filterstr and \ self.extensions==other.extensions def __ne__(self,other): return not self.__eq__(other) def _parse(self,ldap_url): """ parse a LDAP URL and set the class attributes urlscheme,host,dn,attrs,scope,filterstr,extensions """ if not isLDAPUrl(ldap_url): raise ValueError('Value %s for ldap_url does not seem to be a LDAP URL.' % (repr(ldap_url))) scheme,rest = ldap_url.split('://',1) self.urlscheme = scheme.strip() if not self.urlscheme in ['ldap','ldaps','ldapi']: raise ValueError('LDAP URL contains unsupported URL scheme %s.' % (self.urlscheme)) slash_pos = rest.find('/') qemark_pos = rest.find('?') if (slash_pos==-1) and (qemark_pos==-1): # No / and ? found at all self.hostport = unquote(rest) self.dn = '' return else: if slash_pos!=-1 and (qemark_pos==-1 or (slash_posqemark_pos)): # Question mark separates hostport from rest, DN is assumed to be empty self.hostport = unquote(rest[:qemark_pos]) # Do not eat question mark rest = rest[qemark_pos:] else: raise ValueError('Something completely weird happened!') paramlist=rest.split('?',4) paramlist_len = len(paramlist) if paramlist_len>=1: self.dn = unquote(paramlist[0]).strip() if (paramlist_len>=2) and (paramlist[1]): self.attrs = unquote(paramlist[1].strip()).split(',') if paramlist_len>=3: scope = paramlist[2].strip() try: self.scope = SEARCH_SCOPE[scope] except KeyError: raise ValueError('Invalid search scope %s' % (repr(scope))) if paramlist_len>=4: filterstr = paramlist[3].strip() if not filterstr: self.filterstr = None else: self.filterstr = unquote(filterstr) if paramlist_len>=5: if paramlist[4]: self.extensions = LDAPUrlExtensions() self.extensions.parse(paramlist[4]) else: self.extensions = None return def applyDefaults(self,defaults): """ Apply defaults to all class attributes which are None. defaults Dictionary containing a mapping from class attributes to default values """ for k, value in defaults.items(): if getattr(self,k) is None: setattr(self, k, value) def initializeUrl(self): """ Returns LDAP URL suitable to be passed to ldap.initialize() """ if self.urlscheme=='ldapi': # hostport part might contain slashes when ldapi:// is used hostport = ldapUrlEscape(self.hostport) else: hostport = self.hostport return '%s://%s' % (self.urlscheme,hostport) def unparse(self): """ Returns LDAP URL depending on class attributes set. """ if self.attrs is None: attrs_str = '' else: attrs_str = ','.join(self.attrs) scope_str = SEARCH_SCOPE_STR[self.scope] if self.filterstr is None: filterstr = '' else: filterstr = ldapUrlEscape(self.filterstr) dn = ldapUrlEscape(self.dn) if self.urlscheme=='ldapi': # hostport part might contain slashes when ldapi:// is used hostport = ldapUrlEscape(self.hostport) else: hostport = self.hostport ldap_url = '%s://%s/%s?%s?%s?%s' % ( self.urlscheme, hostport,dn,attrs_str,scope_str,filterstr ) if self.extensions: ldap_url = ldap_url+'?'+self.extensions.unparse() return ldap_url def htmlHREF(self,urlPrefix='',hrefText=None,hrefTarget=None): """ Returns a string with HTML link for this LDAP URL. urlPrefix Prefix before LDAP URL (e.g. for addressing another web-based client) hrefText link text/description hrefTarget string added as link target attribute """ assert type(urlPrefix)==StringType, "urlPrefix must be StringType" if hrefText is None: hrefText = self.unparse() assert type(hrefText)==StringType, "hrefText must be StringType" if hrefTarget is None: target = '' else: assert type(hrefTarget)==StringType, "hrefTarget must be StringType" target = ' target="%s"' % hrefTarget return '%s' % ( target,urlPrefix,self.unparse(),hrefText ) def __str__(self): return self.unparse() def __repr__(self): return '<%s.%s instance at %s: %s>' % ( self.__class__.__module__, self.__class__.__name__, hex(id(self)), self.__dict__ ) def __getattr__(self,name): if name in self.attr2extype: extype = self.attr2extype[name] if self.extensions and \ extype in self.extensions and \ not self.extensions[extype].exvalue is None: result = unquote(self.extensions[extype].exvalue) else: return None else: raise AttributeError('%s has no attribute %s' % ( self.__class__.__name__,name )) return result # __getattr__() def __setattr__(self,name,value): if name in self.attr2extype: extype = self.attr2extype[name] if value is None: # A value of None means that extension is deleted delattr(self,name) elif value!=None: # Add appropriate extension self.extensions[extype] = LDAPUrlExtension( extype=extype,exvalue=unquote(value) ) else: self.__dict__[name] = value def __delattr__(self,name): if name in self.attr2extype: extype = self.attr2extype[name] if self.extensions: try: del self.extensions[extype] except KeyError: pass else: del self.__dict__[name] python-ldap-3.2.0/Demo/0000755000175000017500000000000013441750214016556 5ustar pviktoripviktorin00000000000000python-ldap-3.2.0/Demo/passwd_ext_op.py0000644000175000017500000000146513441744767022035 0ustar pviktoripviktorin00000000000000""" Example showing the use of the password extended operation. """ from __future__ import print_function import sys,ldap,ldapurl,getpass # Set debugging level ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) ldapmodule_trace_level = 2 ldapmodule_trace_file = sys.stderr lu = ldapurl.LDAPUrl(sys.argv[1]) print('Old password') oldpw = getpass.getpass() print('New password') newpw = getpass.getpass() # Set path name of file containing all CA certificates # needed to validate server certificates ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,'/etc/httpd/ssl.crt/myCA-cacerts.pem') # Create LDAPObject instance l = ldap.initialize(lu.initializeUrl(),trace_level=ldapmodule_trace_level,trace_file=ldapmodule_trace_file) l.protocol_version=ldap.VERSION3 l.simple_bind_s(lu.dn,oldpw) l.passwd(lu.dn,oldpw,newpw) l.unbind_s() python-ldap-3.2.0/Demo/simple.py0000644000175000017500000000455413441744767020451 0ustar pviktoripviktorin00000000000000from __future__ import print_function import sys,getpass import ldap #l = ldap.open("localhost", 31001) l = ldap.open("marta.it.uq.edu.au") login_dn = "cn=root,ou=CSEE,o=UQ,c=AU" login_pw = getpass.getpass("Password for %s: " % login_dn) l.simple_bind_s(login_dn, login_pw) # # create a new sub organisation # try: dn = "ou=CSEE,o=UQ,c=AU" print("Adding", repr(dn)) l.add_s(dn, [ ("objectclass",["organizationalUnit"]), ("ou", ["CSEE"]), ("description", [ "Department of Computer Science and Electrical Engineering"]), ] ) except _ldap.LDAPError: pass # # create an entry for me # dn = "cn=David Leonard,ou=CSEE,o=UQ,c=AU" print("Updating", repr(dn)) try: l.delete_s(dn) except: pass l.add_s(dn, [ ("objectclass", ["organizationalPerson"]), ("sn", ["Leonard"]), ("cn", ["David Leonard"]), ("description", ["Ph.D. student"]), ("display-name", ["David Leonard"]), #("commonname", ["David Leonard"]), ("mail", ["david.leonard@csee.uq.edu.au"]), ("othermailbox", ["d@openbsd.org"]), ("givenname", ["David"]), ("surname", ["Leonard"]), ("seeAlso", ["http://www.csee.uq.edu.au/~leonard/"]), ("url", ["http://www.csee.uq.edu.au/~leonard/"]), #("homephone", []), #("fax", []), #("otherfacsimiletelephonenumber",[]), #("officefax", []), #("mobile", []), #("otherpager", []), #("officepager", []), #("pager", []), ("info", ["info"]), ("title", ["Mr"]), #("telephonenumber", []), ("l", ["Brisbane"]), ("st", ["Queensland"]), ("c", ["AU"]), ("co", ["co"]), ("o", ["UQ"]), ("ou", ["CSEE"]), #("homepostaladdress", []), #("postaladdress", []), #("streetaddress", []), #("street", []), ("department", ["CSEE"]), ("comment", ["comment"]), #("postalcode", []), ("physicaldeliveryofficename", ["Bldg 78, UQ, St Lucia"]), ("preferredDeliveryMethod", ["email"]), ("initials", ["DRL"]), ("conferenceinformation", ["MS-conferenceinformation"]), #("usercertificate", []), ("labeleduri", ["labeleduri"]), ("manager", ["cn=Jaga Indulska"]), ("reports", ["reports"]), ("jpegPhoto", [open("/www/leonard/leonard.jpg","r").read()]), ("uid", ["leonard"]), ("userPassword", [""]) ]) # # search beneath the CSEE/UQ/AU tree # res = l.search_s( "ou=CSEE, o=UQ, c=AU", _ldap.SCOPE_SUBTREE, "objectclass=*", ) print(res) l.unbind() python-ldap-3.2.0/Demo/sasl_bind.py0000644000175000017500000000371213441744767021111 0ustar pviktoripviktorin00000000000000# For documentation, see comments in Module/LDAPObject.c and the # ldap.sasl module documentation. from __future__ import print_function import ldap,ldap.sasl ldap.sasl._trace_level=0 ldap.set_option(ldap.OPT_DEBUG_LEVEL,0) for ldap_uri,sasl_mech,sasl_cb_value_dict in [ ( "ldap://nb2.stroeder.local:1390/", 'CRAM-MD5', { ldap.sasl.CB_AUTHNAME :'fred', ldap.sasl.CB_PASS :'secret', } ), ( "ldap://nb2.stroeder.local:1390/", 'PLAIN', { ldap.sasl.CB_AUTHNAME :'fred', ldap.sasl.CB_PASS :'secret', } ), ( "ldap://nb2.stroeder.local:1390/", 'LOGIN', { ldap.sasl.CB_AUTHNAME :'fred', ldap.sasl.CB_PASS :'secret', } ), ( "ldapi://%2Ftmp%2Fopenldap-socket/", 'EXTERNAL', { } ), ( "ldap://nb2.stroeder.local:1390/", 'GSSAPI', { } ), ( "ldap://nb2.stroeder.local:1390/", 'NTLM', { ldap.sasl.CB_AUTHNAME :'fred', ldap.sasl.CB_PASS :'secret', } ), ( "ldap://nb2.stroeder.local:1390/", 'DIGEST-MD5', { ldap.sasl.CB_AUTHNAME :'fred', ldap.sasl.CB_PASS :'secret', } ), ]: sasl_auth = ldap.sasl.sasl(sasl_cb_value_dict,sasl_mech) print(20*'*',sasl_auth.mech,20*'*') # Open the LDAP connection l = ldap.initialize(ldap_uri,trace_level=0) # Set protocol version to LDAPv3 to enable SASL bind! l.protocol_version = 3 try: l.sasl_interactive_bind_s("", sasl_auth) except ldap.LDAPError as e: print('Error using SASL mechanism',sasl_auth.mech,str(e)) else: print('Sucessfully bound using SASL mechanism:',sasl_auth.mech) try: print('Result of Who Am I? ext. op:',repr(l.whoami_s())) except ldap.LDAPError as e: print('Error using SASL mechanism',sasl_auth.mech,str(e)) try: print('OPT_X_SASL_USERNAME',repr(l.get_option(ldap.OPT_X_SASL_USERNAME))) except AttributeError: pass l.unbind() del l python-ldap-3.2.0/Demo/resiter.py0000644000175000017500000000116713441744767020632 0ustar pviktoripviktorin00000000000000""" Demo for using ldap.resiter.ResultProcessor written by Michael Stroeder See https://www.python-ldap.org for details. """ from __future__ import print_function import ldap,ldap.resiter class LDAPObject(ldap.ldapobject.LDAPObject,ldap.resiter.ResultProcessor): pass l = LDAPObject('ldap://localhost:1390',trace_level=1) l.protocol_version = 3 msgid = l.search('dc=stroeder,dc=de',ldap.SCOPE_SUBTREE,'(cn=m*)') result_iter = l.allresults(msgid) for result_type,result_list,result_msgid,result_serverctrls in result_iter: print(result_type,result_list,result_msgid,result_serverctrls) l.unbind_s() python-ldap-3.2.0/Demo/Lib/0000755000175000017500000000000013441750214017264 5ustar pviktoripviktorin00000000000000python-ldap-3.2.0/Demo/Lib/ldapurl/0000755000175000017500000000000013441750214020727 5ustar pviktoripviktorin00000000000000python-ldap-3.2.0/Demo/Lib/ldapurl/urlsearch.py0000644000175000017500000000151313441744767023311 0ustar pviktoripviktorin00000000000000""" Do a search with the LDAP URL specified at command-line. No output of LDAP data is produced except trace output. """ from __future__ import print_function import sys,getpass,ldap,ldapurl try: ldapUrl = ldapurl.LDAPUrl(ldapUrl=sys.argv[1]) except IndexError: print('Usage: %s [LDAP URL]' % (sys.argv[0])) sys.exit(1) for a in [ 'urlscheme','hostport','dn','attrs','scope', 'filterstr','extensions','who','cred' ]: print(a,repr(getattr(ldapUrl,a))) l = ldap.initialize(ldapUrl.initializeUrl(),trace_level=1) if ldapUrl.who!=None: if ldapUrl.cred!=None: cred=ldapUrl.cred else: print('Enter password for simple bind with',repr(ldapUrl.who)) cred=getpass.getpass() l.simple_bind_s(ldapUrl.who,cred) res = l.search_s(ldapUrl.dn,ldapUrl.scope,ldapUrl.filterstr,ldapUrl.attrs) print(len(res),'search results') python-ldap-3.2.0/Demo/Lib/ldap/0000755000175000017500000000000013441750214020204 5ustar pviktoripviktorin00000000000000python-ldap-3.2.0/Demo/Lib/ldap/async/0000755000175000017500000000000013441750214021321 5ustar pviktoripviktorin00000000000000python-ldap-3.2.0/Demo/Lib/ldap/async/sizelimit.py0000644000175000017500000000162713441744767023732 0ustar pviktoripviktorin00000000000000""" ldifwriter - using ldap.async module for retrieving partial results in a list even though the exception ldap.SIZELIMIT_EXCEEDED was raised.output of LDIF stream Written by Michael Stroeder This example translates the naming context of data read from input, sanitizes some attributes, maps/removes object classes, maps/removes attributes., etc. It's far from being complete though. """ import sys,ldap,ldap.async s = ldap.async.List( ldap.initialize('ldap://localhost:1390'), ) s.startSearch( 'dc=stroeder,dc=de', ldap.SCOPE_SUBTREE, '(objectClass=*)', ) try: partial = s.processResults() except ldap.SIZELIMIT_EXCEEDED: sys.stderr.write('Warning: Server-side size limit exceeded.\n') else: if partial: sys.stderr.write('Warning: Only partial results received.\n') sys.stderr.write( '%d results received.\n' % ( len(s.allResults) ) ) python-ldap-3.2.0/Demo/Lib/ldap/async/ldifwriter.py0000644000175000017500000000154713441744767024075 0ustar pviktoripviktorin00000000000000""" ldifwriter - using ldap.async module for output of LDIF stream of LDAP search results Written by Michael Stroeder This example translates the naming context of data read from input, sanitizes some attributes, maps/removes object classes, maps/removes attributes., etc. It's far from being complete though. """ import sys,ldap,ldap.async s = ldap.async.LDIFWriter( ldap.initialize('ldap://localhost:1390'), sys.stdout ) s.startSearch( 'dc=stroeder,dc=de', ldap.SCOPE_SUBTREE, '(objectClass=*)', ) try: partial = s.processResults() except ldap.SIZELIMIT_EXCEEDED: sys.stderr.write('Warning: Server-side size limit exceeded.\n') else: if partial: sys.stderr.write('Warning: Only partial results received.\n') sys.stderr.write( '%d results received.\n' % ( s.endResultBreak-s.beginResultsDropped ) ) python-ldap-3.2.0/Demo/Lib/ldap/async/deltree.py0000644000175000017500000000515413441744767023344 0ustar pviktoripviktorin00000000000000from __future__ import print_function import ldap,ldap.async class DeleteLeafs(ldap.async.AsyncSearchHandler): """ Class for deleting entries which are results of a search. DNs of Non-leaf entries are collected in DeleteLeafs.nonLeafEntries. """ _entryResultTypes = ldap.async._entryResultTypes def __init__(self,l): ldap.async.AsyncSearchHandler.__init__(self,l) self.nonLeafEntries = [] self.deletedEntries = 0 def startSearch(self,searchRoot,searchScope): if not searchScope in [ldap.SCOPE_ONELEVEL,ldap.SCOPE_SUBTREE]: raise ValueError("Parameter searchScope must be either ldap.SCOPE_ONELEVEL or ldap.SCOPE_SUBTREE.") self.nonLeafEntries = [] self.deletedEntries = 0 ldap.async.AsyncSearchHandler.startSearch( self, searchRoot, searchScope, filterStr='(objectClass=*)', attrList=['hasSubordinates','numSubordinates'], attrsOnly=0, ) def _processSingleResult(self,resultType,resultItem): if resultType in self._entryResultTypes: # Don't process search references dn,entry = resultItem hasSubordinates = entry.get( 'hasSubordinates', entry.get('hassubordinates',['FALSE'] ) )[0] numSubordinates = entry.get( 'numSubordinates', entry.get('numsubordinates',['0']) )[0] if hasSubordinates=='TRUE' or int(numSubordinates): self.nonLeafEntries.append(dn) else: try: self._l.delete_s(dn) except ldap.NOT_ALLOWED_ON_NONLEAF as e: self.nonLeafEntries.append(dn) else: self.deletedEntries = self.deletedEntries+1 def DelTree(l,dn,scope=ldap.SCOPE_ONELEVEL): """ Recursively delete entries below or including entry with name dn. """ leafs_deleter = DeleteLeafs(l) leafs_deleter.startSearch(dn,scope) leafs_deleter.processResults() deleted_entries = leafs_deleter.deletedEntries non_leaf_entries = leafs_deleter.nonLeafEntries[:] while non_leaf_entries: dn = non_leaf_entries.pop() print(deleted_entries,len(non_leaf_entries),dn) leafs_deleter.startSearch(dn,ldap.SCOPE_SUBTREE) leafs_deleter.processResults() deleted_entries = deleted_entries+leafs_deleter.deletedEntries non_leaf_entries.extend(leafs_deleter.nonLeafEntries) return # DelTree() # Create LDAPObject instance l = ldap.initialize('ldap://localhost:1390') # Try a bind to provoke failure if protocol version is not supported l.simple_bind_s('cn=Directory Manager,dc=IMC,dc=org','controller') # Delete all entries *below* the entry dc=Delete,dc=IMC,dc=org DelTree(l,'dc=Delete,dc=IMC,dc=org',ldap.SCOPE_ONELEVEL) python-ldap-3.2.0/Demo/Lib/ldif/0000755000175000017500000000000013441750214020202 5ustar pviktoripviktorin00000000000000python-ldap-3.2.0/Demo/Lib/ldif/ldifcopy.py0000644000175000017500000000103113441744767022400 0ustar pviktoripviktorin00000000000000""" ldifcopy - reads LDIF from stdin, retrieve values by URL and write resulting LDIF to stdout Written by Michael Stroeder This example translates the naming context of data read from input, sanitizes some attributes, maps/removes object classes, maps/removes attributes., etc. It's far from being complete though. """ import sys,ldif infile = sys.stdin outfile = sys.stdout ldif_collector = ldif.LDIFCopy( infile, outfile, process_url_schemes=['file','ftp','http'] ) ldif_collector.parse() python-ldap-3.2.0/Demo/simplebrowse.py0000644000175000017500000000621713441744767021671 0ustar pviktoripviktorin00000000000000#!/usr/bin/env python # # simple LDAP server browsing example # from __future__ import print_function import ldap from traceback import print_exc url = "ldap://ldap.openldap.org/" dn = "dc=openldap,dc=org" print("Connecting to", url) l = ldap.initialize(url) l.bind_s("", "", ldap.AUTH_SIMPLE); lastdn = dn dnlist = None while 1: #-- read a command try: cmd = raw_input(dn + "> ") except EOFError: print break try: if cmd == "?": print( "cd - change DN to ") print( "cd - change DN to number of last 'ls'") print( "cd - - change to previous DN") print( "cd .. - change to one-level higher DN") print( "cd - change to root DN") print( "ls - list children of crrent DN") print( ". - show attributes of current DN") print( "/ - list descendents matching filter ") print( "? - show this help") elif cmd == "ls": print("Children of", `dn`, ":") dnlist = [] # # List the children at one level down from the current dn # We use the filter 'objectclass=*' to match everything. # We're not interested in attributes at this stage, so # we specify [] as the list of attribute names to retreive. # for name,attrs in l.search_s(dn, ldap.SCOPE_ONELEVEL, "objectclass=*", []): #-- shorten resulting dns for output brevity if name.startswith(dn+", "): shortname = "+ "+name[len(dn)+2:] elif name.endswith(", "+dn): shortname = name[:-len(dn)-2]+" +" else: shortname = name print(" %3d. %s" % (len(dnlist), shortname)) dnlist.append(name) elif cmd == "cd": dn = "" dnlist = None elif cmd.startswith("cd "): arg = cmd[3:] if arg == '-': lastdn,dn = dn,lastdn elif arg == '..': dn = ldap.explode_dn(dn)[1:].join(",") dn = dn.strip() else: try: i = int(arg) except: godn = arg else: if dnlist is None: print("do an ls first") else: godn = dnlist[i] lastdn = dn dn = godn elif cmd == ".": # # Retrieve all the attributes for the current dn. # We construct a search using SCOPE_BASE (ie just the # given DN) and again filter with "objectclass=*". # No attributes are listed, so the default is for # the client to receive all attributes on the DN. # print("Attributes of", `dn`, ":") for name,attrs in l.search_s(dn, ldap.SCOPE_BASE, "objectclass=*"): print(" %-24s" % name) for k,vals in attrs.items(): for v in vals: if len(v) > 200: v = `v[:200]` + \ ("... (%d bytes)" % len(v)) else: v = `v` print(" %-12s: %s" % (k, v)) elif cmd.startswith("/"): # # Search descendent objects to match a given filter. # We use SCOPE_SUBTREE to indicate descendents, and # again specify an empty attribute list to indicate # that we're not interested in them. # expr = cmd[1:] print("Descendents matching filter", `expr`, ":") for name,attrs in l.search_s(dn, ldap.SCOPE_SUBTREE, expr, []): print(" %24s", name) else: print("unknown command - try '?' for help") except: print_exc() python-ldap-3.2.0/Demo/pickle_ldapobject.py0000644000175000017500000000063113441744767022606 0ustar pviktoripviktorin00000000000000import os,ldap,pickle temp_file_name = os.path.join(os.environ.get('TMP','/tmp'),'pickle_ldap-%d' % (os.getpid())) l1 = ldap.ldapobject.ReconnectLDAPObject('ldap://localhost:1390',trace_level=1) l1.protocol_version = 3 l1.search_s('',ldap.SCOPE_BASE,'(objectClass=*)') pickle.dump(l1,open(temp_file_name,'wb')) l2 = pickle.load(open(temp_file_name,'rb')) l2.search_s('',ldap.SCOPE_BASE,'(objectClass=*)') python-ldap-3.2.0/Demo/matchedvalues.py0000644000175000017500000000362713441744767022005 0ustar pviktoripviktorin00000000000000#!/usr/bin/env python # # demo for matched values control (RFC 3876) # # suppose the uid=jsmith LDAP entry has two mail attributes: # # dn: uid=jsmith,ou=People,dc=example,dc=com # (...) # mail: jsmith@example.com # mail: jsmith@example.org # # Let's say you want to fetch only the example.org email. Without MV, # you would first fetch all mail attributes and then filter them further # on the client. With the MV control, the result can be given to the # client already filtered. # # Sample output: # $ ./matchedvalues.py # LDAP filter used: (&(objectClass=inetOrgPerson)(mail=*@example.org)) # Requesting 'mail' attribute back # # No matched values control: # dn: uid=jsmith,ou=People,dc=example,dc=com # mail: jsmith@example.org # mail: john@example.com # # Matched values control: (mail=*@example.org) # dn: uid=jsmith,ou=People,dc=example,dc=com # mail: jsmith@example.org from __future__ import print_function import ldap from ldap.controls import MatchedValuesControl def print_result(search_result): for n in range(len(search_result)): print("dn: %s" % search_result[n][0]) for attr in search_result[n][1].keys(): for i in range(len(search_result[n][1][attr])): print("%s: %s" % (attr, search_result[n][1][attr][i])) print uri = "ldap://ldap.example.com" base = "dc=example,dc=com" scope = ldap.SCOPE_SUBTREE filter = "(&(objectClass=inetOrgPerson)(mail=*@example.org))" control_filter = "(mail=*@example.org)" ld = ldap.initialize(uri) mv = MatchedValuesControl(criticality=True, controlValue=control_filter) res = ld.search_ext_s(base, scope, filter, attrlist = ['mail']) print("LDAP filter used: %s" % filter) print("Requesting 'mail' attribute back") print print("No matched values control:") print_result(res) res = ld.search_ext_s(base, scope, filter, attrlist = ['mail'], serverctrls = [mv]) print("Matched values control: %s" % control_filter) print_result(res) python-ldap-3.2.0/Demo/pyasn1/0000755000175000017500000000000013441750214017771 5ustar pviktoripviktorin00000000000000python-ldap-3.2.0/Demo/pyasn1/syncrepl.py0000644000175000017500000001500313441744767022221 0ustar pviktoripviktorin00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- """ This script implements a syncrepl consumer which syncs data from an OpenLDAP server to a local (shelve) database. Notes: The bound user needs read access to the attributes entryDN and entryCSN. """ from __future__ import print_function # Import modules from Python standard lib import logging import shelve import signal import sys import time # Import the python-ldap modules import ldap import ldapurl # Import specific classes from python-ldap from ldap.ldapobject import ReconnectLDAPObject from ldap.syncrepl import SyncreplConsumer logger = logging.getLogger('syncrepl') logger.setLevel(logging.DEBUG) logger.addHandler(logging.StreamHandler()) # Global state watcher_running = True ldap_connection = False class SyncReplClient(ReconnectLDAPObject, SyncreplConsumer): """ Syncrepl Consumer Client """ def __init__(self, db_path, *args, **kwargs): # Initialise the LDAP Connection first ldap.ldapobject.ReconnectLDAPObject.__init__(self, *args, **kwargs) # Now prepare the data store if db_path: self.__data = shelve.open(db_path, 'c') else: self.__data = {} # We need this for later internal use self.__presentUUIDs = {} def close_db(self): # Close the data store properly to avoid corruption self.__data.close() def syncrepl_get_cookie(self): if 'cookie' in self.__data: return self.__data['cookie'] def syncrepl_set_cookie(self,cookie): self.__data['cookie'] = cookie def syncrepl_entry(self, dn, attributes, uuid): logger.debug('dn=%r attributes=%r uuid=%r', dn, attributes, uuid) # First we determine the type of change we have here # (and store away the previous data for later if needed) previous_attributes = {} if uuid in self.__data: change_type = 'modify' previous_attributes = self.__data[uuid] else: change_type = 'add' # Now we store our knowledge of the existence of this entry # (including the DN as an attribute for convenience) attributes['dn'] = dn self.__data[uuid] = attributes # Debugging logger.debug('Detected %s of entry %r', change_type, dn) # If we have a cookie then this is not our first time being run, # so it must be a change if 'ldap_cookie' in self.__data: self.perform_application_sync(dn, attributes, previous_attributes) def syncrepl_delete(self,uuids): # Make sure we know about the UUID being deleted, just in case... uuids = [uuid for uuid in uuids if uuid in self.__data] # Delete all the UUID values we know of for uuid in uuids: logger.debug('Detected deletion of entry %r', self.__data[uuid]['dn']) del self.__data[uuid] def syncrepl_present(self,uuids,refreshDeletes=False): # If we have not been given any UUID values, # then we have recieved all the present controls... if uuids is None: # We only do things if refreshDeletes is false as the syncrepl # extension will call syncrepl_delete instead when it detects a # delete notice if refreshDeletes is False: deletedEntries = [ uuid for uuid in self.__data.keys() if uuid not in self.__presentUUIDs and uuid != 'ldap_cookie' ] self.syncrepl_delete( deletedEntries ) # Phase is now completed, reset the list self.__presentUUIDs = {} else: # Note down all the UUIDs we have been sent for uuid in uuids: self.__presentUUIDs[uuid] = True def syncrepl_refreshdone(self): logger.info('Initial synchronization is now done, persist phase begins') def perform_application_sync(self,dn,attributes,previous_attributes): logger.info('Performing application sync for %r', dn) return True # Shutdown handler def commenceShutdown(signum, stack): # Declare the needed global variables global watcher_running, ldap_connection logger.warn('Shutting down!') # We are no longer running watcher_running = False # Tear down the server connection if ldap_connection: ldap_connection.close_db() ldap_connection.unbind_s() del ldap_connection # Shutdown sys.exit(0) # Time to actually begin execution # Install our signal handlers signal.signal(signal.SIGTERM, commenceShutdown) signal.signal(signal.SIGINT, commenceShutdown) try: ldap_url = ldapurl.LDAPUrl(sys.argv[1]) database_path = sys.argv[2] except IndexError,e: print ( 'Usage:\n' '{script_name} \n' '{script_name} "ldap://127.0.0.1/cn=users,dc=test' '?*' '?sub' '?(objectClass=*)' '?bindname=uid=admin%2ccn=users%2cdc=test,' 'X-BINDPW=password" db.shelve' ).format(script_name=sys.argv[0]) sys.exit(1) except ValueError as e: print('Error parsing command-line arguments:',str(e)) sys.exit(1) while watcher_running: logger.info('Connecting to %s now...', ldap_url.initializeUrl()) # Prepare the LDAP server connection (triggers the connection as well) ldap_connection = SyncReplClient(database_path, ldap_url.initializeUrl()) # Now we login to the LDAP server try: ldap_connection.simple_bind_s(ldap_url.who, ldap_url.cred) except ldap.INVALID_CREDENTIALS as err: logger.error('Login to LDAP server failed: %s', err) sys.exit(1) except ldap.SERVER_DOWN: logger.warn('LDAP server is down, going to retry.') time.sleep(5) continue # Commence the syncing logger.debug('Commencing sync process') ldap_search = ldap_connection.syncrepl_search( ldap_url.dn or '', ldap_url.scope or ldap.SCOPE_SUBTREE, mode = 'refreshAndPersist', attrlist=ldap_url.attrs, filterstr = ldap_url.filterstr or '(objectClass=*)' ) try: while ldap_connection.syncrepl_poll( all = 1, msgid = ldap_search): pass except KeyboardInterrupt: # User asked to exit commenceShutdown(None, None) except Exception as err: # Handle any exception if watcher_running: logger.exception('Unhandled exception, going to retry: %s', err) logger.info('Going to retry after 5 secs') time.sleep(5) python-ldap-3.2.0/Demo/pyasn1/dds.py0000644000175000017500000000260413441744767021137 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ Demo script for Dynamic Entries (see RFC 2589) This needs the following software: Python pyasn1 pyasn1-modules python-ldap 2.4+ """ from __future__ import print_function from ldap.extop.dds import RefreshRequest,RefreshResponse import sys,ldap,ldapurl,getpass try: ldap_url = ldapurl.LDAPUrl(sys.argv[1]) request_ttl = int(sys.argv[2]) except (IndexError, ValueError): print('Usage: dds.py ') sys.exit(1) # Set debugging level #ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) ldapmodule_trace_level = 2 ldapmodule_trace_file = sys.stderr ldap_conn = ldap.ldapobject.LDAPObject( ldap_url.initializeUrl(), trace_level=ldapmodule_trace_level, trace_file=ldapmodule_trace_file ) if ldap_url.cred is None: print('Password for %s:' % (repr(ldap_url.who))) ldap_url.cred = getpass.getpass() try: ldap_conn.simple_bind_s(ldap_url.who or '',ldap_url.cred or '') except ldap.INVALID_CREDENTIALS as e: print('Simple bind failed:',str(e)) sys.exit(1) else: extreq = RefreshRequest(entryName=ldap_url.dn,requestTtl=request_ttl) try: extop_resp_obj = ldap_conn.extop_s(extreq,extop_resp_class=RefreshResponse) except ldap.LDAPError as e: print(str(e)) else: if extop_resp_obj.responseTtl!=request_ttl: print('Different response TTL:',extop_resp_obj.responseTtl) else: print('Response TTL:',extop_resp_obj.responseTtl) python-ldap-3.2.0/Demo/pyasn1/sss_highest_number.py0000644000175000017500000000231113441744767024253 0ustar pviktoripviktorin00000000000000#!/usr/bin/env python """ This sample script demonstrates the use of the server-side-sorting control (see RFC 2891) """ import pprint,ldap from ldap.ldapobject import LDAPObject from ldap.controls.sss import SSSRequestControl from ldap.resiter import ResultProcessor class MyLDAPObject(LDAPObject,ResultProcessor): pass uri = "ldap://ipa.demo1.freeipa.org" l = MyLDAPObject(uri,trace_level=0) l.simple_bind_s('uid=admin,cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org','Secret123') for id_attr in ('uidNumber','gidNumber'): # reverse sorting request control sss_control = SSSRequestControl(ordering_rules=['-%s' % (id_attr)]) # send search request msg_id = l.search_ext( 'dc=demo1,dc=freeipa,dc=org', ldap.SCOPE_SUBTREE, '(%s=*)' % (id_attr), attrlist=[id_attr], sizelimit=1, serverctrls = [sss_control], ) # collect result ldap_result = [] try: for res_type,res_data,res_msgid,res_controls in l.allresults(msg_id,add_ctrls=0): ldap_result.extend(res_data) except ldap.SIZELIMIT_EXCEEDED: pass # print result print 'Highest value of %s' % (id_attr) if ldap_result: dn,entry = ldap_result[0] print '->',entry[id_attr] else: print 'not found' python-ldap-3.2.0/Demo/pyasn1/psearch.py0000644000175000017500000000414713441744767022016 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ Demo script for Persistent Search Control (see https://tools.ietf.org/html/draft-ietf-ldapext-psearch) See https://www.python-ldap.org/ for project details. This needs the following software: Python pyasn1 pyasn1-modules python-ldap 2.4+ """ from __future__ import print_function import sys,ldap,ldapurl,getpass from ldap.controls.psearch import PersistentSearchControl,EntryChangeNotificationControl,CHANGE_TYPES_STR try: ldap_url = ldapurl.LDAPUrl(sys.argv[1]) except IndexError: print('Usage: psearch.py ') sys.exit(1) # Set debugging level #ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) ldapmodule_trace_level = 2 ldapmodule_trace_file = sys.stderr ldap_conn = ldap.ldapobject.LDAPObject( ldap_url.initializeUrl(), trace_level=ldapmodule_trace_level, trace_file=ldapmodule_trace_file ) if ldap_url.cred is None: print('Password for %s:' % (repr(ldap_url.who))) ldap_url.cred = getpass.getpass() try: ldap_conn.simple_bind_s(ldap_url.who,ldap_url.cred) except ldap.INVALID_CREDENTIALS as e: print('Simple bind failed:',str(e)) sys.exit(1) psc = PersistentSearchControl() msg_id = ldap_conn.search_ext( ldap_url.dn, ldap_url.scope, ldap_url.filterstr, attrlist = ldap_url.attrs or ['*','+'], serverctrls=[psc], ) while True: try: res_type,res_data,res_msgid,_,_,_ = ldap_conn.result4( msg_id, all=0, timeout=10.0, add_ctrls=1, add_intermediates=1, resp_ctrl_classes={EntryChangeNotificationControl.controlType:EntryChangeNotificationControl}, ) except ldap.TIMEOUT: print('Timeout waiting for results...') else: for dn,entry,srv_ctrls in res_data: ecn_ctrls = [ c for c in srv_ctrls if c.controlType == EntryChangeNotificationControl.controlType ] if ecn_ctrls: changeType,previousDN,changeNumber = ecn_ctrls[0].changeType,ecn_ctrls[0].previousDN,ecn_ctrls[0].changeNumber change_type_desc = CHANGE_TYPES_STR[changeType] print('changeType: %s (%d), changeNumber: %s, previousDN: %s' % (change_type_desc,changeType,changeNumber,repr(previousDN))) python-ldap-3.2.0/Demo/pyasn1/sessiontrack.py0000644000175000017500000000257613441744767023105 0ustar pviktoripviktorin00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- """ demo_track_ldap_session.py Client-side demo implementation of Session Tracking Control https://tools.ietf.org/html/draft-wahl-ldap-session-03 """ from __future__ import print_function __version__ = '0.1' import sys,getpass,ldap,ldapurl from ldap.controls.sessiontrack import SessionTrackingControl,SESSION_TRACKING_FORMAT_OID_USERNAME try: ldap_url = ldapurl.LDAPUrl(sys.argv[1]) except (IndexError, ValueError): print('Usage: %s ' % (sys.argv[0])) sys.exit(1) # Set debugging level #ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) ldapmodule_trace_level = 2 ldapmodule_trace_file = sys.stderr ldap_conn = ldap.ldapobject.LDAPObject( ldap_url.initializeUrl(), trace_level=ldapmodule_trace_level, trace_file=ldapmodule_trace_file ) if ldap_url.who and ldap_url.cred is None: print('Password for %s:' % (repr(ldap_url.who))) ldap_url.cred = getpass.getpass() try: ldap_conn.simple_bind_s(ldap_url.who or '',ldap_url.cred or '') except ldap.INVALID_CREDENTIALS as e: print('Simple bind failed:',str(e)) sys.exit(1) st_ctrl = SessionTrackingControl( '192.0.2.1', 'app.example.com', SESSION_TRACKING_FORMAT_OID_USERNAME, 'bloggs' ) ldap_conn.search_ext_s( ldap_url.dn or '', ldap_url.scope or ldap.SCOPE_SUBTREE, ldap_url.filterstr or '(objectClass=*)', ldap_url.attrs or ['*'], serverctrls=[st_ctrl] ) python-ldap-3.2.0/Demo/pyasn1/ppolicy.py0000644000175000017500000000302413441744767022041 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ Demo script for Password Policy Controls (see https://tools.ietf.org/html/draft-behera-ldap-password-policy) This needs the following software: Python pyasn1 pyasn1-modules python-ldap 2.4+ """ from __future__ import print_function import sys,ldap,ldapurl,getpass from ldap.controls.ppolicy import PasswordPolicyError,PasswordPolicyControl try: ldap_url = ldapurl.LDAPUrl(sys.argv[1]) except (IndexError,ValueError): print('Usage: ppolicy.py ') sys.exit(1) # Set debugging level #ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) ldapmodule_trace_level = 2 ldapmodule_trace_file = sys.stderr ldap_conn = ldap.ldapobject.LDAPObject( ldap_url.initializeUrl(), trace_level=ldapmodule_trace_level, trace_file=ldapmodule_trace_file ) if ldap_url.cred is None: print('Password for %s:' % (repr(ldap_url.who))) ldap_url.cred = getpass.getpass() try: msgid = ldap_conn.simple_bind(ldap_url.who,ldap_url.cred,serverctrls=[PasswordPolicyControl()]) res_type,res_data,res_msgid,res_ctrls = ldap_conn.result3(msgid) except ldap.INVALID_CREDENTIALS as e: print('Simple bind failed:',str(e)) sys.exit(1) else: if res_ctrls[0].controlType==PasswordPolicyControl.controlType: ppolicy_ctrl = res_ctrls[0] print('PasswordPolicyControl') print('error',repr(ppolicy_ctrl.error),(ppolicy_ctrl.error!=None)*repr(PasswordPolicyError(ppolicy_ctrl.error))) print('timeBeforeExpiration',repr(ppolicy_ctrl.timeBeforeExpiration)) print('graceAuthNsRemaining',repr(ppolicy_ctrl.graceAuthNsRemaining)) python-ldap-3.2.0/Demo/pyasn1/noopsearch.py0000644000175000017500000000343513441744767022531 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ Demo script for counting searching with OpenLDAP's no-op control See https://www.python-ldap.org/ for project details. This needs the following software: Python pyasn1 pyasn1-modules python-ldap 2.4+ """ from __future__ import print_function import sys,ldap,ldapurl,getpass from ldap.controls.openldap import SearchNoOpControl SEARCH_TIMEOUT=30.0 try: ldap_url = ldapurl.LDAPUrl(sys.argv[1]) except IndexError: print('Usage: noopsearch.py ') sys.exit(1) # Set debugging level #ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) ldapmodule_trace_level = 2 ldapmodule_trace_file = sys.stderr ldap_conn = ldap.ldapobject.LDAPObject( ldap_url.initializeUrl(), trace_level=ldapmodule_trace_level, trace_file=ldapmodule_trace_file ) if ldap_url.who and ldap_url.cred is None: print('Password for %s:' % (repr(ldap_url.who))) ldap_url.cred = getpass.getpass() try: ldap_conn.simple_bind_s(ldap_url.who or '',ldap_url.cred or '') except ldap.INVALID_CREDENTIALS as e: print('Simple bind failed:',str(e)) sys.exit(1) try: msg_id = ldap_conn.search_ext( ldap_url.dn, ldap_url.scope, filterstr=ldap_url.filterstr or '(objectClass=*)', attrlist=['1.1'], timeout=SEARCH_TIMEOUT, serverctrls=[SearchNoOpControl(criticality=True)], ) _,_,_,search_response_ctrls = ldap_conn.result3(msg_id,all=1,timeout=SEARCH_TIMEOUT) except ( ldap.TIMEOUT, ldap.TIMELIMIT_EXCEEDED, ldap.SIZELIMIT_EXCEEDED, ldap.ADMINLIMIT_EXCEEDED) as e: ldap_conn.abandon(msg_id) sys.exit(1) noop_srch_ctrl = [ c for c in search_response_ctrls if c.controlType==SearchNoOpControl.controlType ][0] print('Number of search results: %d' % noop_srch_ctrl.numSearchResults) print('Number of search continuations: %d' % noop_srch_ctrl.numSearchContinuations) python-ldap-3.2.0/Demo/pyasn1/derefcontrol.py0000644000175000017500000000225413441744767023054 0ustar pviktoripviktorin00000000000000#!/usr/bin/env python """ This sample script demonstrates the use of the dereference control (see https://tools.ietf.org/html/draft-masarati-ldap-deref) """ from __future__ import print_function import pprint,ldap,ldap.modlist,ldap.resiter from ldap.controls.deref import DereferenceControl uri = "ldap://ipa.demo1.freeipa.org" class MyLDAPObject(ldap.ldapobject.LDAPObject,ldap.resiter.ResultProcessor): pass l = MyLDAPObject(uri,trace_level=0) l.simple_bind_s('uid=admin,cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org','Secret123') dc = DereferenceControl( True, { 'member':[ 'uid', 'description', 'cn', 'mail', ], } ) print('pyasn1 output of request control:') print(dc._derefSpecs().prettyPrint()) msg_id = l.search_ext( 'dc=demo1,dc=freeipa,dc=org', ldap.SCOPE_SUBTREE, '(objectClass=groupOfNames)', attrlist=['cn','objectClass','member','description'], serverctrls = [dc] ) for res_type,res_data,res_msgid,res_controls in l.allresults(msg_id,add_ctrls=1): for dn,entry,deref_control in res_data: # process dn and entry print(dn,entry['objectClass']) if deref_control: pprint.pprint(deref_control[0].derefRes) python-ldap-3.2.0/Demo/pyasn1/readentrycontrol.py0000644000175000017500000000657713441744767024000 0ustar pviktoripviktorin00000000000000#!/usr/bin/env python """ This sample script demonstrates the use of the pre-read control (see RFC 4527). Originally contributed by Andreas Hasenack """ from __future__ import print_function import pprint,ldap,ldap.modlist from ldap.controls.readentry import PreReadControl,PostReadControl uri = "ldap://localhost:2071/" l = ldap.initialize(uri,trace_level=2) l.simple_bind_s('uid=diradm,ou=schulung,dc=stroeder,dc=local','testsecret') print("""#--------------------------------------------------------------------------- # Add new entry #--------------------------------------------------------------------------- """) new_test_dn = "uid=ablume,ou=Users,ou=schulung,dc=stroeder,dc=local" new_test_dn2 = "uid=ablume2,ou=Users,ou=schulung,dc=stroeder,dc=local" new_test_entry = { 'objectClass':['account','posixAccount'], 'uid':['ablume'], 'cn':['Anna Blume'], 'uidNumber':['10000'], 'gidNumber':['10000'], 'homeDirectory':['/home/ablume'], } pr = PostReadControl(criticality=True,attrList=['entryUUID','entryCSN']) msg_id = l.add_ext( new_test_dn, ldap.modlist.addModlist(new_test_entry), serverctrls = [pr] ) _,_,_,resp_ctrls = l.result3(msg_id) print("resp_ctrls[0].dn:",resp_ctrls[0].dn) print("resp_ctrls[0].entry:";pprint.pprint(resp_ctrls[0].entry)) print("""#--------------------------------------------------------------------------- # Modify entry #--------------------------------------------------------------------------- """) pr = PreReadControl(criticality=True,attrList=['uidNumber','gidNumber','entryCSN']) msg_id = l.modify_ext( new_test_dn, [(ldap.MOD_INCREMENT, "uidNumber", "1"),(ldap.MOD_INCREMENT, "gidNumber", "1")], serverctrls = [pr] ) _,_,_,resp_ctrls = l.result3(msg_id) print("resp_ctrls[0].dn:",resp_ctrls[0].dn) print("resp_ctrls[0].entry:";pprint.pprint(resp_ctrls[0].entry)) pr = PostReadControl(criticality=True,attrList=['uidNumber','gidNumber','entryCSN']) msg_id = l.modify_ext( new_test_dn, [(ldap.MOD_INCREMENT, "uidNumber", "1"),(ldap.MOD_INCREMENT, "gidNumber", "1")], serverctrls = [pr] ) _,_,_,resp_ctrls = l.result3(msg_id) print("resp_ctrls[0].dn:",resp_ctrls[0].dn) print("resp_ctrls[0].entry:";pprint.pprint(resp_ctrls[0].entry)) print("""#--------------------------------------------------------------------------- # Rename entry #--------------------------------------------------------------------------- """) pr = PostReadControl(criticality=True,attrList=['uid']) msg_id = l.rename( new_test_dn, "uid=ablume2", delold=1, serverctrls = [pr] ) _,_,_,resp_ctrls = l.result3(msg_id) print("resp_ctrls[0].dn:",resp_ctrls[0].dn) print("resp_ctrls[0].entry:";pprint.pprint(resp_ctrls[0].entry)) pr = PreReadControl(criticality=True,attrList=['uid']) msg_id = l.rename( new_test_dn2, "uid=ablume", delold=1, serverctrls = [pr] ) _,_,_,resp_ctrls = l.result3(msg_id) print("resp_ctrls[0].dn:",resp_ctrls[0].dn) print("resp_ctrls[0].entry:";pprint.pprint(resp_ctrls[0].entry)) print("""#--------------------------------------------------------------------------- # Delete entry #--------------------------------------------------------------------------- """) pr = PreReadControl(criticality=True,attrList=['*','+']) msg_id = l.delete_ext( new_test_dn, serverctrls = [pr] ) _,_,_,resp_ctrls = l.result3(msg_id) print("resp_ctrls[0].dn:",resp_ctrls[0].dn) print("resp_ctrls[0].entry:";pprint.pprint(resp_ctrls[0].entry)) python-ldap-3.2.0/Demo/initialize.py0000644000175000017500000000620213441744767021311 0ustar pviktoripviktorin00000000000000""" Various examples how to connect to a LDAP host with the new factory function ldap.initialize() introduced in OpenLDAP 2 API. Assuming you have LDAP servers running on ldap://localhost:1390 (LDAP with StartTLS) ldaps://localhost:1391 (LDAP over SSL) ldapi://%2ftmp%2fopenldap2 (domain socket /tmp/openldap2) """ from __future__ import print_function import sys,os,ldap # Switch off processing .ldaprc or ldap.conf os.environ['LDAPNOINIT']='1' # Set debugging level #ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) ldapmodule_trace_level = 1 ldapmodule_trace_file = sys.stderr ldap._trace_level = ldapmodule_trace_level # Complete path name of the file containing all trusted CA certs CACERTFILE='/etc/ssl/ca-bundle.pem' print("""################################################################## # LDAPv3 connection with StartTLS ext. op. ################################################################## """) # Create LDAPObject instance l = ldap.initialize('ldap://localhost:1390',trace_level=ldapmodule_trace_level,trace_file=ldapmodule_trace_file) # Set LDAP protocol version used l.protocol_version=ldap.VERSION3 # Force cert validation l.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,ldap.OPT_X_TLS_DEMAND) # Set path name of file containing all trusted CA certificates l.set_option(ldap.OPT_X_TLS_CACERTFILE,CACERTFILE) # Force libldap to create a new SSL context (must be last TLS option!) l.set_option(ldap.OPT_X_TLS_NEWCTX,0) # Now try StartTLS extended operation l.start_tls_s() print('***ldap.OPT_X_TLS_VERSION',l.get_option(ldap.OPT_X_TLS_VERSION)) print('***ldap.OPT_X_TLS_CIPHER',l.get_option(ldap.OPT_X_TLS_CIPHER)) # Try an explicit anon bind to provoke failure l.simple_bind_s('','') # Close connection l.unbind_s() print("""################################################################## # LDAPv3 connection over SSL ################################################################## """) # Create LDAPObject instance l = ldap.initialize('ldaps://localhost:1391',trace_level=ldapmodule_trace_level,trace_file=ldapmodule_trace_file) # Set LDAP protocol version used l.protocol_version=ldap.VERSION3 # Force cert validation l.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,ldap.OPT_X_TLS_DEMAND) # Set path name of file containing all trusted CA certificates l.set_option(ldap.OPT_X_TLS_CACERTFILE,CACERTFILE) # Force libldap to create a new SSL context (must be last TLS option!) l.set_option(ldap.OPT_X_TLS_NEWCTX,0) # Try an explicit anon bind to provoke failure l.simple_bind_s('','') print('***ldap.OPT_X_TLS_VERSION',l.get_option(ldap.OPT_X_TLS_VERSION)) print('***ldap.OPT_X_TLS_CIPHER',l.get_option(ldap.OPT_X_TLS_CIPHER)) # Close connection l.unbind_s() print("""################################################################## # LDAPv3 connection over Unix domain socket ################################################################## """) # Create LDAPObject instance l = ldap.initialize('ldapi://%2ftmp%2fopenldap-socket',trace_level=ldapmodule_trace_level,trace_file=ldapmodule_trace_file) # Set LDAP protocol version used l.protocol_version=ldap.VERSION3 # Try an explicit anon bind to provoke failure l.simple_bind_s('','') # Close connection l.unbind_s() python-ldap-3.2.0/Demo/ldapurl_search.py0000644000175000017500000000157113441744767022144 0ustar pviktoripviktorin00000000000000from __future__ import print_function import sys,pprint,ldap from ldap.ldapobject import LDAPObject from ldapurl import LDAPUrl class MyLDAPUrl(LDAPUrl): attr2extype = { 'who':'bindname', 'cred':'X-BINDPW', 'start_tls':'startTLS', 'trace_level':'trace', } ldap_url = MyLDAPUrl(sys.argv[1]) trace_level = int(ldap_url.trace_level or '0') print('***trace_level',trace_level) ldap.trace_level = trace_level l = LDAPObject( ldap_url.initializeUrl(), trace_level=trace_level, ) l.protocol_version = 3 l.set_option(ldap.OPT_REFERRALS,0) l.simple_bind_s((ldap_url.who or ''),(ldap_url.cred or '')) result = l.search_s( ldap_url.dn, ldap_url.scope or ldap.SCOPE_SUBTREE, ldap_url.filterstr or '(objectClass=*)', ldap_url.attrs or ['*'] ) pprint.pprint(result) print('***DIAGNOSTIC_MESSAGE',repr(l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE))) l.unbind_s() python-ldap-3.2.0/Demo/ms_ad_bind.py0000644000175000017500000000204313441744767021226 0ustar pviktoripviktorin00000000000000# How to bind to MS AD with python-ldap and various methods import ldap,ldap.sasl ldap_uri = "ldap://dc1.example.com" dn = "CN=Anna Blume,CN=Users,DC=addomain,DC=example,DC=com" sAMAccountName = "ABlume" userPrincipalName = "ablume@addomain.example.com" password = 'testsecret' trace_level = 2 l = ldap.initialize(ldap_uri,trace_level=trace_level) # Normal LDAPv3 compliant simple bind l.simple_bind_s(dn,password) # This is AD-specific and not LDAPv3 compliant l.simple_bind_s(userPrincipalName,password) # This is AD-specific and not LDAPv3 compliant l.simple_bind_s(userPrincipalName,password) # SASL bind with mech DIGEST-MD5 with sAMAccountName as SASL user name sasl_auth = ldap.sasl.sasl( { ldap.sasl.CB_AUTHNAME:sAMAccountName, ldap.sasl.CB_PASS :password, }, 'DIGEST-MD5' ) l.sasl_interactive_bind_s("", sasl_auth) # SASL bind with mech GSSAPI # with the help of Kerberos V TGT obtained before with command # kinit ablume@ADDOMAIN.EXAMPLE.COM sasl_auth = ldap.sasl.sasl({},'GSSAPI') l.sasl_interactive_bind_s("", sasl_auth) python-ldap-3.2.0/Demo/page_control.py0000644000175000017500000000371713441744767021634 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- from __future__ import print_function url = "ldap://localhost:1390" base = "dc=stroeder,dc=de" search_flt = r'(objectClass=*)' page_size = 10 binddn = '' bindpw = '' trace_level = 0 import ldap,pprint try: from ldap.controls.pagedresults import SimplePagedResultsControl except ImportError: from ldap.controls.libldap import SimplePagedResultsControl searchreq_attrlist=['cn','entryDN','entryUUID','mail','objectClass'] #ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) ldap.set_option(ldap.OPT_REFERRALS, 0) l = ldap.initialize(url,trace_level=trace_level) l.protocol_version = 3 l.simple_bind_s(binddn,bindpw) req_ctrl = SimplePagedResultsControl(True,size=page_size,cookie='') known_ldap_resp_ctrls = { SimplePagedResultsControl.controlType:SimplePagedResultsControl, } # Send search request msgid = l.search_ext( base, ldap.SCOPE_SUBTREE, search_flt, attrlist=searchreq_attrlist, serverctrls=[req_ctrl] ) pages = 0 while True: pages += 1 print('-'*60) print("Getting page %d" % (pages)) rtype, rdata, rmsgid, serverctrls = l.result3(msgid,resp_ctrl_classes=known_ldap_resp_ctrls) print('%d results' % len(rdata)) print('serverctrls=',pprint.pprint(serverctrls)) print('rdata=',pprint.pprint(rdata)) pctrls = [ c for c in serverctrls if c.controlType == SimplePagedResultsControl.controlType ] if pctrls: print('pctrls[0].size',repr(pctrls[0].size)) print('pctrls[0].cookie',repr(pctrls[0].cookie)) if pctrls[0].cookie: # Copy cookie from response control to request control req_ctrl.cookie = pctrls[0].cookie msgid = l.search_ext( base, ldap.SCOPE_SUBTREE, search_flt, attrlist=searchreq_attrlist, serverctrls=[req_ctrl] ) else: break else: print("Warning: Server ignores RFC 2696 control.") break l.unbind_s() python-ldap-3.2.0/Demo/ldapcontrols.py0000644000175000017500000000155113441744767021656 0ustar pviktoripviktorin00000000000000from __future__ import print_function import ldap,ldapurl,pprint from ldap.controls import LDAPControl,BooleanControl l = ldap.initialize('ldap://localhost:1390',trace_level=2) print(60*'#') pprint.pprint(l.get_option(ldap.OPT_SERVER_CONTROLS)) l.manage_dsa_it(1,1) pprint.pprint(l.get_option(ldap.OPT_SERVER_CONTROLS)) print(60*'#') # Search with ManageDsaIT control (which has no value) pprint.pprint(l.search_ext_s( 'cn=Test-Referral,ou=Testing,dc=stroeder,dc=de', ldap.SCOPE_BASE, '(objectClass=*)', ['*','+'], serverctrls = [ LDAPControl('2.16.840.1.113730.3.4.2',1,None) ], )) print(60*'#') # Search with Subentries control (which has boolean value) pprint.pprint(l.search_ext_s( 'dc=stroeder,dc=de', ldap.SCOPE_SUBTREE, '(objectClass=subentry)', ['*','+'], serverctrls = [ BooleanControl('1.3.6.1.4.1.4203.1.10.1',1,1) ], )) print(60*'#') python-ldap-3.2.0/Demo/reconnect.py0000644000175000017500000000103113441744767021123 0ustar pviktoripviktorin00000000000000import sys,time,ldap,ldap.ldapobject,ldapurl from ldap.ldapobject import * ldap_url = ldapurl.LDAPUrl(sys.argv[1]) ldap_url.applyDefaults({ 'who':'', 'cred':'', 'filterstr':'(objectClass=*)', 'scope':ldap.SCOPE_BASE }) ldap.trace_level=1 l = ldap.ldapobject.ReconnectLDAPObject( ldap_url.initializeUrl(),trace_level=ldap.trace_level ) l.protocol_version = ldap.VERSION3 l.simple_bind_s(ldap_url.who,ldap_url.cred) while 1: l.search_s(ldap_url.dn,ldap_url.scope,ldap_url.filterstr,ldap_url.attrs) sys.stdin.readline() python-ldap-3.2.0/Demo/rename.py0000644000175000017500000000210113441744767020411 0ustar pviktoripviktorin00000000000000from __future__ import print_function import ldap from getpass import getpass # Create LDAPObject instance l = ldap.initialize('ldap://localhost:1389',trace_level=1) print('Password:') cred = getpass() try: # Set LDAP protocol version used l.set_option(ldap.OPT_PROTOCOL_VERSION,3) # Try a bind to provoke failure if protocol version is not supported l.bind_s('cn=root,dc=stroeder,dc=com',cred,ldap.AUTH_SIMPLE) print('Using rename_s():') l.rename_s( 'uid=fred,ou=Unstructured testing tree,dc=stroeder,dc=com', 'cn=Fred Feuerstein', 'dc=stroeder,dc=com', 0 ) l.rename_s( 'cn=Fred Feuerstein,dc=stroeder,dc=com', 'uid=fred', 'ou=Unstructured testing tree,dc=stroeder,dc=com', 0 ) m = l.rename( 'uid=fred,ou=Unstructured testing tree,dc=stroeder,dc=com', 'cn=Fred Feuerstein', 'dc=stroeder,dc=com', 0 ) r = l.result(m,1) m = l.rename( 'cn=Fred Feuerstein,dc=stroeder,dc=com', 'uid=fred', 'ou=Unstructured testing tree,dc=stroeder,dc=com', 0 ) r = l.result(m,1) finally: l.unbind_s() python-ldap-3.2.0/Demo/options.py0000644000175000017500000000172113441744767020644 0ustar pviktoripviktorin00000000000000from __future__ import print_function import ldap host="localhost:1390" print("API info:",ldap.get_option(ldap.OPT_API_INFO)) print("debug level:",ldap.get_option(ldap.OPT_DEBUG_LEVEL)) #print("Setting debug level to 255...") #ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) #print("debug level:",ldap.get_option(ldap.OPT_DEBUG_LEVEL)) print("default size limit:",ldap.get_option(ldap.OPT_SIZELIMIT)) print("Setting default size limit to 10...") ldap.set_option(ldap.OPT_SIZELIMIT,10) print("default size limit:",ldap.get_option(ldap.OPT_SIZELIMIT)) print("Creating connection to",host,"...") l=ldap.init(host) print("size limit:",l.get_option(ldap.OPT_SIZELIMIT)) print("Setting connection size limit to 20...") l.set_option(ldap.OPT_SIZELIMIT,20) print("size limit:",l.get_option(ldap.OPT_SIZELIMIT)) #print("Setting time limit to 60 secs...") l.set_option(ldap.OPT_TIMELIMIT,60) #print("time limit:",l.get_option(ldap.OPT_TIMELIMIT)) print("Binding...") l.simple_bind_s("","") python-ldap-3.2.0/Demo/schema_tree.py0000644000175000017500000000457113441744767021436 0ustar pviktoripviktorin00000000000000""" Outputs the object class tree read from LDAPv3 schema of a given server Usage: schema_oc_tree.py [--html] [LDAP URL] """ from __future__ import print_function import sys,getopt,ldap,ldap.schema ldap.trace_level = 1 def PrintSchemaTree(schema,se_class,se_tree,se_oid,level): """ASCII text output for console""" se_obj = schema.get_obj(se_class,se_oid) if se_obj!=None: print('| '*(level-1)+'+---'*(level>0), \) ', '.join(se_obj.names), \ '(%s)' % se_obj.oid for sub_se_oid in se_tree[se_oid]: print('| '*(level+1)) PrintSchemaTree(schema,se_class,se_tree,sub_se_oid,level+1) def HTMLSchemaTree(schema,se_class,se_tree,se_oid,level): """HTML output for browser""" se_obj = schema.get_obj(se_class,se_oid) if se_obj!=None: print("""
%s (%s)
%s """ % (', '.join(se_obj.names),se_obj.oid,se_obj.desc)) if se_tree[se_oid]: print('
') for sub_se_oid in se_tree[se_oid]: HTMLSchemaTree(schema,se_class,se_tree,sub_se_oid,level+1) print('
') print('
') ldap.set_option(ldap.OPT_DEBUG_LEVEL,0) ldap._trace_level = 0 subschemasubentry_dn,schema = ldap.schema.urlfetch(sys.argv[-1],ldap.trace_level) if subschemasubentry_dn is None: print('No sub schema sub entry found!') sys.exit(1) try: options,args=getopt.getopt(sys.argv[1:],'',['html']) except getopt.error: print('Error: %s\nUsage: schema_oc_tree.py [--html] [LDAP URL]') html_output = options and options[0][0]=='--html' oc_tree = schema.tree(ldap.schema.ObjectClass) at_tree = schema.tree(ldap.schema.AttributeType) #for k,v in oc_tree.items(): # print(k,'->',v) #for k,v in at_tree.items(): # print(k,'->',v) if html_output: print(""" Object class tree

Object class tree

""") HTMLSchemaTree(schema,ldap.schema.ObjectClass,oc_tree,'2.5.6.0',0) print("""

Attribute type tree

""") for a in schema.listall(ldap.schema.AttributeType): if at_tree[a]: HTMLSchemaTree(schema,ldap.schema.AttributeType,at_tree,a,0) print print("""
""") else: print('*** Object class tree ***\n') print PrintSchemaTree(schema,ldap.schema.ObjectClass,oc_tree,'2.5.6.0',0) print('\n*** Attribute types tree ***\n') PrintSchemaTree(schema,ldap.schema.AttributeType,at_tree,'_',0) python-ldap-3.2.0/Demo/paged_search_ext_s.py0000644000175000017500000000576413441744767022773 0ustar pviktoripviktorin00000000000000from __future__ import print_function url = "ldap://localhost:1390/" base = "dc=stroeder,dc=de" search_flt = r'(objectClass=*)' searchreq_attrlist=['cn','entryDN','entryUUID','mail','objectClass'] from ldap.ldapobject import ReconnectLDAPObject import ldap,pprint from ldap.controls import SimplePagedResultsControl class PagedResultsSearchObject: page_size = 50 def paged_search_ext_s(self,base,scope,filterstr='(objectClass=*)',attrlist=None,attrsonly=0,serverctrls=None,clientctrls=None,timeout=-1,sizelimit=0): """ Behaves exactly like LDAPObject.search_ext_s() but internally uses the simple paged results control to retrieve search results in chunks. This is non-sense for really large results sets which you would like to process one-by-one """ while True: # loop for reconnecting if necessary req_ctrl = SimplePagedResultsControl(True,size=self.page_size,cookie='') try: # Send first search request msgid = self.search_ext( base, scope, filterstr=filterstr, attrlist=attrlist, attrsonly=attrsonly, serverctrls=(serverctrls or [])+[req_ctrl], clientctrls=clientctrls, timeout=timeout, sizelimit=sizelimit ) result_pages = 0 all_results = [] while True: rtype, rdata, rmsgid, rctrls = self.result3(msgid) all_results.extend(rdata) result_pages += 1 # Extract the simple paged results response control pctrls = [ c for c in rctrls if c.controlType == SimplePagedResultsControl.controlType ] if pctrls: if pctrls[0].cookie: # Copy cookie from response control to request control req_ctrl.cookie = pctrls[0].cookie msgid = self.search_ext( base, scope, filterstr=filterstr, attrlist=attrlist, attrsonly=attrsonly, serverctrls=(serverctrls or [])+[req_ctrl], clientctrls=clientctrls, timeout=timeout, sizelimit=sizelimit ) else: break # no more pages available except ldap.SERVER_DOWN as e: try: self.reconnect(self._uri) except AttributeError: raise e else: return result_pages,all_results class MyLDAPObject(ReconnectLDAPObject,PagedResultsSearchObject): pass #ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) ldap.set_option(ldap.OPT_REFERRALS, 0) l = MyLDAPObject(url,trace_level=2,retry_max=100,retry_delay=2) l.protocol_version = 3 l.simple_bind_s("", "") l.page_size=10 # Send search request result_pages,all_results = l.paged_search_ext_s( base, ldap.SCOPE_SUBTREE, search_flt, attrlist=searchreq_attrlist, serverctrls=None ) l.unbind_s() print('Received %d results in %d pages.' % (len(all_results),result_pages)) python-ldap-3.2.0/Demo/schema.py0000644000175000017500000000371713441744767020420 0ustar pviktoripviktorin00000000000000from __future__ import print_function import sys,ldap,ldap.schema schema_attrs = ldap.schema.SCHEMA_ATTRS ldap.set_option(ldap.OPT_DEBUG_LEVEL,0) ldap._trace_level = 0 subschemasubentry_dn,schema = ldap.schema.urlfetch(sys.argv[-1]) if subschemasubentry_dn is None: print('No sub schema sub entry found!') sys.exit(1) if schema.non_unique_oids: print('*** Schema errors ***') print('non-unique OIDs:\n','\r\n'.join(schema.non_unique_oids)) print('*** Schema from',repr(subschemasubentry_dn)) # Display schema for attr_type,schema_class in ldap.schema.SCHEMA_CLASS_MAPPING.items(): print('*'*20,attr_type,'*'*20) for element_id in schema.listall(schema_class): se_orig = schema.get_obj(schema_class,element_id) print(attr_type,str(se_orig)) print('*** Testing object class inetOrgPerson ***') drink = schema.get_obj(ldap.schema.AttributeType,'favouriteDrink') if not drink is None: print('*** drink ***') print('drink.names',repr(drink.names)) print('drink.collective',repr(drink.collective)) inetOrgPerson = schema.get_obj(ldap.schema.ObjectClass,'inetOrgPerson') if not inetOrgPerson is None: print(inetOrgPerson.must,inetOrgPerson.may) print('*** person,organizationalPerson,inetOrgPerson ***') try: print(schema.attribute_types() ['person','organizationalPerson','inetOrgPerson'] ) print(schema.attribute_types() ['person','organizationalPerson','inetOrgPerson'], attr_type_filter = [ ('no_user_mod',[0]), ('usage',range(2)), ] ) except KeyError as e: print('***KeyError',str(e)) schema.ldap_entry() print(str(schema.get_obj(ldap.schema.MatchingRule,'2.5.13.0'))) print(str(schema.get_obj(ldap.schema.MatchingRuleUse,'2.5.13.0'))) print(str(schema.get_obj(ldap.schema.AttributeType,'name'))) print(str(schema.get_inheritedobj(ldap.schema.AttributeType,'cn',['syntax','equality','substr','ordering']))) must_attr,may_attr = schema.attribute_types(['person','organizationalPerson','inetOrgPerson'],raise_keyerror=0) python-ldap-3.2.0/Doc/0000755000175000017500000000000013441750214016377 5ustar pviktoripviktorin00000000000000python-ldap-3.2.0/Doc/contributing.rst0000644000175000017500000001635513424323370021652 0ustar pviktoripviktorin00000000000000.. highlight:: console Contributing to python-ldap *************************** Thank you for your interest in python-ldap! If you'd like to contribute (be it code, documentation, maintenance effort, or anything else), this guide is for you. .. toctree:: :hidden: sample_workflow.rst Communication ============= Always keep in mind that python-ldap is developed and maintained by volunteers. We're happy to share our work, and to work with you to make the library better, but (until you pay someone), there's obligation to provide assistance. So, keep it friendly, respectful, and supportive! Mailing list ------------ Discussion about the use and future of python-ldap occurs in the ``python-ldap@python.org`` mailing list. It's also the channel to use if documentation (including this guide) is not clear to you. Do try searching around before you ask on the list, though! You can `subscribe or unsubscribe`_ to this list or browse the `list archive`_. .. _subscribe or unsubscribe: https://mail.python.org/mailman/listinfo/python-ldap .. _list archive: https://mail.python.org/pipermail/python-ldap/ Issues ------ Please report bugs, missing features and other issues to `the bug tracker`_ at GitHub. You will need a GitHub account for that. If you prefer not to open a GitHub account, you're always welcome to use the mailing list. Security Contact ---------------- If you found a security issue that should not be discussed publicly, please e-mail the maintainer at ``pviktori@redhat.com``. If required, write to coordinate a more secure channel. All other communication should be public. Contributing code ================= If you're used to open-source Python development with Git, here's the gist: * ``git clone https://github.com/python-ldap/python-ldap`` * Use GitHub for `the bug tracker`_ and pull requests. * Run tests with `tox`_; ignore Python interpreters you don't have locally. .. _the bug tracker: https://github.com/python-ldap/python-ldap/issues .. _tox: https://tox.readthedocs.io/en/latest/ Or, if you prefer to avoid closed-source services: * ``git clone https://pagure.io/python-ldap`` * Send bug reports and patches to the mailing list. * Run tests with `tox`_; ignore Python interpreters you don't have locally. * Read the documentation directly at `Read the Docs`_. .. _Read the Docs: https://python-ldap.readthedocs.io/ If you're new to some aspect of the project, you're welcome to use (or adapt) our :ref:`sample workflow `. .. _additional tests: Additional tests and scripts ============================ We use several specialized tools for debugging and maintenance. Make targets ------------ Make targets currently use the ``python3`` executable. Specify a different one using, for example:: make PYTHON=/usr/local/bin/python Notable targets are: ``make autoformat`` Automatically re-formats C and Python code to conform to Python style guides (`PEP 7`_ and `PEP 8`_). Note that no backups are made – please commit any other changes before using this target. Requires the ``indent`` program and the ``autopep8`` Python module. .. _PEP 7: https://www.python.org/dev/peps/pep-0007/ .. _PEP 8: https://www.python.org/dev/peps/pep-0008/ ``make lcov lcov-open`` Generate and view test coverage for C code. Requires LCOV_. ``make scan-build`` Run static analysis. Requires ``clang``. ``make valgrind`` Run Valgrind_ to check for memory leaks. Requires ``valgrind`` and a Python suppression file, which you can specify as ``PYTHON_SUPP``, e.g.:: make valgrind PYTHON_SUPP=/your/path/to/valgrind-python.supp The suppression file is ``Misc/valgrind-python.supp`` in the Python source distribution, and it's frequently packaged together with Python development headers. .. _LCOV: https://github.com/linux-test-project/lcov .. _Valgrind: http://valgrind.org/ Reference leak tests -------------------- Reference leak tests require a *pydebug* build of CPython and `pytest`_ with `pytest-leaks`_ plugin. A *pydebug* build has a global reference counter, which keeps track of all reference increments and decrements. The leak plugin runs each test multiple times and checks if the reference count increases. .. _pytest: https://docs.pytest.org/en/latest/ .. _pytest-leaks: https://pypi.org/project/pytest-leaks/ Download and compile the *pydebug* build:: $ curl -O https://www.python.org/ftp/python/3.6.3/Python-3.6.3.tar.xz $ tar xJf Python-3.6.3.tar.xz $ cd Python-3.6.3 $ ./configure --with-pydebug $ make Create a virtual environment with the *pydebug* build:: $ ./python -m venv /tmp/refleak $ /tmp/refleak/bin/pip install pytest pytest-leaks Run reference leak tests:: $ cd path/to/python-ldap $ /tmp/refleak/bin/pip install --upgrade . $ /tmp/refleak/bin/pytest -v -R: Run ``/tmp/refleak/bin/pip install --upgrade .`` every time a file outside of ``Tests/`` is modified. .. _committer instructions: Instructions for core committers ================================ If you have the authority (and responsibility) of merging changes from others, remember: * All code changes need to be reviewed by someone other than the author. * Tests must always pass. New features without tests shall *not* pass review. * Make sure commit messages don't use GitHub-specific link syntax. Use the full URL, e.g. ``https://github.com/python-ldap/python-ldap/issues/50`` instead of ``#20``. * Exception: it's fine to use the short form in the summary line of a merge commit, if the full URL appears later. * It's OK to use shortcuts in GitHub *discussions*, where they are not hashed into immutable history. * Make a merge commit if the contribution contains several well-isolated separate commits with good descriptions. Use *squash-and-merge* (or *fast-forward* from a command line) for all other cases. * It's OK to push small changes into a pull request. If you do this, document what you have done (so the contributor can learn for the future), and get their :abbr:`ACK (confirmation)` before merging. * When squashing, do edit commit messages to add references to the pull request and relevant discussions/issues, and to conform to Git best practices. * Consider making the summary line suitable for the CHANGES document, and starting it with a prefix like ``Lib:`` or ``Tests:``. * Push to Pagure as well. If you have good reason to break the “rules”, go ahead and break them, but mention why. Instructions for release managers ================================= If you are tasked with releasing python-ldap, remember to: * Bump all instances of the version number. * Go through all changes since last version, and add them to ``CHANGES``. * Run :ref:`additional tests` as appropriate, fix any regressions. * Change the release date in ``CHANGES``. * Merge all that (using pull requests). * Run ``python setup.py sdist``, and smoke-test the resulting package (install in a clean virtual environment, import ``ldap``). * Create Git tag ``python-ldap-{version}``, and push it to GitHub and Pagure. * Release the ``sdist`` on PyPI. * Announce the release on the mailing list. Mention the Git hash. * Add the release's log from ``CHANGES`` on the `GitHub release page`_. .. _GitHub release page: https://github.com/python-ldap/python-ldap/releases python-ldap-3.2.0/Doc/Makefile0000644000175000017500000000422213327633471020047 0ustar pviktoripviktorin00000000000000# Makefile for Sphinx documentation # # You can set these variables from the command line. SPHINXOPTS = SPHINXBUILD = sphinx-build PAPER = # Internal variables. PAPEROPT_a4 = -D latex_paper_size=a4 PAPEROPT_letter = -D latex_paper_size=letter ALLSPHINXOPTS = -d .build/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . .PHONY: help clean html web htmlhelp latex changes linkcheck help: @echo "Please use \`make ' where is one of" @echo " html to make standalone HTML files" @echo " web to make files usable by Sphinx.web" @echo " htmlhelp to make HTML files and a HTML help project" @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" @echo " changes to make an overview over all changed/added/deprecated items" @echo " linkcheck to check all external links for integrity" clean: -rm -rf .build/* html: mkdir -p .build/html .build/doctrees $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) .build/html @echo @echo "Build finished. The HTML pages are in .build/html." web: mkdir -p .build/web .build/doctrees $(SPHINXBUILD) -b web $(ALLSPHINXOPTS) .build/web @echo @echo "Build finished; now you can run" @echo " python -m sphinx.web .build/web" @echo "to start the server." htmlhelp: mkdir -p .build/htmlhelp .build/doctrees $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) .build/htmlhelp @echo @echo "Build finished; now you can run HTML Help Workshop with the" \ ".hhp project file in .build/htmlhelp." latex: mkdir -p .build/latex .build/doctrees $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) .build/latex @echo @echo "Build finished; the LaTeX files are in .build/latex." @echo "Run \`make all-pdf' or \`make all-ps' in that directory to" \ "run these through (pdf)latex." changes: mkdir -p .build/changes .build/doctrees $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) .build/changes @echo @echo "The overview file is in .build/changes." linkcheck: mkdir -p .build/linkcheck .build/doctrees $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) .build/linkcheck @echo @echo "Link check complete; look for any errors in the above output " \ "or in .build/linkcheck/output.txt." python-ldap-3.2.0/Doc/sample_workflow.rst0000644000175000017500000000510113441743002022336 0ustar pviktoripviktorin00000000000000.. _sample workflow: Sample workflow for python-ldap development ------------------------------------------- This document will guide you through the process of contributing a change to python-ldap. We assume that, as a user of python-ldap, you're not new to software development in general, so these instructions are terse. If you need additional detail, please do ask on the mailing list. .. note:: The following instructions are for Linux. If you can translate them to another system, please contribute your translation! Install `Git`_, `tox`_ and the :ref:`build prerequisites`. .. _tox: https://tox.readthedocs.io/en/latest/ Clone the repository:: $ git clone https://github.com/python-ldap/python-ldap $ cd python-ldap Create a :mod:`virtual environment ` to ensure you in-development python-ldap won't affect the rest of your system:: $ python3 -m venv __venv__ (For Python 2, install `virtualenv`_ and use it instead of ``python3 -m venv``.) .. _git: https://git-scm.com/ .. _virtualenv: https://virtualenv.pypa.io/en/stable/ Activate the virtual environment:: $ source __venv__/bin/activate Install python-ldap to it in `editable mode`_:: (__venv__)$ python -m pip install -e . This way, importing a Python module from python-ldap will directly use the code from your source tree. If you change C code, you will still need to recompile (using the ``pip install`` command again). .. _editable mode: https://pip.pypa.io/en/stable/reference/pip_install/#editable-installs Change the code as desired. To run tests, install and run `tox`_:: (__venv__)$ python -m pip install tox (__venv__)$ tox --skip-missing-interpreters This will run tests on all supported versions of Python that you have installed, skipping the ones you don't. To run a subset of test environments, run for example:: (__venv__)$ tox -e py27,py36 In addition to ``pyXY`` environments, we have extra environments for checking things independent of the Python version: * ``doc`` checks syntax and spelling of the documentation * ``coverage-report`` generates a test coverage report for Python code. It must be used last, e.g. ``tox -e py27,py36,coverage-report``. * ``py2-nosasltls`` and ``py3-nosasltls`` check functionality without SASL and TLS bindings compiled in. When your change is ready, commit to Git, and submit a pull request on GitHub. You can take a look at the :ref:`committer instructions` to see what we are looking for in a pull request. If you don't want to open a GitHub account, please send patches as attachments to the python-ldap mailing list. python-ldap-3.2.0/Doc/reference/0000755000175000017500000000000013441750214020335 5ustar pviktoripviktorin00000000000000python-ldap-3.2.0/Doc/reference/ldap.rst0000644000175000017500000012030313441743002022003 0ustar pviktoripviktorin00000000000000******************************************** :py:mod:`ldap` LDAP library interface module ******************************************** .. py:module:: ldap :platform: Posix, Windows :synopsis: Access to an underlying LDAP C library. .. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) This module provides access to the LDAP (Lightweight Directory Access Protocol) C API implemented in OpenLDAP. It is similar to the C API, with the notable differences that lists are manipulated via Python list operations and errors appear as exceptions. .. seealso:: For more detailed information on the C interface, please see the (expired) `draft-ietf-ldapext-ldap-c-api `_ This documentation is current for the Python LDAP module, version |release|. Source and binaries are available from https://www.python-ldap.org/. Functions ========= This module defines the following functions: .. py:function:: initialize(uri [, trace_level=0 [, trace_file=sys.stdout [, trace_stack_limit=None, [bytes_mode=None, [bytes_strictness=None]]]]]) -> LDAPObject object Initializes a new connection object for accessing the given LDAP server, and return an LDAP object (see :ref:`ldap-objects`) used to perform operations on that server. The *uri* parameter may be a comma- or whitespace-separated list of URIs containing only the schema, the host, and the port fields. Note that when using multiple URIs you cannot determine to which URI your client gets connected. Note that internally the OpenLDAP function `ldap_initialize(3) `_ is called which just initializes the LDAP connection struct in the C API - nothing else. Therefore the first call to an operation method (bind, search etc.) then really opens the connection (lazy connect). Before that nothing is sent on the wire. The error handling in the calling application has to correctly handle this behaviour. Three optional arguments are for generating debug log information: *trace_level* specifies the amount of information being logged, *trace_file* specifies a file-like object as target of the debug log and *trace_stack_limit* specifies the stack limit of tracebacks in debug log. The *bytes_mode* and *bytes_strictness* arguments specify text/bytes behavior under Python 2. See :ref:`text-bytes` for a complete documentation. Possible values for *trace_level* are :py:const:`0` for no logging, :py:const:`1` for only logging the method calls with arguments, :py:const:`2` for logging the method calls with arguments and the complete results and :py:const:`9` for also logging the traceback of method calls. Additional keyword arguments are passed to :class:`LDAPObject`. .. seealso:: :rfc:`4516` - Lightweight Directory Access Protocol (LDAP): Uniform Resource Locator .. py:function:: get_option(option) -> int|string This function returns the value of the global option specified by *option*. .. py:function:: set_option(option, invalue) -> None This function sets the value of the global option specified by *option* to *invalue*. .. versionchanged:: 3.1 The deprecated functions ``ldap.init()`` and ``ldap.open()`` were removed. .. _ldap-constants: Constants ========= The module defines various constants. Note that some constants depend on the build options and which underlying libs were used or even on the version of the libs. So before using those constants the application has to explicitly check whether they are available. General ------- .. py:data:: PORT The assigned TCP port number (389) that LDAP servers listen on. .. py:data:: SASL_AVAIL Integer where a non-zero value indicates that python-ldap was built with support for SASL (Cyrus-SASL). .. py:data:: TLS_AVAIL Integer where a non-zero value indicates that python-ldap was built with support for SSL/TLS (OpenSSL or similar libs). .. _ldap-options: Options ------- .. seealso:: :manpage:`ldap.conf(5)` and :manpage:`ldap_get_option(3)` For use with functions :py:func:`set_option` and :py:func:`get_option` and methods :py:meth:`LDAPObject.set_option` and :py:meth:`LDAPObject.get_option` the following option identifiers are defined as constants: .. py:data:: OPT_API_FEATURE_INFO .. py:data:: OPT_API_INFO .. py:data:: OPT_CLIENT_CONTROLS .. py:data:: OPT_DEBUG_LEVEL Sets the debug level within the underlying OpenLDAP C lib (libldap). libldap sends the log messages to stderr. .. py:data:: OPT_DEFBASE .. py:data:: OPT_DEREF Specifies how alias dereferencing is done within the underlying LDAP C lib. .. py:data:: OPT_ERROR_STRING .. py:data:: OPT_DIAGNOSTIC_MESSAGE .. py:data:: OPT_HOST_NAME .. py:data:: OPT_MATCHED_DN .. py:data:: OPT_NETWORK_TIMEOUT .. versionchanged:: 3.0 A timeout of ``-1`` or ``None`` resets timeout to infinity. .. py:data:: OPT_PROTOCOL_VERSION Sets the LDAP protocol version used for a connection. This is mapped to object attribute `ldap.LDAPObject.protocol_version` .. py:data:: OPT_REFERRALS int specifying whether referrals should be automatically chased within the underlying LDAP C lib. .. py:data:: OPT_REFHOPLIMIT .. py:data:: OPT_RESTART .. py:data:: OPT_SERVER_CONTROLS .. py:data:: OPT_SIZELIMIT .. py:data:: OPT_SUCCESS .. py:data:: OPT_TIMELIMIT .. py:data:: OPT_TIMEOUT .. versionchanged:: 3.0 A timeout of ``-1`` or ``None`` resets timeout to infinity. .. py:data:: OPT_URI .. _ldap-sasl-options: SASL options :::::::::::: .. py:data:: OPT_X_SASL_AUTHCID .. py:data:: OPT_X_SASL_AUTHZID .. py:data:: OPT_X_SASL_MECH .. py:data:: OPT_X_SASL_NOCANON If set to zero SASL host name canonicalization is disabled. .. py:data:: OPT_X_SASL_REALM .. py:data:: OPT_X_SASL_SECPROPS .. py:data:: OPT_X_SASL_SSF .. py:data:: OPT_X_SASL_SSF_EXTERNAL .. py:data:: OPT_X_SASL_SSF_MAX .. py:data:: OPT_X_SASL_SSF_MIN .. _ldap-tls-options: TLS options ::::::::::: .. py:data:: OPT_X_TLS .. py:data:: OPT_X_TLS_ALLOW .. py:data:: OPT_X_TLS_CACERTDIR .. py:data:: OPT_X_TLS_CACERTFILE .. py:data:: OPT_X_TLS_CERTFILE .. py:data:: OPT_X_TLS_CIPHER_SUITE .. py:data:: OPT_X_TLS_CTX .. py:data:: OPT_X_TLS_DEMAND .. py:data:: OPT_X_TLS_HARD .. py:data:: OPT_X_TLS_KEYFILE .. py:data:: OPT_X_TLS_NEVER .. py:data:: OPT_X_TLS_RANDOM_FILE .. py:data:: OPT_X_TLS_REQUIRE_CERT .. py:data:: OPT_X_TLS_TRY .. _ldap-keepalive-options: Keepalive options ::::::::::::::::: .. py:data:: OPT_X_KEEPALIVE_IDLE .. py:data:: OPT_X_KEEPALIVE_PROBES .. py:data:: OPT_X_KEEPALIVE_INTERVAL .. _ldap-dn-flags: DN format flags ---------------- This constants are used for DN-parsing functions found in sub-module :py:mod:`ldap.dn`. .. seealso:: `ldap_str2dn(3) `_ .. py:data:: DN_FORMAT_LDAP .. py:data:: DN_FORMAT_LDAPV3 .. py:data:: DN_FORMAT_LDAPV2 .. py:data:: DN_FORMAT_DCE .. py:data:: DN_FORMAT_UFN .. py:data:: DN_FORMAT_AD_CANONICAL .. py:data:: DN_FORMAT_MASK .. py:data:: DN_PRETTY .. py:data:: DN_SKIP .. py:data:: DN_P_NOLEADTRAILSPACES .. py:data:: DN_P_NOSPACEAFTERRDN .. py:data:: DN_PEDANTIC .. _ldap-exceptions: Exceptions ========== The module defines the following exceptions: .. py:exception:: LDAPError This is the base class of all exceptions raised by the module :py:mod:`ldap`. Unlike the C interface, errors are not returned as result codes, but are instead turned into exceptions, raised as soon an the error condition is detected. The exceptions are accompanied by a dictionary possibly containing an string value for the key :py:const:`desc` (giving an English description of the error class) and/or a string value for the key :py:const:`info` (giving a string containing more information that the server may have sent). A third possible field of this dictionary is :py:const:`matched` and is set to a truncated form of the name provided or alias dereferenced for the lowest entry (object or alias) that was matched. .. py:exception:: ADMINLIMIT_EXCEEDED .. py:exception:: AFFECTS_MULTIPLE_DSAS .. py:exception:: ALIAS_DEREF_PROBLEM A problem was encountered when dereferencing an alias. (Sets the :py:const:`matched` field.) .. py:exception:: ALIAS_PROBLEM An alias in the directory points to a nonexistent entry. (Sets the :py:const:`matched` field.) .. py:exception:: ALREADY_EXISTS The entry already exists. E.g. the *dn* specified with :py:meth:`add()` already exists in the DIT. .. py:exception:: AUTH_UNKNOWN The authentication method specified to :py:meth:`bind()` is not known. .. py:exception:: BUSY The DSA is busy. .. py:exception:: CLIENT_LOOP .. py:exception:: COMPARE_FALSE A compare operation returned false. (This exception should never be seen because :py:meth:`compare()` returns a boolean result.) .. py:exception:: COMPARE_TRUE A compare operation returned true. (This exception should never be seen because :py:meth:`compare()` returns a boolean result.) .. py:exception:: CONFIDENTIALITY_REQUIRED Indicates that the session is not protected by a protocol such as Transport Layer Security (TLS), which provides session confidentiality. .. py:exception:: CONNECT_ERROR .. py:exception:: CONSTRAINT_VIOLATION An attribute value specified or an operation started violates some server-side constraint (e.g., a postalAddress has too many lines or a line that is too long or a password is expired). .. py:exception:: CONTROL_NOT_FOUND .. py:exception:: DECODING_ERROR An error was encountered decoding a result from the LDAP server. .. py:exception:: ENCODING_ERROR An error was encountered encoding parameters to send to the LDAP server. .. py:exception:: FILTER_ERROR An invalid filter was supplied to :py:meth:`search()` (e.g. unbalanced parentheses). .. py:exception:: INAPPROPRIATE_AUTH Inappropriate authentication was specified (e.g. :py:const:`AUTH_SIMPLE` was specified and the entry does not have a userPassword attribute). .. py:exception:: INAPPROPRIATE_MATCHING Filter type not supported for the specified attribute. .. py:exception:: INSUFFICIENT_ACCESS The user has insufficient access to perform the operation. .. py:exception:: INVALID_CREDENTIALS Invalid credentials were presented during :py:meth:`bind()` or :py:meth:`simple_bind()`. (e.g., the wrong password). .. py:exception:: INVALID_DN_SYNTAX A syntactically invalid DN was specified. (Sets the :py:const:`matched` field.) .. py:exception:: INVALID_SYNTAX An attribute value specified by the client did not comply to the syntax defined in the server-side schema. .. py:exception:: IS_LEAF The object specified is a leaf of the directory tree. Sets the :py:const:`matched` field of the exception dictionary value. .. py:exception:: LOCAL_ERROR Some local error occurred. This is usually due to failed memory allocation. .. py:exception:: LOOP_DETECT A loop was detected. .. py:exception:: MORE_RESULTS_TO_RETURN .. py:exception:: NAMING_VIOLATION A naming violation occurred. This is raised e.g. if the LDAP server has constraints about the tree naming. .. py:exception:: NO_OBJECT_CLASS_MODS Modifying the objectClass attribute as requested is not allowed (e.g. modifying structural object class of existing entry). .. py:exception:: NOT_ALLOWED_ON_NONLEAF The operation is not allowed on a non-leaf object. .. py:exception:: NOT_ALLOWED_ON_RDN The operation is not allowed on an RDN. .. py:exception:: NOT_SUPPORTED .. py:exception:: NO_MEMORY .. py:exception:: NO_OBJECT_CLASS_MODS Object class modifications are not allowed. .. py:exception:: NO_RESULTS_RETURNED .. py:exception:: NO_SUCH_ATTRIBUTE The attribute type specified does not exist in the entry. .. py:exception:: NO_SUCH_OBJECT The specified object does not exist in the directory. Sets the :py:const:`matched` field of the exception dictionary value. .. py:exception:: OBJECT_CLASS_VIOLATION An object class violation occurred when the LDAP server checked the data sent by the client against the server-side schema (e.g. a "must" attribute was missing in the entry data). .. py:exception:: OPERATIONS_ERROR An operations error occurred. .. py:exception:: OTHER An unclassified error occurred. .. py:exception:: PARAM_ERROR An ldap routine was called with a bad parameter. .. py:exception:: PARTIAL_RESULTS Partial results only returned. This exception is raised if a referral is received when using LDAPv2. (This exception should never be seen with LDAPv3.) .. py:exception:: PROTOCOL_ERROR A violation of the LDAP protocol was detected. .. py:exception:: RESULTS_TOO_LARGE The result does not fit into a UDP packet. This happens only when using UDP-based CLDAP (connection-less LDAP) which is not supported anyway. .. py:exception:: SASL_BIND_IN_PROGRESS .. py:exception:: SERVER_DOWN The LDAP library can't contact the LDAP server. .. py:exception:: SIZELIMIT_EXCEEDED An LDAP size limit was exceeded. This could be due to a ``sizelimit`` configuration on the LDAP server. .. py:exception:: STRONG_AUTH_NOT_SUPPORTED The LDAP server does not support strong authentication. .. py:exception:: STRONG_AUTH_REQUIRED Strong authentication is required for the operation. .. py:exception:: TIMELIMIT_EXCEEDED An LDAP time limit was exceeded. .. py:exception:: TIMEOUT A timelimit was exceeded while waiting for a result from the server. .. py:exception:: TYPE_OR_VALUE_EXISTS An attribute type or attribute value specified already exists in the entry. .. py:exception:: UNAVAILABLE The DSA is unavailable. .. py:exception:: UNAVAILABLE_CRITICAL_EXTENSION Indicates that the LDAP server was unable to satisfy a request because one or more critical extensions were not available. Either the server does not support the control or the control is not appropriate for the operation type. .. py:exception:: UNDEFINED_TYPE An attribute type used is not defined in the server-side schema. .. py:exception:: UNWILLING_TO_PERFORM The DSA is unwilling to perform the operation. .. py:exception:: USER_CANCELLED The operation was cancelled via the :py:meth:`abandon()` method. The above exceptions are raised when a result code from an underlying API call does not indicate success. Warnings ======== .. py:class:: LDAPBytesWarning Raised when bytes/text mismatch in non-strict bytes mode. See :ref:`bytes_mode` for details. .. versionadded:: 3.0.0 .. _ldap-objects: LDAPObject classes ================== .. py:class:: LDAPObject Instances of :py:class:`LDAPObject` are returned by :py:func:`initialize()`. The connection is automatically unbound and closed when the LDAP object is deleted. Internally :py:class:`LDAPObject` is set to :py:class:`~ldap.ldapobject.SimpleLDAPObject` by default. .. autoclass:: ldap.ldapobject.SimpleLDAPObject .. autoclass:: ldap.ldapobject.ReconnectLDAPObject .. _ldap-controls: Arguments for LDAPv3 controls ----------------------------- The :py:mod:`ldap.controls` module can be used for constructing and decoding LDAPv3 controls. These arguments are available in the methods with names ending in :py:const:`_ext` or :py:const:`_ext_s`: *serverctrls* is a list of :py:class:`ldap.controls.LDAPControl` instances sent to the server along with the LDAP request (see module :py:mod:`ldap.controls`). These are controls which alter the behaviour of the server when processing the request if the control is supported by the server. The effect of controls might differ depending on the type of LDAP request or controls might not be applicable with certain LDAP requests at all. *clientctrls* is a list of :py:class:`ldap.controls.LDAPControl` instances passed to the client API and alter the behaviour of the client when processing the request. .. _sending-ldap-requests: Sending LDAP requests --------------------- Most methods on LDAP objects initiate an asynchronous request to the LDAP server and return a message id that can be used later to retrieve the result with :py:meth:`result()`. Methods with names ending in :py:const:`_s` are the synchronous form and wait for and return with the server's result, or with :py:const:`None` if no data is expected. :class:`LDAPObject` instances have the following methods: .. py:method:: LDAPObject.abandon(msgid) -> None .. py:method:: LDAPObject.abandon_ext(msgid [, serverctrls=None [, clientctrls=None]]) -> None Abandons an LDAP operation in progress without waiting for a LDAP response. The *msgid* argument should be the message ID of an outstanding LDAP operation as returned by the asynchronous methods :py:meth:`search()`, :py:meth:`modify()`, etc. The caller can expect that the result of an abandoned operation will not be returned from a future call to :py:meth:`result()`. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. .. py:method:: LDAPObject.add(dn, modlist) -> int .. py:method:: LDAPObject.add_s(dn, modlist) -> None .. py:method:: LDAPObject.add_ext(dn, modlist [, serverctrls=None [, clientctrls=None]]) -> int .. py:method:: LDAPObject.add_ext_s(dn, modlist [, serverctrls=None [, clientctrls=None]]) -> tuple Performs an LDAP add operation. The *dn* argument is the distinguished name (DN) of the entry to add, and *modlist* is a list of attributes to be added. The modlist is similar the one passed to :py:meth:`modify()`, except that the operation integer is omitted from the tuples in modlist. You might want to look into sub-module \refmodule{ldap.modlist} for generating the modlist. The asynchronous methods :py:meth:`add()` and :py:meth:`add_ext()` return the message ID of the initiated request. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. The *dn* argument, and mod_type (second item) of *modlist* are text strings; see :ref:`bytes_mode`. .. py:method:: LDAPObject.bind(who, cred, method) -> int .. py:method:: LDAPObject.bind_s(who, cred, method) -> None .. py:method:: LDAPObject.cancel( cancelid, [, serverctrls=None [, clientctrls=None]]) -> None Send cancels extended operation for an LDAP operation specified by *cancelid*. The *cancelid* should be the message id of an outstanding LDAP operation as returned by the asynchronous methods search(), modify() etc. The caller can expect that the result of an abandoned operation will not be returned from a future call to :py:meth:`result()`. In opposite to :py:meth:`abandon()` this extended operation gets an result from the server and thus should be preferred if the server supports it. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. :rfc:`3909` - Lightweight Directory Access Protocol (LDAP): Cancel Operation .. py:method:: LDAPObject.compare(dn, attr, value) -> int .. py:method:: LDAPObject.compare_s(dn, attr, value) -> bool .. py:method:: LDAPObject.compare_ext(dn, attr, value [, serverctrls=None [, clientctrls=None]]) -> int .. py:method:: LDAPObject.compare_ext_s(dn, attr, value [, serverctrls=None [, clientctrls=None]]) -> bool Perform an LDAP comparison between the attribute named *attr* of entry *dn*, and the value *value*. The synchronous forms returns ``True`` or ``False``. The asynchronous forms returns the message ID of the initiated request, and the result of the asynchronous compare can be obtained using :py:meth:`result()`. Note that the asynchronous technique yields the answer by raising the exception objects :py:exc:`ldap.COMPARE_TRUE` or :py:exc:`ldap.COMPARE_FALSE`. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. The *dn* and *attr* arguments are text strings; see :ref:`bytes_mode`. .. note:: A design fault in the LDAP API prevents *value* from containing *NULL* characters. .. py:method:: LDAPObject.delete(dn) -> int .. py:method:: LDAPObject.delete_s(dn) -> None .. py:method:: LDAPObject.delete_ext(dn [, serverctrls=None [, clientctrls=None]]) -> int .. py:method:: LDAPObject.delete_ext_s(dn [, serverctrls=None [, clientctrls=None]]) -> tuple Performs an LDAP delete operation on *dn*. The asynchronous form returns the message id of the initiated request, and the result can be obtained from a subsequent call to :py:meth:`result()`. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. The *dn* argument is text string; see :ref:`bytes_mode`. .. py:method:: LDAPObject.extop(extreq[,serverctrls=None[,clientctrls=None]]]) -> int .. py:method:: LDAPObject.extop_s(extreq[,serverctrls=None[,clientctrls=None[,extop_resp_class=None]]]]) -> (respoid,respvalue) Performs an LDAP extended operation. The asynchronous form returns the message id of the initiated request, and the result can be obtained from a subsequent call to :py:meth:`extop_result()`. The *extreq* is an instance of class :py:class:`ldap.extop.ExtendedRequest` containing the parameters for the extended operation request. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. If argument *extop_resp_class* is set to a sub-class of :py:class:`ldap.extop.ExtendedResponse` this class is used to return an object of this class instead of a raw BER value in respvalue. .. py:method:: LDAPObject.extop_result(self,msgid=ldap.RES_ANY,all=1,timeout=None) -> (respoid,respvalue) Wrapper method around :py:meth:`result4()` just for retrieving the result of an extended operation sent before. .. py:method:: LDAPObject.modify(dn, modlist) -> int .. py:method:: LDAPObject.modify_s(dn, modlist) -> None .. py:method:: LDAPObject.modify_ext(dn, modlist [, serverctrls=None [, clientctrls=None]]) -> int .. py:method:: LDAPObject.modify_ext_s(dn, modlist [, serverctrls=None [, clientctrls=None]]) -> tuple Performs an LDAP modify operation on an entry's attributes. The *dn* argument is the distinguished name (DN) of the entry to modify, and *modlist* is a list of modifications to make to that entry. Each element in the list *modlist* should be a tuple of the form *(mod_op,mod_type,mod_vals)*, where *mod_op* indicates the operation (one of :py:const:`ldap.MOD_ADD`, :py:const:`ldap.MOD_DELETE`, or :py:const:`ldap.MOD_REPLACE`), *mod_type* is a string indicating the attribute type name, and *mod_vals* is either a string value or a list of string values to add, delete or replace respectively. For the delete operation, *mod_vals* may be :py:const:`None` indicating that all attributes are to be deleted. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. The asynchronous methods :py:meth:`modify()` and :py:meth:`modify_ext()` return the message ID of the initiated request. You might want to look into sub-module :py:mod:`ldap.modlist` for generating *modlist*. The *dn* argument, and mod_type (second item) of *modlist* are text strings; see :ref:`bytes_mode`. .. py:method:: LDAPObject.modrdn(dn, newrdn [, delold=1]) -> int .. py:method:: LDAPObject.modrdn_s(dn, newrdn [, delold=1]) -> None Perform a ``modify RDN`` operation, (i.e. a renaming operation). These routines take *dn* (the DN of the entry whose RDN is to be changed, and *newrdn*, the new RDN to give to the entry. The optional parameter *delold* is used to specify whether the old RDN should be kept as an attribute of the entry or not. The asynchronous version returns the initiated message id. This operation is emulated by :py:meth:`rename()` and :py:meth:`rename_s()` methods since the modrdn2* routines in the C library are deprecated. The *dn* and *newrdn* arguments are text strings; see :ref:`bytes_mode`. .. py:method:: LDAPObject.passwd(user, oldpw, newpw [, serverctrls=None [, clientctrls=None]]) -> int .. py:method:: LDAPObject.passwd_s(user, oldpw, newpw [, serverctrls=None [, clientctrls=None]]) -> None Perform a ``LDAP Password Modify Extended Operation`` operation on the entry specified by *user*. The old password in *oldpw* is replaced with the new password in *newpw* by a LDAP server supporting this operation. If *oldpw* is not :py:const:`None` it has to match the old password of the specified *user* which is sometimes used when a user changes his own password. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. The asynchronous version returns the initiated message id. The *user*, *oldpw* and *newpw* arguments are text strings; see :ref:`bytes_mode`. .. seealso:: :rfc:`3062` - LDAP Password Modify Extended Operation .. py:method:: LDAPObject.rename(dn, newrdn [, newsuperior=None [, delold=1 [, serverctrls=None [, clientctrls=None]]]]) -> int .. py:method:: LDAPObject.rename_s(dn, newrdn [, newsuperior=None [, delold=1 [, serverctrls=None [, clientctrls=None]]]]) -> None Perform a ``Rename`` operation, (i.e. a renaming operation). These routines take *dn* (the DN of the entry whose RDN is to be changed, and *newrdn*, the new RDN to give to the entry. The optional parameter *newsuperior* is used to specify a new parent DN for moving an entry in the tree (not all LDAP servers support this). The optional parameter *delold* is used to specify whether the old RDN should be kept as an attribute of the entry or not. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. The *dn* and *newdn* arguments are text strings; see :ref:`bytes_mode`. .. py:method:: LDAPObject.result([msgid=RES_ANY [, all=1 [, timeout=None]]]) -> 2-tuple This method is used to wait for and return the result of an operation previously initiated by one of the LDAP *asynchronous* operations (e.g. :py:meth:`search()`, :py:meth:`modify()`, etc.) The *msgid* parameter is the integer identifier returned by that method. The identifier is guaranteed to be unique across an LDAP session, and tells the :py:meth:`result()` method to request the result of that specific operation. If a result is desired from any one of the in-progress operations, *msgid* should be specified as the constant :py:const:`RES_ANY` and the method :py:meth:`result2()` should be used instead. The *all* parameter only has meaning for :py:meth:`search()` responses and is used to select whether a single entry of the search response should be returned, or to wait for all the results of the search before returning. A search response is made up of zero or more search entries followed by a search result. If *all* is 0, search entries will be returned one at a time as they come in, via separate calls to :py:meth:`result()`. If all is 1, the search response will be returned in its entirety, i.e. after all entries and the final search result have been received. For *all* set to 0, result tuples trickle in (with the same message id), and with the result types :py:const:`RES_SEARCH_ENTRY` and :py:const:`RES_SEARCH_REFERENCE`, until the final result which has a result type of :py:const:`RES_SEARCH_RESULT` and a (usually) empty data field. When all is set to 1, only one result is returned, with a result type of RES_SEARCH_RESULT, and all the result tuples listed in the data field. The *timeout* parameter is a limit on the number of seconds that the method will wait for a response from the server. If *timeout* is negative (which is the default), the method will wait indefinitely for a response. The timeout can be expressed as a floating-point value, and a value of :py:const:`0` effects a poll. If a timeout does occur, a :py:exc:`ldap.TIMEOUT` exception is raised, unless polling, in which case ``(None, None)`` is returned. The :py:meth:`result()` method returns a tuple of the form ``(result-type, result-data)``. The first element, ``result-type`` is a string, being one of these module constants: :py:const:`RES_BIND`, :py:const:`RES_SEARCH_ENTRY`, :py:const:`RES_SEARCH_REFERENCE`, :py:const:`RES_SEARCH_RESULT`, :py:const:`RES_MODIFY`, :py:const:`RES_ADD`, :py:const:`RES_DELETE`, :py:const:`RES_MODRDN`, or :py:const:`RES_COMPARE`. If *all* is :py:const:`0`, one response at a time is returned on each call to :py:meth:`result()`, with termination indicated by ``result-data`` being an empty list. See :py:meth:`search()` for a description of the search result's ``result-data``, otherwise the ``result-data`` is normally meaningless. .. py:method:: LDAPObject.result2([msgid=RES_ANY [, all=1 [, timeout=None]]]) -> 3-tuple This method behaves almost exactly like :py:meth:`result()`. But it returns a 3-tuple also containing the message id of the outstanding LDAP operation a particular result message belongs to. This is especially handy if one needs to dispatch results obtained with ``msgid=``:py:const:`RES_ANY` to several consumer threads which invoked a particular LDAP operation. .. py:method:: LDAPObject.result3([msgid=RES_ANY [, all=1 [, timeout=None]]]) -> 4-tuple This method behaves almost exactly like :py:meth:`result2()`. But it returns an extra item in the tuple, the decoded server controls. .. py:method:: LDAPObject.result4([msgid=RES_ANY [, all=1 [, timeout=None [, add_ctrls=0 [, add_intermediates=0 [, add_extop=0 [, resp_ctrl_classes=None]]]]]]]) -> 6-tuple This method behaves almost exactly like :py:meth:`result3()`. But it returns an extra items in the tuple, the decoded results of an extended response. The additional arguments are: *add_ctrls* (integer flag) specifies whether response controls are returned. add_intermediates (integer flag) specifies whether response controls of intermediate search results are returned. *add_extop* (integer flag) specifies whether the response of an extended operation is returned. If using extended operations you should consider using the method :py:meth:`extop_result()` or :py:meth:`extop_s()` instead. *resp_ctrl_classes* is a dictionary mapping the OID of a response controls to a :py:class:`ldap.controls.ResponseControl` class of response controls known by the application. So the response control value will be automatically decoded. If :py:const:`None` the global dictionary :py:data:`ldap.controls.KNOWN_RESPONSE_CONTROLS` is used instead. .. py:method:: LDAPObject.sasl_interactive_bind_s(who, auth[, serverctrls=None [, clientctrls=None [, sasl_flags=ldap.SASL_QUIET]]]) -> None This call is used to bind to the directory with a SASL bind request. *auth* is an :py:class:`ldap.sasl.sasl()` instance. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. .. py:method:: LDAPObject.sasl_non_interactive_bind_s(sasl_mech[, serverctrls=None [, clientctrls=None [, sasl_flags=ldap.SASL_QUIET [, authz_id='']]]]) -> None This call is used to bind to the directory with a SASL bind request with non-interactive SASL mechanism defined with argument *sasl_mech* and internally calls :py:meth:`sasl_interactive_bind_s()`. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. .. py:method:: LDAPObject.sasl_external_bind_s([serverctrls=None [, clientctrls=None [, sasl_flags=ldap.SASL_QUIET [, authz_id='']]]]) -> None This call is used to bind to the directory with a SASL bind request with mechanism EXTERNAL and internally calls :py:meth:`sasl_non_interactive_bind_s()`. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. .. py:method:: LDAPObject.sasl_gssapi_bind_s([serverctrls=None [, clientctrls=None [, sasl_flags=ldap.SASL_QUIET [, authz_id='']]]]) -> None This call is used to bind to the directory with a SASL bind request with mechanism GSSAPI and internally calls :py:meth:`sasl_non_interactive_bind_s()`. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. .. py:method:: LDAPObject.simple_bind([who=None [, cred=None [, serverctrls=None [, clientctrls=None]]]]) -> int .. py:method:: LDAPObject.simple_bind_s([who=None [, cred=None [, serverctrls=None [, clientctrls=None]]]]) -> None After an LDAP object is created, and before any other operations can be attempted over the connection, a bind operation must be performed. This method attempts to bind with the LDAP server using either simple authentication, or Kerberos (if available). The first and most general method, :py:meth:`bind()`, takes a third parameter, *method* which can currently solely be :py:const:`AUTH_SIMPLE`. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. The *who* and *cred* arguments are text strings; see :ref:`bytes_mode`. .. versionchanged:: 3.0 :meth:`~LDAPObject.simple_bind` and :meth:`~LDAPObject.simple_bind_s` now accept ``None`` for *who* and *cred*, too. .. py:method:: LDAPObject.search(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, attrsonly=0]]]) ->int .. py:method:: LDAPObject.search_s(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, attrsonly=0]]]) ->list|None .. py:method:: LDAPObject.search_st(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, attrsonly=0 [, timeout=-1]]]]) -> list|None .. py:method:: LDAPObject.search_ext(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, attrsonly=0 [, serverctrls=None [, clientctrls=None [, timeout=-1 [, sizelimit=0]]]]]]]) -> int .. py:method:: LDAPObject.search_ext_s(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, attrsonly=0 [, serverctrls=None [, clientctrls=None [, timeout=-1 [, sizelimit=0]]]]]]]) -> list|None Perform an LDAP search operation, with *base* as the DN of the entry at which to start the search, *scope* being one of :py:const:`SCOPE_BASE` (to search the object itself), :py:const:`SCOPE_ONELEVEL` (to search the object's immediate children), or :py:const:`SCOPE_SUBTREE` (to search the object and all its descendants). The *filterstr* argument is a string representation of the filter to apply in the search. .. seealso:: :rfc:`4515` - Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters. Each result tuple is of the form ``(dn, attrs)``, where *dn* is a string containing the DN (distinguished name) of the entry, and *attrs* is a dictionary containing the attributes associated with the entry. The keys of *attrs* are strings, and the associated values are lists of strings. The DN in *dn* is automatically extracted using the underlying libldap function :c:func:`ldap_get_dn()`, which may raise an exception if the DN is malformed. If *attrsonly* is non-zero, the values of *attrs* will be meaningless (they are not transmitted in the result). The retrieved attributes can be limited with the *attrlist* parameter. If *attrlist* is :py:const:`None`, all the attributes of each entry are returned. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. The synchronous form with timeout, :py:meth:`search_st()` or :py:meth:`search_ext_s()`, will block for at most *timeout* seconds (or indefinitely if *timeout* is negative). A :py:exc:`ldap.TIMEOUT` exception is raised if no result is received within the specified time. The amount of search results retrieved can be limited with the *sizelimit* parameter when using :py:meth:`search_ext()` or :py:meth:`search_ext_s()` (client-side search limit). If non-zero not more than *sizelimit* results are returned by the server. The *base* and *filterstr* arguments, and *attrlist* contents, are text strings; see :ref:`bytes_mode`. .. versionchanged:: 3.0 ``filterstr=None`` is equivalent to ``filterstr='(objectClass=*)'``. .. py:method:: LDAPObject.start_tls_s() -> None Negotiate TLS with server. The ``version`` attribute must have been set to :py:const:`VERSION3` (which it is by default) before calling this method. If TLS could not be started an exception will be raised. .. seealso:: :rfc:`2830` - Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security .. py:method:: LDAPObject.unbind() -> int .. py:method:: LDAPObject.unbind_s() -> None .. py:method:: LDAPObject.unbind_ext([, serverctrls=None [, clientctrls=None]]) -> int .. py:method:: LDAPObject.unbind_ext_s([, serverctrls=None [, clientctrls=None]]) -> None This call is used to unbind from the directory, terminate the current association, and free resources. Once called, the connection to the LDAP server is closed and the LDAP object is marked invalid. Further invocation of methods on the object will yield exceptions. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. These methods are all synchronous in nature. .. py:method:: LDAPObject.whoami_s() -> string This synchronous method implements the LDAP "Who Am I?" extended operation. It is useful for finding out to find out which identity is assumed by the LDAP server after a SASL bind. .. seealso:: :rfc:`4532` - Lightweight Directory Access Protocol (LDAP) "Who am I?" Operation Connection-specific LDAP options -------------------------------- .. py:method:: LDAPObject.get_option(option) -> int|string This method returns the value of the LDAPObject option specified by *option*. .. py:method:: LDAPObject.set_option(option, invalue) -> None This method sets the value of the LDAPObject option specified by *option* to *invalue*. Object attributes ----------------- If the underlying library provides enough information, each LDAP object will also have the following attributes. These attributes are mutable unless described as read-only. .. py:attribute:: LDAPObject.deref -> int Controls whether aliases are automatically dereferenced. This must be one of :py:const:`DEREF_NEVER`, :py:const:`DEREF_SEARCHING`, :py:const:`DEREF_FINDING` or :py:const:`DEREF_ALWAYS`. This option is mapped to option constant :py:const:`OPT_DEREF` and used in the underlying OpenLDAP client lib. .. py:attribute:: LDAPObject.network_timeout -> int Limit on waiting for a network response, in seconds. Defaults to :py:const:`NO_LIMIT`. This option is mapped to option constant :py:const:`OPT_NETWORK_TIMEOUT` and used in the underlying OpenLDAP client lib. .. versionchanged:: 3.0.0 A timeout of ``-1`` or ``None`` resets timeout to infinity. .. py:attribute:: LDAPObject.protocol_version -> int Version of LDAP in use (either :py:const:`VERSION2` for LDAPv2 or :py:const:`VERSION3` for LDAPv3). This option is mapped to option constant :py:const:`OPT_PROTOCOL_VERSION` and used in the underlying OpenLDAP client lib. .. note:: It is highly recommended to set the protocol version after establishing a LDAP connection with :py:func:`ldap.initialize()` and before submitting the first request. .. py:attribute:: LDAPObject.sizelimit -> int Limit on size of message to receive from server. Defaults to :py:const:`NO_LIMIT`. This option is mapped to option constant :py:const:`OPT_SIZELIMIT` and used in the underlying OpenLDAP client lib. Its use is deprecated in favour of *sizelimit* parameter when using :py:meth:`search_ext()`. .. py:attribute:: LDAPObject.timelimit -> int Limit on waiting for any response, in seconds. Defaults to :py:const:`NO_LIMIT`. This option is mapped to option constant :py:const:`OPT_TIMELIMIT` and used in the underlying OpenLDAP client lib. Its use is deprecated in favour of using :py:attr:`timeout`. .. py:attribute:: LDAPObject.timeout -> int Limit on waiting for any response, in seconds. Defaults to :py:const:`NO_LIMIT`. This option is used in the wrapper module. .. _ldap-example: Example ======= The following example demonstrates how to open a connection to an LDAP server using the :py:mod:`ldap` module and invoke a synchronous subtree search. >>> import ldap >>> l = ldap.initialize('ldap://localhost:1390') >>> l.search_s('ou=Testing,dc=stroeder,dc=de',ldap.SCOPE_SUBTREE,'(cn=fred*)',['cn','mail']) [('cn=Fred Feuerstein,ou=Testing,dc=stroeder,dc=de', {'cn': ['Fred Feuerstein']})] >>> r = l.search_s('ou=Testing,dc=stroeder,dc=de',ldap.SCOPE_SUBTREE,'(objectClass=*)',['cn','mail']) >>> for dn,entry in r: >>> print('Processing',repr(dn)) >>> handle_ldap_entry(entry) python-ldap-3.2.0/Doc/reference/slapdtest.rst0000644000175000017500000000144213375007211023071 0ustar pviktoripviktorin00000000000000################################################################### :mod:`slapdtest` Spawning test instances of OpenLDAP's slapd server ################################################################### .. py:module:: slapdtest :synopsis: Spawning test instances of OpenLDAP's slapd server .. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) The module is used for testing python-ldap itself but can be used for automatically testing any OpenLDAP-based configuration setup. This module is pure Python and does not rely on any non-standard modules. Therefore it can be used stand-alone without the rest of the python-ldap package. Functions ^^^^^^^^^ Classes ^^^^^^^ .. autoclass:: slapdtest.SlapdObject :members: .. autoclass:: slapdtest.SlapdTestCase :members: python-ldap-3.2.0/Doc/reference/ldap-dn.rst0000644000175000017500000000773313327633471022430 0ustar pviktoripviktorin00000000000000:py:mod:`ldap.dn` LDAP Distinguished Name handling ==================================================== .. py:module:: ldap.dn :synopsis: LDAP Distinguished Name handling. .. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) .. % Author of the module code; .. seealso:: For LDAPv3 DN syntax see: :rfc:`4514` - Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names .. seealso:: For deprecated LDAPv2 DN syntax (obsoleted by LDAPv3) see: :rfc:`1779` - A String Representation of Distinguished Names The :mod:`ldap.dn` module defines the following functions: .. function:: escape_dn_chars(s) -> string This function escapes characters in string *s* which are special in LDAP distinguished names. You should use this function when building LDAP DN strings from arbitrary input. .. function:: str2dn(s [, flags=0]) -> list This function takes *s* and breaks it up into its component parts down to AVA level. The optional parameter *flags* describes the DN format of s (see :ref:`ldap-dn-flags`). Note that hex-encoded non-ASCII chars are decoded to the raw bytes. Internally this function is implemented by calling OpenLDAP C function `ldap_str2dn(3) `_. .. function:: dn2str(dn) -> string This function takes a decomposed DN in *dn* and returns a single string. It's the inverse to :func:`str2dn`. Special characters are escaped with the help of function :func:`escape_dn_chars`. .. function:: explode_dn(dn [, notypes=False[, flags=0]]) -> list This function takes *dn* and breaks it up into its component parts. Each part is known as an RDN (Relative Distinguished Name). The optional *notypes* parameter is used to specify that only the RDN values be returned and not their types. The optional parameter *flags* describes the DN format of s (see :ref:`ldap-dn-flags`). This function is emulated by function :func:`str2dn` since the function ldap_explode_dn() in the C library is deprecated. .. function:: explode_rdn(rdn [, notypes=False[, flags=0]]) -> list This function takes a (multi-valued) *rdn* and breaks it up into a list of characteristic attributes. The optional *notypes* parameter is used to specify that only the RDN values be returned and not their types. The optional *flags* parameter describes the DN format of s (see :ref:`ldap-dn-flags`). This function is emulated by function :func:`str2dn` since the function ldap_explode_rdn() in the C library is deprecated. .. function:: is_dn(dn[, flags=0]) -> boolean This function checks whether *dn* is a valid LDAP distinguished name by passing it to function :func:`str2dn`. .. _ldap-dn-example: Examples ^^^^^^^^^ Splitting a LDAPv3 DN to AVA level. Note that both examples have the same result but in the first example the non-ASCII chars are passed as is (byte buffer string) whereas in the second example the hex-encoded DN representation are passed to the function. >>> ldap.dn.str2dn('cn=Michael Str\xc3\xb6der,dc=example,dc=com',flags=ldap.DN_FORMAT_LDAPV3) [[('cn', 'Michael Str\xc3\xb6der', 4)], [('dc', 'example', 1)], [('dc', 'com', 1)]] >>> ldap.dn.str2dn('cn=Michael Str\C3\B6der,dc=example,dc=com',flags=ldap.DN_FORMAT_LDAPV3) [[('cn', 'Michael Str\xc3\xb6der', 4)], [('dc', 'example', 1)], [('dc', 'com', 1)]] Splitting a LDAPv2 DN into RDN parts: >>> ldap.dn.explode_dn('cn=John Doe;dc=example;dc=com',flags=ldap.DN_FORMAT_LDAPV2) ['cn=John Doe', 'dc=example', 'dc=com'] Splitting a multi-valued RDN: >>> ldap.dn.explode_rdn('cn=John Doe+mail=john.doe@example.com',flags=ldap.DN_FORMAT_LDAPV2) ['cn=John Doe', 'mail=john.doe@example.com'] Splitting a LDAPv3 DN with a multi-valued RDN into its AVA parts: >>> ldap.dn.str2dn('cn=John Doe+mail=john.doe@example.com,dc=example,dc=com') [[('cn', 'John Doe', 1), ('mail', 'john.doe@example.com', 1)], [('dc', 'example', 1)], [('dc', 'com', 1)]] python-ldap-3.2.0/Doc/reference/ldap-resiter.rst0000644000175000017500000000253413327633471023476 0ustar pviktoripviktorin00000000000000:py:mod:`ldap.resiter` Generator for stream-processing of large search results ============================================================================== .. py:module:: ldap.resiter :synopsis: Generator for stream-processing of large search results. .. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) .. _ldap.resiter-classes: .. py:class:: ResultProcessor This is a mix-in class to be used with class :py:class:`ldap.LDAPObject` or derived classes which has these methods: .. automethod:: ldap.resiter.ResultProcessor.allresults .. _ldap.resiter-example: Examples -------- .. _ldap.resiter.ResultProcessor-example: Using ldap.resiter.ResultProcessor ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This example demonstrates how to use mix-in class ldap.resiter.ResultProcessor for retrieving results formerly requested with :py:meth:`ldap.LDAPObject.search()` and processing them in a for-loop. :: import sys,ldap,ldap.resiter class MyLDAPObject(ldap.ldapobject.LDAPObject,ldap.resiter.ResultProcessor): pass l = MyLDAPObject('ldap://localhost') # Asynchronous search method msg_id = l.search('dc=stroeder,dc=com',ldap.SCOPE_SUBTREE,'(objectClass=*)') for res_type,res_data,res_msgid,res_controls in l.allresults(msg_id): for dn,entry in res_data: # process dn and entry print(dn,entry['objectClass']) python-ldap-3.2.0/Doc/reference/ldap-async.rst0000644000175000017500000000541013327633471023132 0ustar pviktoripviktorin00000000000000******************************************************************** :py:mod:`ldap.asyncsearch` Stream-processing of large search results ******************************************************************** .. py:module:: ldap.asyncsearch :synopsis: Framework for stream-processing of large search results. With newer Python versions one might want to consider using :py:mod:`ldap.resiter` instead. .. versionchanged:: 3.0 In Python 3.7 ``async`` is a reserved keyword. The module :py:mod:`ldap.async` has been renamed to :py:mod:`ldap.asyncsearch`. The old name :py:mod:`ldap.async` is still available for backwards compatibility. .. deprecated:: 3.0 The old name :py:mod:`ldap.async` is deprecated, but will not be removed until Python 3.6 reaches end-of-life. Classes ======= .. autoclass:: ldap.asyncsearch.AsyncSearchHandler :members: .. autoclass:: ldap.asyncsearch.List :members: .. autoclass:: ldap.asyncsearch.Dict :members: .. autoclass:: ldap.asyncsearch.IndexedDict :members: .. autoclass:: ldap.asyncsearch.LDIFWriter :members: .. _ldap.asyncsearch-example: Examples ======== .. _ldap.asyncsearch-example.List: Using ldap.asyncsearch.List ^^^^^^^^^^^^^^^^^^^^^^^^^^^ This example demonstrates how to use class ldap.asyncsearch.List for retrieving partial search results even though the exception :exc:`ldap.SIZELIMIT_EXCEEDED` was raised because a server side limit was hit. :: import sys,ldap,ldap.asyncsearch s = ldap.asyncsearch.List( ldap.initialize('ldap://localhost'), ) s.startSearch( 'dc=stroeder,dc=com', ldap.SCOPE_SUBTREE, '(objectClass=*)', ) try: partial = s.processResults() except ldap.SIZELIMIT_EXCEEDED: sys.stderr.write('Warning: Server-side size limit exceeded.\n') else: if partial: sys.stderr.write('Warning: Only partial results received.\n') sys.stdout.write( '%d results received.\n' % ( len(s.allResults) ) ) .. _ldap.asyncsearch-example.LDIFWriter: Using ldap.asyncsearch.LDIFWriter ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This example demonstrates how to use class ldap.asyncsearch.LDIFWriter for writing search results as LDIF to stdout. :: import sys,ldap,ldap.asyncsearch s = ldap.asyncsearch.LDIFWriter( ldap.initialize('ldap://localhost:1390'), sys.stdout ) s.startSearch( 'dc=stroeder,dc=com', ldap.SCOPE_SUBTREE, '(objectClass=*)', ) try: partial = s.processResults() except ldap.SIZELIMIT_EXCEEDED: sys.stderr.write('Warning: Server-side size limit exceeded.\n') else: if partial: sys.stderr.write('Warning: Only partial results received.\n') sys.stderr.write( '%d results received.\n' % ( s.endResultBreak-s.beginResultsDropped ) ) python-ldap-3.2.0/Doc/reference/ldap-controls.rst0000644000175000017500000001311713327633471023663 0ustar pviktoripviktorin00000000000000********************************************************************* :py:mod:`ldap.controls` High-level access to LDAPv3 extended controls ********************************************************************* .. py:module:: ldap.controls :synopsis: High-level access to LDAPv3 extended controls. .. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) Variables ========= .. py:data:: KNOWN_RESPONSE_CONTROLS Dictionary mapping the OIDs of known response controls to the accompanying :py:class:`ResponseControl` classes. This is used by :py:func:`DecodeControlTuples` to automatically decode control values. Calling application can also register their custom :py:class:`ResponseControl` classes in this dictionary possibly overriding pre-registered classes. Classes ======= This module defines the following classes: .. autoclass:: ldap.controls.RequestControl :members: .. autoclass:: ldap.controls.ResponseControl :members: .. autoclass:: ldap.controls.LDAPControl :members: Functions ========= This module defines the following functions: .. autofunction:: ldap.controls.RequestControlTuples .. autofunction:: ldap.controls.DecodeControlTuples Sub-modules =========== Various sub-modules implement specific LDAPv3 extended controls. The classes therein are derived from the base-classes :py:class:`ldap.controls.RequestControl`, :py:class:`ldap.controls.ResponseControl` or :py:class:`ldap.controls.LDAPControl`. Some of them require :py:mod:`pyasn1` and :py:mod:`pyasn1_modules` to be installed: Usually the names of the method arguments and the class attributes match the ASN.1 identifiers used in the specification. So looking at the referenced RFC or Internet-Draft is very helpful to understand the API. :py:mod:`ldap.controls.simple` Very simple controls ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. py:module:: ldap.controls.simple :synopsis: simple request and response controls implemented in pure Python .. autoclass:: ldap.controls.simple.ValueLessRequestControl :members: .. autoclass:: ldap.controls.simple.OctetStringInteger :members: .. autoclass:: ldap.controls.simple.BooleanControl :members: .. autoclass:: ldap.controls.simple.ManageDSAITControl :members: .. seealso:: :rfc:`3296` - Named Subordinate References in Lightweight Directory Access Protocol (LDAP) Directories .. autoclass:: ldap.controls.simple.RelaxRulesControl :members: .. seealso:: `draft-zeilenga-ldap-relax `_ .. autoclass:: ldap.controls.simple.ProxyAuthzControl :members: .. seealso:: :rfc:`4370` - Lightweight Directory Access Protocol (LDAP): Proxied Authorization Control .. autoclass:: ldap.controls.simple.AuthorizationIdentityRequestControl :members: .. seealso:: :rfc:`3829` - Lightweight Directory Access Protocol (LDAP): Authorization Identity Request and Response Controls .. autoclass:: ldap.controls.simple.AuthorizationIdentityResponseControl :members: .. seealso:: :rfc:`3829` - Lightweight Directory Access Protocol (LDAP): Authorization Identity Request and Response Controls .. autoclass:: ldap.controls.simple.GetEffectiveRightsControl :members: :py:mod:`ldap.controls.libldap` Various controls implemented in OpenLDAP libs ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. py:module:: ldap.controls.libldap :synopsis: request and response controls implemented by OpenLDAP libs This module wraps C functions in OpenLDAP client libs which implement various request and response controls into Python classes. .. autoclass:: ldap.controls.libldap.AssertionControl :members: .. seealso:: :rfc:`4528` - Lightweight Directory Access Protocol (LDAP) Assertion Control .. autoclass:: ldap.controls.libldap.MatchedValuesControl :members: .. seealso:: :rfc:`3876` - Returning Matched Values with the Lightweight Directory Access Protocol version 3 (LDAPv3) .. autoclass:: ldap.controls.libldap.SimplePagedResultsControl :members: .. seealso:: :rfc:`2696` - LDAP Control Extension for Simple Paged Results Manipulation :py:mod:`ldap.controls.psearch` LDAP Persistent Search ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. py:module:: ldap.controls.psearch :synopsis: request and response controls for LDAP persistent search This module implements request and response controls for LDAP persistent search. .. seealso:: `draft-ietf-ldapext-psearch `_ .. autoclass:: ldap.controls.psearch.PersistentSearchControl :members: .. autoclass:: ldap.controls.psearch.EntryChangeNotificationControl :members: :py:mod:`ldap.controls.sessiontrack` Session tracking control ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. py:module:: ldap.controls.sessiontrack :synopsis: request control for session tracking .. seealso:: `draft-wahl-ldap-session `_ .. autoclass:: ldap.controls.sessiontrack.SessionTrackingControl :members: :py:mod:`ldap.controls.readentry` Read entry control ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. py:module:: ldap.controls.readentry :synopsis: read entryrequest and response controls .. seealso:: :rfc:`4527` - Lightweight Directory Access Protocol (LDAP): Read Entry Controls .. autoclass:: ldap.controls.readentry.ReadEntryControl :members: .. autoclass:: ldap.controls.readentry.PreReadControl :members: .. autoclass:: ldap.controls.readentry.PostReadControl :members: python-ldap-3.2.0/Doc/reference/ldap-modlist.rst0000644000175000017500000000527213327633471023476 0ustar pviktoripviktorin00000000000000:py:mod:`ldap.modlist` Generate modify lists ============================================== .. py:module:: ldap.modlist The :mod:`ldap.modlist` module defines the following functions: .. function:: addModlist(entry [, ignore_attr_types=[]]) -> list This function builds a list suitable for passing it directly as argument *modlist* to method :py:meth:`ldap.ldapobject.LDAPObject.add` or its synchronous counterpart :py:meth:`ldap.ldapobject.LDAPObject.add_s`. *entry* is a dictionary like returned when receiving search results. *ignore_attr_types* is a list of attribute type names which shall be ignored completely. Attributes of these types will not appear in the result at all. .. function:: modifyModlist( old_entry, new_entry [, ignore_attr_types=[] [, ignore_oldexistent=0 [, case_ignore_attr_types=None]]]) -> list This function builds a list suitable for passing it directly as argument *modlist* to method :py:meth:`ldap.ldapobject.LDAPObject.modify` or its synchronous counterpart :py:meth:`ldap.ldapobject.LDAPObject.modify_s`. Roughly when applying the resulting modify list to an entry holding the data *old_entry* it will be modified in such a way that the entry holds *new_entry* after the modify operation. It is handy in situations when it is impossible to track user changes to an entry's data or for synchronizing operations. *old_entry* and *new_entry* are dictionaries like returned when receiving search results. *ignore_attr_types* is a list of attribute type names which shall be ignored completely. These attribute types will not appear in the result at all. If *ignore_oldexistent* is non-zero attribute type names which are in *old_entry* but are not found in *new_entry* at all are not deleted. This is handy for situations where your application sets attribute value to an empty string for deleting an attribute. In most cases leave zero. If *case_ignore_attr_types* is a list of attribute type names for which the comparison will be conducted case-insensitive. It is useful in situations where a LDAP server normalizes values and one wants to avoid unnecessary changes (e.g. case of attribute type names in DNs). .. note:: Replacing attribute values is always done with a :py:const:`ldap.MOD_DELETE`/:py:const:`ldap.MOD_ADD` pair instead of :py:const:`ldap.MOD_REPLACE` to work-around potential issues with attributes for which no EQUALITY matching rule are defined in the server's subschema. This works correctly in most situations but rarely fails with some LDAP servers implementing (schema) checks on transient state entry during processing the modify operation. python-ldap-3.2.0/Doc/reference/ldif.rst0000644000175000017500000000451113327633471022016 0ustar pviktoripviktorin00000000000000##################################### :mod:`ldif` LDIF parser and generator ##################################### .. py:module:: ldif :synopsis: Parses and generates LDIF files .. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) This module parses and generates LDAP data in the format LDIF. It is implemented in pure Python and does not rely on any non-standard modules. Therefore it can be used stand-alone without the rest of the python-ldap package. .. seealso:: :rfc:`2849` - The LDAP Data Interchange Format (LDIF) - Technical Specification Functions ^^^^^^^^^ .. autofunction:: ldif.CreateLDIF .. deprecated:: 3.0 ``ldif.CreateLDIF()`` is deprecated. It will be removed in version 3.1. Use :meth:`ldif.LDIFWriter.unparse` with a file or ``io.StringIO`` instead. .. autofunction:: ldif.ParseLDIF .. deprecated:: 3.0 ``ldif.ParseLDIF()`` is deprecated. It will be removed in version 3.1. Use the ``all_records`` attribute of the returned value of ``ldif.LDIFRecordList.parse()`` instead. Classes ^^^^^^^ .. autoclass:: ldif.LDIFWriter :members: .. autoclass:: ldif.LDIFParser :members: .. autoclass:: LDIFRecordList :members: .. autoclass:: LDIFCopy :members: .. _ldif-example: Example ^^^^^^^ The following example demonstrates how to write LDIF output of an LDAP entry with :mod:`ldif` module. >>> import sys,ldif >>> entry={'objectClass':['top','person'],'cn':['Michael Stroeder'],'sn':['Stroeder']} >>> dn='cn=Michael Stroeder,ou=Test' >>> ldif_writer=ldif.LDIFWriter(sys.stdout) >>> ldif_writer.unparse(dn,entry) dn: cn=Michael Stroeder,ou=Test cn: Michael Stroeder objectClass: top objectClass: person sn: Stroeder The following example demonstrates how to parse an LDIF file with :mod:`ldif` module, skip some entries and write the result to stdout. :: import sys from ldif import LDIFParser,LDIFWriter SKIP_DN = ["uid=foo,ou=People,dc=example,dc=com", "uid=bar,ou=People,dc=example,dc=com"] class MyLDIF(LDIFParser): def __init__(self,input,output): LDIFParser.__init__(self,input) self.writer = LDIFWriter(output) def handle(self,dn,entry): if dn in SKIP_DN: return self.writer.unparse(dn,entry) parser = MyLDIF(open("input.ldif", 'rb'), sys.stdout) parser.parse() python-ldap-3.2.0/Doc/reference/ldap-sasl.rst0000644000175000017500000000340413327633471022760 0ustar pviktoripviktorin00000000000000*********************************************** :py:mod:`ldap.sasl` SASL Authentication Methods *********************************************** .. py:module:: ldap.sasl This module implements various authentication methods for SASL bind. .. seealso:: :rfc:`4422` - Simple Authentication and Security Layer (SASL) :rfc:`4513` - Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms Constants ========= .. py:data:: CB_USER .. py:data:: CB_AUTHNAME .. py:data:: CB_LANGUAGE .. py:data:: CB_PASS .. py:data:: CB_ECHOPROMPT .. py:data:: CB_NOECHOPROMPT .. py:data:: CB_GETREALM Classes ======= .. autoclass:: ldap.sasl.sasl :members: This class is used with :py:meth:`ldap.LDAPObject.sasl_interactive_bind_s()`. .. autoclass:: ldap.sasl.cram_md5 :members: .. autoclass:: ldap.sasl.digest_md5 :members: .. autoclass:: ldap.sasl.gssapi :members: You might consider using convenience method :py:meth:`ldap.LDAPObject.sasl_gssapi_bind_s()`. .. autoclass:: ldap.sasl.external :members: You might consider using convenience method :py:meth:`ldap.LDAPObject.sasl_external_bind_s()`. .. _ldap.sasl-example: Examples for ldap.sasl ^^^^^^^^^^^^^^^^^^^^^^^^ This example connects to an OpenLDAP server via LDAP over IPC (see `draft-chu-ldap-ldapi `_) and sends a SASL external bind request. :: import ldap, ldap.sasl, urllib ldapi_path = '/tmp/openldap-socket' ldap_conn = ldap.initialize( 'ldapi://%s' % ( urllib.quote_plus(ldapi_path) ) ) # Send SASL bind request for mechanism EXTERNAL ldap_conn.sasl_non_interactive_bind_s('EXTERNAL') # Find out the SASL Authorization Identity print ldap_conn.whoami_s() python-ldap-3.2.0/Doc/reference/ldap-filter.rst0000644000175000017500000000233713327633471023307 0ustar pviktoripviktorin00000000000000:py:mod:`ldap.filter` LDAP filter handling ============================================ .. py:module:: ldap.filter :synopsis: LDAP filter handling. .. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) .. % Author of the module code; .. seealso:: :rfc:`4515` - Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters. The :mod:`ldap.filter` module defines the following functions: .. function:: escape_filter_chars(assertion_value[, escape_mode=0]) This function escapes characters in *assertion_value* which are special in LDAP filters. You should use this function when building LDAP filter strings from arbitrary input. *escape_mode* means: If :const:`0` only special chars mentioned in RFC 4515 are escaped. If :const:`1` all NON-ASCII chars are escaped. If :const:`2` all chars are escaped. .. % -> string .. function:: filter_format(filter_template, assertion_values) This function applies :func:`escape_filter_chars` to each of the strings in list *assertion_values*. After that *filter_template* containing as many :const:`%s` placeholders as count of assertion values is used to build the whole filter string. .. % -> string python-ldap-3.2.0/Doc/reference/index.rst0000644000175000017500000000106113327633471022204 0ustar pviktoripviktorin00000000000000python-ldap Reference Documentation =================================== This document describes the package python-ldap with its various modules. Depending on what you want to do this manual assumes basic to expert knowledge about the Python language and the LDAP standard (LDAPv3). .. toctree:: :maxdepth: 3 ldap.rst ldap-async.rst ldap-controls.rst ldap-dn.rst ldap-extop.rst ldap-filter.rst ldap-modlist.rst ldap-resiter.rst ldap-schema.rst ldap-syncrepl.rst ldap-sasl.rst ldif.rst ldapurl.rst slapdtest.rst python-ldap-3.2.0/Doc/reference/ldap-schema.rst0000644000175000017500000000357413327633471023266 0ustar pviktoripviktorin00000000000000******************************************** :py:mod:`ldap.schema` Handling LDAPv3 schema ******************************************** .. py:module:: ldap.schema This module deals with schema information usually retrieved from a special subschema subentry provided by the server. It is closely modeled along the directory information model described in the following RFC with which you should make yourself familiar when trying to use this module: .. seealso:: :rfc:`4512` - Lightweight Directory Access Protocol (LDAP): Directory Information Models :py:mod:`ldap.schema.subentry` Processing LDAPv3 subschema subentry ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. py:module:: ldap.schema.subentry .. py:data:: NOT_HUMAN_READABLE_LDAP_SYNTAXES Dictionary where the keys are the OIDs of LDAP syntaxes known to be not human-readable when displayed to a console without conversion and which cannot be decoded to a :py:data:`types.UnicodeType`. Functions ========= .. autofunction:: ldap.schema.subentry.urlfetch Classes ======= .. autoclass:: ldap.schema.subentry.SubSchema :members: :py:mod:`ldap.schema.models` Schema elements ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. py:module:: ldap.schema.models .. autoclass:: ldap.schema.models.Entry :members: .. autoclass:: ldap.schema.models.SchemaElement :members: .. autoclass:: ldap.schema.models.AttributeType :members: .. autoclass:: ldap.schema.models.ObjectClass :members: .. autoclass:: ldap.schema.models.MatchingRule :members: .. autoclass:: ldap.schema.models.MatchingRuleUse :members: .. autoclass:: ldap.schema.models.DITContentRule :members: .. autoclass:: ldap.schema.models.NameForm :members: .. autoclass:: ldap.schema.models.DITStructureRule :members: .. _ldap.schema-example: Examples for ldap.schema ^^^^^^^^^^^^^^^^^^^^^^^^ :: import ldap.schema python-ldap-3.2.0/Doc/reference/ldapurl.rst0000644000175000017500000000563313327633471022551 0ustar pviktoripviktorin00000000000000################################### :py:mod:`ldapurl` LDAP URL handling ################################### .. py:module:: ldapurl :synopsis: Parses and generates LDAP URLs .. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) This module parses and generates LDAP URLs. It is implemented in pure Python and does not rely on any non-standard modules. Therefore it can be used stand- alone without the rest of the python-ldap package. Compatibility note: This module has been solely tested on Python 2.x and above. .. seealso:: :rfc:`4516` - The LDAP URL Format Constants ========= The :mod:`ldapurl` module exports the following constants: .. py:data:: SEARCH_SCOPE This dictionary maps a search scope string identifier to the corresponding integer value used with search operations in :mod:`ldap`. .. py:data:: SEARCH_SCOPE_STR This dictionary is the inverse to :const:`SEARCH_SCOPE`. It maps a search scope integer value to the corresponding string identifier used in a LDAP URL string representation. .. py:data:: LDAP_SCOPE_BASE .. py:data:: LDAP_SCOPE_ONELEVEL .. py:data:: LDAP_SCOPE_SUBTREE Functions ========= .. autofunction:: ldapurl.isLDAPUrl .. autofunction:: ldapurl.ldapUrlEscape Classes ======= .. _ldapurl-ldapurl: LDAP URLs ^^^^^^^^^ A :py:class:`LDAPUrl` object represents a complete LDAP URL. .. autoclass:: ldapurl.LDAPUrl :members: LDAP URL extensions ^^^^^^^^^^^^^^^^^^^ A :py:class:`LDAPUrlExtension` object represents a single LDAP URL extension whereas :py:class:`LDAPUrlExtensions` represents a list of LDAP URL extensions. .. _ldapurl-ldapurlextension: .. autoclass:: ldapurl.LDAPUrlExtension :members: .. _ldapurl-ldapurlextensions: .. autoclass:: ldapurl.LDAPUrlExtensions :members: .. _ldapurl-example: Example ^^^^^^^ Important security advice: For security reasons you should not specify passwords in LDAP URLs unless you really know what you are doing. The following example demonstrates how to parse a LDAP URL with :mod:`ldapurl` module. >>> import ldapurl >>> ldap_url = ldapurl.LDAPUrl('ldap://localhost:1389/dc=stroeder,dc=com?cn,mail???bindname=cn=Michael%2cdc=stroeder%2cdc=com,X-BINDPW=secret') >>> # Using the parsed LDAP URL by reading the class attributes >>> ldap_url.dn 'dc=stroeder,dc=com' >>> ldap_url.hostport 'localhost:1389' >>> ldap_url.attrs ['cn','mail'] >>> ldap_url.filterstr '(objectclass=*)' >>> ldap_url.who 'cn=Michael,dc=stroeder,dc=com' >>> ldap_url.cred 'secret' >>> ldap_url.scope 0 The following example demonstrates how to generate a LDAP URL with \module{ldapurl} module. >>> import ldapurl >>> ldap_url = ldapurl.LDAPUrl(hostport='localhost:1389',dn='dc=stroeder,dc=com',attrs=['cn','mail'],who='cn=Michael,dc=stroeder,dc=com',cred='secret') >>> ldap_url.unparse() 'ldap://localhost:1389/dc=stroeder,dc=com?cn,mail?base?(objectclass=*)?bindname=cn=Michael%2Cdc=stroeder%2Cdc=com,X-BINDPW=secret' python-ldap-3.2.0/Doc/reference/ldap-syncrepl.rst0000644000175000017500000000112113327633471023647 0ustar pviktoripviktorin00000000000000******************************************************************** :py:mod:`ldap.syncrepl` Implementation of a syncrepl consumer ******************************************************************** .. py:module:: ldap.syncrepl :synopsis: Implementation of a syncrepl consumer .. seealso:: :rfc:`4533` - Lightweight Directory Access Protocol (v3): Content Synchronization Operation This requires :py:mod:`pyasn1` and :py:mod:`pyasn1_modules` to be installed. Classes ======= This module defines the following classes: .. autoclass:: ldap.syncrepl.SyncreplConsumer :members: python-ldap-3.2.0/Doc/reference/ldap-extop.rst0000644000175000017500000000200713327633471023153 0ustar pviktoripviktorin00000000000000******************************************************************** :py:mod:`ldap.extop` High-level access to LDAPv3 extended operations ******************************************************************** .. py:module:: ldap.extop :synopsis: High-level access to LDAPv3 extended operations. Classes ======= This module defines the following classes: .. autoclass:: ldap.extop.ExtendedRequest :members: .. autoclass:: ldap.extop.ExtendedResponse :members: :py:mod:`ldap.extop.dds` Classes for Dynamic Entries extended operations ======================================================================== .. py:module:: ldap.extop.dds :synopsis: Classes for Dynamic Entries extended operations This requires :py:mod:`pyasn1` and :py:mod:`pyasn1_modules` to be installed. .. seealso:: :rfc:`2589` - Lightweight Directory Access Protocol (v3): Extensions for Dynamic Directory Services .. autoclass:: ldap.extop.dds.RefreshRequest :members: .. autoclass:: ldap.extop.dds.RefreshResponse :members: python-ldap-3.2.0/Doc/spelling_wordlist.txt0000644000175000017500000000274013424323370022707 0ustar pviktoripviktorin00000000000000args async asyncsearch attr attrlist attrList attrs attrsonly attrsOnly attrtype authzId automagically backend behaviour BER bindname boolean booleanValue Bytestrings cancelled canonicalization cb cfg changeNumber changesOnly changeType changeTypes cidict clientctrls conf controlType controlValue committers CPython criticality cryptographic Cyrus defresult dereferenced dereferencing desc directoryOperation distinguished distributedOperation dit dn DN dSAOperation encodedControlValue encodedResponseValue extype exvalue favour filterstr filterStr formatOID func Heimdal hostport hrefTarget hrefText ignoreResultsNumber integerValue Interoperability isn Keepalive Kerberos keyerror knownLDAPControls kwarg ldap ldapadd ldapControls ldapControlTuples ldapdelete ldapi LDAPObject ldaps ldapurl ldapwhoami ldif LDIFWriter libldap libs Libs macOS modlist modrdn msgid multi nameoroid nots Novell objectClass oc oid oids OpenLDAP Pagure postalAddress pre previousDN processResultsCount Proxied py rdn reentrant refmodule refreshAndPersist refreshDeletes refreshOnly requestName requestValue resiter respvalue ResultProcessor returnECs ruleid rundir sasl searchRoot searchScope sed serverctrls sessionSourceIp sessionSourceName sessionTrackingIdentifier sizelimit slapd stderr stdout str Subclasses subentry subschema substr subtree syncrepl syntaxes timelimit tracebacks tuple tuples UDP Umich unparsing unsigend uri urlPrefix urlscheme userApplications userPassword usr uuids Valgrind whitespace workflow python-ldap-3.2.0/Doc/conf.py0000644000175000017500000001124613441743002017677 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- # # python-ldap documentation build configuration file, created by # sphinx-quickstart on Sat Mar 29 15:08:17 2008. # # This file is execfile()d with the current directory set to its containing dir. # # The contents of this file are pickled, so don't put values in the namespace # that aren't pickleable (module imports are okay, they're removed automatically). # # All configuration values have a default value; values that are commented out # serve to show the default value. import sys import os # If your extensions are in another directory, add it here. _doc_dir = os.path.dirname(__file__) sys.path.append(_doc_dir) sys.path.insert(0, os.path.join(_doc_dir, '../Lib/')) sys.path.insert(0, os.path.join(_doc_dir, '../Lib/ldap')) # Import fake `_ldap` module import fake_ldap_module_for_documentation # Now ldap can be used normally from ldap import __version__ # General configuration # --------------------- # Add any Sphinx extension module names here, as strings. They can be extensions # coming with Sphinx (named 'sphinx.ext.*') or your custom ones. extensions = [ 'sphinx.ext.autodoc', 'sphinx.ext.intersphinx', ] try: import sphinxcontrib.spelling except ImportError: pass else: extensions.append('sphinxcontrib.spelling') # Add any paths that contain templates here, relative to this directory. templates_path = ['.templates'] # The suffix of source filenames. source_suffix = '.rst' # The master toctree document. master_doc = 'index' # General substitutions. project = 'python-ldap' copyright = '2008-2017, python-ldap project team' # The default replacements for |version| and |release|, also used in various # other places throughout the built documents. # # The short X.Y version. version = '.'.join(__version__.split('.')[:2]) # The full version, including alpha/beta/rc tags. release = __version__ # There are two options for replacing |today|: either, you set today to some # non-false value, then it is used: #today = '' # Else, today_fmt is used as the format for a strftime call. today_fmt = '%B %d, %Y' # List of documents that shouldn't be included in the build. #unused_docs = [] # If true, '()' will be appended to :func: etc. cross-reference text. #add_function_parentheses = True # If true, the current module name will be prepended to all description # unit titles (such as .. function::). #add_module_names = True # If true, sectionauthor and moduleauthor directives will be shown in the # output. They are ignored by default. #show_authors = False # The name of the Pygments (syntax highlighting) style to use. pygments_style = 'sphinx' # Options for HTML output # ----------------------- # The style sheet to use for HTML and HTML Help pages. A file of that name # must exist either in Sphinx' static/ path, or in one of the custom paths # given in html_static_path. #html_style = 'pyramid.css' # Add any paths that contain custom static files (such as style sheets) here, # relative to this directory. They are copied after the builtin static files, # so a file named "default.css" will overwrite the builtin "default.css". #html_static_path = ['/usr/lib/python2.7/site-packages/sphinx/themes/pyramid/static'] # If not '', a 'Last updated on:' timestamp is inserted at every page bottom, # using the given strftime format. html_last_updated_fmt = '%b %d, %Y' # If true, SmartyPants will be used to convert quotes and dashes to # typographically correct entities. #html_use_smartypants = True # Content template for the index page. #html_index = '' # Custom sidebar templates, maps document names to template names. #html_sidebars = {} # Additional templates that should be rendered to pages, maps page names to # template names. #html_additional_pages = {} # If false, no module index is generated. html_use_modindex = True # If true, the reST sources are included in the HTML build as _sources/. #html_copy_source = True # Output file base name for HTML help builder. htmlhelp_basename = 'python-ldap-doc' # Options for LaTeX output # ------------------------ # The paper size ('letter' or 'a4'). #latex_paper_size = 'letter' # The font size ('10pt', '11pt' or '12pt'). #latex_font_size = '10pt' # Grouping the document tree into LaTeX files. List of tuples # (source start file, target name, title, author, document class [howto/manual]). latex_documents = [('index', 'python-ldap.tex', 'python-ldap Documentation', 'python-ldap project', 'manual')] # Additional stuff for the LaTeX preamble. #latex_preamble = '' # Documents to append as an appendix to all manuals. #latex_appendices = [] # If false, no module index is generated. latex_use_modindex = True intersphinx_mapping = {'python': ('https://docs.python.org/3', None)} python-ldap-3.2.0/Doc/bytes_mode.rst0000644000175000017500000001112113441743002021254 0ustar pviktoripviktorin00000000000000.. _text-bytes: Bytes/text management ===================== Python 3 introduces a hard distinction between *text* (``str``) – sequences of characters (formally, *Unicode codepoints*) – and ``bytes`` – sequences of 8-bit values used to encode *any* kind of data for storage or transmission. Python 2 has the same distinction between ``str`` (bytes) and ``unicode`` (text). However, values can be implicitly converted between these types as needed, e.g. when comparing or writing to disk or the network. The implicit encoding and decoding can be a source of subtle bugs when not designed and tested adequately. In python-ldap 2.x (for Python 2), bytes were used for all fields, including those guaranteed to be text. From version 3.0, python-ldap uses text where appropriate. On Python 2, the :ref:`bytes mode ` setting influences how text is handled. What's text, and what's bytes ----------------------------- The LDAP protocol states that some fields (distinguished names, relative distinguished names, attribute names, queries) be encoded in UTF-8. In python-ldap, these are represented as text (``str`` on Python 3, ``unicode`` on Python 2). Attribute *values*, on the other hand, **MAY** contain any type of data, including text. To know what type of data is represented, python-ldap would need access to the schema, which is not always available (nor always correct). Thus, attribute values are *always* treated as ``bytes``. Encoding/decoding to other formats – text, images, etc. – is left to the caller. .. _bytes_mode: The bytes mode -------------- In Python 3, text values are represented as ``str``, the Unicode text type. In Python 2, the behavior of python-ldap 3.0 is influenced by a ``bytes_mode`` argument to :func:`ldap.initialize`: ``bytes_mode=True`` (backwards compatible): Text values are represented as bytes (``str``) encoded using UTF-8. ``bytes_mode=False`` (future compatible): Text values are represented as ``unicode``. If not given explicitly, python-ldap will default to ``bytes_mode=True``, but if an ``unicode`` value supplied to it, if will warn and use that value. Backwards-compatible behavior is not scheduled for removal until Python 2 itself reaches end of life. Errors, warnings, and automatic encoding ---------------------------------------- While the type of values *returned* from python-ldap is always given by ``bytes_mode``, for Python 2 the behavior for “wrong-type” values *passed in* can be controlled by the ``bytes_strictness`` argument to :func:`ldap.initialize`: ``bytes_strictness='error'`` (default if ``bytes_mode`` is specified): A ``TypeError`` is raised. ``bytes_strictness='warn'`` (default when ``bytes_mode`` is not given explicitly): A warning is raised, and the value is encoded/decoded using the UTF-8 encoding. The warnings are of type :class:`~ldap.LDAPBytesWarning`, which is a subclass of :class:`BytesWarning` designed to be easily :ref:`filtered out ` if needed. ``bytes_strictness='silent'``: The value is automatically encoded/decoded using the UTF-8 encoding. On Python 3, ``bytes_strictness`` is ignored and a ``TypeError`` is always raised. When setting ``bytes_strictness``, an explicit value for ``bytes_mode`` needs to be given as well. Porting recommendations ----------------------- Since end of life of Python 2 is coming in a few years, projects are strongly urged to make their code compatible with Python 3. General instructions for this are provided :ref:`in Python documentation ` and in the `Conservative porting guide`_. .. _Conservative porting guide: https://portingguide.readthedocs.io/en/latest/ When porting from python-ldap 2.x, users are advised to update their code to set ``bytes_mode=False``, and fix any resulting failures. The typical usage is as follows. Note that only the result's *values* are of the ``bytes`` type: .. code-block:: pycon >>> import ldap >>> con = ldap.initialize('ldap://localhost:389', bytes_mode=False) >>> con.simple_bind_s(u'login', u'secret_password') >>> results = con.search_s(u'ou=people,dc=example,dc=org', ldap.SCOPE_SUBTREE, u"(cn=Raphaël)") >>> results [ ("cn=Raphaël,ou=people,dc=example,dc=org", { 'cn': [b'Rapha\xc3\xabl'], 'sn': [b'Barrois'], }), ] .. _filter-bytes-warning: Filtering warnings ------------------ The bytes mode warnings can be filtered out and ignored with a simple filter. .. code-block:: python import warnings import ldap if hasattr(ldap, 'LDAPBytesWarning'): warnings.simplefilter('ignore', ldap.LDAPBytesWarning) python-ldap-3.2.0/Doc/installing.rst0000644000175000017500000001411213441743002021271 0ustar pviktoripviktorin00000000000000.. highlight:: console .. _installing: Installing python-ldap ###################### Installing from PyPI ==================== The preferred point for downloading the “official” source distribution is the `PyPI repository`_ which supports installing via `pip`_. For example:: $ python -m pip install python-ldap .. _PyPI repository: https://pypi.org/project/python-ldap/ .. _pip: https://pip.pypa.io/en/stable/ For installing from PyPI, you will need the same :ref:`build prerequisites` as when installing from source. We do not currently provide pre-built packages (wheels). Furthermore, python-ldap requires the modules `pyasn1`_ and `pyasn1-modules`_. ``pip`` will install these automatically. .. _pyasn1: https://pypi.org/project/pyasn1/ .. _pyasn1-modules: https://pypi.org/project/pyasn1-modules/ Pre-built Binaries ================== Because distributions seem to be all over the place, this page tries to list all the current ones we know of. Note that the python-ldap team is not responsible for the binary packages except the sources you can grab from the PyPI page. Also note that binary packages are most times not up to date. If you experience troubles with a binary package, it would be nice if you try to build a recent version of python-ldap before submitting a bug report to make sure you did not hit a problem already fixed in recent releases. `openSUSE Linux `_ --------------------------------------------- Ships with python-ldap and there's an additional `download repository `_ which contains builds of latest releases (see also `OBS package `_). `Debian Linux `_ ---------------------------------------- Have a look into the `Debian Package Tracker `_ to get up to date information which versions are available. Windows ------- Unofficial packages for Windows are available on `Christoph Gohlke's page `_. `FreeBSD `_ ------------------------------------- The CVS repository of FreeBSD contains the package `py-ldap `_ macOS ----- You can install directly with pip:: $ xcode-select --install $ pip install python-ldap \ --global-option=build_ext \ --global-option="-I$(xcrun --show-sdk-path)/usr/include/sasl" .. _install-source: Installing from Source ====================== python-ldap is built and installed using the Python setuptools. From a source repository:: $ python -m pip install setuptools $ python setup.py install If you have more than one Python interpreter installed locally, you should use the same one you plan to use python-ldap with. Further instructions can be found in :ref:`Setuptools documentation `. .. _build prerequisites: Build prerequisites =================== The following software packages are required to be installed on the local system when building python-ldap: - `Python`_ version 2.7, or 3.4 or later including its development files - C compiler corresponding to your Python version (on Linux, it is usually ``gcc``) - `OpenLDAP`_ client libs version 2.4.11 or later; it is not possible and not supported to build with prior versions. - `OpenSSL`_ (optional) - `Cyrus SASL`_ (optional) - Kerberos libraries, MIT or Heimdal (optional) .. _Python: https://www.python.org/ .. _OpenLDAP: https://www.openldap.org/ .. _OpenSSL: https://www.openssl.org/ .. _Cyrus SASL: https://www.cyrusimap.org/sasl/ Alpine ------ Packages for building:: # apk add build-base openldap-dev python2-dev python3-dev CentOS ------ Packages for building:: # yum groupinstall "Development tools" # yum install openldap-devel python-devel Debian ------ Packages for building and testing:: # apt-get install build-essential python3-dev python2.7-dev \ libldap2-dev libsasl2-dev slapd ldap-utils python-tox \ lcov valgrind Fedora ------ Packages for building and testing:: # dnf install "@C Development Tools and Libraries" openldap-devel \ python2-devel python3-devel python3-tox \ lcov clang-analyzer valgrind .. note:: ``openldap-2.4.45-2`` (Fedora 26), ``openldap-2.4.45-4`` (Fedora 27) or newer are required. setup.cfg ========= The file setup.cfg allows to set some build and installation parameters for reflecting the local installation of required software packages. Only section ``[_ldap]`` is described here. More information about other sections can be found in :ref:`Setuptools documentation `. .. data:: library_dirs Specifies in which directories to search for required libraries. .. data:: include_dirs Specifies in which directories to search for include files of required libraries. .. data:: libs A space-separated list of library names to link to (see :ref:`libs-used-label`). .. data:: extra_compile_args Compiler options. .. data:: extra_objects .. _libs-used-label: Libraries used --------------- .. data:: ldap :noindex: .. data:: ldap_r :noindex: The LDAP protocol library of OpenLDAP. ``ldap_r`` is the reentrant version and should be preferred. .. data:: lber :noindex: The BER encoder/decoder library of OpenLDAP. .. data:: sasl2 :noindex: The Cyrus-SASL library (optional) .. data:: ssl :noindex: The SSL/TLS library of OpenSSL (optional) .. data:: crypto :noindex: The basic cryptographic library of OpenSSL (optional) Example ------- The following example is for a full-featured build (including SSL and SASL support) of python-ldap with OpenLDAP installed in a different prefix directory (here ``/opt/openldap-2.4``) and SASL header files found in /usr/include/sasl. Debugging symbols are preserved with compile option ``-g``. :: [_ldap] library_dirs = /opt/openldap-2.4/lib include_dirs = /opt/openldap-2.4/include /usr/include/sasl extra_compile_args = -g extra_objects = libs = ldap_r lber sasl2 ssl crypto python-ldap-3.2.0/Doc/index.rst0000644000175000017500000000347413327633471020260 0ustar pviktoripviktorin00000000000000python-ldap =========== What is python-ldap? -------------------- python-ldap provides an object-oriented API to access `LDAP`_ directory servers from `Python`_ programs. For LDAP operations the module wraps `OpenLDAP`_'s client library, *libldap*. Additionally, the package contains modules for other LDAP-related stuff: * `LDIF`_ parsing and generation * LDAP URLs * LDAPv3 subschema .. _LDAP: https://en.wikipedia.org/wiki/Ldap .. _Python: https://www.python.org/ .. _OpenLDAP: https://www.openldap.org/ .. _LDIF: https://en.wikipedia.org/wiki/LDIF Get it! ------- :ref:`Installation instructions ` are available for several platforms. Source code can be obtained using Git:: git clone https://github.com/python-ldap/python-ldap Mailing list ------------ Discussion about the use and future of python-ldap occurs in the ``python-ldap@python.org`` mailing list. You can `subscribe or unsubscribe`_ to this list or browse the `list archive`_. .. _subscribe or unsubscribe: https://mail.python.org/mailman/listinfo/python-ldap .. _list archive: https://mail.python.org/pipermail/python-ldap/ Documentation ------------- The documentation for python-ldap 3.x is hosted at `Read the Docs`_. You can switch between versions of the library, or download PDF or HTML versions for offline use, using the sidebar on the right. Documentation for some older versions is available for download at the `GitHub release page`_. .. _Read the Docs: https://python-ldap.readthedocs.io/en/latest/ .. _GitHub release page: https://github.com/python-ldap/python-ldap/releases Contents -------- .. toctree:: :maxdepth: 2 installing.rst bytes_mode.rst reference/index.rst resources.rst contributing.rst faq.rst Indices and tables ------------------ * :ref:`genindex` * :ref:`modindex` * :ref:`search` python-ldap-3.2.0/Doc/fake_ldap_module_for_documentation.py0000644000175000017500000000146113327633471026035 0ustar pviktoripviktorin00000000000000""" A module that mocks `_ldap` for the purposes of generating documentation This module provides placeholders for the contents of `_ldap`, making it possible to generate documentation even _ldap is not compiled. It should also make the documentation independent of which features are available in the system OpenLDAP library. The overly long module name will show up in AttributeError messages, hinting that this is not the actual _ldap. See https://www.python-ldap.org/ for details. """ import sys # Cause `import _ldap` to import this module instead of the actual `_ldap`. sys.modules['_ldap'] = sys.modules[__name__] from constants import CONSTANTS from pkginfo import __version__ for constant in CONSTANTS: globals()[constant.name] = constant def get_option(num): pass class LDAPError: pass python-ldap-3.2.0/Doc/faq.rst0000644000175000017500000001351613424323370017706 0ustar pviktoripviktorin00000000000000python-ldap FAQ =============== Project ------- **Q**: Is python-ldap yet another abandon-ware project? **A1**: “Jump on in.” **A2**: “Jump into the C ;-)” **A3**: see file CHANGES in source distribution or `repository`_. .. _repository: https://github.com/python-ldap/python-ldap/blob/master/CHANGES Usage ----- **Q**: Does it work with Python 3? **A0**: Yes, from 3.0 on. **A1**. For earlier versions, there's `pyldap`_, an independent fork now merged into python-ldap. .. _pyldap: https://pypi.org/project/pyldap/ **Q**: Does it work with Python 2.6? (1.5|2.0|2.1|2.2|2.3|2.4|2.5)? **A**: No. Old versions of python-ldap are still available from PyPI, though. **Q**: My code imports module ``_ldap``. That used to work, but after an upgrade it does not work anymore. Why? **A**: Despite some outdated programming examples, the extension module ``_ldap`` **MUST NOT** be imported directly, unless you really know what you're doing (e.g. for internal regression testing). Import ``ldap`` instead, which is a Python wrapper around ``_ldap`` providing the full functionality. **Q**: My script bound to MS Active Directory but a a search operation results in the exception :exc:`ldap.OPERATIONS_ERROR` with the diagnostic messages text “In order to perform this operation a successful bind must be completed on the connection.” What's happening here? **A**: When searching from the domain level, MS AD returns referrals (search continuations) for some objects to indicate to the client where to look for these objects. Client-chasing of referrals is a broken concept, since LDAPv3 does not specify which credentials to use when chasing the referral. Windows clients are supposed to simply use their Windows credentials, but this does not work in general when chasing referrals received from and pointing to arbitrary LDAP servers. Therefore, per default, ``libldap`` automatically chases the referrals internally with an *anonymous* access which fails with MS AD. So, the best thing to do is to switch this behaviour off:: l = ldap.initialize('ldap://foobar') l.set_option(ldap.OPT_REFERRALS,0) **Q**: Why am I seeing a ``ldap.SUCCESS`` traceback as output? **A**: Most likely, you are using one of the non-synchronous calls, and probably mean to be using a synchronous call (see detailed explanation in :ref:`sending-ldap-requests`). **Q**: Can I use LDAPv2 via python-ldap? **A**: Yes, by explicitly setting the class attribute :attr:`~ldap.LDAPObject.protocol_version`. You should not do that nowadays since `LDAPv2 is considered historic `_ since many years. Installing ---------- **Q**: Does it work with Windows 32? **A**: Yes. You can find links to unofficial pre-compiled packages for Windows on the :ref:`installing` page. **Q**: Can python-ldap be built against OpenLDAP 2.3 libs or older? **A**: No. The needed minimal version of OpenLDAP is documented in :ref:`build prerequisites`. Patched builds of python-ldap linked to older libs are not supported by the python-ldap project. **Q**: During build there are warning messages displayed telling Lib/ldap.py and Lib/ldap/schema.py are not found:: warning: build_py: file Lib/ldap.py (for module ldap) not found warning: build_py: file Lib/ldap/schema.py (for module ldap.schema) not found .. **A**: ``ldap`` and ``ldap.schema`` are both module packages (directories containing various sub-modules). The messages above are falsely produced by DistUtils. Don't worry about it. .. _install-macosx: **Q**: What's the correct way to install on macOS? **A**:: xcode-select --install pip install python-ldap \ --global-option=build_ext \ --global-option="-I$(xcrun --show-sdk-path)/usr/include/sasl" **Q**: While importing module ``ldap``, some shared lib files are not found. The error message looks similar to this:: ImportError: ld.so.1: /usr/local/bin/python: fatal: liblber.so.2: open failed: No such file or directory .. **A1**: You need to make sure that the path to ``liblber.so.2`` and ``libldap.so.2`` is in your ``LD_LIBRARY_PATH`` environment variable. **A2**: Alternatively, if you're on Linux, you can add the path to ``liblber.so.2`` and ``libldap.so.2`` to ``/etc/ld.so.conf`` and invoke the command ``ldconfig`` afterwards. Historic -------- **Q**: Can python-ldap 2.x be built against Netscape, Mozilla or Novell libs? **A**: Nope. **Q**: My binary version of python-ldap was build with LDAP libs 3.3. But the python-ldap docs say LDAP libs 2.x are needed. I'm confused! Short answer: See answer above and the :ref:`installing` page for a more recent version. Long answer: E.g. some Win32 DLLs floating around for download are based on the old Umich LDAP code which is not maintained anymore for *many* years! Last Umich 3.3 release was 1997 if I remember correctly. The OpenLDAP project took over the Umich code and started releasing OpenLDAP 1.x series mainly fixing bugs and doing some improvements to the database backend. Still, only LDAPv2 was supported at server and client side. (Many commercial vendors also derived their products from the Umich code.) OpenLDAP 2.x is a full-fledged LDAPv3 implementation. It has its roots in Umich code but has many more features/improvements. **Q**: While importing module ``ldap``, there are undefined references reported. The error message looks similar to this:: ImportError: /usr/local/lib/libldap.so.2: undefined symbol: res_query .. **A**: Especially on older Linux systems, you might have to explicitly link against ``libresolv``. Tweak ``setup.cfg`` to contain this line:: libs = lber ldap resolv python-ldap-3.2.0/Doc/resources.rst0000644000175000017500000000420313327633471021152 0ustar pviktoripviktorin00000000000000Third-party documentation ========================= The following documents referenced are not written by python-ldap project members. Therefore some information might be outdated or links might be broken. *Python LDAP Applications* articles by Matt Butcher --------------------------------------------------- * `Part 1 - Installing and Configuring the Python-LDAP Library and Binding to an LDAP Directory `_ This also covers SASL. * `Part 2 - LDAP Operations `_ * `Part 3 - More LDAP Operations and the LDAP URL Library `_ * `Part 4 - LDAP Schema `_ Gee, someone waded through the badly documented mysteries of module :mod:`ldap.schema`. `LDAP Programming in Python `_ ------------------------------------------------------------------------- Another article for getting started with python-ldap. `RFC 1823 `_ ------------------------------------------------- The LDAP Application Program Interface, mainly for LDAPv2. `LDAPEXT draft `_ ---------------------------------------------------------------------------- The Internet draft of the discontinued IETF working group LDAPEXT is of interest here since the OpenLDAP 2 libs implement this (expired) draft. `OpenLDAP `_ --------------------------------------- It's worth to have a look at the `manual pages `_ and the `Developer's FAQ `_. `VSLDAP `_ ---------------------------------------------------------------------------------------- VSLDAP Interoperability Test Suite. python-ldap-3.2.0/Tests/0000755000175000017500000000000013441750214016774 5ustar pviktoripviktorin00000000000000python-ldap-3.2.0/Tests/t_ldap_dn.py0000644000175000017500000002050713441744767021316 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ Automatic tests for python-ldap's module ldap.dn See https://www.python-ldap.org/ for details. """ from __future__ import unicode_literals # from Python's standard lib import os import unittest # Switch off processing .ldaprc or ldap.conf before importing _ldap os.environ['LDAPNOINIT'] = '1' import ldap.dn class TestDN(unittest.TestCase): """ test ldap.functions """ def test_is_dn(self): """ test function is_dn() """ self.assertEqual(ldap.dn.is_dn('foobar,ou=ae-dir'), False) self.assertEqual(ldap.dn.is_dn('-cn=foobar,ou=ae-dir'), False) self.assertEqual(ldap.dn.is_dn(';cn=foobar,ou=ae-dir'), False) self.assertEqual(ldap.dn.is_dn(',cn=foobar,ou=ae-dir'), False) self.assertEqual(ldap.dn.is_dn('cn=foobar,ou=ae-dir,'), False) self.assertEqual(ldap.dn.is_dn('uid=xkcd,cn=foobar,ou=ae-dir'), True) self.assertEqual(ldap.dn.is_dn('cn=äöüÄÖÜß,o=äöüÄÖÜß'), True) self.assertEqual( ldap.dn.is_dn( r'cn=\c3\a4\c3\b6\c3\bc\c3\84\c3\96\c3\9c\c3\9f,o=\c3\a4\c3\b6\c3\bc\c3\84\c3\96\c3\9c\c3\9f' ), True ) def test_escape_dn_chars(self): """ test function escape_dn_chars() """ self.assertEqual(ldap.dn.escape_dn_chars('foobar'), 'foobar') self.assertEqual(ldap.dn.escape_dn_chars('foo,bar'), 'foo\\,bar') self.assertEqual(ldap.dn.escape_dn_chars('foo=bar'), 'foo\\=bar') self.assertEqual(ldap.dn.escape_dn_chars('foo#bar'), 'foo#bar') self.assertEqual(ldap.dn.escape_dn_chars('#foobar'), '\\#foobar') self.assertEqual(ldap.dn.escape_dn_chars('foo bar'), 'foo bar') self.assertEqual(ldap.dn.escape_dn_chars(' foobar'), '\\ foobar') def test_str2dn(self): """ test function str2dn() """ self.assertEqual(ldap.dn.str2dn(''), []) self.assertEqual( ldap.dn.str2dn('uid=test42,ou=Testing,dc=example,dc=com'), [ [('uid', 'test42', 1)], [('ou', 'Testing', 1)], [('dc', 'example', 1)], [('dc', 'com', 1)] ] ) self.assertEqual( ldap.dn.str2dn('uid=test42+uidNumber=42,ou=Testing,dc=example,dc=com'), [ [('uid', 'test42', 1), ('uidNumber', '42', 1) ], [('ou', 'Testing', 1)], [('dc', 'example', 1)], [('dc', 'com', 1)] ] ) self.assertEqual( ldap.dn.str2dn('uid=test42,ou=Testing,dc=example,dc=com', flags=0), [ [('uid', 'test42', 1)], [('ou', 'Testing', 1)], [('dc', 'example', 1)], [('dc', 'com', 1)] ] ) self.assertEqual( ldap.dn.str2dn('uid=test42; ou=Testing; dc=example; dc=com', flags=ldap.DN_FORMAT_LDAPV2), [ [('uid', 'test42', 1)], [('ou', 'Testing', 1)], [('dc', 'example', 1)], [('dc', 'com', 1)] ] ) self.assertEqual( ldap.dn.str2dn('uid=test\\, 42,ou=Testing,dc=example,dc=com', flags=0), [ [('uid', 'test, 42', 1)], [('ou', 'Testing', 1)], [('dc', 'example', 1)], [('dc', 'com', 1)] ] ) self.assertEqual( ldap.dn.str2dn('cn=äöüÄÖÜß,dc=example,dc=com', flags=0), [ [('cn', 'äöüÄÖÜß', 4)], [('dc', 'example', 1)], [('dc', 'com', 1)] ] ) self.assertEqual( ldap.dn.str2dn('cn=\\c3\\a4\\c3\\b6\\c3\\bc\\c3\\84\\c3\\96\\c3\\9c\\c3\\9f,dc=example,dc=com', flags=0), [ [('cn', 'äöüÄÖÜß', 4)], [('dc', 'example', 1)], [('dc', 'com', 1)] ] ) def test_dn2str(self): """ test function dn2str() """ self.assertEqual(ldap.dn.str2dn(''), []) self.assertEqual( ldap.dn.dn2str([ [('uid', 'test42', 1)], [('ou', 'Testing', 1)], [('dc', 'example', 1)], [('dc', 'com', 1)] ]), 'uid=test42,ou=Testing,dc=example,dc=com', ) self.assertEqual( ldap.dn.dn2str([ [('uid', 'test42', 1)], [('ou', 'Testing', 1)], [('dc', 'example', 1)], [('dc', 'com', 1)] ]), 'uid=test42,ou=Testing,dc=example,dc=com' ) self.assertEqual( ldap.dn.dn2str([ [('uid', 'test42', 1), ('uidNumber', '42', 1)], [('ou', 'Testing', 1)], [('dc', 'example', 1)], [('dc', 'com', 1)] ]), 'uid=test42+uidNumber=42,ou=Testing,dc=example,dc=com' ) self.assertEqual( ldap.dn.dn2str([ [('uid', 'test, 42', 1)], [('ou', 'Testing', 1)], [('dc', 'example', 1)], [('dc', 'com', 1)] ]), 'uid=test\\, 42,ou=Testing,dc=example,dc=com' ) self.assertEqual( ldap.dn.dn2str([ [('cn', 'äöüÄÖÜß', 4)], [('dc', 'example', 1)], [('dc', 'com', 1)] ]), 'cn=äöüÄÖÜß,dc=example,dc=com' ) def test_explode_dn(self): """ test function explode_dn() """ self.assertEqual(ldap.dn.explode_dn(''), []) self.assertEqual( ldap.dn.explode_dn('uid=test42,ou=Testing,dc=example,dc=com'), ['uid=test42', 'ou=Testing', 'dc=example', 'dc=com'] ) self.assertEqual( ldap.dn.explode_dn('uid=test42,ou=Testing,dc=example,dc=com', flags=0), ['uid=test42', 'ou=Testing', 'dc=example', 'dc=com'] ) self.assertEqual( ldap.dn.explode_dn('uid=test42; ou=Testing; dc=example; dc=com', flags=ldap.DN_FORMAT_LDAPV2), ['uid=test42', 'ou=Testing', 'dc=example', 'dc=com'] ) self.assertEqual( ldap.dn.explode_dn('uid=test42,ou=Testing,dc=example,dc=com', notypes=True), ['test42', 'Testing', 'example', 'com'] ) self.assertEqual( ldap.dn.explode_dn('uid=test\\, 42,ou=Testing,dc=example,dc=com', flags=0), ['uid=test\\, 42', 'ou=Testing', 'dc=example', 'dc=com'] ) self.assertEqual( ldap.dn.explode_dn('cn=äöüÄÖÜß,dc=example,dc=com', flags=0), ['cn=äöüÄÖÜß', 'dc=example', 'dc=com'] ) self.assertEqual( ldap.dn.explode_dn('cn=\\c3\\a4\\c3\\b6\\c3\\bc\\c3\\84\\c3\\96\\c3\\9c\\c3\\9f,dc=example,dc=com', flags=0), ['cn=äöüÄÖÜß', 'dc=example', 'dc=com'] ) def test_explode_rdn(self): """ test function explode_rdn() """ self.assertEqual(ldap.dn.explode_rdn(''), []) self.assertEqual( ldap.dn.explode_rdn('uid=test42'), ['uid=test42'] ) self.assertEqual( ldap.dn.explode_rdn('uid=test42', notypes=False, flags=0), ['uid=test42'] ) self.assertEqual( ldap.dn.explode_rdn('uid=test42', notypes=0, flags=0), ['uid=test42'] ) self.assertEqual( ldap.dn.explode_rdn('uid=test42+uidNumber=42', flags=0), ['uid=test42', 'uidNumber=42'] ) self.assertEqual( ldap.dn.explode_rdn('uid=test42', notypes=True), ['test42'] ) self.assertEqual( ldap.dn.explode_rdn('uid=test42', notypes=1), ['test42'] ) self.assertEqual( ldap.dn.explode_rdn('uid=test\\+ 42', flags=0), ['uid=test\\+ 42'] ) self.assertEqual( ldap.dn.explode_rdn('cn=äöüÄÖÜß', flags=0), ['cn=äöüÄÖÜß'] ) self.assertEqual( ldap.dn.explode_rdn('cn=\\c3\\a4\\c3\\b6\\c3\\bc\\c3\\84\\c3\\96\\c3\\9c\\c3\\9f', flags=0), ['cn=äöüÄÖÜß'] ) if __name__ == '__main__': unittest.main() python-ldap-3.2.0/Tests/t_cidict.py0000644000175000017500000000303513441744767021151 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ Automatic tests for python-ldap's module ldap.cidict See https://www.python-ldap.org/ for details. """ import os import unittest # Switch off processing .ldaprc or ldap.conf before importing _ldap os.environ['LDAPNOINIT'] = '1' import ldap import ldap.cidict class TestCidict(unittest.TestCase): """ test ldap.cidict.cidict """ def test_cidict(self): """ test function is_dn() """ self.assertEqual(ldap.dn.is_dn('foobar,ou=ae-dir'), False) data = { 'AbCDeF':123, } cix = ldap.cidict.cidict(data) self.assertEqual(cix["ABCDEF"], 123) self.assertEqual(cix.get("ABCDEF", None), 123) self.assertIsNone(cix.get("not existent", None)) cix["xYZ"] = 987 self.assertEqual(cix["XyZ"], 987) self.assertEqual(cix.get("xyz", None), 987) cix_keys = sorted(cix.keys()) self.assertEqual(cix_keys, ['AbCDeF','xYZ']) cix_keys = sorted(cix) self.assertEqual(cix_keys, ['AbCDeF','xYZ']) cix_items = sorted(cix.items()) self.assertEqual(cix_items, [('AbCDeF',123), ('xYZ',987)]) del cix["abcdEF"] self.assertEqual("abcdef" in cix._keys, False) self.assertEqual("AbCDef" in cix._keys, False) self.assertEqual("abcdef" in cix, False) self.assertEqual("AbCDef" in cix, False) self.assertEqual(cix.has_key("abcdef"), False) self.assertEqual(cix.has_key("AbCDef"), False) if __name__ == '__main__': unittest.main() python-ldap-3.2.0/Tests/t_ldap_schema_tokenizer.py0000644000175000017500000001030713441744767024244 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ Automatic tests for python-ldap's module ldap.schema.tokenizer See https://www.python-ldap.org/ for details. """ import os import unittest # Switch off processing .ldaprc or ldap.conf before importing _ldap os.environ['LDAPNOINIT'] = '1' import ldap.schema # basic test cases TESTCASES_BASIC = ( (" BLUBBER DI BLUBB ", ["BLUBBER", "DI", "BLUBB"]), ("BLUBBER DI BLUBB", ["BLUBBER", "DI", "BLUBB"]), ("BL-UB-BER DI BL-UBB", ["BL-UB-BER", "DI", "BL-UBB"]), ("BLUBBER DI BLUBB ", ["BLUBBER", "DI", "BLUBB"]), ("BLUBBER DI 'BLUBB' ", ["BLUBBER", "DI", "BLUBB"]), ("BLUBBER ( DI ) 'BLUBB' ", ["BLUBBER", "(", "DI", ")", "BLUBB"]), ("BLUBBER(DI)", ["BLUBBER", "(", "DI", ")"]), ("BLUBBER ( DI)", ["BLUBBER", "(", "DI", ")"]), ("BLUBBER ''", ["BLUBBER", ""]), ("( BLUBBER (DI 'BLUBB'))", ["(", "BLUBBER", "(", "DI", "BLUBB", ")", ")"]), ("BLUBB (DA$BLAH)", ['BLUBB', "(", "DA", "BLAH", ")"]), ("BLUBB ( DA $ BLAH )", ['BLUBB', "(", "DA", "BLAH", ")"]), ("BLUBB (DA$ BLAH)", ['BLUBB', "(", "DA", "BLAH", ")"]), ("BLUBB (DA $BLAH)", ['BLUBB', "(", "DA", "BLAH", ")"]), ("BLUBB 'DA$BLAH'", ['BLUBB', "DA$BLAH"]), ("BLUBB DI 'BLU B B ER' DA 'BLAH' ", ['BLUBB', 'DI', 'BLU B B ER', 'DA', 'BLAH']), ("BLUBB DI 'BLU B B ER' DA 'BLAH' LABER", ['BLUBB', 'DI', 'BLU B B ER', 'DA', 'BLAH', 'LABER']), ("BLUBB\t'DA\tBLUB'", ['BLUBB', "DA\tBLUB"]), ) # UTF-8 raw strings TESTCASES_UTF8 = ( (" BL\xc3\x9cBBER D\xc3\x84 BL\xc3\x9cBB ", ["BL\xc3\x9cBBER", "D\xc3\x84", "BL\xc3\x9cBB"]), ("BL\xc3\x9cBBER D\xc3\x84 BL\xc3\x9cBB", ["BL\xc3\x9cBBER", "D\xc3\x84", "BL\xc3\x9cBB"]), ("BL\xc3\x9cBBER D\xc3\x84 BL\xc3\x9cBB ", ["BL\xc3\x9cBBER", "D\xc3\x84", "BL\xc3\x9cBB"]), ) # broken schema of Oracle Internet Directory TESTCASES_BROKEN_OID = ( ("BLUBB DI 'BLU B B ER'MUST 'BLAH' ", ['BLUBB', 'DI', 'BLU B B ER', 'MUST', 'BLAH']), ("BLUBBER DI 'BLU'BB ER' DA 'BLAH' ", ["BLUBBER", "DI", "BLU'BB ER", "DA", "BLAH"]), ) # for quoted single quotes inside string values TESTCASES_ESCAPED_QUOTES = ( ("BLUBBER '\\''", ["BLUBBER", "'"]), ("BLUBBER DI 'BLU\\'BB ER' DA 'BLAH' ", ["BLUBBER", "DI", "BLU'BB ER", "DA", "BLAH"]), ("BLUBBER DI 'BLU\\' BB ER' DA 'BLAH' ", ["BLUBBER", "DI", "BLU' BB ER", "DA", "BLAH"]), ) # test cases which should result in ValueError raised TESTCASES_BROKEN = ( "( BLUB", "BLUB )", "BLUB 'DA", "BLUB $ DA", # "BLUB 'DA\\'", # "( BLUB )) DA (", ) class TestSplitTokens(unittest.TestCase): """ test function ldap.schema.tokenizer.split_tokens() """ def _run_split_tokens_tests(self, test_cases): for test_value, test_result in test_cases: token_list = ldap.schema.split_tokens(test_value) self.assertEqual(token_list, test_result) def _run_failure_tests(self, test_cases): should_have_failed = [] for test_value in test_cases: try: _ = ldap.schema.split_tokens(test_value) except ValueError: pass else: should_have_failed.append(test_value) if should_have_failed: self.fail( '%d value(s) should have raised ValueError: %r' % ( len(should_have_failed), should_have_failed, ) ) def test_basic(self): """ run test cases specified in constant TESTCASES_BASIC """ self._run_split_tokens_tests(TESTCASES_BASIC) def test_utf8(self): """ run test cases specified in constant TESTCASES_BASIC """ self._run_split_tokens_tests(TESTCASES_UTF8) @unittest.expectedFailure def test_broken_oid(self): """ run test cases specified in constant TESTCASES_BROKEN_OID """ self._run_failure_tests(TESTCASES_BROKEN_OID) @unittest.expectedFailure def test_escaped_quotes(self): """ run test cases specified in constant TESTCASES_ESCAPED_QUOTES """ self._run_split_tokens_tests(TESTCASES_ESCAPED_QUOTES) def test_broken(self): self._run_failure_tests(TESTCASES_BROKEN) if __name__ == '__main__': unittest.main() python-ldap-3.2.0/Tests/t_ldapurl.py0000644000175000017500000003635413441744767021367 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ Automatic tests for python-ldap's module ldapurl See https://www.python-ldap.org/ for details. """ from __future__ import unicode_literals import os import unittest # Switch off processing .ldaprc or ldap.conf before importing _ldap os.environ['LDAPNOINIT'] = '1' from ldap.compat import quote import ldapurl from ldapurl import LDAPUrl class MyLDAPUrl(LDAPUrl): attr2extype = { 'who':'bindname', 'cred':'X-BINDPW', 'start_tls':'startTLS', 'trace_level':'trace', } class TestIsLDAPUrl(unittest.TestCase): is_ldap_url_tests = { # Examples from RFC2255 'ldap:///o=University%20of%20Michigan,c=US':1, 'ldap://ldap.itd.umich.edu/o=University%20of%20Michigan,c=US':1, 'ldap://ldap.itd.umich.edu/o=University%20of%20Michigan,':1, 'ldap://host.com:6666/o=University%20of%20Michigan,':1, 'ldap://ldap.itd.umich.edu/c=GB?objectClass?one':1, 'ldap://ldap.question.com/o=Question%3f,c=US?mail':1, 'ldap://ldap.netscape.com/o=Babsco,c=US??(int=%5c00%5c00%5c00%5c04)':1, 'ldap:///??sub??bindname=cn=Manager%2co=Foo':1, 'ldap:///??sub??!bindname=cn=Manager%2co=Foo':1, # More examples from various sources 'ldap://ldap.nameflow.net:1389/c%3dDE':1, 'ldap://root.openldap.org/dc=openldap,dc=org':1, 'ldap://root.openldap.org/dc=openldap,dc=org':1, 'ldap://x500.mh.se/o=Mitthogskolan,c=se????1.2.752.58.10.2=T.61':1, 'ldp://root.openldap.org/dc=openldap,dc=org':0, 'ldap://localhost:1389/ou%3DUnstructured%20testing%20tree%2Cdc%3Dstroeder%2Cdc%3Dcom??one':1, 'ldaps://ldap.example.com/c%3dDE':1, 'ldapi:///dc=stroeder,dc=de????x-saslmech=EXTERNAL':1, } def test_isLDAPUrl(self): for ldap_url, expected in self.is_ldap_url_tests.items(): result = ldapurl.isLDAPUrl(ldap_url) self.assertEqual( result, expected, 'isLDAPUrl("%s") returns %d instead of %d.' % ( ldap_url, result, expected, ) ) class TestParseLDAPUrl(unittest.TestCase): parse_ldap_url_tests = [ ( 'ldap://root.openldap.org/dc=openldap,dc=org', LDAPUrl( hostport='root.openldap.org', dn='dc=openldap,dc=org' ) ), ( 'ldap://root.openldap.org/dc%3dboolean%2cdc%3dnet???%28objectClass%3d%2a%29', LDAPUrl( hostport='root.openldap.org', dn='dc=boolean,dc=net', filterstr='(objectClass=*)' ) ), ( 'ldap://root.openldap.org/dc=openldap,dc=org??sub?', LDAPUrl( hostport='root.openldap.org', dn='dc=openldap,dc=org', scope=ldapurl.LDAP_SCOPE_SUBTREE ) ), ( 'ldap://root.openldap.org/dc=openldap,dc=org??one?', LDAPUrl( hostport='root.openldap.org', dn='dc=openldap,dc=org', scope=ldapurl.LDAP_SCOPE_ONELEVEL ) ), ( 'ldap://root.openldap.org/dc=openldap,dc=org??base?', LDAPUrl( hostport='root.openldap.org', dn='dc=openldap,dc=org', scope=ldapurl.LDAP_SCOPE_BASE ) ), ( 'ldap://x500.mh.se/o=Mitthogskolan,c=se????1.2.752.58.10.2=T.61', LDAPUrl( hostport='x500.mh.se', dn='o=Mitthogskolan,c=se', extensions=ldapurl.LDAPUrlExtensions({ '1.2.752.58.10.2':ldapurl.LDAPUrlExtension( critical=0,extype='1.2.752.58.10.2',exvalue='T.61' ) }) ) ), ( 'ldap://localhost:12345/dc=stroeder,dc=com????!bindname=cn=Michael%2Cdc=stroeder%2Cdc=com,!X-BINDPW=secretpassword', LDAPUrl( hostport='localhost:12345', dn='dc=stroeder,dc=com', extensions=ldapurl.LDAPUrlExtensions({ 'bindname':ldapurl.LDAPUrlExtension( critical=1,extype='bindname',exvalue='cn=Michael,dc=stroeder,dc=com' ), 'X-BINDPW':ldapurl.LDAPUrlExtension( critical=1,extype='X-BINDPW',exvalue='secretpassword' ), }), ) ), ( 'ldap://localhost:54321/dc=stroeder,dc=com????bindname=cn=Michael%2Cdc=stroeder%2Cdc=com,X-BINDPW=secretpassword', LDAPUrl( hostport='localhost:54321', dn='dc=stroeder,dc=com', who='cn=Michael,dc=stroeder,dc=com', cred='secretpassword' ) ), ( 'ldaps://localhost:12345/dc=stroeder,dc=com', LDAPUrl( urlscheme='ldaps', hostport='localhost:12345', dn='dc=stroeder,dc=com', ), ), ( 'ldapi://%2ftmp%2fopenldap2-1389/dc=stroeder,dc=com', LDAPUrl( urlscheme='ldapi', hostport='/tmp/openldap2-1389', dn='dc=stroeder,dc=com', ), ), ] def test_ldapurl(self): for ldap_url_str,test_ldap_url_obj in self.parse_ldap_url_tests: ldap_url_obj = LDAPUrl(ldapUrl=ldap_url_str) self.assertEqual( ldap_url_obj, test_ldap_url_obj, 'Attributes of LDAPUrl(%s) are:\n%s\ninstead of:\n%s' % ( repr(ldap_url_str), repr(ldap_url_obj), repr(test_ldap_url_obj), ) ) unparsed_ldap_url_str = test_ldap_url_obj.unparse() unparsed_ldap_url_obj = LDAPUrl(ldapUrl=unparsed_ldap_url_str) self.assertEqual( unparsed_ldap_url_obj, test_ldap_url_obj, 'Attributes of LDAPUrl(%s) are:\n%s\ninstead of:\n%s' % ( repr(unparsed_ldap_url_str), repr(unparsed_ldap_url_obj), repr(test_ldap_url_obj), ) ) class TestLDAPUrl(unittest.TestCase): def test_combo(self): u = MyLDAPUrl( "ldap://127.0.0.1:1234/dc=example,dc=com" + "?attr1,attr2,attr3" + "?sub" + "?" + quote("(objectClass=*)") + "?bindname=" + quote("cn=d,c=au") + ",X-BINDPW=" + quote("???") + ",trace=8" ) self.assertEqual(u.urlscheme, "ldap") self.assertEqual(u.hostport, "127.0.0.1:1234") self.assertEqual(u.dn, "dc=example,dc=com") self.assertEqual(u.attrs, ["attr1","attr2","attr3"]) self.assertEqual(u.scope, ldapurl.LDAP_SCOPE_SUBTREE) self.assertEqual(u.filterstr, "(objectClass=*)") self.assertEqual(len(u.extensions), 3) self.assertEqual(u.who, "cn=d,c=au") self.assertEqual(u.cred, "???") self.assertEqual(u.trace_level, "8") def test_parse_default_hostport(self): u = LDAPUrl("ldap://") self.assertEqual(u.urlscheme, "ldap") self.assertEqual(u.hostport, "") def test_parse_empty_dn(self): u = LDAPUrl("ldap://") self.assertEqual(u.dn, "") u = LDAPUrl("ldap:///") self.assertEqual(u.dn, "") u = LDAPUrl("ldap:///?") self.assertEqual(u.dn, "") def test_parse_default_attrs(self): u = LDAPUrl("ldap://") self.assertIsNone(u.attrs) def test_parse_default_scope(self): u = LDAPUrl("ldap://") self.assertIsNone(u.scope) # RFC4516 s3 def test_parse_default_filter(self): u = LDAPUrl("ldap://") self.assertIsNone(u.filterstr) # RFC4516 s3 def test_parse_default_extensions(self): u = LDAPUrl("ldap://") self.assertEqual(len(u.extensions), 0) def test_parse_schemes(self): u = LDAPUrl("ldap://") self.assertEqual(u.urlscheme, "ldap") u = LDAPUrl("ldapi://") self.assertEqual(u.urlscheme, "ldapi") u = LDAPUrl("ldaps://") self.assertEqual(u.urlscheme, "ldaps") def test_parse_hostport(self): u = LDAPUrl("ldap://a") self.assertEqual(u.hostport, "a") u = LDAPUrl("ldap://a.b") self.assertEqual(u.hostport, "a.b") u = LDAPUrl("ldap://a.") self.assertEqual(u.hostport, "a.") u = LDAPUrl("ldap://%61%62:%32/") self.assertEqual(u.hostport, "ab:2") u = LDAPUrl("ldap://[::1]/") self.assertEqual(u.hostport, "[::1]") u = LDAPUrl("ldap://[::1]") self.assertEqual(u.hostport, "[::1]") u = LDAPUrl("ldap://[::1]:123/") self.assertEqual(u.hostport, "[::1]:123") u = LDAPUrl("ldap://[::1]:123") self.assertEqual(u.hostport, "[::1]:123") def test_parse_dn(self): u = LDAPUrl("ldap:///") self.assertEqual(u.dn, "") u = LDAPUrl("ldap:///dn=foo") self.assertEqual(u.dn, "dn=foo") u = LDAPUrl("ldap:///dn=foo%2cdc=bar") self.assertEqual(u.dn, "dn=foo,dc=bar") u = LDAPUrl("ldap:///dn=foo%20bar") self.assertEqual(u.dn, "dn=foo bar") u = LDAPUrl("ldap:///dn=foo%2fbar") self.assertEqual(u.dn, "dn=foo/bar") u = LDAPUrl("ldap:///dn=foo%2fbar?") self.assertEqual(u.dn, "dn=foo/bar") u = LDAPUrl("ldap:///dn=foo%3f?") self.assertEqual(u.dn, "dn=foo?") u = LDAPUrl("ldap:///dn=foo%3f") self.assertEqual(u.dn, "dn=foo?") u = LDAPUrl("ldap:///dn=str%c3%b6der.com") self.assertEqual(u.dn, "dn=str\xf6der.com") def test_parse_attrs(self): u = LDAPUrl("ldap:///?") self.assertIsNone(u.attrs) u = LDAPUrl("ldap:///??") self.assertIsNone(u.attrs) u = LDAPUrl("ldap:///?*?") self.assertEqual(u.attrs, ['*']) u = LDAPUrl("ldap:///?*,*?") self.assertEqual(u.attrs, ['*','*']) u = LDAPUrl("ldap:///?a") self.assertEqual(u.attrs, ['a']) u = LDAPUrl("ldap:///?%61") self.assertEqual(u.attrs, ['a']) u = LDAPUrl("ldap:///?a,b") self.assertEqual(u.attrs, ['a','b']) u = LDAPUrl("ldap:///?a%3fb") self.assertEqual(u.attrs, ['a?b']) def test_parse_scope_default(self): u = LDAPUrl("ldap:///??") self.assertIsNone(u.scope) # on opposite to RFC4516 s3 for referral chasing u = LDAPUrl("ldap:///???") self.assertIsNone(u.scope) # on opposite to RFC4516 s3 for referral chasing def test_parse_scope(self): u = LDAPUrl("ldap:///??sub") self.assertEqual(u.scope, ldapurl.LDAP_SCOPE_SUBTREE) u = LDAPUrl("ldap:///??sub?") self.assertEqual(u.scope, ldapurl.LDAP_SCOPE_SUBTREE) u = LDAPUrl("ldap:///??base") self.assertEqual(u.scope, ldapurl.LDAP_SCOPE_BASE) u = LDAPUrl("ldap:///??base?") self.assertEqual(u.scope, ldapurl.LDAP_SCOPE_BASE) u = LDAPUrl("ldap:///??one") self.assertEqual(u.scope, ldapurl.LDAP_SCOPE_ONELEVEL) u = LDAPUrl("ldap:///??one?") self.assertEqual(u.scope, ldapurl.LDAP_SCOPE_ONELEVEL) u = LDAPUrl("ldap:///??subordinates") self.assertEqual(u.scope, ldapurl.LDAP_SCOPE_SUBORDINATES) u = LDAPUrl("ldap:///??subordinates?") self.assertEqual(u.scope, ldapurl.LDAP_SCOPE_SUBORDINATES) def test_parse_filter(self): u = LDAPUrl("ldap:///???(cn=Bob)") self.assertEqual(u.filterstr, "(cn=Bob)") u = LDAPUrl("ldap:///???(cn=Bob)?") self.assertEqual(u.filterstr, "(cn=Bob)") u = LDAPUrl("ldap:///???(cn=Bob%20Smith)?") self.assertEqual(u.filterstr, "(cn=Bob Smith)") u = LDAPUrl("ldap:///???(cn=Bob/Smith)?") self.assertEqual(u.filterstr, "(cn=Bob/Smith)") u = LDAPUrl("ldap:///???(cn=Bob:Smith)?") self.assertEqual(u.filterstr, "(cn=Bob:Smith)") u = LDAPUrl("ldap:///???&(cn=Bob)(objectClass=user)?") self.assertEqual(u.filterstr, "&(cn=Bob)(objectClass=user)") u = LDAPUrl("ldap:///???|(cn=Bob)(objectClass=user)?") self.assertEqual(u.filterstr, "|(cn=Bob)(objectClass=user)") u = LDAPUrl("ldap:///???(cn=Q%3f)?") self.assertEqual(u.filterstr, "(cn=Q?)") u = LDAPUrl("ldap:///???(cn=Q%3f)") self.assertEqual(u.filterstr, "(cn=Q?)") u = LDAPUrl("ldap:///???(sn=Str%c3%b6der)") # (possibly bad?) self.assertEqual(u.filterstr, "(sn=Str\xf6der)") u = LDAPUrl("ldap:///???(sn=Str\\c3\\b6der)") self.assertEqual(u.filterstr, "(sn=Str\\c3\\b6der)") # (recommended) u = LDAPUrl("ldap:///???(cn=*\\2a*)") self.assertEqual(u.filterstr, "(cn=*\\2a*)") u = LDAPUrl("ldap:///???(cn=*%5c2a*)") self.assertEqual(u.filterstr, "(cn=*\\2a*)") def test_parse_extensions(self): u = LDAPUrl("ldap:///????") self.assertIsNone(u.extensions) self.assertIsNone(u.who) u = LDAPUrl("ldap:///????bindname=cn=root") self.assertEqual(len(u.extensions), 1) self.assertEqual(u.who, "cn=root") u = LDAPUrl("ldap:///????!bindname=cn=root") self.assertEqual(len(u.extensions), 1) self.assertEqual(u.who, "cn=root") u = LDAPUrl("ldap:///????bindname=%3f,X-BINDPW=%2c") self.assertEqual(len(u.extensions), 2) self.assertEqual(u.who, "?") self.assertEqual(u.cred, ",") def test_parse_extensions_nulls(self): u = LDAPUrl("ldap:///????bindname=%00name") self.assertEqual(u.who, "\0name") def test_parse_extensions_5questions(self): u = LDAPUrl("ldap:///????bindname=?") self.assertEqual(len(u.extensions), 1) self.assertEqual(u.who, "?") def test_parse_extensions_novalue(self): u = LDAPUrl("ldap:///????bindname") self.assertEqual(len(u.extensions), 1) self.assertIsNone(u.who) @unittest.expectedFailure def test_bad_urls(self): failed_urls = [] for bad in ( "", "ldap:", "ldap:/", ":///", "://", "///", "//", "/", "ldap:///?????", # extension can't start with '?' "LDAP://", "invalid://", "ldap:///??invalid", #XXX-- the following should raise exceptions! "ldap://:389/", # [host [COLON port]] "ldap://a:/", # [host [COLON port]] r"ldap://%%%/", # invalid URL encoding "ldap:///?,", # attrdesc *(COMMA attrdesc) "ldap:///?a,", # attrdesc *(COMMA attrdesc) "ldap:///?,a", # attrdesc *(COMMA attrdesc) "ldap:///?a,,b", # attrdesc *(COMMA attrdesc) r"ldap://%00/", # RFC4516 2.1 r"ldap:///%00", # RFC4516 2.1 r"ldap:///?%00", # RFC4516 2.1 r"ldap:///??%00", # RFC4516 2.1 "ldap:///????0=0", # extype must start with Alpha "ldap:///????a_b=0", # extype contains only [-a-zA-Z0-9] "ldap:///????!!a=0", # only one exclamation allowed ): try: LDAPUrl(bad) except ValueError: pass else: failed_urls.append(bad) if failed_urls: self.fail("These LDAP URLs should have raised ValueError: %r" % failed_urls) if __name__ == '__main__': unittest.main() python-ldap-3.2.0/Tests/t_ldap_sasl.py0000644000175000017500000000525713441744767021664 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ Automatic tests for python-ldap's module ldap.sasl See https://www.python-ldap.org/ for details. """ import os import unittest # Switch off processing .ldaprc or ldap.conf before importing _ldap os.environ['LDAPNOINIT'] = '1' from ldap.ldapobject import SimpleLDAPObject import ldap.sasl from slapdtest import SlapdTestCase from slapdtest import requires_ldapi, requires_sasl, requires_tls LDIF = """ dn: {suffix} objectClass: dcObject objectClass: organization dc: {dc} o: {dc} dn: {rootdn} objectClass: applicationProcess objectClass: simpleSecurityObject objectClass: uidObject cn: {rootcn} userPassword: {rootpw} uid: {uid} dn: cn={certuser},{suffix} objectClass: applicationProcess cn: {certuser} """ @requires_sasl() class TestSasl(SlapdTestCase): ldap_object_class = SimpleLDAPObject # from Tests/certs/client.pem certuser = 'client' certsubject = "cn=client,ou=slapd-test,o=python-ldap,c=de" @classmethod def setUpClass(cls): super(TestSasl, cls).setUpClass() ldif = LDIF.format( suffix=cls.server.suffix, rootdn=cls.server.root_dn, rootcn=cls.server.root_cn, rootpw=cls.server.root_pw, dc=cls.server.suffix.split(',')[0][3:], certuser=cls.certuser, uid=os.geteuid(), ) cls.server.ldapadd(ldif) @requires_ldapi() def test_external_ldapi(self): # EXTERNAL authentication with LDAPI (AF_UNIX) ldap_conn = self.ldap_object_class(self.server.ldapi_uri) auth = ldap.sasl.external("some invalid user") with self.assertRaises(ldap.INSUFFICIENT_ACCESS): ldap_conn.sasl_interactive_bind_s("", auth) auth = ldap.sasl.external("") ldap_conn.sasl_interactive_bind_s("", auth) self.assertEqual( ldap_conn.whoami_s().lower(), "dn:{}".format(self.server.root_dn.lower()) ) @requires_tls() def test_external_tlscert(self): ldap_conn = self.ldap_object_class(self.server.ldap_uri) ldap_conn.set_option(ldap.OPT_X_TLS_CACERTFILE, self.server.cafile) ldap_conn.set_option(ldap.OPT_X_TLS_CERTFILE, self.server.clientcert) ldap_conn.set_option(ldap.OPT_X_TLS_KEYFILE, self.server.clientkey) ldap_conn.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_HARD) ldap_conn.set_option(ldap.OPT_X_TLS_NEWCTX, 0) ldap_conn.start_tls_s() auth = ldap.sasl.external() ldap_conn.sasl_interactive_bind_s("", auth) self.assertEqual( ldap_conn.whoami_s().lower(), "dn:{}".format(self.certsubject) ) if __name__ == '__main__': unittest.main() python-ldap-3.2.0/Tests/t_ldif.py0000644000175000017500000004425013441744767020634 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ Automatic tests for python-ldap's module ldif See https://www.python-ldap.org/ for details. """ from __future__ import unicode_literals import os import textwrap import unittest try: from StringIO import StringIO except ImportError: from io import StringIO # Switch off processing .ldaprc or ldap.conf before importing _ldap os.environ['LDAPNOINIT'] = '1' import ldif class TestLDIFParser(unittest.TestCase): """ Various LDIF test cases """ def _parse_records( self, ldif_string, ignored_attr_types=None, max_entries=0, ): """ Parse LDIF data in `ldif_string' into list of records """ ldif_file = StringIO(ldif_string) ldif_parser = ldif.LDIFRecordList( ldif_file, ignored_attr_types=ignored_attr_types, max_entries=max_entries, ) parser_method = getattr( ldif_parser, 'parse_%s_records' % self.record_type ) parser_method() if self.record_type == 'entry': return ldif_parser.all_records elif self.record_type == 'change': return ldif_parser.all_modify_changes def _unparse_records(self, records): """ Returns LDIF string with entry records from list `records' """ ldif_file = StringIO() ldif_writer = ldif.LDIFWriter(ldif_file) if self.record_type == 'entry': for dn, entry in records: ldif_writer.unparse(dn, entry) elif self.record_type == 'change': for dn, modops, controls in records: ldif_writer.unparse(dn, modops) return ldif_file.getvalue() def check_records( self, ldif_string, records, ignored_attr_types=None, max_entries=0 ): """ Checks whether entry records in `ldif_string' gets correctly parsed and matches list of unparsed `records'. """ ldif_string = textwrap.dedent(ldif_string).lstrip() parsed_records = self._parse_records( ldif_string, ignored_attr_types=ignored_attr_types, max_entries=max_entries, ) generated_ldif = self._unparse_records(records) parsed_records2 = self._parse_records( generated_ldif, ignored_attr_types=ignored_attr_types, max_entries=max_entries, ) self.assertEqual(records, parsed_records) self.assertEqual(records, parsed_records2) class TestEntryRecords(TestLDIFParser): """ Various LDIF test cases """ record_type='entry' def test_empty(self): self.check_records( """ version: 1 """, [] ) def test_simple(self): self.check_records( """ version: 1 dn: cn=x,cn=y,cn=z attrib: value attrib: value2 """, [ ( 'cn=x,cn=y,cn=z', { 'attrib': [b'value', b'value2'], }, ), ] ) def test_simple2(self): self.check_records( """ dn:cn=x,cn=y,cn=z attrib:value attrib:value2 """, [ ( 'cn=x,cn=y,cn=z', { 'attrib': [b'value', b'value2'], }, ), ] ) def test_multiple(self): self.check_records( """ dn: cn=x,cn=y,cn=z a: v attrib: value attrib: value2 dn: cn=a,cn=b,cn=c attrib: value2 attrib: value3 b: v """, [ ( 'cn=x,cn=y,cn=z', { 'attrib': [b'value', b'value2'], 'a': [b'v'], }, ), ( 'cn=a,cn=b,cn=c', { 'attrib': [b'value2', b'value3'], 'b': [b'v'], }, ), ] ) def test_folded(self): self.check_records( """ dn: cn=x,cn=y,cn=z attrib: very\x20 long line-folded\x20 value attrib2: %s """ % ('asdf.'*20), [ ( 'cn=x,cn=y,cn=z', { 'attrib': [b'very long line-folded value'], 'attrib2': [b'asdf.'*20], } ), ] ) def test_empty_attr_values(self): self.check_records( """ dn: cn=x,cn=y,cn=z attrib1: attrib1: foo attrib2: attrib2: foo """, [ ( 'cn=x,cn=y,cn=z', { 'attrib1': [b'', b'foo'], 'attrib2': [b'', b'foo'], }, ), ] ) def test_binary(self): self.check_records( """ dn: cn=x,cn=y,cn=z attrib:: CQAKOiVA """, [ ( 'cn=x,cn=y,cn=z', { 'attrib': [b'\t\0\n:%@'], }, ), ] ) def test_binary2(self): self.check_records( """ dn: cn=x,cn=y,cn=z attrib::CQAKOiVA """, [ ( 'cn=x,cn=y,cn=z', {'attrib': [b'\t\0\n:%@']}, ), ] ) def test_big_binary(self): self.check_records( """ dn: cn=x,cn=y,cn=z attrib:: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA = """, [ ( 'cn=x,cn=y,cn=z', {'attrib': [500*b'\0']}, ), ] ) def test_unicode(self): # Encode "Ströder" as UTF-8+Base64 # Putting "Ströder" in a single line would be an invalid LDIF file # per https://tools.ietf.org/html/rfc2849 (only safe ascii is allowed in a file) self.check_records( """ dn: cn=Michael Stroeder,dc=stroeder,dc=com lastname:: U3Ryw7ZkZXI= """, [ ( 'cn=Michael Stroeder,dc=stroeder,dc=com', {'lastname': [b'Str\303\266der']}, ), ] ) def test_unencoded_unicode(self): # Encode "Ströder" as UTF-8, without base64 # This is an invalid LDIF file, but such files are often found in the wild. self.check_records( """ dn: cn=Michael Stroeder,dc=stroeder,dc=com lastname: Ströder """, [ ( 'cn=Michael Stroeder,dc=stroeder,dc=com', {'lastname': [b'Str\303\266der']}, ), ] ) def test_sorted(self): self.check_records( """ dn: cn=x,cn=y,cn=z b: value_b c: value_c a: value_a """, [ ( 'cn=x,cn=y,cn=z', { 'a': [b'value_a'], 'b': [b'value_b'], 'c': [b'value_c'], } ), ] ) def test_ignored_attr_types(self): self.check_records( """ dn: cn=x,cn=y,cn=z a: value_a b: value_b c: value_c """, [ ( 'cn=x,cn=y,cn=z', { 'a': [b'value_a'], 'c': [b'value_c'], } ), ], ignored_attr_types=['b'], ) def test_comments(self): self.check_records( """ # comment #1 with line-folding dn: cn=x1,cn=y1,cn=z1 b1: value_b1 c1: value_c1 a1: value_a1 # comment #2.1 # comment #2.2 dn: cn=x2,cn=y2,cn=z2 b2: value_b2 c2: value_c2 a2: value_a2 """, [ ( 'cn=x1,cn=y1,cn=z1', { 'a1': [b'value_a1'], 'b1': [b'value_b1'], 'c1': [b'value_c1'], } ), ( 'cn=x2,cn=y2,cn=z2', { 'a2': [b'value_a2'], 'b2': [b'value_b2'], 'c2': [b'value_c2'], } ), ] ) def test_max_entries(self): self.check_records( """ dn: cn=x1,cn=y1,cn=z1 b1: value_b1 a1: value_a1 dn: cn=x2,cn=y2,cn=z2 b2: value_b2 a2: value_a2 dn: cn=x3,cn=y3,cn=z3 b3: value_b3 a3: value_a3 dn: cn=x4,cn=y4,cn=z4 b2: value_b4 a2: value_a4 """, [ ( 'cn=x1,cn=y1,cn=z1', { 'a1': [b'value_a1'], 'b1': [b'value_b1'], } ), ( 'cn=x2,cn=y2,cn=z2', { 'a2': [b'value_a2'], 'b2': [b'value_b2'], } ), ], max_entries=2 ) def test_missing_trailing_line_separator(self): self.check_records( """ dn: cn=x1,cn=y1,cn=z1 first: value_a1 middle: value_b1 last: value_c1 dn: cn=x2,cn=y2,cn=z2 first: value_a2 middle: value_b2 last: value_c2""", [ ( 'cn=x1,cn=y1,cn=z1', { 'first': [b'value_a1'], 'middle': [b'value_b1'], 'last': [b'value_c1'], } ), ( 'cn=x2,cn=y2,cn=z2', { 'first': [b'value_a2'], 'middle': [b'value_b2'], 'last': [b'value_c2'], } ), ], ) def test_weird_empty_lines(self): self.check_records( """ # comment before version version: 1 dn: cn=x1,cn=y1,cn=z1 first: value_a1 middle: value_b1 last: value_c1 dn: cn=x2,cn=y2,cn=z2 first: value_a2 middle: value_b2 last: value_c2""", [ ( 'cn=x1,cn=y1,cn=z1', { 'first': [b'value_a1'], 'middle': [b'value_b1'], 'last': [b'value_c1'], } ), ( 'cn=x2,cn=y2,cn=z2', { 'first': [b'value_a2'], 'middle': [b'value_b2'], 'last': [b'value_c2'], } ), ], ) def test_multiple_empty_lines(self): """ test malformed LDIF with multiple empty lines """ self.check_records( """ # normal dn: uid=one,dc=tld uid: one # after extra empty line dn: uid=two,dc=tld uid: two """, [ ( 'uid=one,dc=tld', {'uid': [b'one']} ), ( 'uid=two,dc=tld', {'uid': [b'two']} ), ], ) class TestChangeRecords(TestLDIFParser): """ Various LDIF test cases """ record_type='change' def test_empty(self): self.check_records( """ version: 1 """, [], ) def test_simple(self): self.check_records( """ version: 1 dn: cn=x,cn=y,cn=z changetype: modify replace: attrib attrib: value attrib: value2 - add: attrib2 attrib2: value attrib2: value2 - delete: attrib3 attrib3: value - delete: attrib4 - """, [ ( 'cn=x,cn=y,cn=z', [ (ldif.MOD_OP_INTEGER['replace'], 'attrib', [b'value', b'value2']), (ldif.MOD_OP_INTEGER['add'], 'attrib2', [b'value', b'value2']), (ldif.MOD_OP_INTEGER['delete'], 'attrib3', [b'value']), (ldif.MOD_OP_INTEGER['delete'], 'attrib4', None), ], None, ), ], ) def test_weird_empty_lines(self): self.check_records( """ # comment before version version: 1 dn: cn=x,cn=y,cn=z changetype: modify replace: attrib attrib: value attrib: value2 - add: attrib2 attrib2: value attrib2: value2 - delete: attrib3 attrib3: value - delete: attrib4 - dn: cn=foo,cn=bar changetype: modify replace: attrib attrib: value attrib: value2 - add: attrib2 attrib2: value attrib2: value2 - delete: attrib3 attrib3: value - delete: attrib4""", [ ( 'cn=x,cn=y,cn=z', [ (ldif.MOD_OP_INTEGER['replace'], 'attrib', [b'value', b'value2']), (ldif.MOD_OP_INTEGER['add'], 'attrib2', [b'value', b'value2']), (ldif.MOD_OP_INTEGER['delete'], 'attrib3', [b'value']), (ldif.MOD_OP_INTEGER['delete'], 'attrib4', None), ], None, ), ( 'cn=foo,cn=bar', [ (ldif.MOD_OP_INTEGER['replace'], 'attrib', [b'value', b'value2']), (ldif.MOD_OP_INTEGER['add'], 'attrib2', [b'value', b'value2']), (ldif.MOD_OP_INTEGER['delete'], 'attrib3', [b'value']), (ldif.MOD_OP_INTEGER['delete'], 'attrib4', None), ], None, ), ], ) def test_missing_trailing_dash_separator(self): self.check_records( """ version: 1 dn: cn=x,cn=y,cn=z changetype: modify replace: attrib attrib: value attrib: value2 - add: attrib2 attrib2: value attrib2: value2 """, [ ( 'cn=x,cn=y,cn=z', [ (ldif.MOD_OP_INTEGER['replace'], 'attrib', [b'value', b'value2']), (ldif.MOD_OP_INTEGER['add'], 'attrib2', [b'value', b'value2']), ], None, ), ], ) def test_bad_change_records(self): for bad_ldif_string in ( """ changetype: modify replace: attrib attrib: value attrib: value2 """, ): ldif_string = textwrap.dedent(bad_ldif_string).lstrip() + '\n' try: res = self._parse_records(ldif_string) except ValueError as value_error: pass else: self.fail("should have raised ValueError: %r" % bad_ldif_string) def test_mod_increment(self): self.check_records( """ version: 1 dn: cn=x,cn=y,cn=z changetype: modify increment: gidNumber gidNumber: 1 - """, [ ( 'cn=x,cn=y,cn=z', [ (ldif.MOD_OP_INTEGER['increment'], 'gidNumber', [b'1']), ], None, ), ], ) if __name__ == '__main__': unittest.main() python-ldap-3.2.0/Tests/t_edit.py0000644000175000017500000000530013441744767020634 0ustar pviktoripviktorin00000000000000from __future__ import unicode_literals import sys if sys.version_info[0] <= 2: PY2 = True text_type = unicode else: PY2 = False text_type = str import os import unittest # Switch off processing .ldaprc or ldap.conf before importing _ldap os.environ['LDAPNOINIT'] = '1' import ldap from ldap.ldapobject import LDAPObject from slapdtest import SlapdTestCase class EditionTests(SlapdTestCase): @classmethod def setUpClass(cls): super(EditionTests, cls).setUpClass() base = cls.server.suffix suffix_dc = base.split(',')[0][3:] # insert some Foo* objects via ldapadd cls.server.ldapadd("\n".join([ 'dn: '+cls.server.suffix, 'objectClass: dcObject', 'objectClass: organization', 'dc: '+suffix_dc, 'o: '+suffix_dc, '', 'dn: '+cls.server.root_dn, 'objectClass: applicationProcess', 'cn: '+cls.server.root_cn, '', "dn: cn=Foo1,"+base, "objectClass: organizationalRole", "cn: Foo1", "", "dn: cn=Foo2,"+base, "objectClass: organizationalRole", "cn: Foo2", "", "dn: cn=Foo3,"+base, "objectClass: organizationalRole", "cn: Foo3", "", "dn: ou=Container,"+base, "objectClass: organizationalUnit", "ou: Container", "", "dn: cn=Foo4,ou=Container,"+base, "objectClass: organizationalRole", "cn: Foo4", "", ])+"\n") def setUp(self): self.ldap = LDAPObject(self.server.ldap_uri, bytes_mode=False) self.ldap.protocol_version = 3 self.ldap.set_option(ldap.OPT_REFERRALS, 0) self.ldap.simple_bind_s( self.server.root_dn, self.server.root_pw ) def tearDown(self): self.ldap.unbind() def test_add_object(self): base = self.server.suffix dn = "cn=Added,ou=Container," + base self.ldap.add_ext_s(dn, [ ("objectClass", [b'organizationalRole']), ("cn", [b'Added']), ]) # Lookup the object result = self.ldap.search_s(base, ldap.SCOPE_SUBTREE, '(cn=Added)', ['*']) self.assertEqual(result, [ ("cn=Added,ou=Container," + base, {'cn': [b'Added'], 'objectClass': [b'organizationalRole']}), ]) # Delete object self.ldap.delete_s(dn) result = self.ldap.search_s( base, ldap.SCOPE_SUBTREE, '(cn=Added)', ['*'] ) self.assertEqual(result, []) if __name__ == '__main__': unittest.main() python-ldap-3.2.0/Tests/t_untested_mods.py0000644000175000017500000000074313441744767022572 0ustar pviktoripviktorin00000000000000# modules without any tests import os # Switch off processing .ldaprc or ldap.conf before importing _ldap os.environ['LDAPNOINIT'] = '1' import ldap.controls.deref import ldap.controls.openldap import ldap.controls.ppolicy import ldap.controls.psearch import ldap.controls.pwdpolicy import ldap.controls.readentry import ldap.controls.sessiontrack import ldap.controls.sss import ldap.controls.vlv import ldap.constants import ldap.logger import ldap.resiter import ldap.syncrepl python-ldap-3.2.0/Tests/t_cext.py0000644000175000017500000010005413441744767020654 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ Automatic tests for python-ldap's C wrapper module _ldap See https://www.python-ldap.org/ for details. """ from __future__ import unicode_literals import errno import os import unittest # Switch off processing .ldaprc or ldap.conf before importing _ldap os.environ['LDAPNOINIT'] = '1' # import the plain C wrapper module import _ldap from slapdtest import SlapdTestCase, requires_tls class TestLdapCExtension(SlapdTestCase): """ These tests apply only to the _ldap module and therefore bypass the LDAPObject wrapper completely. """ timeout = 5 @classmethod def setUpClass(cls): super(TestLdapCExtension, cls).setUpClass() # add two initial objects after server was started and is still empty suffix_dc = cls.server.suffix.split(',')[0][3:] cls.server._log.debug( "adding %s and %s", cls.server.suffix, cls.server.root_dn, ) cls.server.ldapadd( "\n".join([ 'dn: '+cls.server.suffix, 'objectClass: dcObject', 'objectClass: organization', 'dc: '+suffix_dc, 'o: '+suffix_dc, '', 'dn: '+cls.server.root_dn, 'objectClass: applicationProcess', 'cn: '+cls.server.root_cn, '' ]) ) def setUp(self): super(TestLdapCExtension, self).setUp() self._writesuffix = None def tearDown(self): # cleanup test subtree if self._writesuffix is not None: self.server.ldapdelete(self._writesuffix, recursive=True) super(TestLdapCExtension, self).tearDown() @property def writesuffix(self): """Initialize writesuffix on demand Creates a clean subtree for tests that write to slapd. ldapdelete is not able to delete a Root DSE, therefore we need a temporary work space. :return: DN """ if self._writesuffix is not None: return self._writesuffix self._writesuffix = 'ou=write tests,%s' % self.server.suffix # Add writeable subtree self.server.ldapadd( "\n".join([ 'dn: ' + self._writesuffix, 'objectClass: organizationalUnit', 'ou:' + self._writesuffix.split(',')[0][3:], '' ]) ) return self._writesuffix def _open_conn(self, bind=True): """ Starts a server, and returns a LDAPObject bound to it """ l = _ldap.initialize(self.server.ldap_uri) if bind: # Perform a simple bind l.set_option(_ldap.OPT_PROTOCOL_VERSION, _ldap.VERSION3) m = l.simple_bind(self.server.root_dn, self.server.root_pw) result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ONE, self.timeout) self.assertEqual(result, _ldap.RES_BIND) self.assertEqual(type(msgid), type(0)) return l # Test for the existence of a whole bunch of constants # that the C module is supposed to export def test_constants(self): """ Test whether all libldap-derived constants are correct """ self.assertEqual(_ldap.PORT, 389) self.assertEqual(_ldap.VERSION1, 1) self.assertEqual(_ldap.VERSION2, 2) self.assertEqual(_ldap.VERSION3, 3) # constants for result4() self.assertEqual(_ldap.RES_BIND, 0x61) self.assertEqual(_ldap.RES_SEARCH_ENTRY, 0x64) self.assertEqual(_ldap.RES_SEARCH_RESULT, 0x65) self.assertEqual(_ldap.RES_MODIFY, 0x67) self.assertEqual(_ldap.RES_ADD, 0x69) self.assertEqual(_ldap.RES_DELETE, 0x6b) self.assertEqual(_ldap.RES_MODRDN, 0x6d) self.assertEqual(_ldap.RES_COMPARE, 0x6f) self.assertEqual(_ldap.RES_SEARCH_REFERENCE, 0x73) # v3 self.assertEqual(_ldap.RES_EXTENDED, 0x78) # v3 #self.assertEqual(_ldap.RES_INTERMEDIATE, 0x79) # v3 self.assertIsNotNone(_ldap.RES_ANY) self.assertIsNotNone(_ldap.RES_UNSOLICITED) self.assertIsNotNone(_ldap.AUTH_NONE) self.assertIsNotNone(_ldap.AUTH_SIMPLE) self.assertIsNotNone(_ldap.SCOPE_BASE) self.assertIsNotNone(_ldap.SCOPE_ONELEVEL) self.assertIsNotNone(_ldap.SCOPE_SUBTREE) self.assertIsNotNone(_ldap.MOD_ADD) self.assertIsNotNone(_ldap.MOD_DELETE) self.assertIsNotNone(_ldap.MOD_REPLACE) self.assertIsNotNone(_ldap.MOD_INCREMENT) self.assertIsNotNone(_ldap.MOD_BVALUES) # for result4() self.assertIsNotNone(_ldap.MSG_ONE) self.assertIsNotNone(_ldap.MSG_ALL) self.assertIsNotNone(_ldap.MSG_RECEIVED) # for OPT_DEFEF self.assertIsNotNone(_ldap.DEREF_NEVER) self.assertIsNotNone(_ldap.DEREF_SEARCHING) self.assertIsNotNone(_ldap.DEREF_FINDING) self.assertIsNotNone(_ldap.DEREF_ALWAYS) # for OPT_SIZELIMIT, OPT_TIMELIMIT self.assertIsNotNone(_ldap.NO_LIMIT) # standard options self.assertIsNotNone(_ldap.OPT_API_INFO) self.assertIsNotNone(_ldap.OPT_DEREF) self.assertIsNotNone(_ldap.OPT_SIZELIMIT) self.assertIsNotNone(_ldap.OPT_TIMELIMIT) self.assertIsNotNone(_ldap.OPT_REFERRALS) self.assertIsNotNone(_ldap.OPT_RESTART) self.assertIsNotNone(_ldap.OPT_PROTOCOL_VERSION) self.assertIsNotNone(_ldap.OPT_SERVER_CONTROLS) self.assertIsNotNone(_ldap.OPT_CLIENT_CONTROLS) self.assertIsNotNone(_ldap.OPT_API_FEATURE_INFO) self.assertIsNotNone(_ldap.OPT_HOST_NAME) self.assertIsNotNone(_ldap.OPT_ERROR_NUMBER) # = OPT_RESULT_CODE self.assertIsNotNone(_ldap.OPT_ERROR_STRING) # = OPT_DIAGNOSITIC_MESSAGE self.assertIsNotNone(_ldap.OPT_MATCHED_DN) # OpenLDAP specific self.assertIsNotNone(_ldap.OPT_DEBUG_LEVEL) self.assertIsNotNone(_ldap.OPT_TIMEOUT) self.assertIsNotNone(_ldap.OPT_REFHOPLIMIT) self.assertIsNotNone(_ldap.OPT_NETWORK_TIMEOUT) self.assertIsNotNone(_ldap.OPT_URI) #self.assertIsNotNone(_ldap.OPT_REFERRAL_URLS) #self.assertIsNotNone(_ldap.OPT_SOCKBUF) #self.assertIsNotNone(_ldap.OPT_DEFBASE) #self.assertIsNotNone(_ldap.OPT_CONNECT_ASYNC) # str2dn() self.assertIsNotNone(_ldap.DN_FORMAT_LDAP) self.assertIsNotNone(_ldap.DN_FORMAT_LDAPV3) self.assertIsNotNone(_ldap.DN_FORMAT_LDAPV2) self.assertIsNotNone(_ldap.DN_FORMAT_DCE) self.assertIsNotNone(_ldap.DN_FORMAT_UFN) self.assertIsNotNone(_ldap.DN_FORMAT_AD_CANONICAL) self.assertIsNotNone(_ldap.DN_FORMAT_MASK) self.assertIsNotNone(_ldap.DN_PRETTY) self.assertIsNotNone(_ldap.DN_SKIP) self.assertIsNotNone(_ldap.DN_P_NOLEADTRAILSPACES) self.assertIsNotNone(_ldap.DN_P_NOSPACEAFTERRDN) self.assertIsNotNone(_ldap.DN_PEDANTIC) self.assertIsNotNone(_ldap.AVA_NULL) self.assertIsNotNone(_ldap.AVA_STRING) self.assertIsNotNone(_ldap.AVA_BINARY) self.assertIsNotNone(_ldap.AVA_NONPRINTABLE) # these two constants are pointless? XXX self.assertEqual(_ldap.OPT_ON, 1) self.assertEqual(_ldap.OPT_OFF, 0) # these constants useless after ldap_url_parse() was dropped XXX self.assertIsNotNone(_ldap.URL_ERR_BADSCOPE) self.assertIsNotNone(_ldap.URL_ERR_MEM) def test_test_flags(self): # test flag, see slapdtest and tox.ini disabled = os.environ.get('CI_DISABLED') if not disabled: self.skipTest("No CI_DISABLED env var") disabled = set(disabled.split(':')) if 'TLS' in disabled: self.assertFalse(_ldap.TLS_AVAIL) else: self.assertFalse(_ldap.TLS_AVAIL) if 'SASL' in disabled: self.assertFalse(_ldap.SASL_AVAIL) else: self.assertFalse(_ldap.SASL_AVAIL) def test_simple_bind(self): l = self._open_conn() def test_simple_anonymous_bind(self): l = self._open_conn(bind=False) m = l.simple_bind("", "") self.assertEqual(type(m), type(0)) result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEqual(result, _ldap.RES_BIND) self.assertEqual(msgid, m) self.assertEqual(pmsg, []) self.assertEqual(ctrls, []) def test_anon_rootdse_search(self): l = self._open_conn(bind=False) # see if we can get the rootdse with anon search (without prior bind) m = l.search_ext( '', _ldap.SCOPE_BASE, '(objectClass=*)', [str('objectClass'), str('namingContexts')], ) self.assertEqual(type(m), type(0)) result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEqual(result, _ldap.RES_SEARCH_RESULT) self.assertEqual(pmsg[0][0], "") # rootDSE has no dn self.assertEqual(msgid, m) self.assertEqual(ctrls, []) root_dse = pmsg[0][1] self.assertTrue('objectClass' in root_dse) self.assertTrue(b'OpenLDAProotDSE' in root_dse['objectClass']) self.assertTrue('namingContexts' in root_dse) self.assertEqual(root_dse['namingContexts'], [self.server.suffix.encode('ascii')]) def test_unbind(self): l = self._open_conn() m = l.unbind_ext() self.assertIsNone(m) # Second attempt to unbind should yield an exception try: l.unbind_ext() except _ldap.error: pass def test_search_ext_individual(self): l = self._open_conn() # send search request m = l.search_ext( self.server.suffix, _ldap.SCOPE_SUBTREE, '(objectClass=dcObject)' ) self.assertEqual(type(m), type(0)) result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ONE, self.timeout) # Expect to get just one object self.assertEqual(result, _ldap.RES_SEARCH_ENTRY) self.assertEqual(len(pmsg), 1) self.assertEqual(len(pmsg[0]), 2) self.assertEqual(pmsg[0][0], self.server.suffix) self.assertEqual(pmsg[0][0], self.server.suffix) self.assertTrue(b'dcObject' in pmsg[0][1]['objectClass']) self.assertTrue(b'organization' in pmsg[0][1]['objectClass']) self.assertEqual(msgid, m) self.assertEqual(ctrls, []) result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ONE, self.timeout) self.assertEqual(result, _ldap.RES_SEARCH_RESULT) self.assertEqual(pmsg, []) self.assertEqual(msgid, m) self.assertEqual(ctrls, []) def test_abandon(self): l = self._open_conn() m = l.search_ext(self.server.suffix, _ldap.SCOPE_SUBTREE, '(objectClass=*)') ret = l.abandon_ext(m) self.assertIsNone(ret) try: r = l.result4(m, _ldap.MSG_ALL, 0.3) # (timeout /could/ be longer) except _ldap.TIMEOUT as e: pass else: self.fail("expected TIMEOUT, got %r" % r) def test_search_ext_all(self): l = self._open_conn() # send search request m = l.search_ext(self.server.suffix, _ldap.SCOPE_SUBTREE, '(objectClass=*)') self.assertEqual(type(m), type(0)) result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) # Expect to get some objects self.assertEqual(result, _ldap.RES_SEARCH_RESULT) self.assertTrue(len(pmsg) >= 2) self.assertEqual(msgid, m) self.assertEqual(ctrls, []) def test_invalid_search_filter(self): l = self._open_conn() with self.assertRaises(_ldap.FILTER_ERROR): l.search_ext( self.server.suffix, _ldap.SCOPE_SUBTREE, 'bogus filter expr' ) def test_add(self): """ test add operation """ l = self._open_conn() m = l.add_ext( "cn=Foo," + self.writesuffix, [ ('objectClass', b'organizationalRole'), ('cn', b'Foo'), ('description', b'testing'), ] ) self.assertEqual(type(m), type(0)) result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEqual(result, _ldap.RES_ADD) self.assertEqual(pmsg, []) self.assertEqual(msgid, m) self.assertEqual(ctrls, []) # search for it back m = l.search_ext(self.writesuffix, _ldap.SCOPE_SUBTREE, '(cn=Foo)') result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) # Expect to get the objects self.assertEqual(result, _ldap.RES_SEARCH_RESULT) self.assertEqual(len(pmsg), 1) self.assertEqual(msgid, m) self.assertEqual(ctrls, []) self.assertEqual( pmsg[0], ( 'cn=Foo,'+self.writesuffix, { 'objectClass': [b'organizationalRole'], 'cn': [b'Foo'], 'description': [b'testing'], } ) ) def test_compare(self): """ test compare operation """ l = self._open_conn() # first, add an object with a field we can compare on dn = "cn=CompareTest," + self.writesuffix m = l.add_ext( dn, [ ('objectClass', b'person'), ('sn', b'CompareTest'), ('cn', b'CompareTest'), ('userPassword', b'the_password'), ], ) self.assertEqual(type(m), type(0)) result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEqual(result, _ldap.RES_ADD) # try a false compare m = l.compare_ext(dn, "userPassword", "bad_string") try: r = l.result4(m, _ldap.MSG_ALL, self.timeout) except _ldap.COMPARE_FALSE: pass else: self.fail("expected COMPARE_FALSE, got %r" % r) # try a true compare m = l.compare_ext(dn, "userPassword", "the_password") try: r = l.result4(m, _ldap.MSG_ALL, self.timeout) except _ldap.COMPARE_TRUE: pass else: self.fail("expected COMPARE_TRUE, got %r" % r) # try a compare on bad attribute m = l.compare_ext(dn, "badAttribute", "ignoreme") try: r = l.result4(m, _ldap.MSG_ALL, self.timeout) except _ldap.error: pass else: self.fail("expected LDAPError, got %r" % r) def test_delete_no_such_object(self): """ try deleting an object that doesn't exist """ l = self._open_conn() m = l.delete_ext("cn=DoesNotExist,"+self.server.suffix) try: r = l.result4(m, _ldap.MSG_ALL, self.timeout) except _ldap.NO_SUCH_OBJECT: pass else: self.fail("expected NO_SUCH_OBJECT, got %r" % r) def test_delete(self): l = self._open_conn() # first, add an object we will delete dn = "cn=Deleteme,"+self.writesuffix m = l.add_ext( dn, [ ('objectClass', b'organizationalRole'), ('cn', b'Deleteme'), ] ) self.assertEqual(type(m), type(0)) result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEqual(result, _ldap.RES_ADD) m = l.delete_ext(dn) result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEqual(result, _ldap.RES_DELETE) self.assertEqual(msgid, m) self.assertEqual(pmsg, []) self.assertEqual(ctrls, []) def test_modify_no_such_object(self): l = self._open_conn() # try deleting an object that doesn't exist m = l.modify_ext( "cn=DoesNotExist,"+self.writesuffix, [ (_ldap.MOD_ADD, 'description', [b'blah']), ] ) try: r = l.result4(m, _ldap.MSG_ALL, self.timeout) except _ldap.NO_SUCH_OBJECT: pass else: self.fail("expected NO_SUCH_OBJECT, got %r" % r) def test_modify_no_such_object_empty_attrs(self): """ try deleting an object that doesn't exist """ l = self._open_conn() m = l.modify_ext( "cn=DoesNotExist,"+self.server.suffix, [ (_ldap.MOD_ADD, 'description', [b'dummy']), ] ) self.assertTrue(isinstance(m, int)) try: r = l.result4(m, _ldap.MSG_ALL, self.timeout) except _ldap.NO_SUCH_OBJECT: pass else: self.fail("expected NO_SUCH_OBJECT, got %r" % r) def test_modify(self): """ test modify operation """ l = self._open_conn() # first, add an object we will delete dn = "cn=AddToMe,"+self.writesuffix m = l.add_ext( dn, [ ('objectClass', b'person'), ('cn', b'AddToMe'), ('sn', b'Modify'), ('description', b'a description'), ] ) self.assertEqual(type(m), type(0)) result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEqual(result, _ldap.RES_ADD) m = l.modify_ext( dn, [ (_ldap.MOD_ADD, 'description', [b'b desc', b'c desc']), ] ) result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEqual(result, _ldap.RES_MODIFY) self.assertEqual(pmsg, []) self.assertEqual(msgid, m) self.assertEqual(ctrls, []) # search for it back m = l.search_ext(self.writesuffix, _ldap.SCOPE_SUBTREE, '(cn=AddToMe)') result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) # Expect to get the objects self.assertEqual(result, _ldap.RES_SEARCH_RESULT) self.assertEqual(len(pmsg), 1) self.assertEqual(msgid, m) self.assertEqual(ctrls, []) self.assertEqual(pmsg[0][0], dn) d = list(pmsg[0][1]['description']) d.sort() self.assertEqual(d, [b'a description', b'b desc', b'c desc']) def test_rename(self): l = self._open_conn() dn = "cn=RenameMe,"+self.writesuffix m = l.add_ext( dn, [ ('objectClass', b'organizationalRole'), ('cn', b'RenameMe'), ] ) self.assertEqual(type(m), type(0)) result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEqual(result, _ldap.RES_ADD) # do the rename with same parent m = l.rename(dn, "cn=IAmRenamed") result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEqual(result, _ldap.RES_MODRDN) self.assertEqual(msgid, m) self.assertEqual(pmsg, []) self.assertEqual(ctrls, []) # make sure the old one is gone m = l.search_ext(self.writesuffix, _ldap.SCOPE_SUBTREE, '(cn=RenameMe)') result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEqual(result, _ldap.RES_SEARCH_RESULT) self.assertEqual(len(pmsg), 0) # expect no results self.assertEqual(msgid, m) self.assertEqual(ctrls, []) # check that the new one looks right dn2 = "cn=IAmRenamed,"+self.writesuffix m = l.search_ext(self.writesuffix, _ldap.SCOPE_SUBTREE, '(cn=IAmRenamed)') result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEqual(result, _ldap.RES_SEARCH_RESULT) self.assertEqual(msgid, m) self.assertEqual(ctrls, []) self.assertEqual(len(pmsg), 1) self.assertEqual(pmsg[0][0], dn2) self.assertEqual(pmsg[0][1]['cn'], [b'IAmRenamed']) # create the container containerDn = "ou=RenameContainer,"+self.writesuffix m = l.add_ext( containerDn, [ ('objectClass', b'organizationalUnit'), ('ou', b'RenameContainer'), ] ) result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEqual(result, _ldap.RES_ADD) # now rename from dn2 to the conater dn3 = "cn=IAmRenamedAgain," + containerDn # Now try renaming dn2 across container (simultaneous name change) m = l.rename(dn2, "cn=IAmRenamedAgain", containerDn) result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEqual(result, _ldap.RES_MODRDN) self.assertEqual(msgid, m) self.assertEqual(pmsg, []) self.assertEqual(ctrls, []) # make sure dn2 is gone m = l.search_ext(self.writesuffix, _ldap.SCOPE_SUBTREE, '(cn=IAmRenamed)') result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEqual(result, _ldap.RES_SEARCH_RESULT) self.assertEqual(len(pmsg), 0) # expect no results self.assertEqual(msgid, m) self.assertEqual(ctrls, []) m = l.search_ext(self.writesuffix, _ldap.SCOPE_SUBTREE, '(objectClass=*)') result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) # make sure dn3 is there m = l.search_ext(self.writesuffix, _ldap.SCOPE_SUBTREE, '(cn=IAmRenamedAgain)') result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEqual(result, _ldap.RES_SEARCH_RESULT) self.assertEqual(msgid, m) self.assertEqual(ctrls, []) self.assertEqual(len(pmsg), 1) self.assertEqual(pmsg[0][0], dn3) self.assertEqual(pmsg[0][1]['cn'], [b'IAmRenamedAgain']) def test_whoami(self): l = self._open_conn() r = l.whoami_s() self.assertEqual("dn:" + self.server.root_dn, r) def test_whoami_unbound(self): l = self._open_conn(bind=False) l.set_option(_ldap.OPT_PROTOCOL_VERSION, _ldap.VERSION3) r = l.whoami_s() self.assertEqual("", r) def test_whoami_anonymous(self): l = self._open_conn(bind=False) l.set_option(_ldap.OPT_PROTOCOL_VERSION, _ldap.VERSION3) # Anonymous bind m = l.simple_bind("", "") result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEqual(result, _ldap.RES_BIND) # check with Who Am I? extended operation r = l.whoami_s() self.assertEqual("", r) def test_whoami_after_unbind(self): # https://github.com/pyldap/pyldap/issues/29 l = self._open_conn(bind=True) l.unbind_ext() with self.assertRaises(_ldap.LDAPError): l.whoami_s() def test_passwd(self): l = self._open_conn() # first, create a user to change password on dn = "cn=PasswordTest," + self.writesuffix m = l.add_ext( dn, [ ('objectClass', b'person'), ('sn', b'PasswordTest'), ('cn', b'PasswordTest'), ('userPassword', b'initial'), ] ) self.assertEqual(type(m), type(0)) result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEqual(result, _ldap.RES_ADD) # try changing password with a wrong old-pw m = l.passwd(dn, "bogus", "ignored") self.assertEqual(type(m), type(0)) try: r = l.result4(m, _ldap.MSG_ALL, self.timeout) except _ldap.UNWILLING_TO_PERFORM: pass else: self.fail("expected UNWILLING_TO_PERFORM, got %r" % r) # try changing password with a correct old-pw m = l.passwd(dn, "initial", "changed") result, pmsg, msgid, ctrls = l.result4(m, _ldap.MSG_ALL, self.timeout) self.assertEqual(msgid, m) self.assertEqual(pmsg, []) self.assertEqual(result, _ldap.RES_EXTENDED) self.assertEqual(ctrls, []) def test_options(self): oldval = _ldap.get_option(_ldap.OPT_PROTOCOL_VERSION) try: try: _ldap.set_option(_ldap.OPT_PROTOCOL_VERSION, "3") except TypeError: pass else: self.fail("expected string value to raise a TypeError") _ldap.set_option(_ldap.OPT_PROTOCOL_VERSION, _ldap.VERSION2) v = _ldap.get_option(_ldap.OPT_PROTOCOL_VERSION) self.assertEqual(v, _ldap.VERSION2) _ldap.set_option(_ldap.OPT_PROTOCOL_VERSION, _ldap.VERSION3) v = _ldap.get_option(_ldap.OPT_PROTOCOL_VERSION) self.assertEqual(v, _ldap.VERSION3) finally: _ldap.set_option(_ldap.OPT_PROTOCOL_VERSION, oldval) l = self._open_conn() # Try changing some basic options and checking that they took effect l.set_option(_ldap.OPT_PROTOCOL_VERSION, _ldap.VERSION2) v = l.get_option(_ldap.OPT_PROTOCOL_VERSION) self.assertEqual(v, _ldap.VERSION2) l.set_option(_ldap.OPT_PROTOCOL_VERSION, _ldap.VERSION3) v = l.get_option(_ldap.OPT_PROTOCOL_VERSION) self.assertEqual(v, _ldap.VERSION3) # Try setting options that will yield a known error. try: _ldap.get_option(_ldap.OPT_MATCHED_DN) except ValueError: pass else: self.fail("expected ValueError") def _require_attr(self, obj, attrname): """Returns true if the attribute exists on the object. This is to allow some tests to be optional, because _ldap is compiled with different properties depending on the underlying C library. This could me made to thrown an exception if you want the tests to be strict.""" if hasattr(obj, attrname): return True #self.fail("required attribute '%s' missing" % attrname) return False def test_sasl(self): l = self._open_conn() if not self._require_attr(l, 'sasl_interactive_bind_s'): # HAVE_SASL return # TODO def test_cancel(self): l = self._open_conn() if not self._require_attr(l, 'cancel'): # FEATURE_CANCEL return def test_enotconn(self): l = _ldap.initialize('ldap://127.0.0.1:42') try: m = l.simple_bind("", "") r = l.result4(m, _ldap.MSG_ALL, self.timeout) except _ldap.SERVER_DOWN as ldap_err: errno_val = ldap_err.args[0]['errno'] if errno_val != errno.ENOTCONN: self.fail("expected errno=%d, got %d" % (errno.ENOTCONN, errno_val)) else: self.fail("expected SERVER_DOWN, got %r" % r) def test_invalid_filter(self): l = self._open_conn(bind=False) # search with invalid filter try: m = l.search_ext( "", _ldap.SCOPE_BASE, '(|(objectClass=*)', ) self.assertEqual(type(m), type(0)) r = l.result4(m, _ldap.MSG_ALL, self.timeout) except _ldap.FILTER_ERROR: pass else: self.fail("expected FILTER_ERROR, got %r" % r) def test_invalid_credentials(self): l = self._open_conn(bind=False) # search with invalid filter try: m = l.simple_bind(self.server.root_dn, self.server.root_pw+'wrong') r = l.result4(m, _ldap.MSG_ALL, self.timeout) except _ldap.INVALID_CREDENTIALS: pass else: self.fail("expected INVALID_CREDENTIALS, got %r" % r) # TODO: test_extop def assertInvalidControls(self, func, *args, **kwargs): post = kwargs.pop('post', ()) self.assertFalse(kwargs) # last two args are serverctrls, clientctrls with self.assertRaises(TypeError) as e: func(*(args + (object, None) + post)) self.assertEqual( e.exception.args, ('LDAPControls_from_object(): expected a list', object) ) with self.assertRaises(TypeError) as e: func(*(args + (None, object) + post)) self.assertEqual( e.exception.args, ('LDAPControls_from_object(): expected a list', object) ) def test_invalid_controls(self): l = self._open_conn() self.assertInvalidControls(l.simple_bind, "", "") self.assertInvalidControls(l.whoami_s) self.assertInvalidControls(l.passwd, 'dn', 'initial', 'changed') self.assertInvalidControls(l.add_ext, 'dn', [('cn', b'cn')]) self.assertInvalidControls( l.modify_ext, 'dn', [(_ldap.MOD_ADD, 'attr', [b'value'])]) self.assertInvalidControls(l.compare_ext, 'dn', 'val1', 'val2') self.assertInvalidControls( l.rename, 'dn', 'newdn', 'container', False) self.assertInvalidControls( l.search_ext, 'dn', _ldap.SCOPE_SUBTREE, '(objectClass=*)', None, 1) self.assertInvalidControls(l.delete_ext, 'dn') m = l.search_ext( self.server.suffix, _ldap.SCOPE_SUBTREE, '(objectClass=*)') self.assertInvalidControls(l.abandon_ext, m) self.assertInvalidControls(l.cancel, 0) self.assertInvalidControls(l.extop, 'oid', 'value') if hasattr(l, 'sasl_bind_s'): self.assertInvalidControls(l.sasl_bind_s, 'dn', 'MECH', 'CRED') if hasattr(l, 'sasl_interactive_bind_s'): self.assertInvalidControls( l.sasl_interactive_bind_s, 'who', 'SASLObject', post=(1,)) self.assertInvalidControls(l.unbind_ext) @requires_tls() def test_tls_ext(self): l = self._open_conn(bind=False) # StartTLS needs LDAPv3 l.set_option(_ldap.OPT_PROTOCOL_VERSION, _ldap.VERSION3) l.set_option(_ldap.OPT_X_TLS_CACERTFILE, self.server.cafile) # re-create TLS context l.set_option(_ldap.OPT_X_TLS_NEWCTX, 0) l.start_tls_s() @requires_tls() def test_tls_require_cert(self): # libldap defaults to secure cert validation # see libraries/libldap/init.c # gopts->ldo_tls_require_cert = LDAP_OPT_X_TLS_DEMAND; self.assertEqual( _ldap.get_option(_ldap.OPT_X_TLS_REQUIRE_CERT), _ldap.OPT_X_TLS_DEMAND ) l = self._open_conn(bind=False) self.assertEqual( l.get_option(_ldap.OPT_X_TLS_REQUIRE_CERT), _ldap.OPT_X_TLS_DEMAND ) @requires_tls() def test_tls_ext_noca(self): l = self._open_conn(bind=False) l.set_option(_ldap.OPT_PROTOCOL_VERSION, _ldap.VERSION3) # fails because libldap defaults to secure cert validation but # the test CA is not installed as trust anchor. with self.assertRaises(_ldap.CONNECT_ERROR) as e: l.start_tls_s() # known resaons: # Ubuntu on Travis: '(unknown error code)' # OpenSSL 1.1: error:1416F086:SSL routines:\ # tls_process_server_certificate:certificate verify failed # NSS: TLS error -8172:Peer's certificate issuer has \ # been marked as not trusted by the user. msg = str(e.exception) candidates = ('certificate', 'tls', '(unknown error code)') if not any(s in msg.lower() for s in candidates): self.fail(msg) @requires_tls() def test_tls_ext_clientcert(self): l = self._open_conn(bind=False) l.set_option(_ldap.OPT_PROTOCOL_VERSION, _ldap.VERSION3) l.set_option(_ldap.OPT_X_TLS_CACERTFILE, self.server.cafile) l.set_option(_ldap.OPT_X_TLS_CERTFILE, self.server.clientcert) l.set_option(_ldap.OPT_X_TLS_KEYFILE, self.server.clientkey) l.set_option(_ldap.OPT_X_TLS_REQUIRE_CERT, _ldap.OPT_X_TLS_HARD) l.set_option(_ldap.OPT_X_TLS_NEWCTX, 0) l.start_tls_s() @requires_tls() def test_tls_packages(self): # libldap has tls_g.c, tls_m.c, and tls_o.c with ldap_int_tls_impl package = _ldap.get_option(_ldap.OPT_X_TLS_PACKAGE) self.assertIn(package, {"GnuTLS", "MozNSS", "OpenSSL"}) if __name__ == '__main__': unittest.main() python-ldap-3.2.0/Tests/t_ldap_controls_ppolicy.py0000644000175000017500000000207213441744767024314 0ustar pviktoripviktorin00000000000000import os import unittest # Switch off processing .ldaprc or ldap.conf before importing _ldap os.environ['LDAPNOINIT'] = '1' from ldap.controls import ppolicy PP_GRACEAUTH = b'0\x84\x00\x00\x00\t\xa0\x84\x00\x00\x00\x03\x81\x01\x02' PP_TIMEBEFORE = b'0\x84\x00\x00\x00\t\xa0\x84\x00\x00\x00\x03\x80\x012' class TestControlsPPolicy(unittest.TestCase): def assertPPolicy(self, pp, timeBeforeExpiration=None, graceAuthNsRemaining=None, error=None): self.assertEqual(pp.timeBeforeExpiration, timeBeforeExpiration) self.assertEqual(pp.graceAuthNsRemaining, graceAuthNsRemaining) self.assertEqual(pp.error, error) def test_ppolicy_graceauth(self): pp = ppolicy.PasswordPolicyControl() pp.decodeControlValue(PP_GRACEAUTH) self.assertPPolicy(pp, graceAuthNsRemaining=2) def test_ppolicy_timebefore(self): pp = ppolicy.PasswordPolicyControl() pp.decodeControlValue(PP_TIMEBEFORE) self.assertPPolicy(pp, timeBeforeExpiration=50) if __name__ == '__main__': unittest.main() python-ldap-3.2.0/Tests/t_bind.py0000644000175000017500000000452013441744767020626 0ustar pviktoripviktorin00000000000000from __future__ import unicode_literals import sys if sys.version_info[0] <= 2: PY2 = True text_type = unicode else: PY2 = False text_type = str import os import unittest # Switch off processing .ldaprc or ldap.conf before importing _ldap os.environ['LDAPNOINIT'] = '1' import ldap from ldap.ldapobject import LDAPObject from slapdtest import SlapdTestCase class TestBinds(SlapdTestCase): unicode_val = "abc\U0001f498def" unicode_val_bytes = unicode_val.encode('utf-8') dn_unicode = "CN=" + unicode_val dn_bytes = dn_unicode.encode('utf-8') def _get_ldapobject(self, bytes_mode=None): l = LDAPObject(self.server.ldap_uri, bytes_mode=bytes_mode) l.protocol_version = 3 l.set_option(ldap.OPT_REFERRALS,0) return l def test_simple_bind(self): l = self._get_ldapobject(False) with self.assertRaises(ldap.INVALID_CREDENTIALS): l.simple_bind_s(self.dn_unicode, self.unicode_val) def test_unicode_bind(self): l = self._get_ldapobject(False) l.simple_bind(self.dn_unicode, "ascii") l = self._get_ldapobject(False) l.simple_bind("CN=user", self.unicode_val) @unittest.skipUnless(PY2, "no bytes_mode under Py3") def test_unicode_bind_bytesmode(self): l = self._get_ldapobject(True) with self.assertRaises(TypeError): l.simple_bind_s(self.dn_unicode, self.unicode_val_bytes) with self.assertRaises(TypeError): l.simple_bind_s(self.dn_bytes, self.unicode_val) # Works when encoded to UTF-8 with self.assertRaises(ldap.INVALID_CREDENTIALS): l.simple_bind_s(self.dn_bytes, self.unicode_val_bytes) def test_unicode_bind_no_bytesmode(self): l = self._get_ldapobject(False) with self.assertRaises(TypeError): l.simple_bind_s(self.dn_bytes, self.unicode_val) # Works fine in Python 3 because 'cred' (the password) is read in # using the "s#" format which, unlike "s", accepts either a str # (unicode) *or* bytes. # # with self.assertRaises(TypeError): # l.simple_bind_s(self.dn_unicode, self.unicode_val_bytes) with self.assertRaises(ldap.INVALID_CREDENTIALS): l.simple_bind_s(self.dn_unicode, self.unicode_val) if __name__ == '__main__': unittest.main() python-ldap-3.2.0/Tests/t_ldap_schema_subentry.py0000644000175000017500000002476413441744767024121 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ Automatic tests for python-ldap's class ldap.schema.SubSchema See https://www.python-ldap.org/ for details. """ import os import unittest # Switch off processing .ldaprc or ldap.conf before importing _ldap os.environ['LDAPNOINIT'] = '1' import ldap import ldif from ldap.ldapobject import SimpleLDAPObject import ldap.schema from ldap.schema.models import ObjectClass, AttributeType from slapdtest import SlapdTestCase, requires_ldapi HERE = os.path.abspath(os.path.dirname(__file__)) TEST_SUBSCHEMA_FILES = ( os.path.join(HERE, 'data', 'subschema-ipa.demo1.freeipa.org.ldif'), os.path.join(HERE, 'data', 'subschema-openldap-all.ldif'), ) class TestSubschemaLDIF(unittest.TestCase): """ test ldap.schema.SubSchema with subschema subentries read from LDIF files """ def test_subschema_file(self): for test_file in TEST_SUBSCHEMA_FILES: # Read and parse LDIF file with open(test_file, 'rb') as ldif_file: ldif_parser = ldif.LDIFRecordList(ldif_file,max_entries=1) ldif_parser.parse() _, subschema_subentry = ldif_parser.all_records[0] sub_schema = ldap.schema.SubSchema(subschema_subentry) # Smoke-check for listall() and attribute_types() for objclass in sub_schema.listall(ObjectClass): must, may = sub_schema.attribute_types([objclass]) for oid, attributetype in must.items(): self.assertEqual(attributetype.oid, oid) for oid, attributetype in may.items(): self.assertEqual(attributetype.oid, oid) class TestSubschemaUrlfetch(unittest.TestCase): def test_urlfetch_file(self): freeipa_uri = 'file://{}'.format(TEST_SUBSCHEMA_FILES[0]) dn, schema = ldap.schema.urlfetch(freeipa_uri) self.assertEqual(dn, 'cn=schema') self.assertIsInstance(schema, ldap.schema.subentry.SubSchema) obj = schema.get_obj(ObjectClass, '2.5.6.9') self.assertEqual( str(obj), "( 2.5.6.9 NAME 'groupOfNames' SUP top STRUCTURAL MUST cn " "MAY ( member $ businessCategory $ seeAlso $ owner $ ou $ o " "$ description ) X-ORIGIN 'RFC 4519' )" ) class TestXOrigin(unittest.TestCase): def get_attribute_type(self, oid): openldap_uri = 'file://{}'.format(TEST_SUBSCHEMA_FILES[0]) dn, schema = ldap.schema.urlfetch(openldap_uri) return schema.get_obj(AttributeType, oid) def test_origin_none(self): self.assertEqual( self.get_attribute_type('2.16.840.1.113719.1.301.4.24.1').x_origin, ()) def test_origin_string(self): self.assertEqual( self.get_attribute_type('2.16.840.1.113730.3.1.2091').x_origin, ('Netscape',)) def test_origin_multi_valued(self): self.assertEqual( self.get_attribute_type('1.3.6.1.4.1.11.1.3.1.1.3').x_origin, ('RFC4876', 'user defined')) def test_origin_none_str(self): """Check string representation of an attribute without X-ORIGIN""" # This should check that the representation: # - does not contain X-ORIGIN, and # - is still syntactically valid. # Checking the full output makes the test simpler, # though might need to be adjusted in the future. self.assertEqual( str(self.get_attribute_type('2.16.840.1.113719.1.301.4.24.1')), ( "( 2.16.840.1.113719.1.301.4.24.1 " + "NAME 'krbHostServer' " + "EQUALITY caseExactIA5Match " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )" ), ) def test_origin_string_str(self): """Check string representation of an attr with single-value X-ORIGIN""" # This should check that the representation: # - has the X-ORIGIN entry 'Netscape' with no parentheses, and # - is still syntactically valid. # Checking the full output makes the test simpler, # though might need to be adjusted in the future. self.assertEqual( str(self.get_attribute_type('2.16.840.1.113730.3.1.2091')), ( "( 2.16.840.1.113730.3.1.2091 " + "NAME 'nsslapd-suffix' " + "DESC 'Netscape defined attribute type' " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " + "X-ORIGIN 'Netscape' )" ), ) def test_origin_multi_valued_str(self): """Check string representation of an attr with multi-value X-ORIGIN""" # This should check that the representation: # - has a parenthesized X-ORIGIN entry, and # - is still syntactically valid. # Checking the full output makes the test simpler, # though might need to be adjusted in the future. self.assertEqual( str(self.get_attribute_type('1.3.6.1.4.1.11.1.3.1.1.3')), ( "( 1.3.6.1.4.1.11.1.3.1.1.3 NAME 'searchTimeLimit' " + "DESC 'Maximum time an agent or service allows for a search " + "to complete' " + "EQUALITY integerMatch " + "ORDERING integerOrderingMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 " + "SINGLE-VALUE " + "X-ORIGIN ( 'RFC4876' 'user defined' ) )" ), ) def test_set_origin_str(self): """Check that setting X-ORIGIN to a string makes entry unusable""" attr = self.get_attribute_type('2.16.840.1.113719.1.301.4.24.1') attr.x_origin = 'Netscape' self.assertRaises(AssertionError, str, attr) def test_set_origin_list(self): """Check that setting X-ORIGIN to a list makes entry unusable""" attr = self.get_attribute_type('2.16.840.1.113719.1.301.4.24.1') attr.x_origin = [] self.assertRaises(AssertionError, str, attr) def test_set_origin_tuple(self): """Check that setting X-ORIGIN to a tuple works""" attr = self.get_attribute_type('2.16.840.1.113719.1.301.4.24.1') attr.x_origin = ('user defined',) self.assertIn(" X-ORIGIN 'user defined' ", str(attr)) class TestAttributes(unittest.TestCase): def get_schema(self): openldap_uri = 'file://{}'.format(TEST_SUBSCHEMA_FILES[0]) dn, schema = ldap.schema.urlfetch(openldap_uri) return schema def test_empty_attributetype_attrs(self): """Check types and values of attributes of a minimal AttributeType""" # (OID 2.999 is actually "/Example", for use in documentation) attr = AttributeType('( 2.999 )') self.assertEqual(attr.oid, '2.999') self.assertEqual(attr.names, ()) self.assertEqual(attr.desc, None) self.assertEqual(attr.obsolete, False) self.assertEqual(attr.single_value, False) self.assertEqual(attr.syntax, None) self.assertEqual(attr.no_user_mod, False) self.assertEqual(attr.equality, None) self.assertEqual(attr.substr, None) self.assertEqual(attr.ordering, None) self.assertEqual(attr.usage, 0) self.assertEqual(attr.sup, ()) self.assertEqual(attr.x_origin, ()) def test_empty_objectclass_attrs(self): """Check types and values of attributes of a minimal ObjectClass""" # (OID 2.999 is actually "/Example", for use in documentation) cls = ObjectClass('( 2.999 )') self.assertEqual(cls.oid, '2.999') self.assertEqual(cls.names, ()) self.assertEqual(cls.desc, None) self.assertEqual(cls.obsolete, False) self.assertEqual(cls.must, ()) self.assertEqual(cls.may, ()) self.assertEqual(cls.kind, 0) self.assertEqual(cls.sup, ('top',)) self.assertEqual(cls.x_origin, ()) def test_attributetype_attrs(self): """Check types and values of an AttributeType object's attributes""" schema = self.get_schema() attr = schema.get_obj(AttributeType, '1.3.6.1.4.1.11.1.3.1.1.3') expected_desc = ( 'Maximum time an agent or service allows for a search to complete' ) self.assertEqual(attr.oid, '1.3.6.1.4.1.11.1.3.1.1.3') self.assertEqual(attr.names, ('searchTimeLimit',)) self.assertEqual(attr.desc, expected_desc) self.assertEqual(attr.obsolete, False) self.assertEqual(attr.single_value, True) self.assertEqual(attr.syntax, '1.3.6.1.4.1.1466.115.121.1.27') self.assertEqual(attr.no_user_mod, False) self.assertEqual(attr.equality, 'integerMatch') self.assertEqual(attr.ordering, 'integerOrderingMatch') self.assertEqual(attr.sup, ()) self.assertEqual(attr.x_origin, ('RFC4876', 'user defined')) def test_objectclass_attrs(self): """Check types and values of an ObjectClass object's attributes""" schema = self.get_schema() cls = schema.get_obj(ObjectClass, '2.5.6.9') expected_may = ( 'member', 'businessCategory', 'seeAlso', 'owner', 'ou', 'o', 'description', ) self.assertEqual(cls.oid, '2.5.6.9') self.assertEqual(cls.names, ('groupOfNames',)) self.assertEqual(cls.desc, None) self.assertEqual(cls.obsolete, False) self.assertEqual(cls.must, ('cn',)) self.assertEqual(cls.may, expected_may) self.assertEqual(cls.kind, 0) self.assertEqual(cls.sup, ('top',)) self.assertEqual(cls.x_origin, ('RFC 4519',)) class TestSubschemaUrlfetchSlapd(SlapdTestCase): ldap_object_class = SimpleLDAPObject def assertSlapdSchema(self, dn, schema): self.assertEqual(dn, 'cn=Subschema') self.assertIsInstance(schema, ldap.schema.subentry.SubSchema) obj = schema.get_obj(ObjectClass, '1.3.6.1.1.3.1') self.assertEqual( str(obj), "( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid object' " "SUP top AUXILIARY MUST uid )" ) entries = schema.ldap_entry() self.assertIsInstance(entries, dict) self.assertEqual(sorted(entries), [ 'attributeTypes', 'ldapSyntaxes', 'matchingRuleUse', 'matchingRules', 'objectClasses', ]) def test_urlfetch_ldap(self): dn, schema = ldap.schema.urlfetch(self.server.ldap_uri) self.assertSlapdSchema(dn, schema) @requires_ldapi() def test_urlfetch_ldapi(self): dn, schema = ldap.schema.urlfetch(self.server.ldapi_uri) self.assertSlapdSchema(dn, schema) if __name__ == '__main__': unittest.main() python-ldap-3.2.0/Tests/t_ldap_modlist.py0000644000175000017500000001120113441744767022357 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ Automatic tests for python-ldap's module ldap.modlist See https://www.python-ldap.org/ for details. """ import os import unittest # Switch off processing .ldaprc or ldap.conf before importing _ldap os.environ['LDAPNOINIT'] = '1' import ldap from ldap.modlist import addModlist,modifyModlist class TestModlist(unittest.TestCase): addModlist_tests = [ ( { 'objectClass': [b'person',b'pilotPerson'], 'cn':[b'Michael Str\303\266der',b'Michael Stroeder'], 'sn':[b'Str\303\266der'], 'dummy1':[], 'dummy2':[b'2'], 'dummy3':[b''], }, [ ('objectClass',[b'person',b'pilotPerson']), ('cn',[b'Michael Str\303\266der',b'Michael Stroeder']), ('sn',[b'Str\303\266der']), ('dummy2',[b'2']), ('dummy3',[b'']), ] ), ] def test_addModlist(self): for entry,test_modlist in self.addModlist_tests: test_modlist.sort() result_modlist = addModlist(entry) result_modlist.sort() self.assertEqual( test_modlist, result_modlist, 'addModlist(%s) returns\n%s\ninstead of\n%s.' % ( repr(entry),repr(result_modlist),repr(test_modlist) ) ) modifyModlist_tests = [ ( { 'objectClass':[b'person',b'pilotPerson'], 'cn':[b'Michael Str\303\266der',b'Michael Stroeder'], 'sn':[b'Str\303\266der'], 'enum':[b'a',b'b',b'c'], 'c':[b'DE'], }, { 'objectClass':[b'person',b'inetOrgPerson'], 'cn':[b'Michael Str\303\266der',b'Michael Stroeder'], 'sn':[], 'enum':[b'a',b'b',b'd'], 'mail':[b'michael@stroeder.com'], }, [], [ (ldap.MOD_DELETE,'objectClass',None), (ldap.MOD_ADD,'objectClass',[b'person',b'inetOrgPerson']), (ldap.MOD_DELETE,'c',None), (ldap.MOD_DELETE,'sn',None), (ldap.MOD_ADD,'mail',[b'michael@stroeder.com']), (ldap.MOD_DELETE,'enum',None), (ldap.MOD_ADD,'enum',[b'a',b'b',b'd']), ] ), ( { 'c':[b'DE'], }, { 'c':[b'FR'], }, [], [ (ldap.MOD_DELETE,'c',None), (ldap.MOD_ADD,'c',[b'FR']), ] ), # Now a weird test-case for catching all possibilities # of removing an attribute with MOD_DELETE,attr_type,None ( { 'objectClass':[b'person'], 'cn':[None], 'sn':[b''], 'c':[b'DE'], }, { 'objectClass':[], 'cn':[], 'sn':[None], }, [], [ (ldap.MOD_DELETE,'c',None), (ldap.MOD_DELETE,'objectClass',None), (ldap.MOD_DELETE,'sn',None), ] ), ( { 'objectClass':[b'person'], 'cn':[b'Michael Str\303\266der',b'Michael Stroeder'], 'sn':[b'Str\303\266der'], 'enum':[b'a',b'b',b'C'], }, { 'objectClass':[b'Person'], 'cn':[b'Michael Str\303\266der',b'Michael Stroeder'], 'sn':[], 'enum':[b'a',b'b',b'c'], }, ['objectClass'], [ (ldap.MOD_DELETE,'sn',None), (ldap.MOD_DELETE,'enum',None), (ldap.MOD_ADD,'enum',[b'a',b'b',b'c']), ] ), ] def test_modifyModlist(self): for old_entry, new_entry, case_ignore_attr_types, test_modlist in self.modifyModlist_tests: test_modlist.sort() result_modlist = modifyModlist( old_entry, new_entry, case_ignore_attr_types=case_ignore_attr_types) result_modlist.sort() self.assertEqual( test_modlist, result_modlist, 'modifyModlist(%s,%s) returns\n%s\ninstead of\n%s.' % ( repr(old_entry), repr(new_entry), repr(result_modlist), repr(test_modlist), ) ) if __name__ == '__main__': unittest.main() python-ldap-3.2.0/Tests/t_slapdobject.py0000644000175000017500000000100113441744756022171 0ustar pviktoripviktorin00000000000000import unittest import slapdtest class TestSlapdObject(unittest.TestCase): def test_context_manager(self): with slapdtest.SlapdObject() as server: self.assertIsNotNone(server._proc) self.assertIsNone(server._proc) def test_context_manager_after_start(self): server = slapdtest.SlapdObject() server.start() self.assertIsNotNone(server._proc) with server: self.assertIsNotNone(server._proc) self.assertIsNone(server._proc) python-ldap-3.2.0/Tests/t_ldapobject.py0000644000175000017500000006161413441744767022030 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ Automatic tests for python-ldap's module ldap.ldapobject See https://www.python-ldap.org/ for details. """ from __future__ import unicode_literals import sys if sys.version_info[0] <= 2: PY2 = True text_type = unicode else: PY2 = False text_type = str import errno import contextlib import linecache import os import unittest import warnings import pickle # Switch off processing .ldaprc or ldap.conf before importing _ldap os.environ['LDAPNOINIT'] = '1' import ldap from ldap.ldapobject import SimpleLDAPObject, ReconnectLDAPObject from slapdtest import SlapdTestCase from slapdtest import requires_ldapi, requires_sasl, requires_tls LDIF_TEMPLATE = """dn: %(suffix)s objectClass: dcObject objectClass: organization dc: %(dc)s o: %(dc)s dn: %(rootdn)s objectClass: applicationProcess objectClass: simpleSecurityObject cn: %(rootcn)s userPassword: %(rootpw)s dn: cn=user1,%(suffix)s objectClass: applicationProcess objectClass: simpleSecurityObject cn: user1 userPassword: user1_pw dn: cn=Foo1,%(suffix)s objectClass: organizationalRole cn: Foo1 dn: cn=Foo2,%(suffix)s objectClass: organizationalRole cn: Foo2 dn: cn=Foo3,%(suffix)s objectClass: organizationalRole cn: Foo3 dn: ou=Container,%(suffix)s objectClass: organizationalUnit ou: Container dn: cn=Foo4,ou=Container,%(suffix)s objectClass: organizationalRole cn: Foo4 """ class Test00_SimpleLDAPObject(SlapdTestCase): """ test LDAP search operations """ ldap_object_class = SimpleLDAPObject @classmethod def setUpClass(cls): super(Test00_SimpleLDAPObject, cls).setUpClass() # insert some Foo* objects via ldapadd cls.server.ldapadd( LDIF_TEMPLATE % { 'suffix':cls.server.suffix, 'rootdn':cls.server.root_dn, 'rootcn':cls.server.root_cn, 'rootpw':cls.server.root_pw, 'dc': cls.server.suffix.split(',')[0][3:], } ) def setUp(self): try: self._ldap_conn except AttributeError: # open local LDAP connection self._ldap_conn = self._open_ldap_conn(bytes_mode=False) def test_reject_bytes_base(self): base = self.server.suffix l = self._ldap_conn with self.assertRaises(TypeError) as e: l.search_s( base.encode('utf-8'), ldap.SCOPE_SUBTREE, '(cn=Foo*)', ['*'] ) if PY2: self.assertIn( u"got type 'str' for 'base'", text_type(e.exception) ) elif sys.version_info >= (3, 5, 0): # Python 3.4.x does not include 'search_ext()' in message self.assertEqual( "search_ext() argument 1 must be str, not bytes", text_type(e.exception) ) with self.assertRaises(TypeError) as e: l.search_s( base, ldap.SCOPE_SUBTREE, b'(cn=Foo*)', ['*'] ) if PY2: self.assertIn( u"got type 'str' for 'filterstr'", text_type(e.exception) ) elif sys.version_info >= (3, 5, 0): self.assertEqual( "search_ext() argument 3 must be str, not bytes", text_type(e.exception) ) with self.assertRaises(TypeError) as e: l.search_s( base, ldap.SCOPE_SUBTREE, '(cn=Foo*)', [b'*'] ) if PY2: self.assertIn( u"got type 'str' for 'attrlist'", text_type(e.exception) ) elif sys.version_info >= (3, 5, 0): self.assertEqual( ('attrs_from_List(): expected string in list', b'*'), e.exception.args ) def test_search_keys_are_text(self): base = self.server.suffix l = self._ldap_conn result = l.search_s(base, ldap.SCOPE_SUBTREE, '(cn=Foo*)', ['*']) result.sort() dn, fields = result[0] self.assertEqual(dn, 'cn=Foo1,%s' % base) self.assertEqual(type(dn), text_type) for key, values in fields.items(): self.assertEqual(type(key), text_type) for value in values: self.assertEqual(type(value), bytes) def _get_bytes_ldapobject(self, explicit=True, **kwargs): if explicit: kwargs.setdefault('bytes_mode', True) else: kwargs = {} return self._open_ldap_conn( who=self.server.root_dn.encode('utf-8'), cred=self.server.root_pw.encode('utf-8'), **kwargs ) @unittest.skipUnless(PY2, "no bytes_mode under Py3") def test_bytesmode_search_requires_bytes(self): l = self._get_bytes_ldapobject() base = self.server.suffix with self.assertRaises(TypeError): l.search_s(base.encode('utf-8'), ldap.SCOPE_SUBTREE, '(cn=Foo*)', [b'*']) with self.assertRaises(TypeError): l.search_s(base.encode('utf-8'), ldap.SCOPE_SUBTREE, b'(cn=Foo*)', ['*']) with self.assertRaises(TypeError): l.search_s(base, ldap.SCOPE_SUBTREE, b'(cn=Foo*)', [b'*']) @unittest.skipUnless(PY2, "no bytes_mode under Py3") def test_bytesmode_search_results_have_bytes(self): l = self._get_bytes_ldapobject() base = self.server.suffix result = l.search_s(base.encode('utf-8'), ldap.SCOPE_SUBTREE, b'(cn=Foo*)', [b'*']) result.sort() dn, fields = result[0] self.assertEqual(dn, b'cn=Foo1,%s' % base) self.assertEqual(type(dn), bytes) for key, values in fields.items(): self.assertEqual(type(key), bytes) for value in values: self.assertEqual(type(value), bytes) @unittest.skipUnless(PY2, "no bytes_mode under Py3") def test_bytesmode_search_defaults(self): l = self._get_bytes_ldapobject() base = 'cn=Foo1,' + self.server.suffix kwargs = dict( base=base.encode('utf-8'), scope=ldap.SCOPE_SUBTREE, # filterstr=b'(objectClass=*)' ) expected = [ ( base, {'cn': [b'Foo1'], 'objectClass': [b'organizationalRole']} ), ] result = l.search_s(**kwargs) self.assertEqual(result, expected) result = l.search_st(**kwargs) self.assertEqual(result, expected) result = l.search_ext_s(**kwargs) self.assertEqual(result, expected) @unittest.skipUnless(PY2, "no bytes_mode under Py3") def test_unset_bytesmode_search_warns_bytes(self): l = self._get_bytes_ldapobject(explicit=False) base = self.server.suffix l.search_s(base.encode('utf-8'), ldap.SCOPE_SUBTREE, '(cn=Foo*)', [b'*']) l.search_s(base.encode('utf-8'), ldap.SCOPE_SUBTREE, b'(cn=Foo*)', ['*']) l.search_s(base, ldap.SCOPE_SUBTREE, b'(cn=Foo*)', [b'*']) def _search_wrong_type(self, bytes_mode, strictness): if bytes_mode: l = self._get_bytes_ldapobject(bytes_strictness=strictness) else: l = self._open_ldap_conn(bytes_mode=False, bytes_strictness=strictness) base = 'cn=Foo1,' + self.server.suffix if not bytes_mode: base = base.encode('utf-8') result = l.search_s(base, scope=ldap.SCOPE_SUBTREE) return result[0][-1]['cn'] @unittest.skipUnless(PY2, "no bytes_mode under Py3") def test_bytesmode_silent(self): with warnings.catch_warnings(record=True) as w: warnings.resetwarnings() warnings.simplefilter('always', ldap.LDAPBytesWarning) self._search_wrong_type(bytes_mode=True, strictness='silent') self.assertEqual(w, []) @unittest.skipUnless(PY2, "no bytes_mode under Py3") def test_bytesmode_warn(self): with warnings.catch_warnings(record=True) as w: warnings.resetwarnings() warnings.simplefilter('always', ldap.LDAPBytesWarning) self._search_wrong_type(bytes_mode=True, strictness='warn') self.assertEqual(len(w), 1) @unittest.skipUnless(PY2, "no bytes_mode under Py3") def test_bytesmode_error(self): with warnings.catch_warnings(record=True) as w: warnings.resetwarnings() warnings.simplefilter('always', ldap.LDAPBytesWarning) with self.assertRaises(TypeError): self._search_wrong_type(bytes_mode=True, strictness='error') self.assertEqual(w, []) @unittest.skipUnless(PY2, "no bytes_mode under Py3") def test_textmode_silent(self): with warnings.catch_warnings(record=True) as w: warnings.resetwarnings() warnings.simplefilter('always', ldap.LDAPBytesWarning) self._search_wrong_type(bytes_mode=True, strictness='silent') self.assertEqual(w, []) @unittest.skipUnless(PY2, "no bytes_mode under Py3") def test_textmode_warn(self): with warnings.catch_warnings(record=True) as w: warnings.resetwarnings() warnings.simplefilter('always', ldap.LDAPBytesWarning) self._search_wrong_type(bytes_mode=True, strictness='warn') self.assertEqual(len(w), 1) @unittest.skipUnless(PY2, "no bytes_mode under Py3") def test_textmode_error(self): with warnings.catch_warnings(record=True) as w: warnings.resetwarnings() warnings.simplefilter('always', ldap.LDAPBytesWarning) with self.assertRaises(TypeError): self._search_wrong_type(bytes_mode=True, strictness='error') self.assertEqual(w, []) def test_search_accepts_unicode_dn(self): base = self.server.suffix l = self._ldap_conn with self.assertRaises(ldap.NO_SUCH_OBJECT): result = l.search_s("CN=abc\U0001f498def", ldap.SCOPE_SUBTREE) def test_filterstr_accepts_unicode(self): l = self._ldap_conn base = self.server.suffix result = l.search_s(base, ldap.SCOPE_SUBTREE, '(cn=abc\U0001f498def)', ['*']) self.assertEqual(result, []) def test_attrlist_accepts_unicode(self): base = self.server.suffix result = self._ldap_conn.search_s( base, ldap.SCOPE_SUBTREE, '(cn=Foo*)', ['abc', 'abc\U0001f498def']) result.sort() for dn, attrs in result: self.assertIsInstance(dn, text_type) self.assertEqual(attrs, {}) def test001_search_subtree(self): result = self._ldap_conn.search_s( self.server.suffix, ldap.SCOPE_SUBTREE, '(cn=Foo*)', attrlist=['*'], ) result.sort() self.assertEqual( result, [ ( 'cn=Foo1,'+self.server.suffix, {'cn': [b'Foo1'], 'objectClass': [b'organizationalRole']} ), ( 'cn=Foo2,'+self.server.suffix, {'cn': [b'Foo2'], 'objectClass': [b'organizationalRole']} ), ( 'cn=Foo3,'+self.server.suffix, {'cn': [b'Foo3'], 'objectClass': [b'organizationalRole']} ), ( 'cn=Foo4,ou=Container,'+self.server.suffix, {'cn': [b'Foo4'], 'objectClass': [b'organizationalRole']} ), ] ) def test002_search_onelevel(self): result = self._ldap_conn.search_s( self.server.suffix, ldap.SCOPE_ONELEVEL, '(cn=Foo*)', ['*'], ) result.sort() self.assertEqual( result, [ ( 'cn=Foo1,'+self.server.suffix, {'cn': [b'Foo1'], 'objectClass': [b'organizationalRole']} ), ( 'cn=Foo2,'+self.server.suffix, {'cn': [b'Foo2'], 'objectClass': [b'organizationalRole']} ), ( 'cn=Foo3,'+self.server.suffix, {'cn': [b'Foo3'], 'objectClass': [b'organizationalRole']} ), ] ) def test003_search_oneattr(self): result = self._ldap_conn.search_s( self.server.suffix, ldap.SCOPE_SUBTREE, '(cn=Foo4)', ['cn'], ) result.sort() self.assertEqual( result, [('cn=Foo4,ou=Container,'+self.server.suffix, {'cn': [b'Foo4']})] ) def test_find_unique_entry(self): result = self._ldap_conn.find_unique_entry( self.server.suffix, ldap.SCOPE_SUBTREE, '(cn=Foo4)', ['cn'], ) self.assertEqual( result, ('cn=Foo4,ou=Container,'+self.server.suffix, {'cn': [b'Foo4']}) ) with self.assertRaises(ldap.SIZELIMIT_EXCEEDED): # > 2 entries returned self._ldap_conn.find_unique_entry( self.server.suffix, ldap.SCOPE_ONELEVEL, '(cn=Foo*)', ['*'], ) with self.assertRaises(ldap.NO_UNIQUE_ENTRY): # 0 entries returned self._ldap_conn.find_unique_entry( self.server.suffix, ldap.SCOPE_ONELEVEL, '(cn=Bar*)', ['*'], ) def test_search_subschema(self): l = self._ldap_conn dn = l.search_subschemasubentry_s() self.assertIsInstance(dn, text_type) self.assertEqual(dn, "cn=Subschema") subschema = l.read_subschemasubentry_s(dn) self.assertIsInstance(subschema, dict) self.assertEqual( sorted(subschema), [ u'attributeTypes', u'ldapSyntaxes', u'matchingRuleUse', u'matchingRules', u'objectClasses' ] ) @unittest.skipUnless(PY2, "no bytes_mode under Py3") def test_search_subschema_have_bytes(self): l = self._get_bytes_ldapobject() dn = l.search_subschemasubentry_s() self.assertIsInstance(dn, bytes) self.assertEqual(dn, b"cn=Subschema") subschema = l.read_subschemasubentry_s(dn) self.assertIsInstance(subschema, dict) self.assertEqual( sorted(subschema), [ b'attributeTypes', b'ldapSyntaxes', b'matchingRuleUse', b'matchingRules', b'objectClasses' ] ) def test004_enotconn(self): l = self.ldap_object_class('ldap://127.0.0.1:42') try: m = l.simple_bind_s("", "") r = l.result4(m, ldap.MSG_ALL, self.timeout) except ldap.SERVER_DOWN as ldap_err: errno_val = ldap_err.args[0]['errno'] if errno_val != errno.ENOTCONN: self.fail("expected errno=%d, got %d" % (errno.ENOTCONN, errno_val)) info = ldap_err.args[0]['info'] expected_info = os.strerror(errno.ENOTCONN) if info != expected_info: self.fail("expected info=%r, got %d" % (expected_info, info)) else: self.fail("expected SERVER_DOWN, got %r" % r) def test005_invalid_credentials(self): l = self.ldap_object_class(self.server.ldap_uri) # search with invalid filter try: m = l.simple_bind(self.server.root_dn, self.server.root_pw+'wrong') r = l.result4(m, ldap.MSG_ALL) except ldap.INVALID_CREDENTIALS: pass else: self.fail("expected INVALID_CREDENTIALS, got %r" % r) @requires_sasl() @requires_ldapi() def test006_sasl_extenal_bind_s(self): l = self.ldap_object_class(self.server.ldapi_uri) l.sasl_external_bind_s() self.assertEqual(l.whoami_s(), 'dn:'+self.server.root_dn.lower()) authz_id = 'dn:cn=Foo2,%s' % (self.server.suffix) l = self.ldap_object_class(self.server.ldapi_uri) l.sasl_external_bind_s(authz_id=authz_id) self.assertEqual(l.whoami_s(), authz_id.lower()) def test007_timeout(self): l = self.ldap_object_class(self.server.ldap_uri) m = l.search_ext(self.server.suffix, ldap.SCOPE_SUBTREE, '(objectClass=*)') l.abandon(m) with self.assertRaises(ldap.TIMEOUT): result = l.result(m, timeout=0.001) def assertIsSubclass(self, cls, other): self.assertTrue( issubclass(cls, other), cls.__mro__ ) def test_simple_bind_noarg(self): l = self.ldap_object_class(self.server.ldap_uri) l.simple_bind_s() self.assertEqual(l.whoami_s(), u'') l = self.ldap_object_class(self.server.ldap_uri) l.simple_bind_s(None, None) self.assertEqual(l.whoami_s(), u'') @unittest.skipUnless(PY2, "no bytes_mode under Py3") def test_ldapbyteswarning(self): self.assertIsSubclass(ldap.LDAPBytesWarning, BytesWarning) self.assertIsSubclass(ldap.LDAPBytesWarning, Warning) self.assertIsInstance(self.server.suffix, text_type) with warnings.catch_warnings(record=True) as w: warnings.resetwarnings() warnings.simplefilter('always', ldap.LDAPBytesWarning) conn = self._get_bytes_ldapobject(explicit=False) result = conn.search_s( self.server.suffix, ldap.SCOPE_SUBTREE, b'(cn=Foo*)', attrlist=[b'*'], ) self.assertEqual(len(result), 4) # ReconnectLDAP only emits one warning self.assertGreaterEqual(len(w), 1, w) msg = w[-1] self.assertIs(msg.category, ldap.LDAPBytesWarning) self.assertEqual( text_type(msg.message), "Received non-bytes value for 'base' in bytes " "mode; please choose an explicit option for bytes_mode on your " "LDAP connection" ) @contextlib.contextmanager def catch_byteswarnings(self, *args, **kwargs): with warnings.catch_warnings(record=True) as w: conn = self._get_bytes_ldapobject(*args, **kwargs) warnings.resetwarnings() warnings.simplefilter('always', ldap.LDAPBytesWarning) yield conn, w def _check_byteswarning(self, warning, expected_message): self.assertIs(warning.category, ldap.LDAPBytesWarning) self.assertIn(expected_message, text_type(warning.message)) def _normalize(filename): # Python 2 likes to report the ".pyc" file in warnings, # tracebacks or __file__. # Use the corresponding ".py" in that case. if filename.endswith('.pyc'): return filename[:-1] return filename # Assert warning points to a line marked CORRECT LINE in this file self.assertEquals(_normalize(warning.filename), _normalize(__file__)) self.assertIn( 'CORRECT LINE', linecache.getline(warning.filename, warning.lineno) ) def _test_byteswarning_level_search(self, methodname): with self.catch_byteswarnings(explicit=False) as (conn, w): method = getattr(conn, methodname) result = method( self.server.suffix.encode('utf-8'), ldap.SCOPE_SUBTREE, '(cn=Foo*)', attrlist=['*'], # CORRECT LINE ) self.assertEqual(len(result), 4) self.assertEqual(len(w), 2, w) self._check_byteswarning( w[0], u"Received non-bytes value for 'filterstr'") self._check_byteswarning( w[1], u"Received non-bytes value for 'attrlist'") @unittest.skipUnless(PY2, "no bytes_mode under Py3") def test_byteswarning_level_search(self): self._test_byteswarning_level_search('search_s') self._test_byteswarning_level_search('search_st') self._test_byteswarning_level_search('search_ext_s') @unittest.skipUnless(PY2, "no bytes_mode under Py3") def test_byteswarning_initialize(self): with warnings.catch_warnings(record=True) as w: warnings.resetwarnings() warnings.simplefilter('always', ldap.LDAPBytesWarning) bytes_uri = self.server.ldap_uri.decode('utf-8') self.ldap_object_class(bytes_uri) # CORRECT LINE self.assertEqual(len(w), 1, w) self._check_byteswarning( w[0], u"Under Python 2, python-ldap uses bytes by default.") @requires_tls() def test_multiple_starttls(self): # Test for openldap does not re-register nss shutdown callbacks # after nss_Shutdown is called # https://github.com/python-ldap/python-ldap/issues/60 # https://bugzilla.redhat.com/show_bug.cgi?id=1520990 for _ in range(10): l = self.ldap_object_class(self.server.ldap_uri) l.set_option(ldap.OPT_X_TLS_CACERTFILE, self.server.cafile) l.set_option(ldap.OPT_X_TLS_NEWCTX, 0) l.start_tls_s() l.simple_bind_s(self.server.root_dn, self.server.root_pw) self.assertEqual(l.whoami_s(), 'dn:' + self.server.root_dn) def test_dse(self): dse = self._ldap_conn.read_rootdse_s() self.assertIsInstance(dse, dict) self.assertEqual(dse[u'supportedLDAPVersion'], [b'3']) keys = set(dse) # SASL info may be missing in restricted build environments keys.discard(u'supportedSASLMechanisms') self.assertEqual( keys, {u'configContext', u'entryDN', u'namingContexts', u'objectClass', u'structuralObjectClass', u'subschemaSubentry', u'supportedControl', u'supportedExtension', u'supportedFeatures', u'supportedLDAPVersion'} ) self.assertEqual( self._ldap_conn.get_naming_contexts(), [self.server.suffix.encode('utf-8')] ) @unittest.skipUnless(PY2, "no bytes_mode under Py3") def test_dse_bytes(self): l = self._get_bytes_ldapobject() dse = l.read_rootdse_s() self.assertIsInstance(dse, dict) self.assertEqual(dse[u'supportedLDAPVersion'], [b'3']) self.assertEqual( l.get_naming_contexts(), [self.server.suffix.encode('utf-8')] ) def test_compare_s_true(self): base = self.server.suffix l = self._ldap_conn result = l.compare_s('cn=Foo1,%s' % base, 'cn', b'Foo1') self.assertIs(result, True) def test_compare_s_false(self): base = self.server.suffix l = self._ldap_conn result = l.compare_s('cn=Foo1,%s' % base, 'cn', b'Foo2') self.assertIs(result, False) class Test01_ReconnectLDAPObject(Test00_SimpleLDAPObject): """ test ReconnectLDAPObject by restarting slapd """ ldap_object_class = ReconnectLDAPObject @requires_sasl() @requires_ldapi() def test101_reconnect_sasl_external(self): l = self.ldap_object_class(self.server.ldapi_uri) l.sasl_external_bind_s() authz_id = l.whoami_s() self.assertEqual(authz_id, 'dn:'+self.server.root_dn.lower()) self.server.restart() self.assertEqual(l.whoami_s(), authz_id) def test102_reconnect_simple_bind(self): l = self.ldap_object_class(self.server.ldap_uri) bind_dn = 'cn=user1,'+self.server.suffix l.simple_bind_s(bind_dn, 'user1_pw') self.assertEqual(l.whoami_s(), 'dn:'+bind_dn) self.server.restart() self.assertEqual(l.whoami_s(), 'dn:'+bind_dn) def test103_reconnect_get_state(self): l1 = self.ldap_object_class(self.server.ldap_uri) bind_dn = 'cn=user1,'+self.server.suffix l1.simple_bind_s(bind_dn, 'user1_pw') self.assertEqual(l1.whoami_s(), 'dn:'+bind_dn) self.assertEqual( l1.__getstate__(), { str('_last_bind'): ( 'simple_bind_s', (bind_dn, 'user1_pw'), {} ), str('_options'): [(17, 3)], str('_reconnects_done'): 0, str('_retry_delay'): 60.0, str('_retry_max'): 1, str('_start_tls'): 0, str('_trace_level'): ldap._trace_level, str('_trace_stack_limit'): 5, str('_uri'): self.server.ldap_uri, str('bytes_mode'): l1.bytes_mode, str('bytes_strictness'): l1.bytes_strictness, str('timeout'): -1, }, ) def test104_reconnect_restore(self): l1 = self.ldap_object_class(self.server.ldap_uri) bind_dn = 'cn=user1,'+self.server.suffix l1.simple_bind_s(bind_dn, 'user1_pw') self.assertEqual(l1.whoami_s(), 'dn:'+bind_dn) l1_state = pickle.dumps(l1) del l1 l2 = pickle.loads(l1_state) self.assertEqual(l2.whoami_s(), 'dn:'+bind_dn) if __name__ == '__main__': unittest.main() python-ldap-3.2.0/Tests/t_ldap_controls_libldap.py0000644000175000017500000000312713441744767024246 0ustar pviktoripviktorin00000000000000import os import unittest # Switch off processing .ldaprc or ldap.conf before importing _ldap os.environ['LDAPNOINIT'] = '1' from ldap.controls import pagedresults from ldap.controls import libldap PRC_BER = b'0\x0b\x02\x01\x05\x04\x06cookie' SIZE = 5 COOKIE = b'cookie' class TestLibldapControls(unittest.TestCase): def test_pagedresults_encode(self): pr = pagedresults.SimplePagedResultsControl( size=SIZE, cookie=COOKIE ) lib = libldap.SimplePagedResultsControl( size=SIZE, cookie=COOKIE ) self.assertEqual(pr.encodeControlValue(), lib.encodeControlValue()) self.assertEqual(pr.encodeControlValue(), PRC_BER) def test_pagedresults_decode(self): pr = pagedresults.SimplePagedResultsControl() pr.decodeControlValue(PRC_BER) self.assertEqual(pr.size, SIZE) # LDAPString (OCTET STRING) self.assertIsInstance(pr.cookie, bytes) self.assertEqual(pr.cookie, COOKIE) lib = libldap.SimplePagedResultsControl() lib.decodeControlValue(PRC_BER) self.assertEqual(lib.size, SIZE) self.assertIsInstance(lib.cookie, bytes) self.assertEqual(lib.cookie, COOKIE) def test_matchedvalues(self): mvc = libldap.MatchedValuesControl() # unverified self.assertEqual(mvc.encodeControlValue(), b'0\r\x87\x0bobjectClass') def test_assertioncontrol(self): ac = libldap.AssertionControl() # unverified self.assertEqual(ac.encodeControlValue(), b'\x87\x0bobjectClass') if __name__ == '__main__': unittest.main() python-ldap-3.2.0/Tests/t_ldap_asyncsearch.py0000644000175000017500000000122413441744767023213 0ustar pviktoripviktorin00000000000000import importlib import os import unittest import warnings # Switch off processing .ldaprc or ldap.conf before importing _ldap os.environ['LDAPNOINIT'] = '1' import ldap.asyncsearch class TestLdapAsyncSearch(unittest.TestCase): def test_deprecated(self): with warnings.catch_warnings(record=True) as w: warnings.resetwarnings() warnings.simplefilter('once', DeprecationWarning) old = importlib.import_module('ldap.async') self.assertEqual(len(w), 1) diff = set(dir(ldap.asyncsearch)).difference(dir(old)) self.assertEqual(diff, set()) if __name__ == '__main__': unittest.main() python-ldap-3.2.0/Tests/t_ldap_controls_sss.py0000644000175000017500000000066513441744767023453 0ustar pviktoripviktorin00000000000000import os import unittest # Switch off processing .ldaprc or ldap.conf before importing _ldap os.environ['LDAPNOINIT'] = '1' from ldap.controls import sss class TestControlsPPolicy(unittest.TestCase): def test_create_sss_request_control(self): control = sss.SSSRequestControl(ordering_rules=['-uidNumber']) self.assertEqual(control.ordering_rules, ['-uidNumber']) if __name__ == '__main__': unittest.main() python-ldap-3.2.0/Tests/__init__.py0000644000175000017500000000112213441744756021117 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ Automatic tests for python-ldap See https://www.python-ldap.org/ for details. """ from __future__ import absolute_import from . import t_bind from . import t_cext from . import t_cidict from . import t_ldap_dn from . import t_ldap_filter from . import t_ldap_functions from . import t_ldap_modlist from . import t_ldap_schema_tokenizer from . import t_ldapurl from . import t_ldif from . import t_ldapobject from . import t_edit from . import t_ldap_schema_subentry from . import t_untested_mods from . import t_ldap_controls_libldap from . import t_ldap_options python-ldap-3.2.0/Tests/t_ldap_filter.py0000644000175000017500000000313213441744767022175 0ustar pviktoripviktorin00000000000000# -*- coding: utf-8 -*- """ Automatic tests for python-ldap's module ldap.filter See https://www.python-ldap.org/ for details. """ import os import unittest # Switch off processing .ldaprc or ldap.conf before importing _ldap os.environ['LDAPNOINIT'] = '1' from ldap.filter import escape_filter_chars class TestDN(unittest.TestCase): """ test ldap.functions """ def test_escape_filter_chars_mode0(self): """ test function escape_filter_chars() with escape_mode=0 """ self.assertEqual( escape_filter_chars(r'foobar'), 'foobar' ) self.assertEqual( escape_filter_chars(r'foo\bar'), r'foo\5cbar' ) self.assertEqual( escape_filter_chars( r'foo\bar', escape_mode=0 ), r'foo\5cbar' ) def test_escape_filter_chars_mode1(self): """ test function escape_filter_chars() with escape_mode=1 """ self.assertEqual( escape_filter_chars( '\xc3\xa4\xc3\xb6\xc3\xbc\xc3\x84\xc3\x96\xc3\x9c\xc3\x9f', escape_mode=1 ), r'\c3\a4\c3\b6\c3\bc\c3\84\c3\96\c3\9c\c3\9f' ) def test_escape_filter_chars_mode2(self): """ test function escape_filter_chars() with escape_mode=2 """ self.assertEqual( escape_filter_chars( 'foobar', escape_mode=2 ), r'\66\6f\6f\62\61\72' ) if __name__ == '__main__': unittest.main() python-ldap-3.2.0/Tests/t_ldap_options.py0000644000175000017500000001372213441744767022411 0ustar pviktoripviktorin00000000000000import os import unittest # Switch off processing .ldaprc or ldap.conf before importing _ldap os.environ['LDAPNOINIT'] = '1' from slapdtest import SlapdTestCase, requires_tls import ldap from ldap.controls import RequestControlTuples from ldap.controls.pagedresults import SimplePagedResultsControl from ldap.controls.openldap import SearchNoOpControl from ldap.ldapobject import SimpleLDAPObject SENTINEL = object() TEST_CTRL = RequestControlTuples([ # with BER data SimplePagedResultsControl(criticality=0, size=5, cookie=b'cookie'), # value-less SearchNoOpControl(criticality=1), ]) TEST_CTRL_EXPECTED = [ TEST_CTRL[0], # get_option returns empty bytes (TEST_CTRL[1][0], TEST_CTRL[1][1], b''), ] class BaseTestOptions(object): """Common tests for getting/setting options Used in subclasses below """ def get_option(self, option): raise NotImplementedError() def set_option(self, option, value): raise NotImplementedError() def _check_option(self, option, value, expected=SENTINEL): old = self.get_option(option) try: self.set_option(option, value) new = self.get_option(option) if expected is SENTINEL: self.assertEqual(new, value) else: self.assertEqual(new, expected) finally: self.set_option(option, old) self.assertEqual(self.get_option(option), old) def test_invalid(self): with self.assertRaises(ValueError): self.get_option(-1) with self.assertRaises(ValueError): self.set_option(-1, '') def _test_timeout(self, option): self._check_option(option, 10.5) self._check_option(option, 0) with self.assertRaises(ValueError): self._check_option(option, -5) with self.assertRaises(TypeError): self.set_option(option, object) with self.assertRaises(OverflowError): self._check_option(option, 10**1000) old = self.get_option(option) try: self.set_option(option, None) self.assertIsNone(self.get_option(option)) self.set_option(option, -1) self.assertIsNone(self.get_option(option)) finally: self.set_option(option, old) def test_timeout(self): self._test_timeout(ldap.OPT_TIMEOUT) def test_network_timeout(self): self._test_timeout(ldap.OPT_NETWORK_TIMEOUT) def _test_controls(self, option): self._check_option(option, []) self._check_option(option, TEST_CTRL, TEST_CTRL_EXPECTED) self._check_option(option, tuple(TEST_CTRL), TEST_CTRL_EXPECTED) with self.assertRaises(TypeError): self.set_option(option, object) with self.assertRaises(TypeError): # must contain a tuple self.set_option(option, [list(TEST_CTRL[0])]) with self.assertRaises(TypeError): # data must be bytes or None self.set_option( option, [TEST_CTRL[0][0], TEST_CTRL[0][1], u'data'] ) def test_client_controls(self): self._test_controls(ldap.OPT_CLIENT_CONTROLS) def test_server_controls(self): self._test_controls(ldap.OPT_SERVER_CONTROLS) def test_uri(self): self._check_option(ldap.OPT_URI, "ldapi:///path/to/socket") with self.assertRaises(TypeError): self.set_option(ldap.OPT_URI, object) @requires_tls() def test_cafile(self): # None or a distribution or OS-specific path self.get_option(ldap.OPT_X_TLS_CACERTFILE) def test_readonly(self): value = self.get_option(ldap.OPT_API_INFO) self.assertIsInstance(value, dict) with self.assertRaises(ValueError) as e: self.set_option(ldap.OPT_API_INFO, value) self.assertIn('read-only', str(e.exception)) class TestGlobalOptions(BaseTestOptions, unittest.TestCase): """Test setting/getting options globally """ def get_option(self, option): return ldap.get_option(option) def set_option(self, option, value): return ldap.set_option(option, value) class TestLDAPObjectOptions(BaseTestOptions, SlapdTestCase): """Test setting/getting connection-specific options """ ldap_object_class = SimpleLDAPObject def setUp(self): self.conn = self._open_ldap_conn( who=self.server.root_dn, cred=self.server.root_pw ) def tearDown(self): self.conn.unbind_s() self.conn = None def get_option(self, option): return self.conn.get_option(option) def set_option(self, option, value): return self.conn.set_option(option, value) def test_network_timeout_attribute(self): option = ldap.OPT_NETWORK_TIMEOUT old = self.get_option(option) try: self.assertEqual(self.conn.network_timeout, old) self.conn.network_timeout = 5 self.assertEqual(self.conn.network_timeout, 5) self.assertEqual(self.get_option(option), 5) self.conn.network_timeout = -1 self.assertIsNone(self.conn.network_timeout) self.assertIsNone(self.get_option(option)) self.conn.network_timeout = 10.5 self.assertEqual(self.conn.network_timeout, 10.5) self.assertEqual(self.get_option(option), 10.5) self.conn.network_timeout = None self.assertIsNone(self.conn.network_timeout) self.assertIsNone(self.get_option(option)) finally: self.set_option(option, old) # test is failing with: # pyasn1.error.SubstrateUnderrunError: Short octet stream on tag decoding @unittest.expectedFailure def test_client_controls(self): self._test_controls(ldap.OPT_CLIENT_CONTROLS) @unittest.expectedFailure def test_server_controls(self): self._test_controls(ldap.OPT_SERVER_CONTROLS) if __name__ == '__main__': unittest.main() python-ldap-3.2.0/Tests/data/0000755000175000017500000000000013441750214017705 5ustar pviktoripviktorin00000000000000python-ldap-3.2.0/Tests/data/subschema-ipa.demo1.freeipa.org.ldif0000644000175000017500000157366213327633471026526 0ustar pviktoripviktorin00000000000000######################################################################## # LDIF export by web2ldap 1.2.80, see http://www.web2ldap.de # Date and time: Saturday, 2017-02-18 17:09:08 GMT # Bind-DN: u'uid=admin,cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org' # LDAP-URL of search: # ldap://ipa.demo1.freeipa.org/cn%3Dschema?matchingRuleUse,ldapSyntaxes,nameForms,dITStructureRules,attributeTypes,matchingRules,dITContentRules,objectClasses,objectClass,cn?base?%28objectClass%3D%2A%29?bindname=uid%3Dadmin%2Ccn%3Dusers%2Ccn%3Daccounts%2Cdc%3Ddemo1%2Cdc%3Dfreeipa%2Cdc%3Dorg ######################################################################## version: 1 dn: cn=schema attributeTypes: ( 2.16.840.1.113730.3.1.582 NAME 'nsDS5ReplicaCredentials' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 S INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.51 NAME 'ipaAllowedToPerform' DES C 'DNs allowed to perform an operation' SUP distinguishedName EQUALITY dist inguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA v4. 0' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2274 NAME 'nsslapd-instancedir' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.24.1 NAME 'krbHostServer' EQUAL ITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.18.0.2.4.1139 NAME 'printer-info' DESC 'Descriptive in formation about this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'r fc3712' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.4 NAME 'ipatokenNotAfter' DESC 'Token expiration date' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.24 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.532 NAME 'ntUserCountryCode' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY caseIg noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'LDAP referrals a ttribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'LDAPv3 referr als Internet Draft' ) attributeTypes: ( 1.3.6.1.4.1.13769.2.4 NAME ( 'nsAIMid' 'nscpaimscreenname' ) EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.52 NAME 'ipk11Verify' DESC 'Key supports verification where the signature is an appendix to the data' EQUA LITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.204 NAME 'replicaNickName' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( sslVersionMin-oid NAME 'sslVersionMin' DESC 'Netscape defi ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape ' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord' DESC 'Key, RFC 2 535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.8.11.2 NAME 'ipaNTSecurityIdentifier' DESC 'NT Security ID' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IP A v3' 'user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DES C 'Base at which the samba RID generation algorithm should operate' EQUALIT Y integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.2243 NAME 'nsslapd-securelistenhost' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( modified-oid NAME 'modified' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2108 NAME 'nsPagedLookThroughLimit' DESC 'Binder-based simple paged search operation look through limit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIG IN '389' ) attributeTypes: ( 1.3.6.1.4.1.6981.11.3.7 NAME 'FTPStatus' DESC 'Account sta tus: enabled or disabled' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.7 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) attributeTypes: ( notBefore-oid NAME 'notBefore' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2091 NAME 'nsslapd-suffix' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.24 NAME 'ipaEntitlementId' DESC 'E ntitlement Unique identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreO rderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'NT Gro up Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- VALUE ) attributeTypes: ( nsUserRDNComponent-oid NAME 'nsUserRDNComponent' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 1.3.18.0.2.4.1117 NAME 'printer-media-local-supported' DES C 'Site-specific names of media supported by this printer.' EQUALITY caseIg noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.5.4.51 NAME 'houseIdentifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORI GIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.2301 NAME 'nsslapd-plugin-logging' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822mailbox' ) EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 4524' X-DEPRECATED 'rfc822mailbox' ) attributeTypes: ( 2.16.840.1.113730.3.1.607 NAME 'nsDS5Flags' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsTaskLabel-oid NAME 'nsTaskLabel' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord' DESC 'NSEC, RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.1.2068 NAME 'pamExcludeSuffix' DESC 'S uffixes to exclude from PAM authentication' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.12 X-ORIGIN 'Red Hat Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2157 NAME 'dnaRemoteBindCred' DESC ' Remote bind credentials' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( nsBindDN-oid NAME 'nsBindDN' DESC 'Netscape defined attrib ute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' ) attributeTypes: ( requestError-oid NAME 'requestError' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( Clone-oid NAME 'Clone' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 7 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( tokenMsg-oid NAME 'tokenMsg' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.44 NAME 'ipaPermExcludedAttr' DES C 'IPA permission explicitly excluded attribute' EQUALITY caseIgnoreMatch O RDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN ( 'IPA v4.0' 'user defined' ) ) attributeTypes: ( 2.5.4.18 NAME 'postOfficeBox' EQUALITY caseIgnoreMatch SU BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI N 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.2261 NAME 'nsslapd-attribute-name-ex ceptions' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.527 NAME 'ntUserLastLogoff' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 1.3.6.1.4.1.250.1.2 NAME 'multiLineDescription' DESC 'Pilo t attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Internet W hite Pages Pilot' ) attributeTypes: ( 2.16.840.1.113730.3.1.102 NAME ( 'passwordChange' 'pwdAllo wUserChange' ) DESC 'Netscape defined password policy attribute type' SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory S erver' ) attributeTypes: ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' DESC 'Standard LDAP a ttribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ' RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.21 NAME 'mailQuota' DESC 'Netscape M essaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 1.2.840.113556.1.4.482 NAME 'calOtherCalURIs' DESC 'RFC273 9: multi-value URI for snapshots of other calendars' EQUALITY caseIgnoreIA5 Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .26 X-ORIGIN 'rfc2739' ) attributeTypes: ( 2.16.840.1.113730.3.1.2238 NAME 'nsslapd-security' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( ownerName-oid NAME 'ownerName' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.14 NAME 'nisNetIdHost' DESC 'nisNe tIdHost' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X- ORIGIN ( 'RFC2307bis' 'user defined' ) ) attributeTypes: ( numberOfResets-oid NAME 'numberOfResets' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2327 NAME 'nsslapd-auditfaillog' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.6 NAME 'javaClassName' DESC 'Fully qualified name of distinguished Java class or interface' EQUALITY caseExac tMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2713 ' ) attributeTypes: ( 2.16.840.1.113730.3.1.240 NAME 'replicatedattributelist' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2175 NAME 'nsslapd-accesslog-logrota tionsync-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1 .1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsRevisionNumber-oid NAME 'nsRevisionNumber' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne tscape' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.11 NAME 'externalHost' DESC 'Multi value string attribute that allows storing host names.' EQUALITY caseIgnore Match ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.62 NAME 'ipaAnchorUUID' DESC 'Uni que Anchor Identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrdering Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2207 NAME 'nsslapd-rootdn' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-V ALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsHelpRef-oid NAME 'nsHelpRef' DESC 'Netscape defined attr ibute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.3 NAME 'searchTimeLimit' DESC 'Maxi mum time an agent or service allows for a search to complete' EQUALITY inte gerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.15.2.1 NAME 'krbPrincipalAuthInd' E QUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.43 NAME 'ntUserDeleteAccount' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.8.1.9 NAME 'ipaMaxUsernameLength' EQU ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.217 NAME 'replicaCFUpdated' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI N 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.61 NAME 'ipk11Sensitive' DESC ' Key is sensitive' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.6 NAME 'targetDn' DESC 'Changelog at tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Changelog Inte rnet Draft' ) attributeTypes: ( transId-oid NAME 'transId' DESC 'CMS defined attribute' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC 'Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SI NGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.5.4.25 NAME 'internationalISDNNumber' EQUALITY numericS tringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.36 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.998 NAME ( 'passwordGraceUserTime' ' pwdGraceUserTime' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.9.1 NAME 'krbMaxTicketLife' EQU ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.7.3 NAME 'cmdCategory' DESC 'Additio nal classification for commands' EQUALITY caseIgnoreMatch ORDERING caseIgno reMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord' DESC 'host inf ormation, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substri ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' DESC 'Standard LDA P attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGI N 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.2225 NAME 'nsslapd-workingdir' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING LE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' EQUA LITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.1.781 NAME 'mgrpAddHeader' DESC 'Netsc ape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.65 NAME 'ntUserLogonServer' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.2295 NAME 'nsslapd-allowed-sasl-mech anisms' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2162 NAME 'winSyncDirectoryFilter' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.9 NAME 'sudoNotAfter' DESC 'End of t ime interval for which the entry is valid' EQUALITY generalizedTimeMatch OR DERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 X- ORIGIN 'SUDO' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.59 NAME 'ipaKeyUsage' DESC 'Allow ed key usage' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.73 NAME 'sambaTrustPartner' DESC 'Ful ly qualified name of the domain with which a trust exists' EQUALITY caseIgn oreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 1.3.18.0.2.4.1121 NAME 'printer-resolution-supported' DESC 'List of resolutions supported for printing documents by this printer.' EQ UALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.12 NAME 'ipatokenTOTPtimeStep' DESC 'TOTP time-step' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( tokenKeyType-oid NAME 'tokenKeyType' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2139 NAME 'winSyncMoveAction' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.14 NAME 'idnsForwardPolicy' DESC ' forward policy: only or first' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnor eIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORI GIN ( 'IPA v2' 'user defined' ) ) attributeTypes: ( nsExpirationDate-oid NAME 'nsExpirationDate' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne tscape' ) attributeTypes: ( dateOfArchival-oid NAME 'dateOfArchival' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( unrevokedCerts-oid NAME 'unrevokedCerts' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.1 NAME 'eduPersonAffiliation' DESC 'Affiliation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'http://middlew are.internet2.edu/eduperson/' ) attributeTypes: ( nsVendor-oid NAME 'nsVendor' DESC 'Netscape defined attrib ute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.2332 NAME 'allowWeakDHParam' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.87 NAME 'cirUpdateSchedule' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI N 'Netscape Directory Server' ) attributeTypes: ( thisUpdate-oid NAME 'thisUpdate' DESC 'CMS defined attribu te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.253 NAME 'nsValueSyntax' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' Netscape servers - value item' ) attributeTypes: ( 2.5.4.32 NAME 'owner' SUP distinguishedName EQUALITY dist inguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4519' ) attributeTypes: ( nsLdapSchemaVersion-oid NAME 'nsLdapSchemaVersion' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN 'Netscape' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.44.1 NAME 'krbPwdHistory' EQUAL ITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 2.16.840.1.113730.3.1.2100 NAME 'autoMemberInclusiveRegex' DESC 'Auto Membership inclusive regex rule' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 X-ORIGIN '389 Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.11 NAME 'objectclassMap' DESC 'Obje ct class mappings used, required, or supported by an agent or service' EQUA LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'RF C4876' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2089 NAME 'mepMappedAttr' DESC 'Mana ged Entries mapped attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2212 NAME 'nsslapd-useroc' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.20.2.6 NAME 'ipaReplTopoSegmentGener ated' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 X-ORIGIN ( 'FreeIPA' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2282 NAME 'nsslapd-rundir' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( tokenResult-oid NAME 'tokenResult' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.13769.3.3 NAME 'mozillaHomeLocalityName' SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DESC 'Disc onnect Users outside logon hours (default: -1 => off, 0 => on)' EQUALITY in tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationname' ) SUP name EQUALIT Y caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'organizationname' ) attributeTypes: ( 2.16.840.1.113730.3.1.2259 NAME 'nsslapd-return-exact-case ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsAdminAccessAddresses-oid NAME 'nsAdminAccessAddresses' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus' EQ UALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( nsAdminUsers-oid NAME 'nsAdminUsers' DESC 'Netscape define d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape A dministration Services' ) attributeTypes: ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' DESC 'Standard LDAP a ttribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ' RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.19 NAME 'mailMessageStore' DESC 'Net scape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.2126 NAME 'dnaHostname' DESC 'DNA ho stname of replica to get new range of values' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.221 NAME 'passwordStorageScheme' DES C 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2230 NAME 'nsslapd-ldapiautobind' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2196 NAME 'nsslapd-accesslog-logexpi rationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466. 115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.576 NAME 'nsRoleFilter' DESC 'Netsca pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALU E X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.70 NAME 'serverRoot' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets cape Administration Services' ) attributeTypes: ( 5.3.6.1.1.1.1.0 NAME 'trustModel' DESC 'Access scheme' EQU ALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'nss_ldap/pam_ldap' ) attributeTypes: ( 1.2.840.113554.1.4.1.6.2 NAME 'krbPwdAttributes' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.248 NAME 'nsValueDN' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Nets cape servers - value item' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.41 NAME 'parentOrganization' EQU ALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VA LUE X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.8 NAME 'hostCategory' DESC 'Additi onal classification for hosts' EQUALITY caseIgnoreMatch ORDERING caseIgnore OrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) imp ersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( nsAdminEnableDSGW-oid NAME 'nsAdminEnableDSGW' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' Netscape Administration Services' ) attributeTypes: ( 1.3.18.0.2.4.1132 NAME 'printer-multiple-document-jobs-sup ported' DESC 'Indicates whether or not this printer supports more than one document per job.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 7 SINGLE-VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.21 NAME 'ipatokenHOTPcounter' D ESC 'HOTP counter' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.21.1.1 NAME 'ipaCertProfileStoreIssu ed' DESC 'Store certificates issued using this profile' EQUALITY booleanMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.2' ' user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1 NAME ( 'mozillaNickname' 'xmozillani ckname' ) SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.27 NAME 'idnsSecAlgorithm' DESC 'D NSKEY algorithm: string used as mnemonic' EQUALITY caseIgnoreIA5Match SUBST R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE- VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( notAfter-oid NAME 'notAfter' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.5.18.2 NAME 'modifyTimestamp' EQUALITY generalizedTimeM atch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'R FC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.1.92 NAME ( 'passwordExpWarned' 'pwdEx pirationWarned' ) DESC 'Netscape defined password policy attribute type' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X- ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.5322.21.2.1 NAME 'krbPwdMaxFailure' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.5 NAME 'ipaNTHash' DESC 'NT Hash of user password' EQUALITY octetStringMatch ORDERING octetStringOrderingMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'u ser defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2246 NAME 'nsslapd-maxdescriptors' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.23 NAME 'ipaNTTrustedDomainSID' D ESC 'NT Trusted Domain Security ID' EQUALITY caseIgnoreIA5Match SUBSTR case IgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.1.11 NAME 'ipaUserObjectClasses' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.32.1 NAME 'krbPwdMinDiffChars' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.2113 NAME 'internalModifiersName' DE SC 'plugin dn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MO DIFICATION USAGE directoryOperation X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.20 NAME 'ipk11PublicKeyInfo' DE SC 'DER-encoding of SubjectPublicKeyInfo of associated public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN ( 'IPA v4.1 ' 'user defined' ) ) attributeTypes: ( issueInfo-oid NAME 'issueInfo' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2094 NAME 'nsslapd-parent-suffix' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X -ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.692 NAME 'inetUserStatus' DESC '"act ive", "inactive", or "deleted" status of a user' SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape subscriber interoperability' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC 'Nex t NT rid to give out for groups' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.18.0.2.4.1110 NAME 'printer-job-priority-supported' DE SC 'Indicates the number of job priority levels supported by this printer.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.1.2183 NAME 'nsslapd-audit-logrotation syncmin' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.789 NAME 'mgrpNoDuplicateChecks' DES C 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.2304 NAME 'nsslapd-dynamic-plugins' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.602 NAME 'entrydn' DESC 'internal se rver defined attribute type' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOpe ration ) attributeTypes: ( 2.16.840.1.113730.3.1.1098 NAME 'nsds5replicaSessionPauseT ime' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Serve r' ) attributeTypes: ( 2.16.840.1.113730.3.1.2073 NAME 'pamSecure' DESC 'Require secure (TLS/SSL) connection for PAM auth' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .7 SINGLE-VALUE X-ORIGIN 'Red Hat Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2264 NAME 'nsslapd-max-filter-nest-l evel' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.41 NAME 'ipaRangeType' DESC 'Rang e type' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 1.3.18.0.2.4.1129 NAME 'printer-color-supported' DESC 'Ind icates whether this printer is capable of any type of color printing at all , including highlight color.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.7 SINGLE-VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.5.21.2 NAME 'dITContentRules' EQUALITY objectIdentifier FirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOpe ration X-ORIGIN 'RFC 4512' ) attributeTypes: ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' EQUAL ITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.1.522 NAME 'ntUserComment' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VAL UE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( nsmsgDisallowAccess-oid NAME 'nsmsgDisallowAccess' DESC 'N etscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.24 NAME 'mailRoutingAddress' DESC 'N etscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 1.2.840.113556.1.4.485 NAME 'calOtherCalAdrURIs' DESC 'RFC 2739: multi-value URI to other request destinations' EQUALITY caseIgnoreIA5 Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .26 X-ORIGIN 'rfc2739' ) attributeTypes: ( 2.16.840.1.113730.3.1.2131 NAME 'pamFilter' DESC 'Filter t o match entries that should use PAM authentication' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Red Hat Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.42 NAME 'ipk11Derive' DESC 'Key supports key derivation' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.234 NAME 'nsSNMPLocation' DESC 'Nets cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( tokenIssuer-oid NAME 'tokenIssuer' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord' DESC 'Naming A uthority Pointer, RFC 2915' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA 5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' S YNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.9 NAME 'eduPersonScopedAffiliation' DESC 'Scoped Affiliation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'h ttp://middleware.internet2.edu/eduperson/' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.16 NAME 'ipaNTTrustAuthIncoming' DESC 'Authentication information for the incoming portion of a trust' EQUAL ITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( requestFlag-oid NAME 'requestFlag' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( nsHostLocation-oid NAME 'nsHostLocation' DESC 'Netscape de fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netsca pe' ) attributeTypes: ( 2.16.840.1.113730.3.1.590 NAME 'nsDS5ReplicaName' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2178 NAME 'nsslapd-accesslog-logrota tionsynchour' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.146 6.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.15 NAME 'ipk11Destroyable' DESC 'Can be destroyed by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2081 NAME ( 'passwordMaxRepeats' 'pw dMaxRepeats' ) DESC 'Netscape defined password policy attribute type' SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory S erver' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.14 NAME 'accessTime' DESC 'Access time' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.687 NAME 'nsds5replicaChangesSentSin ceStartup' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGI N 'Netscape Directory Server' ) attributeTypes: ( 1.3.18.0.2.4.1107 NAME 'printer-xri-supported' DESC 'The u nordered list of XRI (extended resource identifiers) supported by this prin ter.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.1.46 NAME 'ntGroupDeleteGroup' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.8.1.4 NAME 'ipaSearchRecordsLimit' EQ UALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.5.32 NAME 'ipaLocation' DESC 'Refere nce to IPA location' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.12 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.9 NAME 'newRdn' DESC 'Changelog attr ibute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Changelog Intern et Draft' ) attributeTypes: ( 2.16.840.1.113730.3.1.2147 NAME 'rootdn-allow-host' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORI GIN 'Netscape Directory Server' ) attributeTypes: ( autoRenew-oid NAME 'autoRenew' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.34 NAME 'ipaIDRangeSize' DESC 'Si ze of a Posix ID range' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2251 NAME 'nsslapd-accesscontrol' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod' SYNTAX 1.3.6.1.4. 1.1466.115.121.1.14 SINGLE-VALUE X-ORIGIN 'RFC 4519' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' SYNTAX 1.3.6. 1.4.1.1466.115.121.1.26 USAGE dSAOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.1.11 NAME 'newSuperior' DESC 'Changelo g attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Changelog Internet Draft' ) attributeTypes: ( 2.16.840.1.113730.3.1.229 NAME 'nsslapd-pluginVendor' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord' DESC 'for AFS Data Base location, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnore IA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( clientId-oid NAME 'clientId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Home di rectory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2228 NAME 'nsslapd-ldapifilepath' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' DESC 'Standard LDAP a ttribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ' RFC 2307' ) attributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.21 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.2317 NAME 'nsslapd-auditfaillog-logr otationsync-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1. 4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.68 NAME 'ntUserPasswordExpired' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SING LE-VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.7 NAME 'idnsSOAretry' DESC 'SOA re try value' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2298 NAME 'nsslapd-enable-turbo-mode ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.585 NAME 'nsDS5ReplicatedAttributeLi st' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2165 NAME 'schemaUpdateObjectclassAc cept' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.52 NAME 'ipaProtectedOperation' D ESC 'Operation to be protected' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2277 NAME 'nsslapd-tmpdir' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.1002 NAME 'nsds7NewWinUserSyncEnable d' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.7 NAME 'ipatokenSerial' DESC 'O TP Token Serial number' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.19 NAME 'ipatokenRadiusRetries' DESC 'Number of allowed Retries' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime' DESC 'o ld variant of modifyTimestamp' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI N 'RFC 1274' ) attributeTypes: ( 2.16.840.1.113730.3.1.535 NAME 'ntUserHomeDirDrive' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.110 NAME 'ntGroupId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X- ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.33 NAME 'mgrpModerator' DESC 'Netsca pe Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.207 NAME 'vlvBase' DESC 'Netscape de fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netsca pe Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.51 NAME 'ipk11Encrypt' DESC 'Ke y supports encryption' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( nsServerMigrationClassname-oid NAME 'nsServerMigrationClas sname' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( nsSSLPersonalitySSL-oid NAME 'nsSSLPersonalitySSL' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN 'Netscape' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' DESC 'A s tring option' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. 26 SINGLE-VALUE ) attributeTypes: ( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 4519' ) attributeTypes: ( crlExtensions-oid NAME 'crlExtensions' DESC 'CMS defined a ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.1.4 NAME 'vendorName' EQUALITY 1.3.6.1.4.1.1466.1 09.114.1 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICA TION USAGE dSAOperation X-ORIGIN 'RFC 3045' ) attributeTypes: ( 1.3.6.1.4.1.6981.11.3.4 NAME 'FTPDownloadRatio' DESC 'Rati o (compared with FTPRatioUp) for downloaded files' EQUALITY integerMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.16 NAME 'dereferenceAliases' DESC ' Specifies if a service or agent either requires, supports, or uses derefere ncing of aliases.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 7 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.18 NAME 'ipk11StartDate' DESC ' Validity start date' EQUALITY generalizedTimeMatch ORDERING generalizedTime OrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.801 NAME 'mgrpRemoveHeader' DESC 'Ne tscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.27 NAME 'ipaSELinuxUserMapOrder' D ESC 'Available SELinux user context ordering' EQUALITY caseIgnoreMatch ORDE RING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.11.70 NAME 'ipaPermTargetTo' DESC 'D estination location to move an entry IPA permission ACI' EQUALITY distingui shedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2215 NAME 'nsslapd-allow-unauthentic ated-binds' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.18.0.2.4.1118 NAME 'printer-copies-supported' DESC 'Th e maximum number of copies of a document that may be printed as a single jo b on this printer.' EQUALITY integerMatch ORDERING integerOrderingMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.1.55 NAME 'aci' DESC 'Netscape defined access control information attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( tokenOp-oid NAME 'tokenOp' DESC 'CMS defined attribute' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' EQUALITY case IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.1.2285 NAME 'nsslapd-hash-filters' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.7 NAME ( 'l' 'locality' 'localityname' ) SUP name E QUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'locality localityname' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord' DESC 'SSH Key Fingerprint, draft-ietf-secsh-dns-05.txt' EQUALITY caseIgnoreIA5Match SUBST R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( nsSSL3SessionTimeout-oid NAME 'nsSSL3SessionTimeout' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR IGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.2152 NAME 'nsds5ReplicaProtocolTimeo ut' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( dataType-oid NAME 'dataType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.52.1 NAME 'krbObjectReferences' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' DESC ' Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY integerM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.49 NAME 'ipaPermTarget' DESC 'IPA permission target' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.105 NAME ( 'passwordLockout' 'pwdLoc kOut' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6 .1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.2129 NAME 'dnaNextRange' DESC 'DNA r ange of values to get from replica' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( nsSSL3-oid NAME 'nsSSL3' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC 'Windo ws NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2199 NAME 'nsslapd-accesslog-logexpi rationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.571 NAME 'nsSizeLimit' DESC 'Binder- based search operation size limit (entries)' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory S erver' ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.13 NAME 'nisNetIdGroup' DESC 'nisN etIdGroup' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'RFC2307bis' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2322 NAME 'nsslapd-auditfaillog-logm infreediskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.77 NAME 'changeTime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets cape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.243 NAME 'nsValueCIS' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Net scape servers - value item' ) attributeTypes: ( 2.16.840.1.113730.3.8.18.2.3 NAME 'ipaVaultPublicKey' DESC 'IPA vault public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.40 X-ORIGIN ( 'IPA v4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2170 NAME 'nsslapd-accesslog-level' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.3 NAME 'enrolledBy' DESC 'DN of ad ministrator who performed manual enrollment of the host' SUP distinguishedN ame EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X- ORIGIN 'IPA v2' ) attributeTypes: ( publicKeyFormat-oid NAME 'publicKeyFormat' DESC 'CMS defin ed attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2202 NAME 'nsslapd-accesslog-logging -enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( classId-oid NAME 'classId' DESC 'Certificate profile class ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 NAME 'authenticationMethod' DESC 'Identifies the types of authentication methods either used, required, or p rovided by a service or peer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( ' RFC4876' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.21.1.4 NAME 'ipaCaCategory' DESC 'Ad ditional classification for CAs' EQUALITY caseIgnoreMatch ORDERING caseIgno reOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.15 X-ORIGIN ( 'IPA v4.2' 'user defined' ) ) attributeTypes: ( 1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC 'Automou nt information' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121. 1.26 SINGLE-VALUE X-ORIGIN 'RFC 2307bis' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.29.1 NAME 'krbAdmServers' EQUAL ITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.64 NAME 'ipk11SignRecover' DESC 'Key supports signatures where data can be recovered from the signature' E QUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORI GIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( publishingStatus-oid NAME 'publishingStatus' DESC 'CMS def ined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined ' ) attributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'vehicle li cense or registration plate' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2798' ) attributeTypes: ( nsCertConfig-oid NAME 'nsCertConfig' DESC 'Netscape define d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape C ertificate Management System' ) attributeTypes: ( 2.16.840.1.113730.3.1.99 NAME ( 'passwordMinLength' 'pwdMi nLength' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1. 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Serve r' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.8 NAME 'ipaNTHomeDirectory' DESC 'User Home Directory Path' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrde ringMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2249 NAME 'nsslapd-idletimeout' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.20 NAME 'telephoneNumber' EQUALITY telephoneNumberM atch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.50 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.8.7.6 NAME 'ipaSudoRunAs' DESC 'Refere nce to a user or group that the commands can be run as.' SUP memberUser EQU ALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2116 NAME 'dnaPrefix' DESC 'DNA stri ng prefix for dna value' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2220 NAME 'nsslapd-minssf-exclude-ro otdse' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'Standard LDAP attri bute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.2186 NAME 'nsslapd-auditlog-logrotat iontime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.1.60 NAME 'ntUserAuthFlags' DESC 'Nets cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VAL UE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( DomainManager-oid NAME 'DomainManager' SYNTAX 1.3.6.1.4.1 .1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2290 NAME 'nsslapd-disk-monitoring-t hreshold' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2076 NAME ( 'passwordMinAlphas' 'pwd MinAlphas' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Ser ver' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.49 NAME 'DHCIDRecord' DESC 'Dynamic Host Configuration Protocol (DHCP) Information, RFC 4701' EQUALITY caseIgno reIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113719.1.301.4.40.1 NAME 'krbTicketPolicyRefere nce' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( authorityKeyHost-oid NAME 'authorityKeyHost' DESC 'Authori ty Key Hosts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.406 NAME 'nsSynchUserIDFormat' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR IGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.74 NAME 'sambaFlatName' DESC 'NetBIOS name of a domain' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 1.3.18.0.2.4.1122 NAME 'printer-media-supported' DESC 'The standard names/types/sizes (and optional color suffixes) of the media supp orted by this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.5.21.5 NAME 'attributeTypes' EQUALITY objectIdentifierF irstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOper ation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.11 NAME 'ipatokenTOTPclockOffse t' DESC 'TOTP clock offset' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( nsAdminEnableEnduser-oid NAME 'nsAdminEnableEnduser' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR IGIN 'Netscape Administration Services' ) attributeTypes: ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' DESC 'Standard LDAP att ribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.17 NAME 'idnsPersistentSearch' DES C 'allow persistent searches' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2134 NAME 'nsds5ReplicaStripAttrs' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.544 NAME 'nsParentUniqueId' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.4 NAME 'eduPersonOrgUnitDN' DESC 'O rganizational Unit DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'http: //middleware.internet2.edu/eduperson/' ) attributeTypes: ( 2.16.840.1.113730.3.1.82 NAME 'cirBindDn' DESC 'Netscape d efined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netsc ape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.13 NAME 'ipaNTTrustDirection' DES C 'Direction of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.27 SINGLE-VALUE ) attributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'a JPEG i mage' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 X-ORIGIN 'RFC 2798' ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.13 NAME 'javaClassNames' DESC 'Ful ly qualified Java class or interface name' EQUALITY caseExactMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2713' ) attributeTypes: ( 2.16.840.1.113730.3.1.2103 NAME 'autoMemberDisabled' DESC 'Auto Membership disabled attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.809 NAME 'nsds5replicaLastInitStatus ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2084 NAME 'nsSymmetricKey' DESC 'A s ymmetric key - currently used by attribute encryption' SYNTAX 1.3.6.1.4.1.1 466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'attribute encryption' ) attributeTypes: ( 2.16.840.1.113730.3.1.682 NAME 'nsds5ReplicaPurgeDelay' DE SC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' EQUAL ITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.41 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 1.3.6.1.4.1.1.1.1.12 NAME 'nisDomain' DESC 'NIS domain' SY NTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'RFC2307bis' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.20.2.1 NAME 'ipaReplTopoConfRoot' DE SC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN ( 'FreeIPA' 'user defined' ) ) attributeTypes: ( requestInfo-oid NAME 'requestInfo' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( nsTLS1-oid NAME 'nsTLS1' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( keySize-oid NAME 'keySize' DESC 'CMS defined attribute' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2063 NAME 'nsEncryptionAlgorithm' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.13769.3.4 NAME 'mozillaHomeState' SUP name EQ UALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.31 NAME 'ipaSshPubKey' DESC 'SSH public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.5.4.13 NAME 'description' EQUALITY caseIgnoreMatch SUBS TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.2254 NAME 'nsslapd-pwpolicy-local' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( keyState-oid NAME 'keyState' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.14 NAME 'mailAutoReplyMode' DESC 'Ne tscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( tokenPolicy-oid NAME 'tokenPolicy' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2121 NAME 'dnaScope' DESC 'DNA base DN for finding entries' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X -ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.224 NAME 'nsslapd-pluginPath' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.2.1.2 NAME 'acctPolicySubentry' DESC 'A ccount policy pointer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE US AGE directoryOperation X-ORIGIN 'Account Policy Plugin' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Timest amp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.2233 NAME 'nsslapd-ldapiuidnumbertyp e' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2191 NAME 'nsslapd-errorlog-logmaxdi skspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.579 NAME 'nsDS5ReplicaPort' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.2 NAME 'idnsZoneActive' DESC 'defi ne if the zone is considered in use' EQUALITY booleanMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.610 NAME 'nsAccountLock' DESC 'Opera tional attribute for Account Inactivation' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.2.840.113554.1.4.1.6.1 NAME 'krbCanonicalName' EQUALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.26 SINGLE-VALUE ) attributeTypes: ( proofOfArchival-oid NAME 'proofOfArchival' DESC 'CMS defin ed attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.707 NAME 'vacationstartdate' DESC 'N etscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.580 NAME 'nsDS5ReplicaTransportInfo' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2168 NAME 'schemaUpdateAttributeReje ct' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( metaInfo-oid NAME 'metaInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s ) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.146 6.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.79 NAME 'sambaTrustPosixOffset' DESC 'POSIX offset of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.27 SINGLE-VALUE ) attributeTypes: ( dateOfRevocation-oid NAME 'dateOfRevocation' DESC 'CMS def ined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined ' ) attributeTypes: ( 1.3.18.0.2.4.1137 NAME 'printer-generated-natural-language -supported' DESC 'Natural language(s) supported for this directory entry.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.1.1005 NAME 'nsds7DirsyncCookie' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGL E-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.530 NAME 'ntUserLogonHours' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-V ALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.24 NAME 'ipatokenTOTPsyncWindow ' DESC 'TOTP Sync Window (maximum synchronization variance in seconds)' EQU ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIG IN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy' DESC 'old variant of modifiersName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'R FC 1274' ) attributeTypes: ( 2.16.840.1.113730.3.1.36 NAME 'nsLicensedFor' DESC 'Netsca pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'N etscape Administration Services' ) attributeTypes: ( 1.3.6.1.4.1.13769.2.2 NAME ( 'mozillaSecondEmail' 'xmozill asecondemail' ) EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Mozilla A ddress Book' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.22 NAME 'idnsSecKeyInactive' DESC 'DNSSEC key (planned) inactivation time' EQUALITY generalizedTimeMatch ORDE RING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SING LE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.202 NAME 'replicaCredentials' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIG IN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.3023 NAME 'nsViewFilter' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' Netscape Directory Server' ) attributeTypes: ( nsSSL2Ciphers-oid NAME 'nsSSL2Ciphers' DESC 'Netscape defi ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape ' ) attributeTypes: ( nsServerAddress-oid NAME 'nsServerAddress' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets cape' ) attributeTypes: ( 2.16.840.1.113730.3.1.91 NAME 'passwordExpirationTime' DES C 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Dire ctory Server' ) attributeTypes: ( 1.3.6.1.4.1.5322.21.2.2 NAME 'krbPwdFailureCountInterval' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.2241 NAME 'nsslapd-errorlog' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsProductName-oid NAME 'nsProductName' DESC 'Netscape defi ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape ' ) attributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList' DESC 'X.509 author ity revocation list' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.40 X-ORIGIN 'RFC 4523' ) attributeTypes: ( 2.16.840.1.113730.3.1.2027 NAME 'nsruvReplicaLastModified' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2097 NAME 'autoMemberScope' DESC 'Au to Membership scope criteria' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-V ALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'Times tamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.695 NAME 'inetSubscriberChallenge' D ESC 'Used to confirm subscriberIdentity. This attribute holds the challeng e phrase and is used in conjunction with the inetSubscriberResponse' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Netscape subscriber i nteroperability' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.49.1 NAME 'krbLastFailedAuth' E QUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VA LUE ) attributeTypes: ( 2.16.840.1.113730.3.1.2218 NAME 'nsslapd-localssf' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE -VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.18.0.2.4.1115 NAME 'printer-stacking-order-supported' DESC 'The possible stacking order of pages as they are printed and ejected from this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.15.1 NAME 'krbLdapServers' EQUA LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.2.840.113556.1.4.479 NAME 'calFBURL' DESC 'RFC2739: URI to the users default freebusy data' EQUALITY caseIgnoreIA5Match SUBSTR case IgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'rfc 2739' ) attributeTypes: ( 2.16.840.1.113730.3.1.2307 NAME 'nsslapd-allow-hashed-pass words' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.58 NAME 'replicaBindDn' DESC 'Netsca pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'N etscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.605 NAME 'entryid' DESC 'internal se rver defined attribute type' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 2.16.840.1.113730.3.1.2288 NAME 'nsslapd-defaultnamingcont ext' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( authorityParentID-oid NAME 'authorityParentID' DESC 'Autho rity Parent ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.13769.3.9 NAME 'mozillaWorkUrl' EQUALITY case IgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Moz illa Address Book' ) attributeTypes: ( 2.16.840.1.113730.3.1.2155 NAME 'nsds5ReplicaBackoffMax' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.42 NAME 'ipaPermDefaultAttr' DESC 'IPA permission default attribute' EQUALITY caseIgnoreMatch ORDERING caseI gnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4. 0' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2267 NAME 'nsslapd-certmap-basedn' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.525 NAME 'ntUserWorkstations' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.100 NAME 'passwordKeepHistory' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.23 NAME 'mgrpAllowedDomain' DESC 'Ne tscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 1.2.840.113556.1.4.480 NAME 'calCAPURI' DESC 'RFC2739: URI used to communicate with the users calendar' EQUALITY caseIgnoreIA5Match S UBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-O RIGIN 'rfc2739' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.41 NAME 'ipk11KeyType' DESC 'Ke y type' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.237 NAME 'nsSNMPMasterHost' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( profileID-oid NAME 'profileID' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( nsDefaultAcceptLanguage-oid NAME 'nsDefaultAcceptLanguage' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.6.1 NAME 'krbPrincipalExpiration ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL E-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.2325 NAME 'nsslapd-auditfaillog-logg ing-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( requestOwner-oid NAME 'requestOwner' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.593 NAME 'nsSNMPName' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Net scape Directory Server' ) attributeTypes: ( nextRange-oid NAME 'nextRange' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.17 NAME 'hostCApolicy' DESC 'Polic y on how to treat host requests for cert operations.' EQUALITY caseIgnoreMa tch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.60 NAME 'ipaKeyExtUsage' DESC 'Al lowed extended key usage' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.38 X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2205 NAME 'nsslapd-auditlog-logging- hide-unhashed-pw' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1 .1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.18.0.2.4.1108 NAME 'printer-aliases' DESC 'List of sit e-specific administrative names of this printer in addition to the value sp ecified for printer-name.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstr ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALITY ca seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.45 NAME 'ntGroupCreateNewGroup' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN GLE-VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.8.1.7 NAME 'ipaDefaultLoginShell' EQU ALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.63 NAME 'ipk11Sign' DESC 'Key s upports signatures where the signature is an appendix to the data' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( ' IPA v4.1' 'user defined' ) ) attributeTypes: ( serialno-oid NAME 'serialno' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.215 NAME 'oid' DESC 'Netscape define d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape D irectory Server' ) attributeTypes: ( userDN-oid NAME 'userDN' DESC 'CMS defined attribute' SYNT AX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2798' ) attributeTypes: ( 2.16.840.1.113730.3.1.2142 NAME 'nsSaslMapPriority' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGL E-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.39 NAME 'ipaNTSIDBlacklistOutgoin g' DESC 'Extra SIDs filtered out from outgoing MS-PAC' EQUALITY caseIgnoreI A5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.26 X-ORIGIN 'IPA v3' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC 'Trust Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.26 ) attributeTypes: ( publicKeyData-oid NAME 'publicKeyData' DESC 'CMS defined a ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2119 NAME 'dnaMagicRegen' DESC 'DNA value that will trigger regeneration of attribute value' SYNTAX 1.3.6.1.4.1 .1466.115.121.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.7.1 NAME 'memberAllowCmd' DESC 'Refe rence to a command or group of commands that are allowed by the rule.' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.12 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.47.1 NAME 'krbPrincipalAliases' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC 'Tim estamp of when the user is allowed to update the password' EQUALITY integer Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( sessionContext-oid NAME 'sessionContext' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) attributeTypes: ( 2.5.4.42 NAME 'givenName' SUP name EQUALITY caseIgnoreMat ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- ORIGIN 'RFC 4519' ) attributeTypes: ( tokenType-oid NAME 'tokenType' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2189 NAME 'nsslapd-auditlog-logrotat iontimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.7.12 NAME 'hostMask' DESC 'IP mask t o identify a subnet.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUB STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2312 NAME 'dnaExcludeScope' DESC 'DN of a subtree excluded from DNA plugin scope' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.12 X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.67 NAME 'ntUserProfile' DESC 'Netsca pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALU E X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( revokedCerts-oid NAME 'revokedCerts' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2079 NAME ( 'passwordMinSpecials' 'p wdMinSpecials' ) DESC 'Netscape defined password policy attribute type' SYN TAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.588 NAME 'nsDS5ReplicaId' DESC 'Nets cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA LUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2160 NAME 'dnaRemoteBindMethod' DESC 'Remote bind method: SIMPLE, SSL, SASL/DIGEST-MD5, or SASL/GSSAPI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.13769.4.3 NAME 'mozillaCustom3' EQUALITY case IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.71 NAME 'sambaTrustAttributes' DESC ' Trust attributes for a trusted domain' EQUALITY integerMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.57 NAME 'ipaCertIssuerSerial' DES C 'Issuer name and serial number' EQUALITY caseIgnoreMatch SUBSTR caseIgnor eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( transStatus-oid NAME 'transStatus' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2272 NAME 'nsslapd-plugin-binddn-tra cking' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.2 NAME 'ipatokenDisabled' DESC 'Optionally marks token as Disabled' EQUALITY booleanMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 2.5.21.8 NAME 'matchingRuleUse' EQUALITY objectIdentifier FirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOpe ration X-ORIGIN 'RFC 4512' ) attributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME ( 'labeledURI' 'labeledurl' ) E QUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15 X-ORIGIN 'RFC 2079' X-DEPRECATED 'labeledurl' ) attributeTypes: ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.54 NAME 'ipk11Wrap' DESC 'Key s upports wrapping' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( beginRange-oid NAME 'beginRange' DESC 'CMS defined attribu te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( signingAlgorithmId-oid NAME 'signingAlgorithmId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user def ined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2330 NAME 'nsslapd-logging-backend' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.89 NAME 'cirSyncInterval' DESC 'Nets cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' DESC 'A string list option' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' DESC 'The class of a resource record' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115 .121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.1.251 NAME 'nsValueFlags' DESC 'Netsca pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'N etscape servers - value item' ) attributeTypes: ( 1.3.6.1.4.1.6981.11.3.1 NAME 'FTPQuotaFiles' DESC 'Quota ( in number of files) for an FTP user' EQUALITY integerMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.13 NAME 'serviceCredentialLevel' DE SC 'Specifies the type of credentials either used, required, or supported b y a specific service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.26 X-ORIGIN ( 'RFC4876' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2106 NAME 'nsIDListScanLimit' DESC ' Binder-based search operation ID list scan limit (candidate entries)' SYNTA X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORI GIN '389' ) attributeTypes: ( 2.16.840.1.113730.3.1.804 NAME 'nsSchemaCSN' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsServerSecurity-oid NAME 'nsServerSecurity' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne tscape' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.22 NAME 'ipaMigrationEnabled' DESC 'Enable adding user entries with pre-hashed passwords.' SYNTAX 1.3.6.1.4.1 .1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.75 NAME 'ipaNTAdditionalSuffixes' DESC 'Suffix for the user principal name associated with the domain' EQUAL ITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4 .4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2210 NAME 'nsslapd-auditlog' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.50 NAME 'replicaBeginOrc' DESC 'Nets cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.20.2.4 NAME 'ipaReplTopoSegmentRight Node' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 X-ORIGIN ( 'FreeIPA' 'user defined' ) ) attributeTypes: ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDrink' ) EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' X-DEPRECATED 'favouriteDrink' ) attributeTypes: ( 2.16.840.1.113730.3.1.2280 NAME 'nsslapd-bakdir' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surName' ) SUP name EQUALITY caseIgn oreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'surName' ) attributeTypes: ( 2.16.840.1.113730.3.1.2066 NAME 'nsSaslMapFilterTemplate' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.13769.3.1 NAME 'mozillaHomeStreet' EQUALITY c aseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 2.16.840.1.113730.3.1.198 NAME 'memberURL' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Nets cape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindo w' DESC 'Reset time after lockout in minutes (default: 30)' EQUALITY intege rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.5.4.16 NAME 'postalAddress' EQUALITY caseIgnoreListMatc h SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.108 NAME 'passwordUnlock' DESC 'Nets cape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' DESC 'Standard L DAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2307 ' ) attributeTypes: ( 2.16.840.1.113730.3.1.2124 NAME 'dnaRemainingValues' DESC 'DNA remaining values left to assign' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( nsSSLClientAuth-oid NAME 'nsSSLClientAuth' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets cape' ) attributeTypes: ( duration-oid NAME 'duration' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( tokenID-oid NAME 'tokenID' DESC 'CMS defined attribute' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2236 NAME 'nsslapd-anonlimitsdn' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SI NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2194 NAME 'nsslapd-errorlog-logminfr eediskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.574 NAME 'nsRole' DESC 'Netscape def ined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICAT ION USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsAdminGroupName-oid NAME 'nsAdminGroupName' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne tscape' ) attributeTypes: ( 2.16.840.1.113730.3.8.19.2.2 NAME 'ipaMinDomainLevel' DESC 'Minimal supported Domain Level value' EQUALITY numericStringMatch ORDERIN G numericStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE X-OR IGIN ( 'IPA v4' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.72 NAME 'serverVersionNumber' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORI GIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.246 NAME 'nsValueInt' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Net scape servers - value item' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.43 NAME 'preferredTimeZone' DESC 'preferred time zone for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgno reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGI N 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.2173 NAME 'nsslapd-errorlog-maxlogsi ze' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.6 NAME 'userCategory' DESC 'Additi onal classification for users' EQUALITY caseIgnoreMatch ORDERING caseIgnore OrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( SecureAdminPort-oid NAME 'SecureAdminPort' SYNTAX 1.3.6.1 .4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.18.0.2.4.1130 NAME 'printer-document-format-supported' DESC 'The possible source document formats which may be interpreted and pr inted by this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.5 NAME 'followReferrals' DESC 'An a gent or service does or should follow referrals' EQUALITY booleanMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user def ined' ) ) attributeTypes: ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY caseI gnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.23 NAME 'ipatokenTOTPauthWindow ' DESC 'TOTP Auth Window (maximum authentication variance in seconds)' EQUA LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGI N ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.21.1.7 NAME 'ipaCaIssuerDN' DESC 'Is suer DN' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA v4.4 Lightweight CAs' 'user define d' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.5.25 NAME 'idnsSecKeyRevoke' DESC 'D NSKEY REVOKE flag (equivalent to bit 8): RFC 5011' EQUALITY booleanMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( requestId-oid NAME 'requestId' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.552 NAME 'costargettree' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VAL UE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.94 NAME 'retryCountResetTime' DESC ' Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directo ry Server' ) attributeTypes: ( tokenNotBefore-oid NAME 'tokenNotBefore' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.21 NAME 'ipaAllowToImpersonate' D ESC 'Principals that can be impersonated' SUP distinguishedName EQUALITY di stinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA-v 3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2244 NAME 'nnslapd-threadnumber' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SI NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.2.840.113556.1.2.102 NAME 'memberOf' DESC 'Group that th e entry belongs to' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape Delegated Administrator' ) attributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 X-ORIGIN 'RFC 4519' X-DEPRECATED 'fax' ) attributeTypes: ( authorityEnabled-oid NAME 'authorityEnabled' DESC 'Authori ty Enabled' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( nsDirectoryURL-oid NAME 'nsDirectoryURL' DESC 'Netscape de fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netsca pe' ) attributeTypes: ( 2.16.840.1.113730.3.1.2111 NAME 'tombstoneNumSubordinates' DESC 'count of immediate subordinates for tombstone entries' EQUALITY inte gerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN '389 d irectory server' ) attributeTypes: ( 2.16.840.1.113730.3.8.7.9 NAME 'ipaSudoRunAsGroup' DESC 'R eference to group that the commands can be run as.' SUP memberUser EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.22 NAME 'ipk11Subject' DESC 'DE R-encoding of subject name' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.40 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( deltaSize-oid NAME 'deltaSize' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.690 NAME 'inetDomainBaseDN' DESC 'Ba se DN of user subtree for a DNS domain' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 2 SINGLE-VALUE X-ORIGIN 'Netscape subscriber interoperability' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user define d' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2223 NAME 'nsslapd-localhost' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'Standard LDAP a ttribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ' RFC 2307' ) attributeTypes: ( ServerCertExtractFile-oid NAME 'ServerCertExtractFile' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.2181 NAME 'nsslapd-accesslog-logrota tionsyncmin' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.569 NAME 'cosPriority' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsOsVersion-oid NAME 'nsOsVersion' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( nsJarfilename-oid NAME 'nsJarfilename' DESC 'Netscape defi ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape ' ) attributeTypes: ( 2.16.840.1.113730.3.1.2293 NAME 'nsslapd-ndn-cache-enabled ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2071 NAME 'pamIDAttr' DESC 'Name of attribute holding PAM ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Re d Hat Directory Server' ) attributeTypes: ( tokenSerial-oid NAME 'tokenSerial' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( password-oid NAME 'password' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2158 NAME 'dnaRemoteBindDN' DESC 'Re mote bind DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN '3 89 Directory Server' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.3.1 NAME 'krbPrincipalType' EQU ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPasswo rd' DESC 'Previous clear text password (used for trusted domain passwords)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.3.18.0.2.4.1127 NAME 'printer-pages-per-minute' DESC 'Th e nominal number of pages per minute which may be output by this printer.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.14 NAME 'ipatokenRadiusUserName ' DESC 'Corresponding Radius username' EQUALITY caseIgnoreMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 0.9.2342.19200300.100.1.54 NAME 'ditRedirect' DESC 'Standa rd LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 1274' ) attributeTypes: ( 2.16.840.1.113730.3.1.520 NAME 'nswmExtendedUserPrefs' DES C 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.26 NAME 'mgrpErrorsTo' DESC 'Netscap e Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .26 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.2137 NAME 'nsds5ReplicaAbortCleanRUV ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.12 NAME 'idnsAllowTransfer' DESC ' BIND9 allow-transfer ACL element' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6. 1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v2' 'user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperati on X-ORIGIN 'RFC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.1.232 NAME 'nsSNMPEnabled' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VAL UE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( algorithmId-oid NAME 'algorithmId' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord' DESC 'certifica te, RFC 2538' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.17 NAME 'ldapSchemas' SYNTAX 1.3 .6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'RFC 2927' ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.7 NAME 'eduPersonEntitlement' DESC 'Entitlement' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'http://middlew are.internet2.edu/eduperson/' ) attributeTypes: ( 2.16.840.1.113730.3.1.2328 NAME 'nsslapd-auditfaillog-list ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.81 NAME 'cirPort' DESC 'Netscape def ined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscap e Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.14 NAME 'ipaNTTrustPartner' DESC 'Fully qualified name of the domain with which a trust exists' EQUALITY cas eIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' ' user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.6981.11.3.9 NAME 'FTPgid' DESC 'System uid (ov errides gidNumber if present)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.17 NAME 'ipk11CheckValue' DESC 'Checksum' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X -ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2087 NAME 'mepManagedEntry' DESC 'Ma naged Entries pointer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN '389 D irectory Server' ) attributeTypes: ( nsAdminSIEDN-oid NAME 'nsAdminSIEDN' DESC 'Netscape define d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.685 NAME 'nsds5replicaLastUpdateStar t' DESC 'Netscape defined attribute type' EQUALITY generalizedTimeMatch ORD ERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SIN GLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2208 NAME 'nsslapd-rootdnpw' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.48 NAME 'replicaPort' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Net scape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.1.2 NAME 'ipaGroupSearchFields' EQU ALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.8.5.30 NAME 'idnsSubstitutionVariable' DESC 'User defined variable for DNS plugin' EQUALITY caseIgnoreIA5Match SY NTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.210 NAME 'vlvSort' DESC 'Netscape de fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netsca pe Directory Server' ) attributeTypes: ( dateOfModify-oid NAME 'dateOfModify' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.51 NAME 'nSEC3PARAMRecord' DESC 'RFC 5155' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2145 NAME 'rootdn-close-time' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2257 NAME 'nsslapd-accesslog-logbuff ering' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.32 NAME 'ipaKrbPrincipalAlias' DE SC 'DEPRECATED - DO NOT USE' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOr deringMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlycountrynam e' ) EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' X-DEPRECATED 'friendlycountry name' ) attributeTypes: ( extension-oid NAME 'extension' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.13 NAME 'mailAlternateAddress' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.227 NAME 'nsslapd-pluginId' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC 'Roam ing profile path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier' EQUALITY bitStringMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.5 NAME 'idnsSOAserial' DESC 'SOA s erial number' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2315 NAME 'nsDS5ReplicaWaitForAsyncR esults' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.613 NAME 'copiedFrom' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsServerPort-oid NAME 'nsServerPort' DESC 'Netscape define d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 1.2.840.113554.1.4.1.6.4 NAME 'krbPwdMaxRenewableLife' EQ UALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORI GIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.8 NAME 'javaSerializedData' DESC ' Serialized form of a Java object' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SING LE-VALUE X-ORIGIN 'RFC 2713' ) attributeTypes: ( deltaNumber-oid NAME 'deltaNumber' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.583 NAME 'nsDS5ReplicaBindMethod' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2275 NAME 'nsslapd-schemadir' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsSSLActivation-oid NAME 'nsSSLActivation' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets cape' ) attributeTypes: ( 1.3.18.0.2.4.1138 NAME 'printer-make-and-model' DESC 'Make and model of this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc 3712' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.5 NAME 'ipatokenVendor' DESC 'O ptional Vendor identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstr ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.1000 NAME 'nsds7WindowsReplicaSubtre e' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' EQUALITY dist inguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.1.533 NAME 'ntUserCodePage' DESC 'Nets cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VAL UE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.35 NAME 'changeLog' DESC 'the distin guished name of the entry which contains the set of entries comprising this servers changelog' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.12 X-ORIGIN 'Changelog Internet Draft' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.53 NAME 'ipk11VerifyRecover' DE SC 'Key supports verification where data is recovered from the signature' E QUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORI GIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.205 NAME 'changeLogMaximumConcurrent Writes' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord' DESC 'Signature, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' DESC 'A boo lean option' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SING LE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.3 NAME 'ipaNTFlatName' DESC 'Flat /Netbios Name' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SU BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( nsDirectoryInfoRef-oid NAME 'nsDirectoryInfoRef' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' ) attributeTypes: ( 1.3.6.1.4.1.6981.11.3.6 NAME 'FTPDownloadBandwidth' DESC ' Bandwidth (in KB/s) to limit download speeds to' EQUALITY integerMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) attributeTypes: ( 2.16.840.1.113730.3.1.2109 NAME 'nsPagedIDListScanLimit' D ESC 'Binder-based simple paged search operation ID list scan limit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGI N '389' ) attributeTypes: ( 2.16.840.1.113730.3.1.2092 NAME 'nsslapd-ldapiautodnsuffix ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 12 X-ORIGIN 'Netscape' ) attributeTypes: ( transOps-oid NAME 'transOps' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.25 NAME 'ipaPermissionType' DESC ' IPA permission flags' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingM atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'X.509 supported algorithms' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 4523' ) attributeTypes: ( 1.3.18.0.2.4.1116 NAME 'printer-output-features-supported' DESC 'The possible output features supported by this printer.' EQUALITY ca seIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.1.2302 NAME 'nsslapd-listen-backlog-si ze' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.57 NAME 'replicaRoot' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Net scape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.608 NAME 'nsDS5Task' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets cape Directory Server' ) attributeTypes: ( nextUpdate-oid NAME 'nextUpdate' DESC 'CMS defined attribu te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2069 NAME 'pamMissingSuffix' DESC 'H ow to handle missing include or exclude suffixes' SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.15 SINGLE-VALUE X-ORIGIN 'Red Hat Directory Server' ) attributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetaddress' ) EQUALITY caseIg noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'streetaddress' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord' DESC 'RRSIG, R FC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.28.1 NAME 'krbPrincNamingAttr' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.2150 NAME 'rootdn-deny-ip' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsGroupRDNComponent-oid NAME 'nsGroupRDNComponent' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN 'Netscape Administration Services' ) attributeTypes: ( algorithm-oid NAME 'algorithm' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC 'Maximu m password age, in seconds (default: -1 => never expire passwords)' EQUALIT Y integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.47 NAME 'ipaPermRight' DESC 'IPA permission rights' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2262 NAME 'nsslapd-maxbersize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING LE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' EQUALITY caseI gnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.528 NAME 'ntUserAcctExpires' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.103 NAME ( 'passwordCheckSyntax' 'pw dCheckSyntax' ) DESC 'Netscape defined password policy attribute type' SYNT AX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' DESC 'Standard L DAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307 ' ) attributeTypes: ( 1.2.840.113556.1.4.483 NAME 'calOtherFBURLs' DESC 'RFC2739 : multi-value URI for other free/busy data' EQUALITY caseIgnoreIA5Match SUB STR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORI GIN 'rfc2739' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.44 NAME 'ipk11AllowedMechanisms ' DESC 'Space-separated list of mechanisms allowed to be used with this key ' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2239 NAME 'nsslapd-SSL3ciphers' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2320 NAME 'nsslapd-auditfaillog-logr otationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.79 NAME 'cirReplicaRoot' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ' Netscape Directory Server' ) attributeTypes: ( issuerName-oid NAME 'issuerName' DESC 'CMS defined attribu te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'preferr ed name of a person to be used when displaying entries' EQUALITY caseIgnore Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2798' ) attributeTypes: ( nsProductVersion-oid NAME 'nsProductVersion' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne tscape' ) attributeTypes: ( 2.16.840.1.113730.3.8.18.2.1 NAME 'ipaVaultType' DESC 'IPA vault type' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X -ORIGIN ( 'IPA v4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2176 NAME 'nsslapd-errorlog-logrotat ionsync-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.1 NAME 'ipaUniqueID' DESC 'Unique identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( endRange-oid NAME 'endRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.12 NAME 'sourceHostCategory' DESC 'Additional classification for hosts' EQUALITY caseIgnoreMatch ORDERING cas eIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.43.1 NAME 'krbSupportedEncSaltTy pes' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.16.840.1.113730.3.8.11.65 NAME 'ipaWrappingMech' DESC 'P KCS#11 wrapping mechanism equivalent to CK_MECHANISM_TYPE' EQUALITY caseIgn oreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( crlCache-oid NAME 'crlCache' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2200 NAME 'nsslapd-errorlog-logexpir ationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.0 NAME 'defaultServerList' DESC 'Li st of default servers' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'RFC4876 ' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' DESC 'signed message used to support S/MIME' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 2798' ) attributeTypes: ( 1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'automount M ap Name' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SI NGLE-VALUE X-ORIGIN 'RFC 2307bis' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.28 NAME 'idnsSecKeyRef' DESC 'PKCS #11 URI of the key' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( nsSecureServerPort-oid NAME 'nsSecureServerPort' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.218 NAME 'replicaAbandonedChanges' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.66 NAME 'ipk11Extractable' DESC 'Key is extractable and can be wrapped' EQUALITY booleanMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord' DESC 'Location, RFC 1876' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( authorityKeyNickname-oid NAME 'authorityKeyNickname' DESC 'Authority key nickname' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'user-defined' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.7 NAME 'changeType' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Changelog In ternet Draft' ) attributeTypes: ( usertype-oid NAME 'usertype' DESC 'Distinguish whether the user is administrator, agent or subsystem.' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC ' Concatenated MD5 hashes of the salted NT passwords used on this account' EQ UALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( ' IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.5.4.26 NAME 'registeredAddress' SUP postalAddress EQUAL ITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.41 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.999 NAME ( 'passwordGraceLimit' 'pwd GraceLoginLimit' ) DESC 'Netscape defined password policy attribute type' S YNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directo ry Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2114 NAME 'internalCreatorsName' DES C 'plugin dn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MOD IFICATION USAGE directoryOperation X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.7.4 NAME 'externalUser' DESC 'Multiv alue string attribute that allows storing user names.' EQUALITY caseIgnoreM atch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( nsBindPassword-oid NAME 'nsBindPassword' DESC 'Netscape de fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netsca pe' ) attributeTypes: ( 2.16.840.1.113730.3.1.812 NAME 'netscapeReversiblePassword ' DESC 'password for HTTP Digest/MD5 authentication' EQUALITY octetStringMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'Netscape Web Server' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' DESC 'domain nam e pointer, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' DESC 'Standard LDAP attri bute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.2226 NAME 'nsslapd-listenhost' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING LE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2184 NAME 'nsslapd-accesslog-logrota tiontime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' EQUALITY distin guishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.1.62 NAME 'ntUserParms' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.2296 NAME 'nsslapd-ignore-virtual-at trs' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2074 NAME 'pamService' DESC 'Service name to pass to pam_start' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VAL UE X-ORIGIN 'Red Hat Directory Server' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.26.1 NAME 'krbPrincipalReference s' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.1 NAME 'ipk11UniqueId' DESC 'Me aningless unique identifier' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2163 NAME 'winSyncWindowsFilter' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.13769.4.4 NAME 'mozillaCustom4' EQUALITY case IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( resourceACLS-oid NAME 'resourceACLS' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.72 NAME 'sambaTrustDirection' DESC 'D irection of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.58 NAME 'ipaKeyTrust' DESC 'Key t rust (unknown, trusted, distrusted)' EQUALITY caseIgnoreMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 1.3.18.0.2.4.1120 NAME 'printer-print-quality-supported' D ESC 'List of print qualities supported for printing documents on this print er.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.13 NAME 'ipatokenOwner' DESC 'U ser entry that owns this token' SUP distinguishedName EQUALITY distinguishe dNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN ( 'IP A OTP' 'user defined' ) ) attributeTypes: ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Standard LDAP attri bute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.15 NAME 'idnsForwarders' DESC 'lis t of forwarders' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v2' 'user define d' ) ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.2 NAME 'eduPersonNickName' DESC 'Ni ckName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'http://middleware.in ternet2.edu/eduperson/' ) attributeTypes: ( 2.16.840.1.113730.3.1.542 NAME 'nsUniqueId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2333 NAME 'nsds5ReplicaReleaseTimeou t' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.84 NAME 'cirUseSsl' DESC 'Netscape d efined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netsc ape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.11 NAME 'ipaNTTrustType' DESC 'Ty pe of trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN GLE-VALUE ) attributeTypes: ( nsServerID-oid NAME 'nsServerID' DESC 'Netscape defined at tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.254 NAME 'nsValueHelpURL' DESC 'Nets cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape servers - value item' ) attributeTypes: ( expiredCerts-oid NAME 'expiredCerts' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.0.2 NAME 'dNSdefaultTTL' DESC 'An inte ger denoting default time to live, RFC 2308' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.5.4.33 NAME 'roleOccupant' SUP distinguishedName EQUALI TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RF C 4519' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.10 NAME 'credentialLevel' DESC 'Ide ntifies type of credentials either used, required, or supported by an agent or service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. 26 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2101 NAME 'autoMemberDefaultGroup' D ESC 'Auto Membership default group' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X- ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.12 NAME 'ipk11Modifiable' DESC 'Can be modified by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.807 NAME 'nsds5replicaLastInitStart' DESC 'Netscape defined attribute type' EQUALITY generalizedTimeMatch ORDER ING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL E-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.31.1 NAME 'krbMinPwdLife' EQUAL ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.2213 NAME 'nsslapd-userat' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.20.2.7 NAME 'ipaReplTopoManagedAgree mentState' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 X-ORIGIN ( 'FreeIPA' 'user defined' ) ) attributeTypes: ( 0.9.2342.19200300.100.1.8 NAME 'userClass' EQUALITY caseI gnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.80 NAME 'sambaSupportedEncryptionType s' DESC 'Supported encryption types of a trust' EQUALITY integerMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.2283 NAME 'nsslapd-SSLclientAuth' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.1 NAME 'aliasedObjectName' EQUALITY distinguishedNa meMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'RFC 451 2' ) attributeTypes: ( 1.3.6.1.4.1.13769.3.2 NAME 'mozillaHomeStreet2' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 2.16.840.1.113730.3.1.2148 NAME 'rootdn-deny-host' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength' DESC 'Length of Password History Entries (default: 0 => off)' EQUALITY integerMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'organizationalUnitNam e' ) attributeTypes: ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' EQUALI TY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.1.16 NAME 'mailDeliveryOption' DESC 'N etscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.2127 NAME 'dnaPortNum' DESC 'DNA por t number of replica to get new range of values' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.222 NAME ( 'passwordMinAge' 'pwdMinA ge' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1 .4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113719.1.1.4.1.35 NAME 'lastLoginTime' DESC 'La st login time' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE dire ctoryOperation X-ORIGIN 'Account Policy Plugin' ) attributeTypes: ( SecurePort-oid NAME 'SecurePort' SYNTAX 1.3.6.1.4.1.1466. 115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2231 NAME 'nsslapd-ldapimaprootdn' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2197 NAME 'nsslapd-errorlog-logexpir ationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.577 NAME 'cosIndirectSpecifier' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2318 NAME 'nsslapd-auditfaillog-logr otationsynchour' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.71 NAME 'serverProductName' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI N 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.0 NAME 'idnsName' DESC 'DNS FQDN' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.48.1 NAME 'krbLastSuccessfulAuth ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL E-VALUE ) attributeTypes: ( 5.3.6.1.1.1.1.1 NAME 'accessTo' DESC 'Access to which serv ers user is allowed' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'nss_ldap/pam_ldap' ) attributeTypes: ( 1.2.840.113554.1.4.1.6.3 NAME 'krbPwdMaxLife' EQUALITY in tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IP A v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.249 NAME 'nsValueType' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne tscape servers - value item' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.14.1 NAME 'krbRealmReferences' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113730.3.8.3.9 NAME 'ipaEnabledFlag' DESC 'The flag to show if the association is active or should be ignored' EQUALITY bo oleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v 2' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 2.16.840.1.113730.3.1.2278 NAME 'nsslapd-certdir' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.18.0.2.4.1135 NAME 'printer-name' DESC 'The site-speci fic administrative name of this printer.' EQUALITY caseIgnoreMatch SUBSTR c aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.26 NAME 'ipatokenHOTPsyncWindow ' DESC 'HOTP Sync Window (maximum synchronization skip-ahead)' EQUALITY int egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.21.1.2 NAME 'ipaMemberCa' DESC 'Refe rence to a CA member' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA v4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.38 NAME 'nsLicenseEndTime' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.20 NAME 'idnsSecKeyPublish' DESC ' DNSSEC key (planned) publication time' EQUALITY generalizedTimeMatch ORDERI NG generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE -VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.200 NAME 'changeLogMaximumAge' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR IGIN 'Netscape Directory Server' ) attributeTypes: ( authorityDN-oid NAME 'authorityDN' DESC 'Authority DN' SYN TAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 2.5.18.3 NAME 'creatorsName' EQUALITY distinguishedNameMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.1.93 NAME 'passwordRetryCount' DESC 'N etscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Director y Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.6 NAME 'ipaNTLogonScript' DESC 'U ser Logon Script Name' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrdering Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.11.22 NAME 'ipaAllowedTarget' DESC ' Target principals alowed to get a ticket for' SUP distinguishedName EQUALIT Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'I PA-v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2247 NAME 'nsslapd-conntablesize' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( requestSourceId-oid NAME 'requestSourceId' DESC 'CMS defin ed attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.1.12 NAME 'ipaGroupObjectClasses' S YNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( crlSize-oid NAME 'crlSize' DESC 'CMS defined attribute' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.21 NAME 'ipk11Distrusted' DESC 'Must not be trusted by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( nsSuiteSpotUser-oid NAME 'nsSuiteSpotUser' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets cape' ) attributeTypes: ( 2.16.840.1.113730.3.1.2095 NAME 'connection' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne tscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.693 NAME 'inetUserHttpURL' DESC 'A u sers Web addresses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape subscriber interoperability' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 h ash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 .1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 1.3.18.0.2.4.1113 NAME 'printer-service-person' DESC 'The identity of the current human service person responsible for servicing this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.1.2305 NAME 'nsslapd-moddn-aci' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.603 NAME 'dncomp' DESC 'internal ser ver defined attribute type' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 2.16.840.1.113730.3.1.1099 NAME 'winSyncInterval' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord' DESC 'Delegation Signer, RFC 3658' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( revokedOn-oid NAME 'revokedOn' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( nsBaseDN-oid NAME 'nsBaseDN' DESC 'Netscape defined attrib ute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.40 NAME 'ipaUserAuthType' DESC 'A llowed authentication methods' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15 X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2265 NAME 'nsslapd-versionstring' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.18.0.2.4.1128 NAME 'printer-compression-supported' DES C 'Compression algorithms supported by this printer.' EQUALITY caseIgnoreMa tch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X -ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.1.523 NAME 'ntUserFlags' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.25 NAME 'mgrpDeliverTo' DESC 'Netsca pe Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.2132 NAME 'nsds5ReplicaEnabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsExecRef-oid NAME 'nsExecRef' DESC 'Netscape defined attr ibute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.235 NAME 'nsSNMPContact' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.43 NAME 'ipk11KeyGenMechanism' DESC 'Mechanism used to generate this key' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defi ned' ) ) attributeTypes: ( 2.16.840.1.113719.1.301.4.46.1 NAME 'krbMKey' EQUALITY oc tetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 2.16.840.1.113730.3.8.11.19 NAME 'ipaNTSupportedEncryption Types' DESC 'Supported encryption types of a trust' EQUALITY integerMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.591 NAME 'nsDS5ReplicaReferral' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O RIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2179 NAME 'nsslapd-errorlog-logrotat ionsynchour' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2082 NAME ( 'passwordMinCategories' 'pwdMinCategories' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Direc tory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.15 NAME 'nisDomainName' DESC 'NIS domain name.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUB STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.688 NAME 'nsds5replicaLastUpdateStat us' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' EQUALI TY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.26 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.8.1.5 NAME 'ipaCustomFields' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.16.840.1.113730.3.8.5.33 NAME 'ipaServiceWeight' DESC 'W eight for the server in IPA location' EQUALITY integerMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.213 NAME 'vlvEnabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Net scape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2140 NAME 'passwordTrackUpdateTime' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.37 NAME 'ipaKrbAuthzData' DESC 't ype of PAC preferred by a service' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.15 X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' DESC 'Security ID List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2252 NAME 'nsslapd-groupevalnestleve l' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.51.1 NAME 'krbExtraData' EQUALI TY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' DESC 'List of user workstations the user is allowed to logon to' EQUALITY caseIg noreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.8.12.33 NAME 'ipaAssignedIDView' DESC 'DN of view assigned to this particular host' SUP distinguishedName EQUALIT Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN ( 'IPA v4' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2229 NAME 'nsslapd-ldapilisten' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair' DESC 'X.509 cross cer tificate pair' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 40 X-ORIGIN 'RFC 4523' ) attributeTypes: ( 2.16.840.1.113730.3.8.7.10 NAME 'ipaSudoRunAsExtGroup' DES C 'Multivalue string attribute that allows storing group name the command c an be run as' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR case IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2 ' ) attributeTypes: ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' EQUALI TY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.8 NAME 'idnsSOAexpire' DESC 'SOA e xpire value' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2310 NAME 'nsds5ReplicaFlowControlWi ndow' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.69 NAME 'subtreeACI' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Nets cape Directory Server 1.0' ) attributeTypes: ( 2.16.840.1.113730.3.1.2299 NAME 'nsslapd-connection-buffer ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2166 NAME 'schemaUpdateObjectclassRe ject' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( revokedBy-oid NAME 'revokedBy' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.586 NAME 'nsDS5ReplicaUpdateSchedule ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.13769.4.1 NAME 'mozillaCustom1' EQUALITY case IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.55 NAME 'ipaSecretKey' DESC 'Encr ypted secret key data' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.40 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2270 NAME 'nsslapd-auditlog-list' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X -ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.1003 NAME 'nsds7NewWinGroupSyncEnabl ed' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.536 NAME 'ntGroupAttributes' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE- VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.111 NAME 'ntUniqueId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'Standard LDA P attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGI N 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.30 NAME 'mgrpRFC822MailMember' DESC 'mgrpRFC822MailMember' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466. 115.121.1.26 X-ORIGIN ( 'RFC2307bis' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.5.18 NAME 'idnsSecInlineSigning' DES C 'allow inline DNSSEC signing' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.208 NAME 'vlvScope' DESC 'Netscape d efined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Netsc ape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' DESC 'Non-Term inal DNS Name Redirection, RFC 2672' EQUALITY caseIgnoreIA5Match SUBSTR cas eIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( privateKeyData-oid NAME 'privateKeyData' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.34.1 NAME 'krbPwdHistoryLength' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( nsNickName-oid NAME 'nsNickName' DESC 'Netscape defined at tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' DESC 'An integer option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.5.4.36 NAME 'userCertificate' DESC 'X.509 user certifica te' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 4523' ) attributeTypes: ( 2.16.840.1.113730.3.1.2104 NAME 'nsslapd-pluginConfigArea' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 2 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.1.5 NAME 'vendorVersion' EQUALITY 1.3.6.1.4.1.146 6.109.114.1 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIF ICATION USAGE dSAOperation X-ORIGIN 'RFC 3045' ) attributeTypes: ( 1.3.6.1.4.1.6981.11.3.3 NAME 'FTPUploadRatio' DESC 'Ratio (compared with FTPRatioDown) for uploaded files' EQUALITY integerMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.15 NAME 'serviceAuthenticationMetho d' DESC 'Specifies types authentication methods either used, required, or s upported by a particular service' EQUALITY caseIgnoreMatch SUBSTR caseIgnor eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'RFC4876' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.19 NAME 'ipk11EndDate' DESC 'Va lidity end date' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrde ringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.802 NAME 'nsds5ReplicaLegacyConsumer ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.20 NAME 'memberService' DESC 'Refe rence to the pam service of this operation.' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2216 NAME 'nsslapd-require-secure-bi nds' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsKeyfile-oid NAME 'nsKeyfile' DESC 'Netscape defined attr ibute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.52 NAME 'replicaUpdateSchedule' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O RIGIN 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' SYNTAX 1.3.6.1.4.1 .1466.115.121.1.23 X-ORIGIN 'RFC 1274' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.70 NAME 'ipk11UnwrapTemplate' D ESC 'DN of template to apply to keys unwrapped using this key' EQUALITY dis tinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORI GIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2286 NAME 'nsslapd-outbound-ldap-io- timeout' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' ) SUP name EQUALITY case IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.11 SINGLE-VALUE X-ORIGIN 'RFC 4519' X-DEPRECATED 'countryName' ) attributeTypes: ( 2.16.840.1.113730.3.1.2064 NAME 'nsSaslMapRegexString' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2153 NAME ( 'passwordAdminDN' 'pwdAd minDN' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3. 6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC 'Minimu m password age, in seconds (default: 0 => allow immediate password change)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.48 NAME 'ipaPermTargetFilter' DES C 'IPA permission target filter' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) attributeTypes: ( 2.5.4.14 NAME 'searchGuide' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.25 X-ORIGIN 'RFC 4519' ) attributeTypes: ( version-oid NAME 'version' DESC 'CMS defined attribute' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.106 NAME ( 'passwordMaxFailure' 'pwd MaxFailure' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Se rver' ) attributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Standard L DAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307 ' ) attributeTypes: ( 2.16.840.1.113730.3.1.2234 NAME 'nsslapd-ldapigidnumbertyp e' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.572 NAME 'nsTimeLimit' DESC 'Binder- based search operation time limit (seconds)' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory S erver' ) attributeTypes: ( 2.16.840.1.113730.3.1.2323 NAME 'nsslapd-auditfaillog-loge xpirationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.74 NAME 'administratorContactInfo' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( nsClassname-oid NAME 'nsClassname' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.244 NAME 'nsValueCES' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Net scape servers - value item' ) attributeTypes: ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' DESC 'IAN A GSS-API authorized service name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.15 X-ORIGIN 'NSS LDAP schema' ) attributeTypes: ( allowWeakCipher-oid NAME 'allowWeakCipher' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets cape' ) attributeTypes: ( 2.16.840.1.113730.3.1.2171 NAME 'nsslapd-accesslog-maxlogs perdir' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.4 NAME 'fqdn' DESC 'FQDN' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2203 NAME 'nsslapd-errorlog-logging- enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.7 NAME 'profileTTL' DESC 'Time to l ive, in seconds, before a profile is considered stale' EQUALITY integerMatc h ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE -VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.21.1.5 NAME 'ipaCertProfileCategory' DESC 'Additional classification for certificate profiles' EQUALITY caseIgn oreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.2' 'user defined' ) ) attributeTypes: ( 1.3.6.1.1.1.1.32 NAME 'automountKey' DESC 'Automount Key v alue' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGL E-VALUE X-ORIGIN 'RFC 2307bis' ) attributeTypes: ( nsDeleteclassname-oid NAME 'nsDeleteclassname' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' Netscape Administration Services' ) attributeTypes: ( nsmsgNumMsgQuota-oid NAME 'nsmsgNumMsgQuota' DESC 'Netscap e Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.65 NAME 'ipk11Unwrap' DESC 'Key supports unwrapping' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( nsAdminCgiWaitPid-oid NAME 'nsAdminCgiWaitPid' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC 'iden tifies a department within an organization' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'R FC 2798' ) attributeTypes: ( 2.16.840.1.113730.3.1.550 NAME 'cosAttribute' DESC 'Netsca pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'N etscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.96 NAME ( 'passwordHistory' 'pwdHist ory' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6. 1.4.1.1466.115.121.1.5 USAGE directoryOperation X-ORIGIN 'Netscape Director y Server' ) attributeTypes: ( 1.3.6.1.4.1.5322.21.2.5 NAME 'krbLastAdminUnlock' EQUALIT Y generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' DESC ' Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.9 NAME 'ipaNTHomeDirectoryDrive' DESC 'User Home Drive Letter' EQUALITY caseIgnoreMatch ORDERING caseIgnoreO rderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.5.4.21 NAME 'telexNumber' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.52 X-ORIGIN 'RFC 4519' ) attributeTypes: ( numberOfRenewals-oid NAME 'numberOfRenewals' DESC 'CMS def ined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined ' ) attributeTypes: ( 2.16.840.1.113730.3.1.2117 NAME 'dnaNextValue' DESC 'DNA n ext available value for assignment' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SI NGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.7.7 NAME 'ipaSudoRunAsExtUser' DESC 'Multivalue string attribute that allows storing user name the command can be run as' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgn oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2098 NAME 'autoMemberFilter' DESC 'A uto Membership filter criteria' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.17 NAME 'RPRecord' DESC 'Responsible Person, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' DESC 'Standard LDAP attri bute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.2221 NAME 'nsslapd-validate-cert' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2187 NAME 'nsslapd-accesslog-logrota tiontimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.146 6.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2308 NAME 'nstombstonecsn' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.61 NAME 'ntUserUsrComment' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.2291 NAME 'nsslapd-disk-monitoring-g race-period' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2077 NAME ( 'passwordMinUppers' 'pwd MinUppers' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Ser ver' ) attributeTypes: ( SecureEEClientAuthPort-oid NAME 'SecureEEClientAuthPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.407 NAME 'nsSynchUniqueAttribute' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X -ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.77 NAME 'sambaSecurityIdentifier' DES C 'SID of a trusted domain' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5 SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2268 NAME 'nsslapd-accesslog-list' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.18.0.2.4.1125 NAME 'printer-finishings-supported' DESC 'The possible finishing operations supported by this printer.' EQUALITY ca seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.8 NAME 'ipatokenOTPkey' DESC 'O TP Token Key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.4 0 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 2.5.21.6 NAME 'objectClasses' EQUALITY objectIdentifierFi rstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOpera tion X-ORIGIN 'RFC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.16 NAME 'ipatokenRadiusServer' DESC 'Server String Configuration' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 .1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( cmsUserGroup-oid NAME 'cmsUserGroup' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.28 NAME 'mgrpMsgRejectAction' DESC ' Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 1.3.6.1.1.1.1.29 NAME 'nisSecretkey' DESC 'nisSecretkey' E QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'RFC2307bis' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2135 NAME 'nsds5ReplicaCleanRUV' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.10 NAME 'idnsUpdatePolicy' DESC 'D NS dynamic updates policy' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5 SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.230 NAME 'nsslapd-pluginDescription' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsAdminCacheLifetime-oid NAME 'nsAdminCacheLifetime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR IGIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.327 NAME 'nsIndexType' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne tscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.545 NAME 'nscpEntryDN' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.5 NAME 'eduPersonPrimaryAffiliation ' DESC 'Primary Affiliation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA LUE X-ORIGIN 'http://middleware.internet2.edu/eduperson/' ) attributeTypes: ( 2.16.840.1.113730.3.1.83 NAME 'cirUsePersistentSearch' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.12 NAME 'ipaNTTrustAttributes' DE SC 'Trust attributes for a trusted domain' EQUALITY integerMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.10 NAME 'javaFactory' DESC 'Fully qualified Java class name of a JNDI object factory' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2713' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.11 NAME 'ipk11Private' DESC 'Is private to application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.5.18.10 NAME 'subschemaSubentry' EQUALITY distinguished NameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFIC ATION USAGE directoryOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.1.2085 NAME 'isReplicated' DESC 'Chang elog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.18 NAME 'managedBy' DESC 'DNs of e ntries allowed to manage' SUP distinguishedName EQUALITY distinguishedNameM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.683 NAME 'nsds5ReplicaTombstonePurge Interval' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC 'Sta ndard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'RFC 1274' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.20.2.2 NAME 'ipaReplTopoSegmentDirec tion' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 X-ORIGIN ( 'FreeIPA' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.1100 NAME 'oneWaySync' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.68 NAME 'ipk11NeverExtractable' DESC 'Key has never been extractable' EQUALITY booleanMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( nsConfigRoot-oid NAME 'nsConfigRoot' DESC 'Netscape define d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( requestType-oid NAME 'requestType' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.10.1 NAME 'krbMaxRenewableAge' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.13769.3.7 NAME 'mozillaHomeUrl' EQUALITY case IgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Moz illa Address Book' ) attributeTypes: ( issuedBy-oid NAME 'issuedBy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.30 NAME 'ipaSELinuxUser' DESC 'An SELinux user' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SU BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2255 NAME 'passwordIsGlobalPolicy' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( requestState-oid NAME 'requestState' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTelephon eNumber' ) EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 4524' X-DEPRECATED 'mobileTelephoneNumber' ) attributeTypes: ( nsAdminDomainName-oid NAME 'nsAdminDomainName' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.15 NAME 'mailAutoReplyText' DESC 'Ne tscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.2122 NAME 'dnaMaxValue' DESC 'DNA ma ximum value to assign' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X- ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.225 NAME 'nsslapd-pluginInitfunc' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsAdminEndUserHTMLIndex-oid NAME 'nsAdminEndUserHTMLIndex' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.2.1.3 NAME 'accountInactivityLimit' DES C 'Account inactivity limit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA LUE X-ORIGIN 'Account Policy Plugin' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'Driver letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 .1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined ' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2192 NAME 'nsslapd-auditlog-logmaxdi skspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsBuildSecurity-oid NAME 'nsBuildSecurity' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets cape' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.3 NAME 'idnsSOAmName' DESC 'SOA Na me' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.708 NAME 'vacationenddate' DESC 'Net scape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.581 NAME 'nsDS5ReplicaBindDN' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORI GIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2169 NAME 'nsslapd-pagedsizelimit' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( mgrpApprovePassword-oid NAME 'mgrpApprovePassword' DESC 'N etscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.26 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.78 NAME 'sambaTrustForestTrustInfo' D ESC 'Forest trust information for a trusted domain object' EQUALITY caseExa ctMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 1.3.18.0.2.4.1136 NAME 'printer-location' DESC 'The physic al location of this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rf c3712' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.25 NAME 'ipatokenHOTPauthWindow ' DESC 'HOTP Auth Window (maximum authentication skip-ahead)' EQUALITY inte gerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.531 NAME 'ntUserBadPwCount' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-V ALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY caseI gnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.1.37 NAME 'nsLicenseStartTime' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.23 NAME 'idnsSecKeyDelete' DESC 'D NSSEC key (planned) deletion timestamp' EQUALITY generalizedTimeMatch ORDER ING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL E-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.203 NAME 'replicaEntryFilter' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORI GIN 'Netscape Directory Server' ) attributeTypes: ( authorityID-oid NAME 'authorityID' DESC 'Authority ID' SYN TAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC 'Share Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.1 NAME 'ipaExternalMember' DESC ' External Group Member Identifier' EQUALITY caseIgnoreMatch ORDERING caseIgn oreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v3' ' user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2242 NAME 'nsslapd-securePort' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING LE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList' DESC 'X.509 cert ificate revocation list' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.40 X-ORIGIN 'RFC 4523' ) attributeTypes: ( nsAdminAccountInfo-oid NAME 'nsAdminAccountInfo' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.24 NAME 'ipk11Local' DESC 'Was created locally on token' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2090 NAME 'mepRDNAttr' DESC 'Managed Entries RDN attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.696 NAME 'inetSubscriberResponse' DE SC 'Used to confirm subscriberIdentity. This attribute holds the response phrase and is used in conjunction with the inetSubscriberChallenge' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Netscape subscriber in teroperability' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Accoun t Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 S INGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.5.4.50 NAME 'uniqueMember' EQUALITY uniqueMemberMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.34 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.2219 NAME 'nsslapd-minssf' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-V ALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.18.0.2.4.1114 NAME 'printer-delivery-orientation-suppo rted' DESC 'The possible delivery orientations of pages as they are printed and ejected from this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 1.3.6.1.4.1.250.1.60 NAME ( 'ttl' 'timeToLive' ) DESC 'tim e to live in seconds for cached objects' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 X-ORIGIN 'LDAP Caching Internet Draft' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.42.1 NAME 'krbDefaultEncSaltType s' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.16.840.1.113730.3.1.2300 NAME 'nsslapd-connection-nocano n' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.59 NAME 'ntUserPriv' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X- ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.2289 NAME 'nsslapd-disk-monitoring' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsDefaultObjectClass-oid NAME 'nsDefaultObjectClass' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR IGIN 'Netscape Administration Services' ) attributeTypes: ( 1.3.6.1.4.1.13769.3.8 NAME 'mozillaWorkStreet2' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 2.16.840.1.113730.3.1.2156 NAME 'nsslapd-sasl-max-buffer-s ize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2260 NAME 'nsslapd-result-tweak' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.45 NAME 'ipaPermBindRuleType' DES C 'IPA permission bind rule type' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.526 NAME 'ntUserLastLogon' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.101 NAME ( 'passwordInHistory' 'pwdI nHistory' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1 .3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' DESC 'Standard LDAP att ribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RF C 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.20 NAME 'mailProgramDeliveryInfo' DE SC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.146 6.115.121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 1.2.840.113556.1.4.481 NAME 'calCalAdrURI' DESC 'RFC2739: URI for event equests destination' EQUALITY caseIgnoreIA5Match SUBSTR caseI gnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'rfc2 739' ) attributeTypes: ( 2.16.840.1.113730.3.1.238 NAME 'nsSNMPMasterPort' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.10 NAME 'sudoOrder' DESC 'an integer to order the sudoRole entries' EQUALITY integerMatch ORDERING integerOrder ingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'SUDO' ) attributeTypes: ( 2.16.840.1.113730.3.1.2326 NAME 'nsslapd-auditfaillog-logg ing-hide-unhashed-pw' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1 .4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.7 NAME 'javaCodebase' DESC 'URL(s) specifying the location of class definition' EQUALITY caseExactIA5Match SY NTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2713' ) attributeTypes: ( firstUnsaved-oid NAME 'firstUnsaved' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.594 NAME 'nsDS5ReplicatedAttributeLi stTotal' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2174 NAME 'nsslapd-auditlog-maxlogsi ze' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.10 NAME 'sourceHost' DESC 'Link to a host or group of hosts' SUP memberHost EQUALITY distinguishedNameMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2206 NAME 'nsslapd-unhashed-pw-switc h' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.63 NAME 'ipaOriginalUid' DESC 'Or iginal UID of overriden user' EQUALITY caseIgnoreMatch ORDERING caseIgnoreO rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( ' IPA v4' 'user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 NAME 'preferredServerList' DESC ' List of preferred servers' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstr ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'RFC 4876' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.42 NAME 'ntUserCreateNewAccount' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.8.1.8 NAME 'ipaDefaultPrimaryGroup' E QUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'PKCS #12 PFX PDU for exchange of personal identity information' SYNTAX 1.3.6.1.4.1. 1466.115.121.1.5 X-ORIGIN 'RFC 2798' ) attributeTypes: ( 2.16.840.1.113730.3.1.5 NAME 'changeNumber' DESC 'Changelo g attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Changelog Internet Draft' ) attributeTypes: ( 2.16.840.1.113730.3.1.2143 NAME 'nsslapd-sasl-mapping-fall back' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.18.9 NAME 'hasSubordinates' DESC 'if TRUE, subordinate entries may exist' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .7 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'num Subordinates Internet Draft' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.38 NAME 'ipaNTSIDBlacklistIncomin g' DESC 'Extra SIDs filtered out from incoming MS-PAC' EQUALITY caseIgnoreI A5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.26 X-ORIGIN 'IPA v3' ) attributeTypes: ( SecureAgentPort-oid NAME 'SecureAgentPort' SYNTAX 1.3.6.1 .4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 2.5.4.24 NAME 'x121Address' EQUALITY numericStringMatch S UBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 X-O RIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.997 NAME 'pwdpolicysubentry' DESC 'N etscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.12 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Director y Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.7.2 NAME 'memberDenyCmd' DESC 'Refer ence to a command or group of commands that are denied by the rule.' SUP di stinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.12 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2224 NAME 'nsslapd-port' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VAL UE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'Standard LDAP attr ibute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'RFC 2307' ) attributeTypes: ( 2.5.4.43 NAME 'initials' SUP name EQUALITY caseIgnoreMatc h SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O RIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.30.1 NAME 'krbMaxPwdLife' EQUAL ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.7.13 NAME 'sudoCmd' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactMatch ORDERING caseExactMatch SU BSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2313 NAME 'nsslapd-changelogtrim-int erval' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.64 NAME 'ntUserNumLogons' DESC 'Nets cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VAL UE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.2294 NAME 'nsslapd-ndn-cache-max-siz e' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2161 NAME 'nsIndexIDListScanLimit' D ESC 'fine grained idlistscanlimit - per index/type/value' SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.589 NAME 'nsDS5ReplicaType' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.13769.4.2 NAME 'mozillaCustom2' EQUALITY case IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.8 NAME 'sudoNotBefore' DESC 'Start o f time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.70 NAME 'sambaTrustType' DESC 'Type o f trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.56 NAME 'ipaCertSubject' DESC 'Su bject name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2273 NAME 'nsslapd-config' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-V ALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.21.9 NAME 'structuralObjectClass' EQUALITY objectIden tifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIF ICATION USAGE directoryOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.3 NAME 'ipatokenNotBefore' DESC 'Token validity date' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.24 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( nsDisplayName-oid NAME 'nsDisplayName' DESC 'Netscape defi ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( authorityParentDN-oid NAME 'authorityParentDN' DESC 'Autho rity Parent DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'Standard LDAP att ribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.2138 NAME 'nsslapd-readonly' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.55 NAME 'ipk11WrapTemplate' DES C 'DN of template of keys which can be wrapped using this key' EQUALITY dis tinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORI GIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2331 NAME 'nsslapd-logging-hr-timest amps-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.146 6.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.86 NAME 'cirLastUpdateApplied' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR IGIN 'Netscape Directory Server' ) attributeTypes: ( certProfileConfig-oid NAME 'certProfileConfig' DESC 'Certi ficate profile configuration' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' DESC 'An integer den oting time to live' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .27 ) attributeTypes: ( 2.5.4.31 NAME 'member' SUP distinguishedName EQUALITY dis tinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4519 ' ) attributeTypes: ( sslVersionMax-oid NAME 'sslVersionMax' DESC 'Netscape defi ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape ' ) attributeTypes: ( 2.16.840.1.113730.3.1.252 NAME 'nsValueDescription' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORI GIN 'Netscape servers - value item' ) attributeTypes: ( userstate-oid NAME 'userstate' DESC 'Distinguish whether t he user is administrator, agent or subsystem.' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2107 NAME 'nsPagedSizeLimit' DESC 'B inder-based simple paged search operation size limit' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN '389' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.17.1 NAME 'krbKdcServers' EQUAL ITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.12 NAME 'defaultSearchScope' DESC ' Default scope used when performing a search' EQUALITY caseIgnoreIA5Match SY NTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) attributeTypes: ( tokenSubject-oid NAME 'tokenSubject' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.805 NAME 'nsds5replicaTimeout' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2088 NAME 'mepStaticAttr' DESC 'Mana ged Entries static attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.23 NAME 'ipaCertificateSubjectBase ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( keyInfo-oid NAME 'keyInfo' DESC 'CMS defined attribute' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.74 NAME 'ipaDNSVersion' DESC 'IPA DNS data version' EQUALITY integerMatch ORDERING integerOrderingMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v4.3' 'user d efined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2211 NAME 'nsslapd-dynamicconf' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.51 NAME 'replicaUpdateReplayed' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O RIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.20.2.5 NAME 'ipaReplTopoSegmentStatu s' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X -ORIGIN ( 'FreeIPA' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2281 NAME 'nsslapd-saslpath' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) SUP name EQUALITY case IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'commonName' ) attributeTypes: ( 2.16.840.1.113730.3.1.2067 NAME 'pamIncludeSuffix' DESC 'S uffixes to include for PAM authentication' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.12 X-ORIGIN 'Red Hat Directory Server' ) attributeTypes: ( UnSecurePort-oid NAME 'UnSecurePort' SYNTAX 1.3.6.1.4.1.1 466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.199 NAME 'memberCertificateDescripti on' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.26 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.2312.4.3.3.1 NAME 'sabayonProfileURL' DESC 'Th e URL of a sabayon profile' SUP labeledURI EQUALITY caseExactMatch SUBSTR c aseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Saba yon' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange' DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY integer Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.5.4.17 NAME 'postalCode' EQUALITY caseIgnoreMatch SUBST R caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.2258 NAME 'nsslapd-csnlogging' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING LE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsSSL2-oid NAME 'nsSSL2' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.109 NAME ( 'passwordLockoutDuration' 'pwdLockoutDuration' ) DESC 'Netscape defined password policy attribute ty pe' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Di rectory Server' ) attributeTypes: ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'Standard LDAP a ttribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.18 NAME 'mailHost' DESC 'Netscape Me ssaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.2125 NAME 'dnaThreshold' DESC 'DNA t hreshold for getting next range of values' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.220 NAME ( 'passwordMustChange' 'pwd MustChange' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Se rver' ) attributeTypes: ( 2.16.840.1.113730.3.1.2237 NAME 'nsslapd-counters' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2195 NAME 'nsslapd-auditlog-logminfr eediskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.575 NAME 'nsRoleDN' DESC 'Netscape d efined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE directory Operation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.19.2.3 NAME 'ipaMaxDomainLevel' DESC 'Maximal supported Domain Level value' EQUALITY numericStringMatch ORDERIN G numericStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE X-OR IGIN ( 'IPA v4' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.73 NAME 'installationTimeStamp' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O RIGIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.247 NAME 'nsValueBin' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'Nets cape servers - value item' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.7 NAME 'memberHost' DESC 'Referenc e to a device where the operation takes place (usually host).' SUP distingu ishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .12 X-ORIGIN 'IPA v2' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group( s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466 .115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.18.0.2.4.1133 NAME 'printer-ipp-versions-supported' DE SC 'IPP protocol version(s) that this printer supports.' EQUALITY caseIgnor eMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.20 NAME 'ipatokenUserMapAttribu te' DESC 'Attribute to map from the user entry for RADIUS server authentica tion' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY caseI gnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.8.5.26 NAME 'idnsSecKeySep' DESC 'DNSK EY SEP flag (equivalent to bit 15): RFC 4035' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defin ed' ) ) attributeTypes: ( 2.5.18.1 NAME 'createTimestamp' EQUALITY generalizedTimeM atch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'R FC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.1.553 NAME 'costemplatedn' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VAL UE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.95 NAME 'accountUnlockTime' DESC 'Ne tscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.20 NAME 'memberPrincipal' DESC 'P rincipal names member of a groupOfPrincipals group' EQUALITY caseIgnoreMatc h SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O RIGIN ( 'IPA-v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.11.4 NAME 'ipaNTFallbackPrimaryGroup ' DESC 'Fallback Group to set the Primary group Security Identifier for use rs with UPGs' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2245 NAME 'nsslapd-maxthreadsperconn ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.39.1 NAME 'krbPrincipalKey' EQU ALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 2.16.840.1.113730.3.8.1.10 NAME 'ipaPwdExpAdvNotify' EQUA LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.2112 NAME 'ntGroupType' DESC 'Netsca pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALU E X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.23 NAME 'ipk11Id' DESC 'Key ass ociation identifier' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.40 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( numberOfEnrollments-oid NAME 'numberOfEnrollments' DESC 'C MS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user d efined' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord' DESC 'mailbox or mail list information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR case IgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' DESC ' Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.691 NAME 'inetDomainStatus' DESC '"a ctive", "inactive", or "deleted" status of a domain' SYNTAX 1.3.6.1.4.1.146 6.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape subscriber interoperability' ) attributeTypes: ( 1.3.18.0.2.4.1111 NAME 'printer-job-k-octets-supported' DE SC 'The maximum size in kilobytes (1,024 octets actually) incoming print jo b that this printer will accept.' EQUALITY integerMatch ORDERING integerOrd eringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3 712' ) attributeTypes: ( 2.16.840.1.113730.3.1.2182 NAME 'nsslapd-errorlog-logrotat ionsyncmin' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466. 115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.788 NAME 'mgrpBroadcasterPolicy' DES C 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( crlNumber-oid NAME 'crlNumber' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.601 NAME 'adminRole' DESC 'Administr ative role' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Delegat ed Administrator' ) attributeTypes: ( 2.16.840.1.113730.3.1.2072 NAME 'pamFallback' DESC 'Fallba ck to regular LDAP BIND if PAM auth fails' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.7 SINGLE-VALUE X-ORIGIN 'Red Hat Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2159 NAME 'dnaRemoteConnProtocol' DE SC 'Connection protocol: LDAP, TLS, or SSL' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( nsLogSuppress-oid NAME 'nsLogSuppress' DESC 'Netscape defi ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape ' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword' DESC 'Clear text password (used for trusted domain passwords)' EQUALITY octetSt ringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 2.5.21.1 NAME 'dITStructureRules' EQUALITY integerFirstCo mponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 1.3.18.0.2.4.1126 NAME 'printer-pages-per-minute-color' DE SC 'The nominal number of color pages per minute which may be output by thi s printer.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.1.521 NAME 'ntUserHomeDir' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VAL UE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.15 NAME 'ipatokenRadiusConfigLi nk' DESC 'Corresponding Radius Configuration link' SUP distinguishedName EQ UALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-V ALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 1.2.840.113556.1.4.484 NAME 'calOtherCAPURIs' DESC 'RFC273 9: multi-value URI to other calendars' EQUALITY caseIgnoreIA5Match SUBSTR c aseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ' rfc2739' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.50.1 NAME 'krbLoginFailedCount' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.5.13 NAME 'idnsAllowSyncPTR' DESC 'p ermit synchronization of PTR records' EQUALITY booleanMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2130 NAME 'dnaRangeRequestTimeout' D ESC 'DNA timeout for querying replica for next range of values' SYNTAX 1.3. 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.233 NAME 'nsSNMPOrganization' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORI GIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord' DESC 'Key Exchang e Delegation, RFC 2230' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Sub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation X-ORIGIN 'RFC 451 2' ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.8 NAME 'eduPersonPrimaryOrgUnitDN' DESC 'Primary Organizational Unit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-O RIGIN 'http://middleware.internet2.edu/eduperson/' ) attributeTypes: ( 2.16.840.1.113730.3.1.2329 NAME ( 'passwordSendExpiringTim e' 'pwdSendExpiringTime' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.17 NAME 'ipaNTTrustForestTrustInf o' DESC 'Forest trust information for a trusted domain object' EQUALITY oct etStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( nsHardwarePlatform-oid NAME 'nsHardwarePlatform' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 1.3.6.1.4.1.6981.11.3.8 NAME 'FTPuid' DESC 'System uid (ov errides uidNumber if present)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) attributeTypes: ( transName-oid NAME 'transName' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.14 NAME 'ipk11Copyable' DESC 'C an be copied by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2080 NAME ( 'passwordMin8bit' 'pwdMi n8bit' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3. 6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.686 NAME 'nsds5replicaLastUpdateEnd' DESC 'Netscape defined attribute type' EQUALITY generalizedTimeMatch ORDER ING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL E-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2209 NAME 'nsslapd-rootpwstoragesche me' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.49 NAME 'replicaUpdateFailedAt' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O RIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.1.3 NAME 'ipaSearchTimeLimit' EQUAL ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.5.31 NAME 'idnsServerId' DESC 'DNS s erver identifier' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.8 NAME 'changes' DESC 'Changelog att ribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'Changelog Intern et Draft' ) attributeTypes: ( 2.16.840.1.113730.3.1.2146 NAME 'rootdn-days-allowed' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.37.1 NAME 'krbPasswordExpiration ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL E-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.35 NAME 'ipaBaseRID' DESC 'First value of a RID range' EQUALITY integerMatch ORDERING integerOrderingMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2250 NAME 'nsslapd-ioblocktimeout' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' SYNT AX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelephoneN umber' ) EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 4524' X-DEPRECATED 'p agerTelephoneNumber' ) attributeTypes: ( 2.16.840.1.113730.3.1.10 NAME 'deleteOldRdn' DESC 'Changel og attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 X-ORIGIN 'Changelog Internet Draft' ) attributeTypes: ( 2.16.840.1.113730.3.1.228 NAME 'nsslapd-pluginVersion' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC 'Logo n script path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.5.4.46 NAME 'dnQualifier' EQUALITY caseIgnoreMatch ORDE RING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.44 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.2316 NAME 'nsslapd-auditfaillog-maxl ogsize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.6 NAME 'idnsSOArefresh' DESC 'SOA refresh value' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.614 NAME 'copyingFrom' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.2.840.113554.1.4.1.6.5 NAME 'krbPwdAllowedKeysalts' EQU ALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( nsSSLToken-oid NAME 'nsSSLToken' DESC 'Netscape defined at tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.584 NAME 'nsDS5ReplicaRoot' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2164 NAME 'winSyncSubtreePair' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR IGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.53 NAME 'ipaPublicKey' DESC 'Publ ic key as DER-encoded SubjectPublicKeyInfo (RFC 5280)' EQUALITY octetString Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN ( 'IPA v4.1' 'user defi ned' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2276 NAME 'nsslapd-lockdir' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.6 NAME 'ipatokenModel' DESC 'Op tional Model identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA O TP' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.1001 NAME 'nsds7DirectoryReplicaSubt ree' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.534 NAME 'ntUserPrimaryGroupId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SING LE-VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.18 NAME 'ipatokenRadiusTimeout' DESC 'Server Timeout' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTelepho neNumber' ) EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 4524' X-DEPRECATED 'homeTelephoneNumber' ) attributeTypes: ( 2.16.840.1.113730.3.8.21.1.8 NAME 'ipaCaSubjectDN' DESC 'S ubject DN' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA v4.4 Lightweight CAs' 'user defi ned' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.32 NAME 'mgrpMsgMaxSize' DESC 'Netsc ape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.206 NAME 'filterInfo' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Net scape Directory Server' ) attributeTypes: ( 1.3.18.0.2.4.1140 NAME 'printer-uri' DESC 'A URI supported by this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.1.2334 NAME 'ntUserNtPassword' DESC 'N etscape defined attribute type, synced or generated NT Password hash' SYNTA X 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchroni zation' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC 'Optio n Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.5.4.34 NAME 'seeAlso' SUP distinguishedName EQUALITY di stinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 451 9' ) attributeTypes: ( nsSSL3Ciphers-oid NAME 'nsSSL3Ciphers' DESC 'Netscape defi ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape ' ) attributeTypes: ( 1.3.6.1.4.1.6981.11.3.5 NAME 'FTPUploadBandwidth' DESC 'Ba ndwidth (in KB/s) to limit upload speeds to' EQUALITY integerMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) attributeTypes: ( 2.16.840.1.113730.3.1.2093 NAME 'nsslapd-changelogsuffix' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.26 NAME 'ipaSELinuxUserMapDefault' DESC 'Default SELinux user' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMa tch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( nsUniqueAttribute-oid NAME 'nsUniqueAttribute' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.71 NAME 'ipaPermTargetFrom' DESC 'Source location from where moving an entry IPA permission ACI' EQUALITY di stinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-OR IGIN ( 'IPA v4.0' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2214 NAME 'nsslapd-svrtab' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList' DESC 'X.509 delta revo cation list' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 4523' ) attributeTypes: ( 1.3.18.0.2.4.1119 NAME 'printer-natural-language-configure d' DESC 'The configured natural language in which error and status messages will be generated (by default) by this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.1.1 NAME 'krbPrincipalName' EQU ALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.1.2303 NAME 'nsslapd-ignore-time-skew' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.54 NAME 'replicaUseSSL' DESC 'Netsca pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'N etscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) EQUALIT Y caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'userid' ) attributeTypes: ( 2.16.840.1.113730.3.1.609 NAME 'nsds5BeginReplicaRefresh' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2284 NAME 'nsslapd-ssl-check-hostnam e' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.1097 NAME 'nsds5replicaBusyWaitTime' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) SUP name EQUA LITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'stateOrProvinceName' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.45 NAME 'IPSECKEYRecord' DESC 'IPSEC KEY, RFC 4025' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defi ned' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2151 NAME 'nsslapd-plugin-depends-on -type' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsViewConfiguration-oid NAME 'nsViewConfiguration' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.25.1 NAME 'krbSearchScope' EQUA LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' DESC 'Fo rce Users to logon for password change (default: 0 => off, 2 => on)' EQUALI TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.46 NAME 'ipaPermLocation' DESC 'L ocation of IPA permission ACI' EQUALITY distinguishedNameMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2263 NAME 'nsslapd-maxsasliosize' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.529 NAME 'ntUserMaxStorage' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-V ALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( CACertExtractFile-oid NAME 'CACertExtractFile' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.104 NAME ( 'passwordWarning' 'pwdExp ireWarning' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Se rver' ) attributeTypes: ( 1.3.6.1.1.1.1.12 NAME 'memberUid' DESC 'Standard LDAP attr ibute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307' ) attributeTypes: ( nsAccessLog-oid NAME 'nsAccessLog' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.2128 NAME 'dnaSecurePortNum' DESC 'D NA secure port number of replica to get new range of values' SYNTAX 1.3.6.1 .4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( dateOfRecovery-oid NAME 'dateOfRecovery' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( ServerKeyExtractFile-oid NAME 'ServerKeyExtractFile' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR IGIN 'Netscape' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Next NT rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE ) attributeTypes: ( nsPidLog-oid NAME 'nsPidLog' DESC 'Netscape defined attrib ute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.2198 NAME 'nsslapd-auditlog-logexpir ationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.570 NAME 'nsLookThroughLimit' DESC ' Binder-based search operation look through limit (candidate entries)' SYNTA X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORI GIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.12 NAME 'nisNetIdUser' DESC 'nisNe tIdUser' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X- ORIGIN ( 'RFC2307bis' 'user defined' ) ) attributeTypes: ( nsCertfile-oid NAME 'nsCertfile' DESC 'Netscape defined at tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.2321 NAME 'nsslapd-auditfaillog-logm axdiskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.76 NAME 'serverHostName' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.242 NAME 'nsSystemIndex' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.18.2.2 NAME 'ipaVaultSalt' DESC 'IPA vault salt' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN ( 'IPA v4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2177 NAME 'nsslapd-auditlog-logrotat ionsync-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.2 NAME 'ipaClientVersion' DESC 'Te xt string describing client version of the IPA software installed' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.13 NAME 'accessRuleType' DESC 'The flag to represent if it is allow or deny rule.' EQUALITY caseIgnoreMatch O RDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.64 NAME 'ipaSecretKeyRef' DESC 'D N of the ipa key object' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.12 X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2201 NAME 'nsslapd-auditlog-logexpir ationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 NAME 'defaultSearchBase' DESC 'De fault base for searches' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.12 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) attributeTypes: ( nsServerCreationClassname-oid NAME 'nsServerCreationClassn ame' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.41 NAME 'ntUserDomainId' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VAL UE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.29 NAME 'idnsTemplateAttribute' DE SC 'Template attribute for dynamic attribute generation' EQUALITY caseIgnor eIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.67 NAME 'ipk11AlwaysSensitive' DESC 'Key has always been sensitive' EQUALITY booleanMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.219 NAME 'vlvUses' DESC 'Netscape de fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Netsca pe Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord' DESC 'IPv6 addr ess, RFC 1886' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.1.973 NAME 'nsds5ReplConflict' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.18.4 NAME 'modifiersName' EQUALITY distinguishedNameM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.1.98 NAME 'passwordExp' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.27 NAME 'destinationIndicator' EQUALITY caseIgnoreM atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.2248 NAME 'nsslapd-reservedescriptor s' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( tokenIP-oid NAME 'tokenIP' DESC 'CMS defined attribute' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2115 NAME 'dnaType' DESC 'DNA attrib ute type to maintain' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN '389 Di rectory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.7.5 NAME 'ipaSudoOpt' DESC 'Options( s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115 .121.1.26 X-ORIGIN 'IPA v2' ) attributeTypes: ( subjectName-oid NAME 'subjectName' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2227 NAME 'nsslapd-snmp-index' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING LE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' DESC 'Standard LDAP attri bute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.2185 NAME 'nsslapd-errorlog-logrotat iontime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' EQUALIT Y caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.1.63 NAME 'ntUserUnitsPerWeek' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE- VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.2297 NAME 'nsslapd-search-return-ori ginal-type-switch' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2075 NAME ( 'passwordMinDigits' 'pwd MinDigits' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Ser ver' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.75 NAME 'sambaTrustAuthOutgoing' DESC 'Authentication information for the outgoing portion of a trust' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 1.3.18.0.2.4.1123 NAME 'printer-sides-supported' DESC 'The number of impression sides (one or two) and the two-sided impression rotat ions supported by this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.5.21.4 NAME 'matchingRules' EQUALITY objectIdentifierFi rstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOpera tion X-ORIGIN 'RFC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.10 NAME 'ipatokenOTPdigits' DES C 'OTP Token Number of digits' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' DESC 'Standard LDAP at tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'R FC 2307' ) attributeTypes: ( requestResult-oid NAME 'requestResult' DESC 'CMS defined a ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.16 NAME 'idnsZoneRefresh' DESC 'zo ne refresh interval' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v2' 'user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord' DESC 'service lo cation, RFC 2782' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.3 NAME 'eduPersonOrgDN' DESC 'Organ ization DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'htt p://middleware.internet2.edu/eduperson/' ) attributeTypes: ( 2.16.840.1.113730.3.1.543 NAME 'nsState' DESC 'Netscape de fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-OR IGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.85 NAME 'cirBindCredentials' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIG IN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.10 NAME 'ipaNTDomainGUID' DESC 'N T Domain GUID' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v3' ' user defined' ) ) attributeTypes: ( dateOfCreate-oid NAME 'dateOfCreate' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.8.1 NAME 'krbTicketFlags' EQUAL ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.12 NAME 'javaDoc' DESC 'The Java d ocumentation for the class' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1 466.115.121.1.26 X-ORIGIN 'RFC 2713' ) attributeTypes: ( 2.16.840.1.113730.3.1.2102 NAME 'autoMemberGroupingAttr' D ESC 'Auto Membership grouping attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 26 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.13 NAME 'ipk11Label' DESC 'Desc ription' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.808 NAME 'nsds5replicaLastInitEnd' D ESC 'Netscape defined attribute type' EQUALITY generalizedTimeMatch ORDERIN G generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE- VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsUserIDFormat-oid NAME 'nsUserIDFormat' DESC 'Netscape de fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netsca pe Administration Services' ) attributeTypes: ( 0.9.2342.19200300.100.1.9 NAME 'host' EQUALITY caseIgnore Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( nsAdminOneACLDir-oid NAME 'nsAdminOneACLDir' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne tscape Administration Services' ) attributeTypes: ( 2.5.4.0 NAME 'objectClass' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 X-ORIGIN 'RFC 4512' ) attributeTypes: ( nsBuildNumber-oid NAME 'nsBuildNumber' DESC 'Netscape defi ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape ' ) attributeTypes: ( 1.3.6.1.4.1.13769.3.5 NAME 'mozillaHomePostalCode' EQUALI TY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 2.16.840.1.113730.3.1.2149 NAME 'rootdn-allow-ip' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI N 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.2312.4.3.3.2 NAME 'sabayonProfileName' DESC 'T he Name of a sabayon profile' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Sa bayon' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' DESC 'Min imal password length (default: 5)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.5.4.12 NAME 'title' SUP name EQUALITY caseIgnoreMatch S UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN 'RFC 4519' ) attributeTypes: ( authoritySerial-oid NAME 'authoritySerial' DESC 'Authority certificate serial number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VAL UE X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.17 NAME 'mailForwardingAddress' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( revInfo-oid NAME 'revInfo' DESC 'CMS defined attribute' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2120 NAME 'dnaFilter' DESC 'DNA filt er for finding entries' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X -ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.223 NAME ( 'passwordResetFailureCoun t' 'pwdFailureCountInterval' ) DESC 'Netscape defined password policy attri bute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Nets cape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'Times tamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE ) attributeTypes: ( 2.5.4.49 NAME ( 'distinguishedName' 'dn' ) EQUALITY disti nguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4519' X-DEPRECATED 'dn' ) attributeTypes: ( 2.16.840.1.113730.3.1.2232 NAME 'nsslapd-ldapimaptoentries ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.578 NAME 'nsDS5ReplicaHost' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2190 NAME 'nsslapd-accesslog-logmaxd iskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.1 NAME 'idnsAllowDynUpdate' DESC ' permit dynamic updates on this zone' EQUALITY booleanMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2319 NAME 'nsslapd-auditfaillog-logr otationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.45.1 NAME 'krbLastPwdChange' EQ UALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VAL UE ) attributeTypes: ( 2.5.21.10 NAME 'governingStructureRule' EQUALITY integerM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 2.16.840.1.113730.3.1.2279 NAME 'nsslapd-ldifdir' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.18.0.2.4.1134 NAME 'printer-more-info' DESC 'A URI for more information about this specific printer.' EQUALITY caseIgnoreMatch SU BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.9 NAME 'attributeMap' DESC 'Attribu te mappings used, required, or supported by an agent or service' EQUALITY c aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'RFC4876' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.1004 NAME 'nsds7WindowsDomain' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING LE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) DESC 'Standard LDAP attribute type' EQUALITY caseIgnoreIA5Match SUBSTR cas eIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'RFC 2247' 'user defined' ) ) attributeTypes: ( certStatus-oid NAME 'certStatus' DESC 'CMS defined attribu te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.21.1.3 NAME 'ipaMemberCertProfile' D ESC 'Reference to a certificate profile member' SUP distinguishedName EQUAL ITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA v4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC 'pr eferred written or spoken language for a person' EQUALITY caseIgnoreMatch S UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'RFC 2798' ) attributeTypes: ( 1.3.6.1.4.1.13769.2.3 NAME ( 'mozillaUseHtmlMail' 'xmozill ausehtmlmail' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.21 NAME 'idnsSecKeyActivate' DESC 'DNSSEC key (planned) activation time' EQUALITY generalizedTimeMatch ORDERI NG generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE -VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.201 NAME 'changeLogMaximumSize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O RIGIN 'Netscape Directory Server' ) attributeTypes: ( adminMessages-oid NAME 'adminMessages' DESC 'CMS defined a ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( nsSerialNumber-oid NAME 'nsSerialNumber' DESC 'Netscape de fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netsca pe' ) attributeTypes: ( 1.3.6.1.4.1.5322.21.2.3 NAME 'krbPwdLockoutDuration' EQUA LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.90 NAME 'cirBeginORC' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Net scape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.7 NAME 'ipaNTProfilePath' DESC 'U ser Profile Path' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING LE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2240 NAME 'nsslapd-accesslog' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.1.13 NAME 'ipaDefaultEmailDomain' E QUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.99 NAME 'SPFRecord' DESC 'Sender Pol icy Framework (SPF) for Authorizing Use of Domains in Email, RFC 7208' EQUA LITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2096 NAME 'entryusn' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE N O-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'Netscape' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'LanMa nager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121 .1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.694 NAME 'inetSubscriberAccountId' D ESC 'A unique attribute linking the subscriber to a billing system' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape subscriber interoperabilit y' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.18.1 NAME 'krbPwdServers' EQUAL ITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.18.0.2.4.1112 NAME 'printer-current-operator' DESC 'Th e identity of the current human operator responsible for operating this pri nter.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.1.2306 NAME 'nsslapd-return-default-op attr' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.2.840.113556.1.4.478 NAME 'calCalURI' DESC 'RFC2739: URI of entire default calendar' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreI A5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'rfc2739' ) attributeTypes: ( tokenNotAfter-oid NAME 'tokenNotAfter' DESC 'CMS defined a ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.604 NAME 'parentid' DESC 'internal s erver defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.42 NAME 'APLRecord' DESC 'Lists of A ddress Prefixes, RFC 3132' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5 SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2 ' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2154 NAME 'nsds5ReplicaBackoffMin' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.43 NAME 'ipaPermIncludedAttr' DES C 'IPA permission explicitly included attribute' EQUALITY caseIgnoreMatch O RDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN ( 'IPA v4.0' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2266 NAME 'nsslapd-enquote-sup-oc' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.524 NAME 'ntUserScriptPath' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.22 NAME 'mgrpAllowedBroadcaster' DES C 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.2133 NAME 'pwdUpdateTime' DESC 'Last password update time' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE US AGE directoryOperation X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.236 NAME 'nsSNMPDescription' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' SYNTA X 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.1.2324 NAME 'nsslapd-auditfaillog-loge xpirationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsPreference-oid NAME 'nsPreference' DESC 'Netscape define d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape A dministration Services' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.18 NAME 'ipaNTTrustPosixOffset' D ESC 'POSIX offset of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.33.1 NAME 'krbPwdMinLength' EQU ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( crlName-oid NAME 'crlName' DESC 'CMS defined attribute' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( status-oid NAME 'status' DESC 'CMS defined attribute' SYNT AX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.592 NAME 'nsDS5ReplicaAutoReferral' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( requestAgentGroup-oid NAME 'requestAgentGroup' DESC 'CMS d efined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defin ed' ) attributeTypes: ( 2.16.840.1.113730.3.1.2083 NAME ( 'passwordMinTokenLength' 'pwdMinTokenLength' ) DESC 'Netscape defined password policy attribute typ e' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Dir ectory Server' ) attributeTypes: ( numberOfRecoveries-oid NAME 'numberOfRecoveries' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user def ined' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.16 NAME 'ipaConfigString' DESC 'Ge neric configuration stirng' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMat ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.689 NAME 'nsds5replicaUpdateInProgre ss' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.7 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.61 NAME 'ipaWrappingKey' DESC 'PK CS#11 URI of the wrapping key' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2204 NAME 'nsslapd-auditlog-logging- enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.18.0.2.4.1109 NAME 'printer-charset-configured' DESC ' The configured charset in which error and status messages will be generated (by default) by this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.1.44 NAME 'ntGroupDomainId' DESC 'Nets cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA LUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.8.20.2.8 NAME 'ipaReplTopoManagedSuffi x' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X -ORIGIN ( 'FreeIPA' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.1.6 NAME 'ipaHomesRootDir' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.214 NAME 'passwordAllowChangeTime' D ESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Di rectory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.62 NAME 'ipk11Decrypt' DESC 'Ke y supports decryption' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( tokenStatus-oid NAME 'tokenStatus' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.55 NAME 'HIPRecord' DESC 'Host Ident ity Protocol (HIP) Domain Name System (DNS) Extension, RFC 5205' EQUALITY c aseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2141 NAME 'dsOnlyMemberUid' DESC 'El ements from a memberuid attribute created to reflect dynamic group membersh ip' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Red Hat Directory Server ' ) attributeTypes: ( nsDirectoryFailoverList-oid NAME 'nsDirectoryFailoverList' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 6 X-ORIGIN 'Netscape' ) attributeTypes: ( nsSSLSessionTimeout-oid NAME 'nsSSLSessionTimeout' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.36 NAME 'ipaSecondaryBaseRID' DES C 'First value of a secondary RID range' EQUALITY integerMatch ORDERING int egerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGI N ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2253 NAME 'nsslapd-nagle' DESC 'Nets cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA LUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2118 NAME 'dnaInterval' DESC 'DNA in terval between values' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X- ORIGIN '389 Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC 'Ti mestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch SUBSTR case IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 45 19' ) attributeTypes: ( 2.16.840.1.113730.3.1.2188 NAME 'nsslapd-errorlog-logrotat iontimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.32769 NAME 'DLVRecord' DESC 'DNSSEC Lookaside Validation, RFC 4431' EQUALITY caseIgnoreIA5Match SUBSTR caseIgno reIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v 4.4.2' 'user defined' ) ) attributeTypes: ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.8.7.11 NAME 'ipaSudoRunAsGroupCategory ' DESC 'Additional classification for groups' SUP userCategory EQUALITY cas eIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2311 NAME 'nsds5ReplicaFlowControlPa use' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.66 NAME 'ntUserUniqueId' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALU E X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.9 NAME 'idnsSOAminimum' DESC 'SOA minimum value' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2078 NAME ( 'passwordMinLowers' 'pwd MinLowers' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Ser ver' ) attributeTypes: ( 2.16.840.1.113730.3.1.587 NAME 'nsds50ruv' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets cape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2167 NAME 'schemaUpdateAttributeAcce pt' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2271 NAME 'nsslapd-rewrite-rfc1274' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.54 NAME 'ipaPrivateKey' DESC 'Pri vate key as DER-encoded EncryptedPrivateKeyInfo (RFC 5958)' EQUALITY octetS tringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN ( 'IP A v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.1 NAME 'ipatokenUniqueID' DESC 'Token Unique Identifier' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'Standard LDA P attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGI N 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.31 NAME 'mailEnhancedUniqueMember' D ESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.12 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.5.1 NAME 'krbUPEnabled' DESC 'Bo olean' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.5.19 NAME 'idnsSecKeyCreated' DESC ' DNSSEC key creation timestamp' EQUALITY generalizedTimeMatch ORDERING gener alizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X -ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.209 NAME 'vlvFilter' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Nets cape Directory Server' ) attributeTypes: ( nsErrorLog-oid NAME 'nsErrorLog' DESC 'Netscape defined at tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record' DESC 'A6 Record T ype, RFC 2874' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.1.88 NAME 'cirUpdateFailedat' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI N 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC 'Base6 4 encoded user parameter string' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.250 NAME 'nsValueDefault' DESC 'Nets cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape servers - value item' ) attributeTypes: ( 2.5.4.37 NAME 'cACertificate' DESC 'X.509 CA certificate' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RF C 4523' ) attributeTypes: ( 1.3.6.1.4.1.6981.11.3.2 NAME 'FTPQuotaMBytes' DESC 'Quota (in megabytes) for an FTP user' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.14 NAME 'serviceSearchDescriptor' D ESC 'Specifies search descriptors required, used, or supported by a particu lar service or agent' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'RFC4876' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2105 NAME 'autoMemberTargetGroup' DE SC 'Auto Membership target group' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SING LE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.803 NAME 'nsBackendSuffix' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE di rectoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2217 NAME 'nsslapd-allow-anonymous-a ccess' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.53 NAME 'replicaBindMethod' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI N 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.4 NAME 'info' EQUALITY caseIgnore Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.71 NAME 'ipk11AlwaysAuthenticat e' DESC 'User has to authenticate for each use with this key' EQUALITY bool eanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v 4.1' 'user defined' ) ) attributeTypes: ( nsSSLSupportedCiphers-oid NAME 'nsSSLSupportedCiphers' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.2287 NAME 'nsslapd-force-sasl-extern al' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2065 NAME 'nsSaslMapBaseDNTemplate' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.5 NAME 'serialNumber' EQUALITY caseIgnoreMatch SUBS TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 X-ORIGIN 'RFC 4519' ) attributeTypes: ( p12Expiration-oid NAME 'p12Expiration' DESC 'CMS defined a ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( tokenUserID-oid NAME 'tokenUserID' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.197 NAME 'replicaHost' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne tscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold' DESC 'Lockout users after bad logon attempts (default: 0 => off)' EQUALITY integ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( tokenReason-oid NAME 'tokenReason' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.5.4.15 NAME 'businessCategory' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR IGIN 'RFC 4519' ) attributeTypes: ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' EQUALITY c aseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.1.107 NAME 'passwordResetDuration' DES C 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' DESC 'Standard LD AP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIG IN 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.2235 NAME 'nsslapd-ldapientrysearchb ase' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( tokenAppletID-oid NAME 'tokenAppletID' DESC 'CMS defined a ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( extensions-oid NAME 'extensions' DESC 'CMS defined attribu te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( nsInstalledLocation-oid NAME 'nsInstalledLocation' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.573 NAME 'nsIdleTimeout' DESC 'Binde r-based connection idle timeout (seconds)' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Ser ver' ) attributeTypes: ( 2.16.840.1.113730.3.8.19.2.1 NAME 'ipaDomainLevel' DESC 'D omain Level value' EQUALITY numericStringMatch ORDERING numericStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE X-ORIGIN ( 'IPA v4' 'user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.2428.20.4 NAME 'UnknownRecord' DESC 'unknown D NS record, RFC 3597' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'use r defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.75 NAME 'adminUrl' DESC 'Netscape de fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netsca pe Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.245 NAME 'nsValueTel' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'Net scape servers - value item' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.42 NAME 'preferredLocale' DESC 'p referred locale for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Ne tscape' ) attributeTypes: ( nsNYR-oid NAME 'nsNYR' DESC 'Netscape defined attribute ty pe' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.2172 NAME 'nsslapd-accesslog-maxlogs ize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.5 NAME 'memberUser' DESC 'Referenc e to a principal that performs an action (usually user).' SUP distinguished Name EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X -ORIGIN 'IPA v2' ) attributeTypes: ( userMessages-oid NAME 'userMessages' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.18.0.2.4.1131 NAME 'printer-charset-supported' DESC 'S et of charsets supported for the attribute values of syntax DirectoryString for this directory entry.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.22 NAME 'ipatokenTOTPwatermark' DESC 'TOTP watermark' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.4 NAME 'bindTimeLimit' DESC 'Maximu m time an agent or service allows for a bind operation to complete' EQUALIT Y integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.27 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.21.1.6 NAME 'ipaCaId' DESC 'Dogtag A uthority ID' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBS TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4 Lightweight CAs' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.5.24 NAME 'idnsSecKeyZone' DESC 'DNS KEY ZONE flag (equivalent to bit 7): RFC 4035' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defi ned' ) ) attributeTypes: ( archivedBy-oid NAME 'archivedBy' DESC 'CMS defined attribu te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.53.1 NAME 'krbPrincContainerRef' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'numeri cally identifies an employee within an organization' EQUALITY caseIgnoreMat ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE X-ORIGIN 'RFC 2798' ) attributeTypes: ( 2.16.840.1.113730.3.1.551 NAME 'cosspecifier' DESC 'Netsca pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALU E X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.97 NAME ( 'passwordMaxAge' 'pwdMaxAg e' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1. 4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.5322.21.2.4 NAME 'krbAllowedToDelegateTo' EQU ALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' DESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier' SYNTAX 1.3.6.1. 4.1.1466.115.121.1.51 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.8.7.8 NAME 'ipaSudoRunAsUserCategory' DESC 'Additional classification for users' SUP userCategory EQUALITY caseIg noreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2099 NAME 'autoMemberExclusiveRegex' DESC 'Auto Membership exclusive regex rule' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 X-ORIGIN '389 Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord' DESC 'text strin g, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2307 ' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC 'Next NT rid to give our for users' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.2222 NAME 'nsslapd-localuser' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2180 NAME 'nsslapd-auditlog-logrotat ionsynchour' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2309 NAME 'nsds5ReplicaPreciseTombst onePurging' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( tokenOrigin-oid NAME 'tokenOrigin' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2292 NAME 'nsslapd-disk-monitoring-l ogging-critical' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2070 NAME 'pamIDMapMethod' DESC 'How to map BIND DN to PAM identity' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Red Hat Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.408 NAME 'replicaLastRelevantChange' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 7 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.76 NAME 'sambaTrustAuthIncoming' DESC 'Authentication information for the incoming portion of a trust' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2269 NAME 'nsslapd-errorlog-list' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X -ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.18.0.2.4.1124 NAME 'printer-number-up-supported' DESC 'The possible numbers of print-stream pages to impose upon a single side of an instance of a selected medium.' EQUALITY integerMatch ORDERING integerO rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.9 NAME 'ipatokenOTPalgorithm' D ESC 'OTP Token Algorithm' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( allowPinReset-oid NAME 'allowPinReset' DESC 'CMS defined a ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.5.21.7 NAME 'nameForms' EQUALITY objectIdentifierFirstC omponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.17 NAME 'ipatokenRadiusSecret' DESC 'Server Secret' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.40 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' EQUALITY octetStr ingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 1274' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.36.1 NAME 'krbPwdPolicyReference ' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SIN GLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.28 NAME 'nisPublickey' DESC 'nisPublickey' E QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'RFC2307bis' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.29 NAME 'mgrpMsgRejectText' DESC 'Ne tscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.2136 NAME 'nsds5ReplicaCleanRUVNotif ied' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.27 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.11 NAME 'idnsAllowQuery' DESC 'BIN D9 allow-query ACL element' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1. 1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.231 NAME 'nsslapd-pluginEnabled' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsWellKnownJarfiles-oid NAME 'nsWellKnownJarfiles' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN 'Netscape Administration Services' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord' DESC 'non-exista nt, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 US AGE directoryOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( nsAdminAccessHosts-oid NAME 'nsAdminAccessHosts' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.328 NAME 'nsMatchingRule' DESC 'Nets cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.6 NAME 'eduPersonPrincipalName' DES C 'Principal Name' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIG IN 'http://middleware.internet2.edu/eduperson/' ) attributeTypes: ( 2.16.840.1.113730.3.1.80 NAME 'cirHost' DESC 'Netscape def ined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscap e Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.15 NAME 'ipaNTTrustAuthOutgoing' DESC 'Authentication information for the outgoing portion of a trust' EQUAL ITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.11 NAME 'javaReferenceAddress' DES C 'Addresses associated with a JNDI Reference' EQUALITY caseExactMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2713' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.16 NAME 'ipk11Trusted' DESC 'Ca n be trusted by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2086 NAME 'mepManagedBy' DESC 'Manag ed Entries backpointer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.19 NAME 'serviceCategory' DESC 'Ad ditional classification for services' EQUALITY caseIgnoreMatch ORDERING cas eIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.684 NAME 'nsds5ReplicaChangeCount' D ESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.1.1 NAME 'ipaUserSearchFields' EQUA LITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.8.20.2.3 NAME 'ipaReplTopoSegmentLeftN ode' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'FreeIPA' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.1101 NAME 'nsRoleScopeDN' DESC 'Scop e of a role' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN '38 9 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.69 NAME 'ipk11WrapWithTrusted' DESC 'Key can only be wrapped with a trusted wrapping key' EQUALITY boolean Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1 ' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113719.1.301.4.41.1 NAME 'krbSubTrees' EQUALIT Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.52 NAME 'TLSARecord' DESC 'DNS-Based Authentication of Named Entities - Transport Layer Security Protocol, RFC 6698' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 1.3.1.1.4.1.453.16.2.103 NAME 'numSubordinates' DESC 'coun t of immediate subordinates' EQUALITY integerMatch ORDERING integerOrdering Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATIO N USAGE directoryOperation X-ORIGIN 'numSubordinates Internet Draft' ) attributeTypes: ( 1.3.6.1.4.1.13769.3.6 NAME 'mozillaHomeCountryName' SUP n ame EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 2.16.840.1.113730.3.1.2144 NAME 'rootdn-open-time' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.33 NAME 'ipaBaseID' DESC 'First v alue of a Posix ID range' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2256 NAME 'passwordLegacyPolicy' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.9999999 NAME 'nsds5debugreplicatimeo ut' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( SubsystemName-oid NAME 'SubsystemName' SYNTAX 1.3.6.1.4.1 .1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' SYNTAX 1 .3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.1.12 NAME 'mailAccessDomain' DESC 'Net scape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.2123 NAME 'dnaSharedCfgDN' DESC 'DNA shared configuration entry DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE -VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.226 NAME 'nsslapd-pluginType' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC 'Time stamp of when the user will be logged off automatically' EQUALITY integerMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.5.4.44 NAME 'generationQualifier' SUP name EQUALITY cas eIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.2193 NAME 'nsslapd-accesslog-logminf reediskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.146 6.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.7.14 NAME 'ipaSudoRunAsExtUserGroup' DESC 'Multivalue string attribute that allows storing groups of users that are not managed by IPA the command can be run as' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2314 NAME 'nsslapd-changelogcompactd b-interval' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.4 NAME 'idnsSOArName' DESC 'SOA ro ot Name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.612 NAME 'generation' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Net scape Directory Server' ) cn: schema ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5String' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'DirectoryString' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'DN' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'Facsimile Telephone Numb er' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.23 DESC 'FAX' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.24 DESC 'GeneralizedTime' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.27 DESC 'INTEGER' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional UID' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'OctetString' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'TelephoneNumber' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'Teletex Terminal Identif ier' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' ) matchingRules: ( 2.5.13.17 NAME 'octetStringMatch' DESC 'The octetStringMatc h rule compares an assertion value of the Octet String syntax to an attribu te value of a syntax (e.g., the Octet String or JPEG syntax) whose correspo nding ASN.1 type is the OCTET STRING ASN.1 type. The rule evaluates to TRU E if and only if the attribute value and the assertion value are the same l ength and corresponding octets (by position) are the same.' SYNTAX 1.3.6.1. 4.1.1466.115.121.1.40 ) matchingRules: ( 2.5.13.18 NAME 'octetStringOrderingMatch' DESC 'The octetSt ringOrderingMatch rule compares an assertion value of the Octet String synt ax to an attribute value of a syntax (e.g., the Octet String or JPEG syntax ) whose corresponding ASN.1 type is the OCTET STRING ASN.1 type. The rule evaluates to TRUE if and only if the attribute value appears earlier in the collation order than the assertion value. The rule compares octet strings from the first octet to the last octet, and from the most significant bit to the least significant bit within the octet. The first occurrence of a d ifferent bit determines the ordering of the strings. A zero bit precedes a one bit. If the strings contain different numbers of octets but the longe r string is identical to the shorter string up to the length of the shorter string, then the shorter string precedes the longer string.' SYNTAX 1.3.6. 1.4.1.1466.115.121.1.40 ) matchingRules: ( 2.5.13.16 NAME 'bitStringMatch' DESC 'The bitStringMatch ru le compares an assertion value of the Bit String syntax to an attribute val ue of a syntax (e.g., the Bit String syntax) whose corresponding ASN.1 type is BIT STRING. If the corresponding ASN.1 type of the attribute syntax do es not have a named bit list [ASN.1] (which is the case for the Bit String syntax), then the rule evaluates to TRUE if and only if the attribute value has the same number of bits as the assertion value and the bits match on a bitwise basis. If the corresponding ASN.1 type does have a named bit list , then bitStringMatch operates as above, except that trailing zero bits in the attribute and assertion values are treated as absent.' SYNTAX 1.3.6.1.4 .1.1466.115.121.1.6 ) matchingRules: ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' DESC 'T he caseExactIA5Match rule compares an assertion value of the IA5 String syn tax to an attribute value of a syntax (e.g., the IA5 String syntax) whose c orresponding ASN.1 type is IA5String. The rule evaluates to TRUE if and onl y if the prepared attribute value character string and the prepared asserti on value character string have the same number of characters and correspond ing characters have the same code point. In preparing the attribute value a nd assertion value for comparison, characters are not case folded in the Ma p preparation step, and only Insignificant Space Handling is applied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 26 ) matchingRules: ( 2.5.13.5 NAME 'caseExactMatch' DESC 'The caseExactMatch rul e compares an assertion value of the Directory String syntax to an attribut e value of a syntax (e.g., the Directory String, Printable String, Country String, or Telephone Number syntax) whose corresponding ASN.1 type is Direc toryString or one of the alternative string types of DirectoryString, such as PrintableString (the other alternatives do not correspond to any syntax defined in this document). The rule evaluates to TRUE if and only if the pr epared attribute value character string and the prepared assertion value ch aracter string have the same number of characters and corresponding charact ers have the same code point. In preparing the attribute value and assertio n value for comparison, characters are not case folded in the Map preparati on step, and only Insignificant Space Handling is applied in the Insignific ant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.5.13.6 NAME 'caseExactOrderingMatch' DESC 'The caseExactO rderingMatch rule compares an assertion value of the Directory String synta x to an attribute value of a syntax (e.g., the Directory String, Printable String, Country String, or Telephone Number syntax) whose corresponding ASN .1 type is DirectoryString or one of its alternative string types. The rule evaluates to TRUE if and only if, in the code point collation order, the p repared attribute value character string appears earlier than the prepared assertion value character string; i.e., the attribute value is "less than" the assertion value. In preparing the attribute value and assertion value f or comparison, characters are not case folded in the Map preparation step, and only Insignificant Space Handling is applied in the Insignificant Chara cter Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.5.13.7 NAME 'caseExactSubstringsMatch' DESC 'The caseExac tSubstringsMatch rule compares an assertion value of the Substring Assertio n syntax to an attribute value of a syntax (e.g., the Directory String, Pri ntable String, Country String, or Telephone Number syntax) whose correspond ing ASN.1 type is DirectoryString or one of its alternative string types. T he rule evaluates to TRUE if and only if (1) the prepared substrings of the assertion value match disjoint portions of the prepared attribute value ch aracter string in the order of the substrings in the assertion value, (2) a n substring, if present, matches the beginning of the prepared at tribute value character string, and (3) a substring, if present, ma tches the end of the prepared attribute value character string. A prepared substring matches a portion of the prepared attribute value character stri ng if corresponding characters have the same code point. In preparing the a ttribute value and assertion value substrings for comparison, characters ar e not case folded in the Map preparation step, and only Insignificant Space Handling is applied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) matchingRules: ( 2.16.840.1.113730.3.3.1 NAME 'caseExactIA5SubstringsMatch' DESC 'The caseExactIA5SubstringsMatch rule compares an assertion value of t he Substring Assertion syntax to an attribute value of a syntax (e.g., the IA5 syntax) whose corresponding ASN.1 type is IA5 String or one of its alte rnative string types. The rule evaluates to TRUE if and only if (1) the pre pared substrings of the assertion value match disjoint portions of the prep ared attribute value character string in the order of the substrings in the assertion value, (2) an substring, if present, matches the begin ning of the prepared attribute value character string, and (3) a su bstring, if present, matches the end of the prepared attribute value charac ter string. A prepared substring matches a portion of the prepared attribu te value character string if corresponding characters have the same code po int. In preparing the attribute value and assertion value substrings for co mparison, characters are not case folded in the Map preparation step, and o nly Insignificant Space Handling is applied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) matchingRules: ( 2.5.13.27 NAME 'generalizedTimeMatch' DESC 'The rule evalua tes to TRUE if and only if the attribute value represents the same universa l coordinated time as the assertion value.' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.24 ) matchingRules: ( 2.5.13.28 NAME 'generalizedTimeOrderingMatch' DESC 'The rul e evaluates to TRUE if and only if the attribute value represents a univers al coordinated time that is earlier than the universal coordinated time rep resented by the assertion value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) matchingRules: ( 2.5.13.13 NAME 'booleanMatch' DESC 'The booleanMatch rule c ompares an assertion value of the Boolean syntax to an attribute value of a syntax (e.g., the Boolean syntax) whose corresponding ASN.1 type is BOOLEA N. The rule evaluates to TRUE if and only if the attribute value and the a ssertion value are both TRUE or both FALSE.' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.7 ) matchingRules: ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' DESC ' The caseIgnoreIA5Match rule compares an assertion value of the IA5 String s yntax to an attribute value of a syntax (e.g., the IA5 String syntax) whose corresponding ASN.1 type is IA5String. The rule evaluates to TRUE if and only if the prepared attribute value character string and the prepared asse rtion value character string have the same number of characters and corresp onding characters have the same code point. In preparing the attribute val ue and assertion value for comparison, characters are case folded in the Ma p preparation step, and only Insignificant Space Handling is applied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 26 ) matchingRules: ( 1.3.6.1.4.1.1466.109.114.3 NAME 'caseIgnoreIA5SubstringsMat ch' DESC 'The caseIgnoreIA5SubstringsMatch rule compares an assertion value of the Substring Assertion syntax to an attribute value of a syntax (e.g., the IA5 String syntax) whose corresponding ASN.1 type is IA5String. The r ule evaluates to TRUE if and only if (1) the prepared substrings of the ass ertion value match disjoint portions of the prepared attribute value charac ter string in the order of the substrings in the assertion value, (2) an substring, if present, matches the beginning of the prepared attrib ute value character string, and (3) a substring, if present, matche s the end of the prepared attribute value character string. A prepared sub string matches a portion of the prepared attribute value character string i f corresponding characters have the same code point. In preparing the attr ibute value and assertion value substrings for comparison, characters are c ase folded in the Map preparation step, and only Insignificant Space Handli ng is applied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1 .4.1.1466.115.121.1.58 ) matchingRules: ( 2.5.13.2 NAME 'caseIgnoreMatch' DESC 'The caseIgnoreMatch r ule compares an assertion value of the Directory String syntax to an attrib ute value of a syntax (e.g., the Directory String, Printable String, Countr y String, or Telephone Number syntax) whose corresponding ASN.1 type is Dir ectoryString or one of its alternative string types. The rule evaluates to TRUE if and only if the prepared attribute value character string and the prepared assertion value character string have the same number of character s and corresponding characters have the same code point. In preparing the a ttribute value and assertion value for comparison, characters are case fold ed in the Map preparation step, and only Insignificant Space Handling is ap plied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.146 6.115.121.1.15 ) matchingRules: ( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' DESC 'The caseIgnor eOrderingMatch rule compares an assertion value of the Directory String syn tax to an attribute value of a syntax (e.g., the Directory String, Printabl e String, Country String, or Telephone Number syntax) whose corresponding A SN.1 type is DirectoryString or one of its alternative string types. The ru le evaluates to TRUE if and only if, in the code point collation order, the prepared attribute value character string appears earlier than the prepare d assertion value character string; i.e., the attribute value is "less than " the assertion value. In preparing the attribute value and assertion value for comparison, characters are case folded in the Map preparation step, an d only Insignificant Space Handling is applied in the Insignificant Charact er Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' DESC 'The caseIgn oreSubstringsMatch rule compares an assertion value of the Substring Assert ion syntax to an attribute value of a syntax (e.g., the Directory String, P rintable String, Country String, or Telephone Number syntax) whose correspo nding ASN.1 type is DirectoryString or one of its alternative string types. The rule evaluates to TRUE if and only if (1) the prepared substrings of t he assertion value match disjoint portions of the prepared attribute value character string in the order of the substrings in the assertion value, (2) an substring, if present, matches the beginning of the prepared attribute value character string, and (3) a substring, if present, matches the end of the prepared attribute value character string. A prepar ed substring matches a portion of the prepared attribute value character st ring if corresponding characters have the same code point. In preparing the attribute value and assertion value substrings for comparison, characters are case folded in the Map preparation step, and only Insignificant Space H andling is applied in the Insignificant Character Handling step.' SYNTAX 1. 3.6.1.4.1.1466.115.121.1.58 ) matchingRules: ( 2.5.13.11 NAME 'caseIgnoreListMatch' DESC 'The caseIgnoreLi stMatch rule compares an assertion value that is a sequence of strings to a n attribute value of a syntax (e.g., the Postal Address syntax) whose corre sponding ASN.1 type is a SEQUENCE OF the DirectoryString ASN.1 type. The ru le evaluates to TRUE if and only if the attribute value and the assertion v alue have the same number of strings and corresponding strings (by position ) match according to the caseIgnoreMatch matching rule. In [X.520], the ass ertion syntax for this matching rule is defined to be: SEQUENCE OF Di rectoryString {ub-match} That is, it is different from the corresponding ty pe for the Postal Address syntax. The choice of the Postal Address syntax for the assertion syntax of the caseIgnoreListMatch in LDAP should not be s een as limiting the matching rule to apply only to attributes with the Post al Address syntax.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) matchingRules: ( 2.5.13.12 NAME 'caseIgnoreListSubstringsMatch' DESC 'The ca seIgnoreListSubstringsMatch rule compares an assertion value of the Substri ng Assertion syntax to an attribute value of a syntax (e.g., the Postal Add ress syntax) whose corresponding ASN.1 type is a SEQUENCE OF the DirectoryS tring ASN.1 type. The rule evaluates to TRUE if and only if the assertion v alue matches, per the caseIgnoreSubstringsMatch rule, the character string formed by concatenating the strings of the attribute value, except that non e of the , , or substrings of the assertion value are considered to match a substring of the concatenated string which spans mor e than one of the original strings of the attribute value. Note that, in te rms of the LDAP-specific encoding of the Postal Address syntax, the concate nated string omits the line separator and the escaping of "\" and "$" characters.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) matchingRules: ( 2.5.13.0 NAME 'objectIdentifierMatch' DESC 'The objectIdent ifierMatch rule compares an assertion value of the OID syntax to an attribu te value of a syntax (e.g., the OID syntax) whose corresponding ASN.1 type is OBJECT IDENTIFIER. The rule evaluates to TRUE if and only if the asserti on value and the attribute value represent the same object identifier; that is, the same sequence of integers, whether represented explicitly in the < numericoid> form of or implicitly in the form (see [RFC4512]) . If an LDAP client supplies an assertion value in the form and the chosen descriptor is not recognized by the server, then the objectIdentifi erMatch rule evaluates to Undefined.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) matchingRules: ( 2.5.13.31 NAME 'directoryStringFirstComponentMatch' DESC 'T he directoryStringFirstComponentMatch rule compares an assertion value of t he Directory String syntax to an attribute value of a syntax whose correspo nding ASN.1 type is a SEQUENCE with a mandatory first component of the Dire ctoryString ASN.1 type. Note that the assertion syntax of this matching rul e differs from the attribute syntax of attributes for which this is the equ ality matching rule. The rule evaluates to TRUE if and only if the assertio n value matches the first component of the attribute value using the rules of caseIgnoreMatch.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' DESC ' The objectIdentifierFirstComponentMatch rule compares an assertion value of the OID syntax to an attribute value of a syntax (e.g., the Attribute Type Description, DIT Content Rule Description, LDAP Syntax Description, Matchi ng Rule Description, Matching Rule Use Description, Name Form Description, or Object Class Description syntax) whose corresponding ASN.1 type is a SEQ UENCE with a mandatory first component of the OBJECT IDENTIFIER ASN.1 type. Note that the assertion syntax of this matching rule differs from the attr ibute syntax of attributes for which this is the equality matching rule. Th e rule evaluates to TRUE if and only if the assertion value matches the fir st component of the attribute value using the rules of objectIdentifierMatc h.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) matchingRules: ( 2.5.13.1 NAME 'distinguishedNameMatch' DESC 'The distinguis hedNameMatch rule compares an assertion value of the DN syntax to an attrib ute value of a syntax (e.g., the DN syntax) whose corresponding ASN.1 type is DistinguishedName. The rule evaluates to TRUE if and only if the attribu te value and the assertion value have the same number of relative distingui shed names and corresponding relative distinguished names (by position) are the same. A relative distinguished name (RDN) of the assertion value is t he same as an RDN of the attribute value if and only if they have the same number of attribute value assertions and each attribute value assertion (AV A) of the first RDN is the same as the AVA of the second RDN with the same attribute type. The order of the AVAs is not significant. Also note that a particular attribute type may appear in at most one AVA in an RDN. Two A VAs with the same attribute type are the same if their values are equal acc ording to the equality matching rule of the attribute type. If one or more of the AVA comparisons evaluate to Undefined and the remaining AVA compari sons return TRUE then the distinguishedNameMatch rule evaluates to Undefine d.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) matchingRules: ( 2.5.13.14 NAME 'integerMatch' DESC 'The rule evaluates to T RUE if and only if the attribute value and the assertion value are the same integer value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) matchingRules: ( 2.5.13.15 NAME 'integerOrderingMatch' DESC 'The rule evalua tes to TRUE if and only if the integer value of the attribute value is less than the integer value of the assertion value.' SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.27 ) matchingRules: ( 2.5.13.29 NAME 'integerFirstComponentMatch' DESC 'The integ erFirstComponentMatch rule compares an assertion value of the Integer synta x to an attribute value of a syntax (e.g., the DIT Structure Rule Descripti on syntax) whose corresponding ASN.1 type is a SEQUENCE with a mandatory fi rst component of the INTEGER ASN.1 type. Note that the assertion syntax of this matching rule differs from the attribute syntax of attributes for whi ch this is the equality matching rule. The rule evaluates to TRUE if and o nly if the assertion value and the first component of the attribute value a re the same integer value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) matchingRules: ( 2.16.840.1.113730.3.3.2.0.1 NAME 'caseIgnoreOrderingMatch-d efault' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.0.1.6 NAME 'caseIgnoreSubstringMatc h-default' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.1.1 NAME 'caseIgnoreOrderingMatch-a r' DESC 'ar' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.1.1.6 NAME 'caseIgnoreSubstringMatc h-ar' DESC 'ar' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.2.1 NAME 'caseIgnoreOrderingMatch-b e' DESC 'be' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.2.1.6 NAME 'caseIgnoreSubstringMatc h-be' DESC 'be' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.3.1 NAME 'caseIgnoreOrderingMatch-b g' DESC 'bg' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.3.1.6 NAME 'caseIgnoreSubstringMatc h-bg' DESC 'bg' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.4.1 NAME 'caseIgnoreOrderingMatch-c a' DESC 'ca' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.4.1.6 NAME 'caseIgnoreSubstringMatc h-ca' DESC 'ca' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.5.1 NAME 'caseIgnoreOrderingMatch-c s' DESC 'cs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.5.1.6 NAME 'caseIgnoreSubstringMatc h-cs' DESC 'cs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.6.1 NAME 'caseIgnoreOrderingMatch-d a' DESC 'da' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.6.1.6 NAME 'caseIgnoreSubstringMatc h-da' DESC 'da' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.7.1 NAME 'caseIgnoreOrderingMatch-d e' DESC 'de' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.7.1.6 NAME 'caseIgnoreSubstringMatc h-de' DESC 'de' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.8.1 NAME 'caseIgnoreOrderingMatch-d e-AT' DESC 'de-AT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.8.1.6 NAME 'caseIgnoreSubstringMatc h-de-AT' DESC 'de-AT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.9.1 NAME 'caseIgnoreOrderingMatch-d e-CH' DESC 'de-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.9.1.6 NAME 'caseIgnoreSubstringMatc h-de-CH' DESC 'de-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.10.1 NAME 'caseIgnoreOrderingMatch- el' DESC 'el' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.10.1.6 NAME 'caseIgnoreSubstringMat ch-el' DESC 'el' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.11.1 NAME 'caseIgnoreOrderingMatch- en' DESC 'en' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.11.1.6 NAME 'caseIgnoreSubstringMat ch-en' DESC 'en' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.12.1 NAME 'caseIgnoreOrderingMatch- en-CA' DESC 'en-CA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.12.1.6 NAME 'caseIgnoreSubstringMat ch-en-CA' DESC 'en-CA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.13.1 NAME 'caseIgnoreOrderingMatch- en-GB' DESC 'en-GB' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.13.1.6 NAME 'caseIgnoreSubstringMat ch-en-GB' DESC 'en-GB' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.14.1 NAME 'caseIgnoreOrderingMatch- en-IE' DESC 'en-IE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.14.1.6 NAME 'caseIgnoreSubstringMat ch-en-IE' DESC 'en-IE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.15.1 NAME 'caseIgnoreOrderingMatch- es' DESC 'es' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.15.1.6 NAME 'caseIgnoreSubstringMat ch-es' DESC 'es' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.16.1 NAME 'caseIgnoreOrderingMatch- et' DESC 'et' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.16.1.6 NAME 'caseIgnoreSubstringMat ch-et' DESC 'et' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.17.1 NAME 'caseIgnoreOrderingMatch- fi' DESC 'fi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.17.1.6 NAME 'caseIgnoreSubstringMat ch-fi' DESC 'fi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.18.1 NAME 'caseIgnoreOrderingMatch- fr' DESC 'fr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.18.1.6 NAME 'caseIgnoreSubstringMat ch-fr' DESC 'fr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.19.1 NAME 'caseIgnoreOrderingMatch- fr-BE' DESC 'fr-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.19.1.6 NAME 'caseIgnoreSubstringMat ch-fr-BE' DESC 'fr-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.20.1 NAME 'caseIgnoreOrderingMatch- fr-CA' DESC 'fr-CA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.20.1.6 NAME 'caseIgnoreSubstringMat ch-fr-CA' DESC 'fr-CA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.21.1 NAME 'caseIgnoreOrderingMatch- fr-CH' DESC 'fr-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.21.1.6 NAME 'caseIgnoreSubstringMat ch-fr-CH' DESC 'fr-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.22.1 NAME 'caseIgnoreOrderingMatch- hr' DESC 'hr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.22.1.6 NAME 'caseIgnoreSubstringMat ch-hr' DESC 'hr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.23.1 NAME 'caseIgnoreOrderingMatch- hu' DESC 'hu' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.23.1.6 NAME 'caseIgnoreSubstringMat ch-hu' DESC 'hu' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.24.1 NAME 'caseIgnoreOrderingMatch- is' DESC 'is' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.24.1.6 NAME 'caseIgnoreSubstringMat ch-is' DESC 'is' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.25.1 NAME 'caseIgnoreOrderingMatch- it' DESC 'it' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.25.1.6 NAME 'caseIgnoreSubstringMat ch-it' DESC 'it' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.26.1 NAME 'caseIgnoreOrderingMatch- it-CH' DESC 'it-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.26.1.6 NAME 'caseIgnoreSubstringMat ch-it-CH' DESC 'it-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.27.1 NAME 'caseIgnoreOrderingMatch- iw' DESC 'iw' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.27.1.6 NAME 'caseIgnoreSubstringMat ch-iw' DESC 'iw' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.28.1 NAME 'caseIgnoreOrderingMatch- ja' DESC 'ja' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.28.1.6 NAME 'caseIgnoreSubstringMat ch-ja' DESC 'ja' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.29.1 NAME 'caseIgnoreOrderingMatch- ko' DESC 'ko' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.29.1.6 NAME 'caseIgnoreSubstringMat ch-ko' DESC 'ko' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.30.1 NAME 'caseIgnoreOrderingMatch- lt' DESC 'lt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.30.1.6 NAME 'caseIgnoreSubstringMat ch-lt' DESC 'lt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.31.1 NAME 'caseIgnoreOrderingMatch- lv' DESC 'lv' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.31.1.6 NAME 'caseIgnoreSubstringMat ch-lv' DESC 'lv' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.32.1 NAME 'caseIgnoreOrderingMatch- mk' DESC 'mk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.32.1.6 NAME 'caseIgnoreSubstringMat ch-mk' DESC 'mk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.33.1 NAME 'caseIgnoreOrderingMatch- nl' DESC 'nl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.33.1.6 NAME 'caseIgnoreSubstringMat ch-nl' DESC 'nl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.34.1 NAME 'caseIgnoreOrderingMatch- nl-BE' DESC 'nl-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.34.1.6 NAME 'caseIgnoreSubstringMat ch-nl-BE' DESC 'nl-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.35.1 NAME 'caseIgnoreOrderingMatch- no' DESC 'no' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.35.1.6 NAME 'caseIgnoreSubstringMat ch-no' DESC 'no' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.36.1 NAME 'caseIgnoreOrderingMatch- no-NO-B' DESC 'no-NO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.36.1.6 NAME 'caseIgnoreSubstringMat ch-no-NO-B' DESC 'no-NO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.37.1 NAME 'caseIgnoreOrderingMatch- no-NO-NY' DESC 'no-NO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.37.1.6 NAME 'caseIgnoreSubstringMat ch-no-NO-NY' DESC 'no-NO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.38.1 NAME 'caseIgnoreOrderingMatch- pl' DESC 'pl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.38.1.6 NAME 'caseIgnoreSubstringMat ch-pl' DESC 'pl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.39.1 NAME 'caseIgnoreOrderingMatch- ro' DESC 'ro' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.39.1.6 NAME 'caseIgnoreSubstringMat ch-ro' DESC 'ro' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.40.1 NAME 'caseIgnoreOrderingMatch- ru' DESC 'ru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.40.1.6 NAME 'caseIgnoreSubstringMat ch-ru' DESC 'ru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.41.1 NAME 'caseIgnoreOrderingMatch- sh' DESC 'sh' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.41.1.6 NAME 'caseIgnoreSubstringMat ch-sh' DESC 'sh' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.42.1 NAME 'caseIgnoreOrderingMatch- sk' DESC 'sk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.42.1.6 NAME 'caseIgnoreSubstringMat ch-sk' DESC 'sk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.43.1 NAME 'caseIgnoreOrderingMatch- sl' DESC 'sl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.43.1.6 NAME 'caseIgnoreSubstringMat ch-sl' DESC 'sl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.44.1 NAME 'caseIgnoreOrderingMatch- sq' DESC 'sq' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.44.1.6 NAME 'caseIgnoreSubstringMat ch-sq' DESC 'sq' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.45.1 NAME 'caseIgnoreOrderingMatch- sr' DESC 'sr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.45.1.6 NAME 'caseIgnoreSubstringMat ch-sr' DESC 'sr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.46.1 NAME 'caseIgnoreOrderingMatch- sv' DESC 'sv' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.46.1.6 NAME 'caseIgnoreSubstringMat ch-sv' DESC 'sv' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.47.1 NAME 'caseIgnoreOrderingMatch- tr' DESC 'tr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.47.1.6 NAME 'caseIgnoreSubstringMat ch-tr' DESC 'tr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.48.1 NAME 'caseIgnoreOrderingMatch- uk' DESC 'uk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.48.1.6 NAME 'caseIgnoreSubstringMat ch-uk' DESC 'uk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.49.1 NAME 'caseIgnoreOrderingMatch- zh' DESC 'zh' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.49.1.6 NAME 'caseIgnoreSubstringMat ch-zh' DESC 'zh' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.50.1 NAME 'caseIgnoreOrderingMatch- zh-TW' DESC 'zh-TW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.50.1.6 NAME 'caseIgnoreSubstringMat ch-zh-TW' DESC 'zh-TW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.51.1 NAME 'caseIgnoreOrderingMatch- af' DESC 'af' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.51.1.6 NAME 'caseIgnoreSubstringMat ch-af' DESC 'af' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.52.1 NAME 'caseIgnoreOrderingMatch- af-NA' DESC 'af-NA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.52.1.6 NAME 'caseIgnoreSubstringMat ch-af-NA' DESC 'af-NA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.53.1 NAME 'caseIgnoreOrderingMatch- af-ZA' DESC 'af-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.53.1.6 NAME 'caseIgnoreSubstringMat ch-af-ZA' DESC 'af-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.54.1 NAME 'caseIgnoreOrderingMatch- ar-AE' DESC 'ar-AE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.54.1.6 NAME 'caseIgnoreSubstringMat ch-ar-AE' DESC 'ar-AE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.55.1 NAME 'caseIgnoreOrderingMatch- ar-BH' DESC 'ar-BH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.55.1.6 NAME 'caseIgnoreSubstringMat ch-ar-BH' DESC 'ar-BH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.56.1 NAME 'caseIgnoreOrderingMatch- ar-DZ' DESC 'ar-DZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.56.1.6 NAME 'caseIgnoreSubstringMat ch-ar-DZ' DESC 'ar-DZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.57.1 NAME 'caseIgnoreOrderingMatch- ar-EG' DESC 'ar-EG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.57.1.6 NAME 'caseIgnoreSubstringMat ch-ar-EG' DESC 'ar-EG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.58.1 NAME 'caseIgnoreOrderingMatch- ar-IQ' DESC 'ar-IQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.58.1.6 NAME 'caseIgnoreSubstringMat ch-ar-IQ' DESC 'ar-IQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.59.1 NAME 'caseIgnoreOrderingMatch- ar-JO' DESC 'ar-JO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.59.1.6 NAME 'caseIgnoreSubstringMat ch-ar-JO' DESC 'ar-JO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.60.1 NAME 'caseIgnoreOrderingMatch- ar-KW' DESC 'ar-KW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.60.1.6 NAME 'caseIgnoreSubstringMat ch-ar-KW' DESC 'ar-KW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.61.1 NAME 'caseIgnoreOrderingMatch- ar-LB' DESC 'ar-LB' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.61.1.6 NAME 'caseIgnoreSubstringMat ch-ar-LB' DESC 'ar-LB' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.62.1 NAME 'caseIgnoreOrderingMatch- ar-LY' DESC 'ar-LY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.62.1.6 NAME 'caseIgnoreSubstringMat ch-ar-LY' DESC 'ar-LY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.63.1 NAME 'caseIgnoreOrderingMatch- ar-MA' DESC 'ar-MA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.63.1.6 NAME 'caseIgnoreSubstringMat ch-ar-MA' DESC 'ar-MA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.64.1 NAME 'caseIgnoreOrderingMatch- ar-OM' DESC 'ar-OM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.64.1.6 NAME 'caseIgnoreSubstringMat ch-ar-OM' DESC 'ar-OM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.65.1 NAME 'caseIgnoreOrderingMatch- ar-QA' DESC 'ar-QA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.65.1.6 NAME 'caseIgnoreSubstringMat ch-ar-QA' DESC 'ar-QA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.66.1 NAME 'caseIgnoreOrderingMatch- ar-SA' DESC 'ar-SA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.66.1.6 NAME 'caseIgnoreSubstringMat ch-ar-SA' DESC 'ar-SA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.67.1 NAME 'caseIgnoreOrderingMatch- ar-SD' DESC 'ar-SD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.67.1.6 NAME 'caseIgnoreSubstringMat ch-ar-SD' DESC 'ar-SD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.68.1 NAME 'caseIgnoreOrderingMatch- ar-SY' DESC 'ar-SY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.68.1.6 NAME 'caseIgnoreSubstringMat ch-ar-SY' DESC 'ar-SY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.69.1 NAME 'caseIgnoreOrderingMatch- ar-TN' DESC 'ar-TN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.69.1.6 NAME 'caseIgnoreSubstringMat ch-ar-TN' DESC 'ar-TN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.70.1 NAME 'caseIgnoreOrderingMatch- ar-YE' DESC 'ar-YE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.70.1.6 NAME 'caseIgnoreSubstringMat ch-ar-YE' DESC 'ar-YE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.71.1 NAME 'caseIgnoreOrderingMatch- as' DESC 'as' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.71.1.6 NAME 'caseIgnoreSubstringMat ch-as' DESC 'as' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.72.1 NAME 'caseIgnoreOrderingMatch- as-IN' DESC 'as-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.72.1.6 NAME 'caseIgnoreSubstringMat ch-as-IN' DESC 'as-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.73.1 NAME 'caseIgnoreOrderingMatch- az' DESC 'az' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.73.1.6 NAME 'caseIgnoreSubstringMat ch-az' DESC 'az' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.74.1 NAME 'caseIgnoreOrderingMatch- az-Latn' DESC 'az-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.74.1.6 NAME 'caseIgnoreSubstringMat ch-az-Latn' DESC 'az-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.75.1 NAME 'caseIgnoreOrderingMatch- az-Latn-AZ' DESC 'az-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.75.1.6 NAME 'caseIgnoreSubstringMat ch-az-Latn-AZ' DESC 'az-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.76.1 NAME 'caseIgnoreOrderingMatch- bn' DESC 'bn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.76.1.6 NAME 'caseIgnoreSubstringMat ch-bn' DESC 'bn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.77.1 NAME 'caseIgnoreOrderingMatch- bn-BD' DESC 'bn-BD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.77.1.6 NAME 'caseIgnoreSubstringMat ch-bn-BD' DESC 'bn-BD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.78.1 NAME 'caseIgnoreOrderingMatch- bn-IN' DESC 'bn-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.78.1.6 NAME 'caseIgnoreSubstringMat ch-bn-IN' DESC 'bn-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.79.1 NAME 'caseIgnoreOrderingMatch- bs' DESC 'bs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.79.1.6 NAME 'caseIgnoreSubstringMat ch-bs' DESC 'bs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.80.1 NAME 'caseIgnoreOrderingMatch- chr' DESC 'chr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.80.1.6 NAME 'caseIgnoreSubstringMat ch-chr' DESC 'chr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.81.1 NAME 'caseIgnoreOrderingMatch- chr-US' DESC 'chr-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.81.1.6 NAME 'caseIgnoreSubstringMat ch-chr-US' DESC 'chr-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.82.1 NAME 'caseIgnoreOrderingMatch- cy' DESC 'cy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.82.1.6 NAME 'caseIgnoreSubstringMat ch-cy' DESC 'cy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.83.1 NAME 'caseIgnoreOrderingMatch- de-BE' DESC 'de-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.83.1.6 NAME 'caseIgnoreSubstringMat ch-de-BE' DESC 'de-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.84.1 NAME 'caseIgnoreOrderingMatch- de-LI' DESC 'de-LI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.84.1.6 NAME 'caseIgnoreSubstringMat ch-de-LI' DESC 'de-LI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.85.1 NAME 'caseIgnoreOrderingMatch- de-LU' DESC 'de-LU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.85.1.6 NAME 'caseIgnoreSubstringMat ch-de-LU' DESC 'de-LU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.86.1 NAME 'caseIgnoreOrderingMatch- el-CY' DESC 'el-CY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.86.1.6 NAME 'caseIgnoreSubstringMat ch-el-CY' DESC 'el-CY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.87.1 NAME 'caseIgnoreOrderingMatch- el-GR' DESC 'el-GR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.87.1.6 NAME 'caseIgnoreSubstringMat ch-el-GR' DESC 'el-GR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.88.1 NAME 'caseIgnoreOrderingMatch- en-AS' DESC 'en-AS' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.88.1.6 NAME 'caseIgnoreSubstringMat ch-en-AS' DESC 'en-AS' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.89.1 NAME 'caseIgnoreOrderingMatch- en-AU' DESC 'en-AU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.89.1.6 NAME 'caseIgnoreSubstringMat ch-en-AU' DESC 'en-AU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.90.1 NAME 'caseIgnoreOrderingMatch- en-BE' DESC 'en-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.90.1.6 NAME 'caseIgnoreSubstringMat ch-en-BE' DESC 'en-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.91.1 NAME 'caseIgnoreOrderingMatch- en-BW' DESC 'en-BW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.91.1.6 NAME 'caseIgnoreSubstringMat ch-en-BW' DESC 'en-BW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.92.1 NAME 'caseIgnoreOrderingMatch- en-BZ' DESC 'en-BZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.92.1.6 NAME 'caseIgnoreSubstringMat ch-en-BZ' DESC 'en-BZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.93.1 NAME 'caseIgnoreOrderingMatch- en-GU' DESC 'en-GU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.93.1.6 NAME 'caseIgnoreSubstringMat ch-en-GU' DESC 'en-GU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.94.1 NAME 'caseIgnoreOrderingMatch- en-GY' DESC 'en-GY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.94.1.6 NAME 'caseIgnoreSubstringMat ch-en-GY' DESC 'en-GY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.95.1 NAME 'caseIgnoreOrderingMatch- en-HK' DESC 'en-HK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.95.1.6 NAME 'caseIgnoreSubstringMat ch-en-HK' DESC 'en-HK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.96.1 NAME 'caseIgnoreOrderingMatch- en-IN' DESC 'en-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.96.1.6 NAME 'caseIgnoreSubstringMat ch-en-IN' DESC 'en-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.97.1 NAME 'caseIgnoreOrderingMatch- en-JM' DESC 'en-JM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.97.1.6 NAME 'caseIgnoreSubstringMat ch-en-JM' DESC 'en-JM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.98.1 NAME 'caseIgnoreOrderingMatch- en-MH' DESC 'en-MH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.98.1.6 NAME 'caseIgnoreSubstringMat ch-en-MH' DESC 'en-MH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.99.1 NAME 'caseIgnoreOrderingMatch- en-MP' DESC 'en-MP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.99.1.6 NAME 'caseIgnoreSubstringMat ch-en-MP' DESC 'en-MP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.100.1 NAME 'caseIgnoreOrderingMatch -en-MT' DESC 'en-MT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.100.1.6 NAME 'caseIgnoreSubstringMa tch-en-MT' DESC 'en-MT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.101.1 NAME 'caseIgnoreOrderingMatch -en-MU' DESC 'en-MU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.101.1.6 NAME 'caseIgnoreSubstringMa tch-en-MU' DESC 'en-MU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.102.1 NAME 'caseIgnoreOrderingMatch -en-NA' DESC 'en-NA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.102.1.6 NAME 'caseIgnoreSubstringMa tch-en-NA' DESC 'en-NA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.103.1 NAME 'caseIgnoreOrderingMatch -en-NZ' DESC 'en-NZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.103.1.6 NAME 'caseIgnoreSubstringMa tch-en-NZ' DESC 'en-NZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.104.1 NAME 'caseIgnoreOrderingMatch -en-PH' DESC 'en-PH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.104.1.6 NAME 'caseIgnoreSubstringMa tch-en-PH' DESC 'en-PH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.105.1 NAME 'caseIgnoreOrderingMatch -en-PK' DESC 'en-PK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.105.1.6 NAME 'caseIgnoreSubstringMa tch-en-PK' DESC 'en-PK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.106.1 NAME 'caseIgnoreOrderingMatch -en-SG' DESC 'en-SG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.106.1.6 NAME 'caseIgnoreSubstringMa tch-en-SG' DESC 'en-SG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.107.1 NAME 'caseIgnoreOrderingMatch -en-TT' DESC 'en-TT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.107.1.6 NAME 'caseIgnoreSubstringMa tch-en-TT' DESC 'en-TT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.108.1 NAME 'caseIgnoreOrderingMatch -en-UM' DESC 'en-UM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.108.1.6 NAME 'caseIgnoreSubstringMa tch-en-UM' DESC 'en-UM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.109.1 NAME 'caseIgnoreOrderingMatch -en-US' DESC 'en-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.109.1.6 NAME 'caseIgnoreSubstringMa tch-en-US' DESC 'en-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.110.1 NAME 'caseIgnoreOrderingMatch -en-US-POSIX' DESC 'en-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.110.1.6 NAME 'caseIgnoreSubstringMa tch-en-US-POSIX' DESC 'en-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.111.1 NAME 'caseIgnoreOrderingMatch -en-VI' DESC 'en-VI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.111.1.6 NAME 'caseIgnoreSubstringMa tch-en-VI' DESC 'en-VI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.112.1 NAME 'caseIgnoreOrderingMatch -en-ZA' DESC 'en-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.112.1.6 NAME 'caseIgnoreSubstringMa tch-en-ZA' DESC 'en-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.113.1 NAME 'caseIgnoreOrderingMatch -en-ZW' DESC 'en-ZW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.113.1.6 NAME 'caseIgnoreSubstringMa tch-en-ZW' DESC 'en-ZW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.114.1 NAME 'caseIgnoreOrderingMatch -es-AR' DESC 'es-AR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.114.1.6 NAME 'caseIgnoreSubstringMa tch-es-AR' DESC 'es-AR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.115.1 NAME 'caseIgnoreOrderingMatch -es-BO' DESC 'es-BO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.115.1.6 NAME 'caseIgnoreSubstringMa tch-es-BO' DESC 'es-BO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.116.1 NAME 'caseIgnoreOrderingMatch -es-CL' DESC 'es-CL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.116.1.6 NAME 'caseIgnoreSubstringMa tch-es-CL' DESC 'es-CL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.117.1 NAME 'caseIgnoreOrderingMatch -es-CO' DESC 'es-CO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.117.1.6 NAME 'caseIgnoreSubstringMa tch-es-CO' DESC 'es-CO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.118.1 NAME 'caseIgnoreOrderingMatch -es-CR' DESC 'es-CR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.118.1.6 NAME 'caseIgnoreSubstringMa tch-es-CR' DESC 'es-CR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.119.1 NAME 'caseIgnoreOrderingMatch -es-DO' DESC 'es-DO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.119.1.6 NAME 'caseIgnoreSubstringMa tch-es-DO' DESC 'es-DO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.120.1 NAME 'caseIgnoreOrderingMatch -es-EC' DESC 'es-EC' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.120.1.6 NAME 'caseIgnoreSubstringMa tch-es-EC' DESC 'es-EC' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.121.1 NAME 'caseIgnoreOrderingMatch -es-ES' DESC 'es-ES' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.121.1.6 NAME 'caseIgnoreSubstringMa tch-es-ES' DESC 'es-ES' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.122.1 NAME 'caseIgnoreOrderingMatch -es-GQ' DESC 'es-GQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.122.1.6 NAME 'caseIgnoreSubstringMa tch-es-GQ' DESC 'es-GQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.123.1 NAME 'caseIgnoreOrderingMatch -es-GT' DESC 'es-GT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.123.1.6 NAME 'caseIgnoreSubstringMa tch-es-GT' DESC 'es-GT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.124.1 NAME 'caseIgnoreOrderingMatch -es-HN' DESC 'es-HN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.124.1.6 NAME 'caseIgnoreSubstringMa tch-es-HN' DESC 'es-HN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.125.1 NAME 'caseIgnoreOrderingMatch -es-MX' DESC 'es-MX' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.125.1.6 NAME 'caseIgnoreSubstringMa tch-es-MX' DESC 'es-MX' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.126.1 NAME 'caseIgnoreOrderingMatch -es-NI' DESC 'es-NI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.126.1.6 NAME 'caseIgnoreSubstringMa tch-es-NI' DESC 'es-NI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.127.1 NAME 'caseIgnoreOrderingMatch -es-PA' DESC 'es-PA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.127.1.6 NAME 'caseIgnoreSubstringMa tch-es-PA' DESC 'es-PA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.128.1 NAME 'caseIgnoreOrderingMatch -es-PE' DESC 'es-PE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.128.1.6 NAME 'caseIgnoreSubstringMa tch-es-PE' DESC 'es-PE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.129.1 NAME 'caseIgnoreOrderingMatch -es-PR' DESC 'es-PR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.129.1.6 NAME 'caseIgnoreSubstringMa tch-es-PR' DESC 'es-PR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.130.1 NAME 'caseIgnoreOrderingMatch -es-PY' DESC 'es-PY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.130.1.6 NAME 'caseIgnoreSubstringMa tch-es-PY' DESC 'es-PY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.131.1 NAME 'caseIgnoreOrderingMatch -es-SV' DESC 'es-SV' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.131.1.6 NAME 'caseIgnoreSubstringMa tch-es-SV' DESC 'es-SV' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.132.1 NAME 'caseIgnoreOrderingMatch -es-US' DESC 'es-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.132.1.6 NAME 'caseIgnoreSubstringMa tch-es-US' DESC 'es-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.133.1 NAME 'caseIgnoreOrderingMatch -es-UY' DESC 'es-UY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.133.1.6 NAME 'caseIgnoreSubstringMa tch-es-UY' DESC 'es-UY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.134.1 NAME 'caseIgnoreOrderingMatch -es-VE' DESC 'es-VE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.134.1.6 NAME 'caseIgnoreSubstringMa tch-es-VE' DESC 'es-VE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.135.1 NAME 'caseIgnoreOrderingMatch -fa' DESC 'fa' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.135.1.6 NAME 'caseIgnoreSubstringMa tch-fa' DESC 'fa' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.136.1 NAME 'caseIgnoreOrderingMatch -fil' DESC 'fil' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.136.1.6 NAME 'caseIgnoreSubstringMa tch-fil' DESC 'fil' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.137.1 NAME 'caseIgnoreOrderingMatch -fo' DESC 'fo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.137.1.6 NAME 'caseIgnoreSubstringMa tch-fo' DESC 'fo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.138.1 NAME 'caseIgnoreOrderingMatch -fr-BF' DESC 'fr-BF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.138.1.6 NAME 'caseIgnoreSubstringMa tch-fr-BF' DESC 'fr-BF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.139.1 NAME 'caseIgnoreOrderingMatch -fr-BI' DESC 'fr-BI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.139.1.6 NAME 'caseIgnoreSubstringMa tch-fr-BI' DESC 'fr-BI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.140.1 NAME 'caseIgnoreOrderingMatch -fr-BJ' DESC 'fr-BJ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.140.1.6 NAME 'caseIgnoreSubstringMa tch-fr-BJ' DESC 'fr-BJ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.141.1 NAME 'caseIgnoreOrderingMatch -fr-BL' DESC 'fr-BL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.141.1.6 NAME 'caseIgnoreSubstringMa tch-fr-BL' DESC 'fr-BL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.142.1 NAME 'caseIgnoreOrderingMatch -fr-CD' DESC 'fr-CD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.142.1.6 NAME 'caseIgnoreSubstringMa tch-fr-CD' DESC 'fr-CD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.143.1 NAME 'caseIgnoreOrderingMatch -fr-CF' DESC 'fr-CF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.143.1.6 NAME 'caseIgnoreSubstringMa tch-fr-CF' DESC 'fr-CF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.144.1 NAME 'caseIgnoreOrderingMatch -fr-CG' DESC 'fr-CG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.144.1.6 NAME 'caseIgnoreSubstringMa tch-fr-CG' DESC 'fr-CG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.145.1 NAME 'caseIgnoreOrderingMatch -fr-CI' DESC 'fr-CI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.145.1.6 NAME 'caseIgnoreSubstringMa tch-fr-CI' DESC 'fr-CI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.146.1 NAME 'caseIgnoreOrderingMatch -fr-CM' DESC 'fr-CM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.146.1.6 NAME 'caseIgnoreSubstringMa tch-fr-CM' DESC 'fr-CM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.147.1 NAME 'caseIgnoreOrderingMatch -fr-DJ' DESC 'fr-DJ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.147.1.6 NAME 'caseIgnoreSubstringMa tch-fr-DJ' DESC 'fr-DJ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.148.1 NAME 'caseIgnoreOrderingMatch -fr-GA' DESC 'fr-GA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.148.1.6 NAME 'caseIgnoreSubstringMa tch-fr-GA' DESC 'fr-GA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.149.1 NAME 'caseIgnoreOrderingMatch -fr-GN' DESC 'fr-GN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.149.1.6 NAME 'caseIgnoreSubstringMa tch-fr-GN' DESC 'fr-GN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.150.1 NAME 'caseIgnoreOrderingMatch -fr-GP' DESC 'fr-GP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.150.1.6 NAME 'caseIgnoreSubstringMa tch-fr-GP' DESC 'fr-GP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.151.1 NAME 'caseIgnoreOrderingMatch -fr-GQ' DESC 'fr-GQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.151.1.6 NAME 'caseIgnoreSubstringMa tch-fr-GQ' DESC 'fr-GQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.152.1 NAME 'caseIgnoreOrderingMatch -fr-KM' DESC 'fr-KM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.152.1.6 NAME 'caseIgnoreSubstringMa tch-fr-KM' DESC 'fr-KM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.153.1 NAME 'caseIgnoreOrderingMatch -fr-LU' DESC 'fr-LU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.153.1.6 NAME 'caseIgnoreSubstringMa tch-fr-LU' DESC 'fr-LU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.154.1 NAME 'caseIgnoreOrderingMatch -fr-MC' DESC 'fr-MC' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.154.1.6 NAME 'caseIgnoreSubstringMa tch-fr-MC' DESC 'fr-MC' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.155.1 NAME 'caseIgnoreOrderingMatch -fr-MF' DESC 'fr-MF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.155.1.6 NAME 'caseIgnoreSubstringMa tch-fr-MF' DESC 'fr-MF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.156.1 NAME 'caseIgnoreOrderingMatch -fr-MG' DESC 'fr-MG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.156.1.6 NAME 'caseIgnoreSubstringMa tch-fr-MG' DESC 'fr-MG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.157.1 NAME 'caseIgnoreOrderingMatch -fr-ML' DESC 'fr-ML' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.157.1.6 NAME 'caseIgnoreSubstringMa tch-fr-ML' DESC 'fr-ML' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.158.1 NAME 'caseIgnoreOrderingMatch -fr-MQ' DESC 'fr-MQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.158.1.6 NAME 'caseIgnoreSubstringMa tch-fr-MQ' DESC 'fr-MQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.159.1 NAME 'caseIgnoreOrderingMatch -fr-NE' DESC 'fr-NE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.159.1.6 NAME 'caseIgnoreSubstringMa tch-fr-NE' DESC 'fr-NE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.160.1 NAME 'caseIgnoreOrderingMatch -fr-RE' DESC 'fr-RE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.160.1.6 NAME 'caseIgnoreSubstringMa tch-fr-RE' DESC 'fr-RE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.161.1 NAME 'caseIgnoreOrderingMatch -fr-RW' DESC 'fr-RW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.161.1.6 NAME 'caseIgnoreSubstringMa tch-fr-RW' DESC 'fr-RW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.162.1 NAME 'caseIgnoreOrderingMatch -fr-SN' DESC 'fr-SN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.162.1.6 NAME 'caseIgnoreSubstringMa tch-fr-SN' DESC 'fr-SN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.163.1 NAME 'caseIgnoreOrderingMatch -fr-TD' DESC 'fr-TD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.163.1.6 NAME 'caseIgnoreSubstringMa tch-fr-TD' DESC 'fr-TD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.164.1 NAME 'caseIgnoreOrderingMatch -fr-TG' DESC 'fr-TG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.164.1.6 NAME 'caseIgnoreSubstringMa tch-fr-TG' DESC 'fr-TG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.165.1 NAME 'caseIgnoreOrderingMatch -ga' DESC 'ga' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.165.1.6 NAME 'caseIgnoreSubstringMa tch-ga' DESC 'ga' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.166.1 NAME 'caseIgnoreOrderingMatch -ga-IE' DESC 'ga-IE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.166.1.6 NAME 'caseIgnoreSubstringMa tch-ga-IE' DESC 'ga-IE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.167.1 NAME 'caseIgnoreOrderingMatch -ga-IN' DESC 'ga-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.167.1.6 NAME 'caseIgnoreSubstringMa tch-ga-IN' DESC 'ga-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.168.1 NAME 'caseIgnoreOrderingMatch -ha' DESC 'ha' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.168.1.6 NAME 'caseIgnoreSubstringMa tch-ha' DESC 'ha' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.169.1 NAME 'caseIgnoreOrderingMatch -ha-Latn' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.169.1.6 NAME 'caseIgnoreSubstringMa tch-ha-Latn' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.170.1 NAME 'caseIgnoreOrderingMatch -ha-Latn-GH' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.170.1.6 NAME 'caseIgnoreSubstringMa tch-ha-Latn-GH' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.171.1 NAME 'caseIgnoreOrderingMatch -ha-Latn-NE' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.171.1.6 NAME 'caseIgnoreSubstringMa tch-ha-Latn-NE' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.172.1 NAME 'caseIgnoreOrderingMatch -ha-Latn-NG' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.172.1.6 NAME 'caseIgnoreSubstringMa tch-ha-Latn-NG' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.173.1 NAME 'caseIgnoreOrderingMatch -he' DESC 'he' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.173.1.6 NAME 'caseIgnoreSubstringMa tch-he' DESC 'he' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.174.1 NAME 'caseIgnoreOrderingMatch -hi' DESC 'hi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.174.1.6 NAME 'caseIgnoreSubstringMa tch-hi' DESC 'hi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.175.1 NAME 'caseIgnoreOrderingMatch -hy' DESC 'hy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.175.1.6 NAME 'caseIgnoreSubstringMa tch-hy' DESC 'hy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.176.1 NAME 'caseIgnoreOrderingMatch -id' DESC 'id' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.176.1.6 NAME 'caseIgnoreSubstringMa tch-id' DESC 'id' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.177.1 NAME 'caseIgnoreOrderingMatch -ig' DESC 'ig' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.177.1.6 NAME 'caseIgnoreSubstringMa tch-ig' DESC 'ig' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.178.1 NAME 'caseIgnoreOrderingMatch -it-IT' DESC 'it-IT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.178.1.6 NAME 'caseIgnoreSubstringMa tch-it-IT' DESC 'it-IT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.179.1 NAME 'caseIgnoreOrderingMatch -ka' DESC 'ka' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.179.1.6 NAME 'caseIgnoreSubstringMa tch-ka' DESC 'ka' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.180.1 NAME 'caseIgnoreOrderingMatch -ka-GE' DESC 'ka-GE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.180.1.6 NAME 'caseIgnoreSubstringMa tch-ka-GE' DESC 'ka-GE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.181.1 NAME 'caseIgnoreOrderingMatch -kk' DESC 'kk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.181.1.6 NAME 'caseIgnoreSubstringMa tch-kk' DESC 'kk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.182.1 NAME 'caseIgnoreOrderingMatch -kl' DESC 'kl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.182.1.6 NAME 'caseIgnoreSubstringMa tch-kl' DESC 'kl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.183.1 NAME 'caseIgnoreOrderingMatch -kn' DESC 'kn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.183.1.6 NAME 'caseIgnoreSubstringMa tch-kn' DESC 'kn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.184.1 NAME 'caseIgnoreOrderingMatch -kok' DESC 'kok' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.184.1.6 NAME 'caseIgnoreSubstringMa tch-kok' DESC 'kok' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.185.1 NAME 'caseIgnoreOrderingMatch -ml' DESC 'ml' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.185.1.6 NAME 'caseIgnoreSubstringMa tch-ml' DESC 'ml' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.186.1 NAME 'caseIgnoreOrderingMatch -ms' DESC 'ms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.186.1.6 NAME 'caseIgnoreSubstringMa tch-ms' DESC 'ms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.187.1 NAME 'caseIgnoreOrderingMatch -ms-BN' DESC 'ms-BN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.187.1.6 NAME 'caseIgnoreSubstringMa tch-ms-BN' DESC 'ms-BN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.188.1 NAME 'caseIgnoreOrderingMatch -ms-MY' DESC 'ms-MY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.188.1.6 NAME 'caseIgnoreSubstringMa tch-ms-MY' DESC 'ms-MY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.189.1 NAME 'caseIgnoreOrderingMatch -mt' DESC 'mt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.189.1.6 NAME 'caseIgnoreSubstringMa tch-mt' DESC 'mt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.190.1 NAME 'caseIgnoreOrderingMatch -nl-NL' DESC 'nl-NL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.190.1.6 NAME 'caseIgnoreSubstringMa tch-nl-NL' DESC 'nl-NL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.191.1 NAME 'caseIgnoreOrderingMatch -nn' DESC 'nn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.191.1.6 NAME 'caseIgnoreSubstringMa tch-nn' DESC 'nn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.192.1 NAME 'caseIgnoreOrderingMatch -om' DESC 'om' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.192.1.6 NAME 'caseIgnoreSubstringMa tch-om' DESC 'om' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.193.1 NAME 'caseIgnoreOrderingMatch -om-ET' DESC 'om-ET' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.193.1.6 NAME 'caseIgnoreSubstringMa tch-om-ET' DESC 'om-ET' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.194.1 NAME 'caseIgnoreOrderingMatch -om-KE' DESC 'om-KE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.194.1.6 NAME 'caseIgnoreSubstringMa tch-om-KE' DESC 'om-KE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.195.1 NAME 'caseIgnoreOrderingMatch -or' DESC 'or' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.195.1.6 NAME 'caseIgnoreSubstringMa tch-or' DESC 'or' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.196.1 NAME 'caseIgnoreOrderingMatch -pa' DESC 'pa' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.196.1.6 NAME 'caseIgnoreSubstringMa tch-pa' DESC 'pa' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.197.1 NAME 'caseIgnoreOrderingMatch -pa-Arab' DESC 'pa-Arab' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.197.1.6 NAME 'caseIgnoreSubstringMa tch-pa-Arab' DESC 'pa-Arab' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.198.1 NAME 'caseIgnoreOrderingMatch -pa-Arab-PK' DESC 'pa-Arab' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.198.1.6 NAME 'caseIgnoreSubstringMa tch-pa-Arab-PK' DESC 'pa-Arab' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.199.1 NAME 'caseIgnoreOrderingMatch -pa-Guru' DESC 'pa-Guru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.199.1.6 NAME 'caseIgnoreSubstringMa tch-pa-Guru' DESC 'pa-Guru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.200.1 NAME 'caseIgnoreOrderingMatch -pa-Guru-IN' DESC 'pa-Guru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.200.1.6 NAME 'caseIgnoreSubstringMa tch-pa-Guru-IN' DESC 'pa-Guru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.201.1 NAME 'caseIgnoreOrderingMatch -ps' DESC 'ps' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.201.1.6 NAME 'caseIgnoreSubstringMa tch-ps' DESC 'ps' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.202.1 NAME 'caseIgnoreOrderingMatch -pt' DESC 'pt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.202.1.6 NAME 'caseIgnoreSubstringMa tch-pt' DESC 'pt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.203.1 NAME 'caseIgnoreOrderingMatch -pt-BR' DESC 'pt-BR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.203.1.6 NAME 'caseIgnoreSubstringMa tch-pt-BR' DESC 'pt-BR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.204.1 NAME 'caseIgnoreOrderingMatch -pt-PT' DESC 'pt-PT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.204.1.6 NAME 'caseIgnoreSubstringMa tch-pt-PT' DESC 'pt-PT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.205.1 NAME 'caseIgnoreOrderingMatch -ro-MD' DESC 'ro-MD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.205.1.6 NAME 'caseIgnoreSubstringMa tch-ro-MD' DESC 'ro-MD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.206.1 NAME 'caseIgnoreOrderingMatch -ro-RO' DESC 'ro-RO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.206.1.6 NAME 'caseIgnoreSubstringMa tch-ro-RO' DESC 'ro-RO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.207.1 NAME 'caseIgnoreOrderingMatch -ru-MD' DESC 'ru-MD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.207.1.6 NAME 'caseIgnoreSubstringMa tch-ru-MD' DESC 'ru-MD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.208.1 NAME 'caseIgnoreOrderingMatch -ru-RU' DESC 'ru-RU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.208.1.6 NAME 'caseIgnoreSubstringMa tch-ru-RU' DESC 'ru-RU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.209.1 NAME 'caseIgnoreOrderingMatch -ru-UA' DESC 'ru-UA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.209.1.6 NAME 'caseIgnoreSubstringMa tch-ru-UA' DESC 'ru-UA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.210.1 NAME 'caseIgnoreOrderingMatch -si' DESC 'si' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.210.1.6 NAME 'caseIgnoreSubstringMa tch-si' DESC 'si' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.211.1 NAME 'caseIgnoreOrderingMatch -sk-SK' DESC 'sk-SK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.211.1.6 NAME 'caseIgnoreSubstringMa tch-sk-SK' DESC 'sk-SK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.212.1 NAME 'caseIgnoreOrderingMatch -sl-SI' DESC 'sl-SI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.212.1.6 NAME 'caseIgnoreSubstringMa tch-sl-SI' DESC 'sl-SI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.213.1 NAME 'caseIgnoreOrderingMatch -sq-AL' DESC 'sq-AL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.213.1.6 NAME 'caseIgnoreSubstringMa tch-sq-AL' DESC 'sq-AL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.214.1 NAME 'caseIgnoreOrderingMatch -sr-Cyrl' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.214.1.6 NAME 'caseIgnoreSubstringMa tch-sr-Cyrl' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.215.1 NAME 'caseIgnoreOrderingMatch -sr-Cyrl-BA' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.215.1.6 NAME 'caseIgnoreSubstringMa tch-sr-Cyrl-BA' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.216.1 NAME 'caseIgnoreOrderingMatch -sr-Cyrl-ME' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.216.1.6 NAME 'caseIgnoreSubstringMa tch-sr-Cyrl-ME' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.217.1 NAME 'caseIgnoreOrderingMatch -sr-Cyrl-RS' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.217.1.6 NAME 'caseIgnoreSubstringMa tch-sr-Cyrl-RS' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.218.1 NAME 'caseIgnoreOrderingMatch -sr-Latn' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.218.1.6 NAME 'caseIgnoreSubstringMa tch-sr-Latn' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.219.1 NAME 'caseIgnoreOrderingMatch -sr-Latn-BA' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.219.1.6 NAME 'caseIgnoreSubstringMa tch-sr-Latn-BA' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.220.1 NAME 'caseIgnoreOrderingMatch -sr-Latn-ME' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.220.1.6 NAME 'caseIgnoreSubstringMa tch-sr-Latn-ME' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.221.1 NAME 'caseIgnoreOrderingMatch -sr-Latn-RS' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.221.1.6 NAME 'caseIgnoreSubstringMa tch-sr-Latn-RS' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.222.1 NAME 'caseIgnoreOrderingMatch -sv-FI' DESC 'sv-FI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.222.1.6 NAME 'caseIgnoreSubstringMa tch-sv-FI' DESC 'sv-FI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.223.1 NAME 'caseIgnoreOrderingMatch -sv-SE' DESC 'sv-SE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.223.1.6 NAME 'caseIgnoreSubstringMa tch-sv-SE' DESC 'sv-SE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.224.1 NAME 'caseIgnoreOrderingMatch -sw' DESC 'sw' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.224.1.6 NAME 'caseIgnoreSubstringMa tch-sw' DESC 'sw' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.225.1 NAME 'caseIgnoreOrderingMatch -sw-KE' DESC 'sw-KE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.225.1.6 NAME 'caseIgnoreSubstringMa tch-sw-KE' DESC 'sw-KE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.226.1 NAME 'caseIgnoreOrderingMatch -sw-TZ' DESC 'sw-TZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.226.1.6 NAME 'caseIgnoreSubstringMa tch-sw-TZ' DESC 'sw-TZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.227.1 NAME 'caseIgnoreOrderingMatch -ta' DESC 'ta' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.227.1.6 NAME 'caseIgnoreSubstringMa tch-ta' DESC 'ta' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.228.1 NAME 'caseIgnoreOrderingMatch -ta-IN' DESC 'ta-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.228.1.6 NAME 'caseIgnoreSubstringMa tch-ta-IN' DESC 'ta-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.229.1 NAME 'caseIgnoreOrderingMatch -ta-LK' DESC 'ta-LK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.229.1.6 NAME 'caseIgnoreSubstringMa tch-ta-LK' DESC 'ta-LK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.230.1 NAME 'caseIgnoreOrderingMatch -te' DESC 'te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.230.1.6 NAME 'caseIgnoreSubstringMa tch-te' DESC 'te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.231.1 NAME 'caseIgnoreOrderingMatch -th' DESC 'th' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.231.1.6 NAME 'caseIgnoreSubstringMa tch-th' DESC 'th' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.232.1 NAME 'caseIgnoreOrderingMatch -ur' DESC 'ur' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.232.1.6 NAME 'caseIgnoreSubstringMa tch-ur' DESC 'ur' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.233.1 NAME 'caseIgnoreOrderingMatch -ur-IN' DESC 'ur-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.233.1.6 NAME 'caseIgnoreSubstringMa tch-ur-IN' DESC 'ur-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.234.1 NAME 'caseIgnoreOrderingMatch -ur-PK' DESC 'ur-PK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.234.1.6 NAME 'caseIgnoreSubstringMa tch-ur-PK' DESC 'ur-PK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.235.1 NAME 'caseIgnoreOrderingMatch -vi' DESC 'vi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.235.1.6 NAME 'caseIgnoreSubstringMa tch-vi' DESC 'vi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.236.1 NAME 'caseIgnoreOrderingMatch -yo' DESC 'yo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.236.1.6 NAME 'caseIgnoreSubstringMa tch-yo' DESC 'yo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.237.1 NAME 'caseIgnoreOrderingMatch -zh-Hans' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.237.1.6 NAME 'caseIgnoreSubstringMa tch-zh-Hans' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.238.1 NAME 'caseIgnoreOrderingMatch -zh-Hans-CN' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.238.1.6 NAME 'caseIgnoreSubstringMa tch-zh-Hans-CN' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.239.1 NAME 'caseIgnoreOrderingMatch -zh-Hans-SG' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.239.1.6 NAME 'caseIgnoreSubstringMa tch-zh-Hans-SG' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.240.1 NAME 'caseIgnoreOrderingMatch -zh-Hant-HK' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.240.1.6 NAME 'caseIgnoreSubstringMa tch-zh-Hant-HK' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.241.1 NAME 'caseIgnoreOrderingMatch -zh-Hant-MO' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.241.1.6 NAME 'caseIgnoreSubstringMa tch-zh-Hant-MO' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.242.1 NAME 'caseIgnoreOrderingMatch -zh-Hant-TW' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.242.1.6 NAME 'caseIgnoreSubstringMa tch-zh-Hant-TW' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.243.1 NAME 'caseIgnoreOrderingMatch -zu' DESC 'zu' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.243.1.6 NAME 'caseIgnoreSubstringMa tch-zu' DESC 'zu' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.244.1 NAME 'caseIgnoreOrderingMatch -zu-ZA' DESC 'zu-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.244.1.6 NAME 'caseIgnoreSubstringMa tch-zu-ZA' DESC 'zu-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.0.3 SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.0.3.6 SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.11.3 NAME 'caseExactOrderingMatch-e n' DESC 'en' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.11.3.6 NAME 'caseExactSubstringMatc h-en' DESC 'en' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.5.13.23 NAME 'uniqueMemberMatch' DESC 'The uniqueMemberMa tch rule compares an assertion value of the Name And Optional UID syntax to an attribute value of a syntax (e.g., the Name And Optional UID syntax) wh ose corresponding ASN.1 type is NameAndOptionalUID. The rule evaluates to TRUE if and only if the components of the assertion val ue and attribute value match according to the distinguishedNameMatch rule a nd either, (1) the component is absent from both the attribute value and assertion value, or (2) the component is present in b oth the attribute value and the assertion value and the compone nt of the assertion value matches the component of the attribut e value according to the bitStringMatch rule. Note that this matching rule has been altered from its description in X.520 [X.520] in order to make th e matching rule commutative. Server implementors should consider using the original X.520 semantics (where the matching was less exact) for approxima te matching of attributes with uniqueMemberMatch as the equality matching r ule.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) matchingRules: ( 2.5.13.8 NAME 'numericStringMatch' DESC 'The rule evaluates to TRUE if and only if the prepared attribute value character string and t he prepared assertion value character string have the same number of charac ters and corresponding characters have the same code point.' SYNTAX 1.3.6.1 .4.1.1466.115.121.1.36 ) matchingRules: ( 2.5.13.9 NAME 'numericStringOrderingMatch' DESC 'The rule e valuates to TRUE if and only if, in the code point collation order, the pre pared attribute value character string appears earlier than the prepared as sertion value character string; i.e., the attribute value is less than the assertion value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 ) matchingRules: ( 2.5.13.10 NAME 'numericStringSubstringsMatch' DESC 'The rul e evaluates to TRUE if and only if (1) the prepared substrings of the asser tion value match disjoint portions of the prepared attribute value, (2) an initial substring, if present, matches the beginning of the prepared attrib ute value character string, and (3) a final substring, if present, matches the end of the prepared attribute value character string.' SYNTAX 1.3.6.1.4 .1.1466.115.121.1.58 ) matchingRules: ( 2.5.13.20 NAME 'telephoneNumberMatch' DESC 'The telephoneNu mberMatch rule compares an assertion value of the Telephone Number syntax t o an attribute value of a syntax (e.g., the Telephone Number syntax) whose corresponding ASN.1 type is a PrintableString representing a telephone numb er. The rule evaluates to TRUE if and only if the prepared attribute value character string and the prepared assertion value character string have the same number of characters and corresponding characters have the same code point. In preparing the attribute value and assertion value for comparison, characters are case folded in the Map preparation step, and only telephone Number Insignificant Character Handling is applied in the Insignificant Cha racter Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) matchingRules: ( 2.5.13.21 NAME 'telephoneNumberSubstringsMatch' DESC 'The t elephoneNumberSubstringsMatch rule compares an assertion value of the Subst ring Assertion syntax to an attribute value of a syntax (e.g., the Telephon e Number syntax) whose corresponding ASN.1 type is a PrintableString repres enting a telephone number. The rule evaluates to TRUE if and only if (1) th e prepared substrings of the assertion value match disjoint portions of the prepared attribute value character string in the order of the substrings i n the assertion value, (2) an substring, if present, matches the beginning of the prepared attribute value character string, and (3) a substring, if present, matches the end of the prepared attribute value c haracter string. A prepared substring matches a portion of the prepared at tribute value character string if corresponding characters have the same co de point. In preparing the attribute value and assertion value substrings f or comparison, characters are case folded in the Map preparation step, and only telephoneNumber Insignificant Character Handling is applied in the Ins ignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) objectClass: top objectClass: ldapSubentry objectClass: subschema objectClasses: ( 2.5.6.0 NAME 'top' ABSTRACT MUST objectClass X-ORIGIN 'RFC 4512' ) objectClasses: ( 2.5.6.1 NAME 'alias' SUP top STRUCTURAL MUST aliasedObjectN ame X-ORIGIN 'RFC 4512' ) objectClasses: ( 2.5.20.1 NAME 'subschema' AUXILIARY MAY ( dITStructureRules $ nameForms $ dITContentRules $ objectClasses $ attributeTypes $ matchingR ules $ matchingRuleUse ) X-ORIGIN 'RFC 4512' ) objectClasses: ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject' SUP to p AUXILIARY X-ORIGIN 'RFC 4512' ) objectClasses: ( 2.5.6.11 NAME 'applicationProcess' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $ description ) X-ORIGIN 'RFC 4519' ) objectClasses: ( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c MAY ( sear chGuide $ description ) X-ORIGIN 'RFC 4519' ) objectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'Standard LDAP ob jectclass' SUP top AUXILIARY MUST dc X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) objectClasses: ( 2.5.6.14 NAME 'device' SUP top STRUCTURAL MUST cn MAY ( ser ialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) X-ORIGIN 'RFC 4519 ' ) objectClasses: ( 2.5.6.9 NAME 'groupOfNames' SUP top STRUCTURAL MUST cn MAY ( member $ businessCategory $ seeAlso $ owner $ ou $ o $ description ) X-OR IGIN 'RFC 4519' ) objectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames' SUP top STRUCTURAL MUST cn MAY ( uniqueMember $ businessCategory $ seeAlso $ owner $ ou $ o $ descr iption ) X-ORIGIN 'RFC 4519' ) objectClasses: ( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL MAY ( street $ s eeAlso $ searchGuide $ st $ l $ description ) X-ORIGIN 'RFC 4519' ) objectClasses: ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ re gisteredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNum ber $ teletexTerminalIdentifier $ telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalA ddress $ physicalDeliveryOfficeName $ st $ l $ description ) X-ORIGIN 'RFC 4519' ) objectClasses: ( 2.5.6.6 NAME 'person' SUP top STRUCTURAL MUST ( sn $ cn ) M AY ( userPassword $ telephoneNumber $ seeAlso $ description ) X-ORIGIN 'RFC 4519' ) objectClasses: ( 2.5.6.7 NAME 'organizationalPerson' SUP person STRUCTURAL M AY ( title $ x121Address $ registeredAddress $ destinationIndicator $ prefe rredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ internationa lISDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCod e $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) X-ORIGIN 'RF C 4519' ) objectClasses: ( 2.5.6.8 NAME 'organizationalRole' SUP top STRUCTURAL MUST c n MAY ( x121Address $ registeredAddress $ destinationIndicator $ preferredD eliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ seeAlso $ roleOccupan t $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryO fficeName $ ou $ st $ l $ description ) X-ORIGIN 'RFC 4519' ) objectClasses: ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST o u MAY ( businessCategory $ description $ destinationIndicator $ facsimileTe lephoneNumber $ internationalISDNNumber $ l $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ preferredDeliveryMethod $ regi steredAddress $ searchGuide $ seeAlso $ st $ street $ telephoneNumber $ tel etexTerminalIdentifier $ telexNumber $ userPassword $ x121Address ) X-ORIGI N 'RFC 4519' ) objectClasses: ( 2.5.6.10 NAME 'residentialPerson' SUP person STRUCTURAL MUS T l MAY ( businessCategory $ x121Address $ registeredAddress $ destinationI ndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifie r $ internationalISDNNumber $ facsimileTelephoneNumber $ street $ postOffic eBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l ) X -ORIGIN 'RFC 4519' ) objectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject' SUP top AUXILIARY MUST uid X -ORIGIN 'RFC 4519' ) objectClasses: ( 2.16.840.1.113719.2.142.6.1.1 NAME 'ldapSubEntry' DESC 'LDA P Subentry class, version 1' SUP top STRUCTURAL MAY cn X-ORIGIN 'LDAP Suben try Internet Draft' ) objectClasses: ( 2.16.840.1.113730.3.2.40 NAME 'directoryServerFeature' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MAY ( oid $ cn $ multiLi neDescription ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.41 NAME 'nsslapdPlugin' DESC 'Netscap e defined objectclass' SUP top STRUCTURAL MUST ( cn $ nsslapd-pluginPath $ nsslapd-pluginInitfunc $ nsslapd-pluginType $ nsslapd-pluginId $ nsslapd-pl uginVersion $ nsslapd-pluginVendor $ nsslapd-pluginDescription $ nsslapd-pl uginEnabled ) MAY ( nsslapd-pluginConfigArea $ nsslapd-plugin-depends-on-ty pe ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.44 NAME 'nsIndex' DESC 'Netscape defi ned objectclass' SUP top STRUCTURAL MUST ( cn $ nsSystemIndex ) MAY ( descr iption $ nsIndexType $ nsMatchingRule $ nsIndexIDListScanLimit ) X-ORIGIN ' Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.109 NAME 'nsBackendInstance' DESC 'Ne tscape defined objectclass' SUP top STRUCTURAL MUST cn X-ORIGIN 'Netscape D irectory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.110 NAME 'nsMappingTree' DESC 'Netsca pe defined objectclass' SUP top STRUCTURAL MUST cn X-ORIGIN 'Netscape Direc tory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.104 NAME 'nsContainer' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn X-ORIGIN 'Netscape Directo ry Server' ) objectClasses: ( 2.16.840.1.113730.3.2.108 NAME 'nsDS5Replica' DESC 'Netscap e defined objectclass' SUP top STRUCTURAL MUST ( nsDS5ReplicaRoot $ nsDS5Re plicaId ) MAY ( cn $ nsds5ReplicaPreciseTombstonePurging $ nsds5ReplicaClea nRUV $ nsds5ReplicaAbortCleanRUV $ nsDS5ReplicaType $ nsDS5ReplicaBindDN $ nsState $ nsDS5ReplicaName $ nsDS5Flags $ nsDS5Task $ nsDS5ReplicaReferral $ nsDS5ReplicaAutoReferral $ nsds5ReplicaPurgeDelay $ nsds5ReplicaTombstone PurgeInterval $ nsds5ReplicaChangeCount $ nsds5ReplicaLegacyConsumer $ nsds 5ReplicaProtocolTimeout $ nsds5ReplicaBackoffMin $ nsds5ReplicaBackoffMax $ nsds5ReplicaReleaseTimeout ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.113 NAME 'nsTombstone' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MAY ( nstombstonecsn $ nsParentUni queId $ nscpEntryDN ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.103 NAME 'nsDS5ReplicationAgreement' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsds5R eplicaCleanRUVNotified $ nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5Replica TransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5Replica BindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5Replica tedAttributeListTotal $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefre sh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5replicaTimeo ut $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds 5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdate InProgress $ nsds5replicaLastInitEnd $ nsds5ReplicaEnabled $ nsds5replicaLa stInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5 replicaBusyWaitTime $ nsds5ReplicaStripAttrs $ nsds5replicaSessionPauseTime $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaFlowControlWindow $ nsds5Repli caFlowControlPause $ nsDS5ReplicaWaitForAsyncResults ) X-ORIGIN 'Netscape D irectory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.39 NAME 'nsslapdConfig' DESC 'Netscap e defined objectclass' SUP top STRUCTURAL MAY cn X-ORIGIN 'Netscape Directo ry Server' ) objectClasses: ( 2.16.840.1.113730.3.2.317 NAME 'nsSaslMapping' DESC 'Netsca pe defined objectclass' SUP top STRUCTURAL MUST ( cn $ nsSaslMapRegexString $ nsSaslMapBaseDNTemplate $ nsSaslMapFilterTemplate ) MAY nsSaslMapPriorit y X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.43 NAME 'nsSNMP' DESC 'Netscape defin ed objectclass' SUP top STRUCTURAL MUST ( cn $ nsSNMPEnabled ) MAY ( nsSNMP Organization $ nsSNMPLocation $ nsSNMPContact $ nsSNMPDescription $ nsSNMPN ame $ nsSNMPMasterHost $ nsSNMPMasterPort ) X-ORIGIN 'Netscape Directory Se rver' ) objectClasses: ( nsEncryptionConfig-oid NAME 'nsEncryptionConfig' DESC 'Nets cape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsCertfile $ nsK eyfile $ nsSSL2 $ nsSSL3 $ nsTLS1 $ sslVersionMin $ sslVersionMax $ nsSSLSe ssionTimeout $ nsSSL3SessionTimeout $ nsSSLClientAuth $ nsSSL2Ciphers $ nsS SL3Ciphers $ nsSSLSupportedCiphers $ allowWeakCipher $ CACertExtractFile $ allowWeakDHParam ) X-ORIGIN 'Netscape' ) objectClasses: ( nsEncryptionModule-oid NAME 'nsEncryptionModule' DESC 'Nets cape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsSSLToken $ nsS SLPersonalitySSL $ nsSSLActivation $ ServerKeyExtractFile $ ServerCertExtra ctFile ) X-ORIGIN 'Netscape' ) objectClasses: ( 2.16.840.1.113730.3.2.327 NAME 'rootDNPluginConfig' DESC 'N etscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( rootdn-open-t ime $ rootdn-close-time $ rootdn-days-allowed $ rootdn-allow-host $ rootdn- deny-host $ rootdn-allow-ip $ rootdn-deny-ip ) X-ORIGIN 'Netscape' ) objectClasses: ( 2.16.840.1.113730.3.2.328 NAME 'nsSchemaPolicy' DESC 'Netsc ape defined objectclass' SUP top STRUCTURAL MAY ( cn $ schemaUpdateObjectcl assAccept $ schemaUpdateObjectclassReject $ schemaUpdateAttributeAccept $ s chemaUpdateAttributeReject ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.31 NAME 'groupOfCertificates' DESC 'N etscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( memberCertifi cateDescription $ businessCategory $ description $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.33 NAME 'groupOfURLs' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( memberURL $ businessC ategory $ description $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Direc tory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.35 NAME 'LDAPServer' DESC 'Netscape d efined objectclass' SUP top STRUCTURAL MUST cn MAY ( description $ l $ ou $ seeAlso $ generation $ changeLogMaximumAge $ changeLogMaximumSize ) X-ORIG IN 'Netscape Directory Server' ) objectClasses: ( 1.3.6.1.4.1.250.3.18 NAME 'cacheObject' DESC 'object that c ontains the TTL (time to live) attribute type' SUP top STRUCTURAL MAY ttl X -ORIGIN 'LDAP Caching Internet Draft' ) objectClasses: ( 2.16.840.1.113730.3.2.10 NAME 'netscapeServer' DESC 'Netsca pe defined objectclass' SUP top STRUCTURAL MUST cn MAY ( description $ serv erRoot $ serverProductName $ serverVersionNumber $ installationTimeStamp $ administratorContactInfo $ userPassword $ adminUrl $ serverHostName ) X-ORI GIN 'Netscape Administration Services' ) objectClasses: ( 2.16.840.1.113730.3.2.7 NAME 'nsLicenseUser' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MAY ( nsLicensedFor $ nsLicenseSta rtTime $ nsLicenseEndTime ) X-ORIGIN 'Netscape Administration Services' ) objectClasses: ( 2.16.840.1.113730.3.2.1 NAME 'changeLogEntry' DESC 'LDAP ch angelog objectclass' SUP top STRUCTURAL MUST ( targetDn $ changeTime $ chan geNumber $ changeType ) MAY ( changes $ newRdn $ deleteOldRdn $ newSuperior ) X-ORIGIN 'Changelog Internet Draft' ) objectClasses: ( 2.16.840.1.113730.3.2.6 NAME 'referral' DESC 'LDAP referral s objectclass' SUP top STRUCTURAL MAY ref X-ORIGIN 'LDAPv3 referrals Intern et Draft' ) objectClasses: ( 2.16.840.1.113730.3.2.12 NAME 'passwordObject' DESC 'Netsca pe defined password policy objectclass' SUP top STRUCTURAL MAY ( pwdpolicys ubentry $ passwordExpirationTime $ passwordExpWarned $ passwordRetryCount $ retryCountResetTime $ accountUnlockTime $ passwordHistory $ passwordAllowC hangeTime $ passwordGraceUserTime ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.13 NAME 'passwordPolicy' DESC 'Netsca pe defined password policy objectclass' SUP top STRUCTURAL MAY ( passwordMa xAge $ passwordExp $ passwordMinLength $ passwordKeepHistory $ passwordInHi story $ passwordChange $ passwordWarning $ passwordLockout $ passwordMaxFai lure $ passwordResetDuration $ passwordUnlock $ passwordLockoutDuration $ p asswordCheckSyntax $ passwordMustChange $ passwordStorageScheme $ passwordM inAge $ passwordResetFailureCount $ passwordGraceLimit $ passwordMinDigits $ passwordMinAlphas $ passwordMinUppers $ passwordMinLowers $ passwordMinSp ecials $ passwordMin8bit $ passwordMaxRepeats $ passwordMinCategories $ pas swordMinTokenLength $ passwordTrackUpdateTime $ passwordAdminDN ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.30 NAME 'glue' DESC 'Netscape defined objectclass' SUP top STRUCTURAL X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.32 NAME 'netscapeMachineData' DESC 'N etscape defined objectclass' SUP top STRUCTURAL X-ORIGIN 'Netscape Director y Server' ) objectClasses: ( 2.16.840.1.113730.3.2.38 NAME 'vlvSearch' DESC 'Netscape de fined objectclass' SUP top STRUCTURAL MUST ( cn $ vlvBase $ vlvScope $ vlvF ilter ) MAY multiLineDescription X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.42 NAME 'vlvIndex' DESC 'Netscape def ined objectclass' SUP top STRUCTURAL MUST ( cn $ vlvSort ) MAY ( vlvEnabled $ vlvUses ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.84 NAME 'cosDefinition' DESC 'Netscap e defined objectclass' SUP top STRUCTURAL MAY ( costargettree $ costemplate dn $ cosspecifier $ cosAttribute $ aci $ cn $ uid ) X-ORIGIN 'Netscape Dire ctory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.93 NAME 'nsRoleDefinition' DESC 'Nets cape defined objectclass' SUP ldapSubEntry STRUCTURAL MAY ( description $ n sRoleScopeDN ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.94 NAME 'nsSimpleRoleDefinition' DESC 'Netscape defined objectclass' SUP nsRoleDefinition STRUCTURAL X-ORIGIN 'N etscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.95 NAME 'nsComplexRoleDefinition' DES C 'Netscape defined objectclass' SUP nsRoleDefinition STRUCTURAL X-ORIGIN ' Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.96 NAME 'nsManagedRoleDefinition' DES C 'Netscape defined objectclass' SUP nsSimpleRoleDefinition STRUCTURAL X-OR IGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.97 NAME 'nsFilteredRoleDefinition' DE SC 'Netscape defined objectclass' SUP nsComplexRoleDefinition STRUCTURAL MU ST nsRoleFilter X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.98 NAME 'nsNestedRoleDefinition' DESC 'Netscape defined objectclass' SUP nsComplexRoleDefinition STRUCTURAL MUST nsRoleDN X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.99 NAME 'cosSuperDefinition' DESC 'Ne tscape defined objectclass' SUP ldapSubEntry STRUCTURAL MUST cosAttribute M AY description X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.100 NAME 'cosClassicDefinition' DESC 'Netscape defined objectclass' SUP cosSuperDefinition STRUCTURAL MAY ( cost emplatedn $ cosspecifier ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.101 NAME 'cosPointerDefinition' DESC 'Netscape defined objectclass' SUP cosSuperDefinition STRUCTURAL MAY costem platedn X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.102 NAME 'cosIndirectDefinition' DESC 'Netscape defined objectclass' SUP cosSuperDefinition STRUCTURAL MAY cosIn directSpecifier X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.503 NAME 'nsDSWindowsReplicationAgree ment' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5Repl icaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5Replica Root $ nsDS5ReplicatedAttributeList $ nsDS5ReplicaUpdateSchedule $ nsds5Beg inReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsd s5replicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUp dateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds 5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5replicaLastInitSt art $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaB usyWaitTime $ nsds5replicaSessionPauseTime $ nsds7WindowsReplicaSubtree $ n sds7DirectoryReplicaSubtree $ nsds7NewWinUserSyncEnabled $ nsds7NewWinGroup SyncEnabled $ nsds7WindowsDomain $ nsds7DirsyncCookie $ winSyncInterval $ o neWaySync $ winSyncMoveAction $ nsds5ReplicaEnabled $ winSyncDirectoryFilte r $ winSyncWindowsFilter $ winSyncSubtreePair ) X-ORIGIN 'Netscape Director y Server' ) objectClasses: ( 2.16.840.1.113730.3.2.128 NAME 'costemplate' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MAY ( cn $ cosPriority ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.304 NAME 'nsView' DESC 'Netscape defi ned objectclass' SUP top AUXILIARY MAY ( nsViewFilter $ description ) X-ORI GIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.316 NAME 'nsAttributeEncryption' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST ( cn $ nsEncryption Algorithm ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.5.6.21 NAME 'pkiUser' DESC 'X.509 PKI User' SUP top AUXIL IARY MAY userCertificate X-ORIGIN 'RFC 4523' ) objectClasses: ( 2.5.6.22 NAME 'pkiCA' DESC 'X.509 PKI Certificate Authority ' SUP top AUXILIARY MAY ( cACertificate $ certificateRevocationList $ autho rityRevocationList $ crossCertificatePair ) X-ORIGIN 'RFC 4523' ) objectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint' DESC 'X.509 CRL distri bution point' SUP top STRUCTURAL MUST cn MAY ( certificateRevocationList $ authorityRevocationList $ deltaRevocationList ) X-ORIGIN 'RFC 4523' ) objectClasses: ( 2.5.6.23 NAME 'deltaCRL' DESC 'X.509 delta CRL' SUP top AUX ILIARY MAY deltaRevocationList X-ORIGIN 'RFC 4523' ) objectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser' DESC 'X.521 strong authentication user' SUP top AUXILIARY MUST userCertificate X-ORIGIN 'RFC 4523' ) objectClasses: ( 2.5.6.18 NAME 'userSecurityInformation' DESC 'X.521 user se curity information' SUP top AUXILIARY MAY supportedAlgorithms X-ORIGIN 'RFC 4523' ) objectClasses: ( 2.5.6.16 NAME 'certificationAuthority' DESC 'X.509 certific ate authority' SUP top AUXILIARY MUST ( authorityRevocationList $ certifica teRevocationList $ cACertificate ) MAY crossCertificatePair X-ORIGIN 'RFC 4 523' ) objectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2' DESC 'X.509 cer tificate authority, version 2' SUP certificationAuthority AUXILIARY MAY del taRevocationList X-ORIGIN 'RFC 4523' ) objectClasses: ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCTURAL MUST uid MAY ( description $ seeAlso $ l $ o $ ou $ host ) X-ORIGIN 'RFC 4 524' ) objectClasses: ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUCTURA L MUST documentIdentifier MAY ( cn $ description $ seeAlso $ l $ o $ ou $ d ocumentTitle $ documentVersion $ documentAuthor $ documentLocation $ docume ntPublisher ) X-ORIGIN 'RFC 4524' ) objectClasses: ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top STR UCTURAL MUST cn MAY ( description $ l $ o $ ou $ seeAlso $ telephoneNumber ) X-ORIGIN 'RFC 4524' ) objectClasses: ( 0.9.2342.19200300.100.4.13 NAME 'domain' DESC 'Standard LDA P objectclass' SUP top STRUCTURAL MUST dc MAY ( associatedName $ businessCa tegory $ description $ destinationIndicator $ facsimileTelephoneNumber $ in ternationalISDNNumber $ l $ o $ physicalDeliveryOfficeName $ postOfficeBox $ postalAddress $ postalCode $ preferredDeliveryMethod $ registeredAddress $ searchGuide $ seeAlso $ st $ street $ telephoneNumber $ teletexTerminalId entifier $ telexNumber $ userPassword $ x121Address ) X-ORIGIN ( 'IPA v4.4. 2' 'user defined' ) ) objectClasses: ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' SUP t op AUXILIARY MUST associatedDomain X-ORIGIN 'RFC 4524' ) objectClasses: ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP count ry STRUCTURAL MUST co X-ORIGIN 'RFC 4524' ) objectClasses: ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' DESC 'Pil ot objectclass' SUP domain STRUCTURAL MAY ( cn $ sn ) X-ORIGIN ( 'IPA v4.4. 2' 'user defined' ) ) objectClasses: ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURAL MU ST cn MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) X-ORIGIN 'RFC 4524' ) objectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' SUP top AUXILIARY MUST userPassword X-ORIGIN 'RFC 4524' ) objectClasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' SUP organizati onalPerson STRUCTURAL MAY ( audio $ businessCategory $ carLicense $ departm entNumber $ displayName $ employeeNumber $ employeeType $ givenName $ homeP hone $ homePostalAddress $ initials $ jpegPhoto $ labeledURI $ mail $ manag er $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid $ userCertif icate $ x500UniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ u serPKCS12 ) X-ORIGIN 'RFC 2798' ) objectClasses: ( 2.16.840.1.113730.3.2.322 NAME 'autoMemberDefinition' DESC 'Auto Membership Config Definition Entry' SUP top STRUCTURAL MUST ( cn $ au toMemberScope $ autoMemberFilter $ autoMemberGroupingAttr ) MAY ( autoMembe rDefaultGroup $ autoMemberDisabled ) X-ORIGIN '389 Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.323 NAME 'autoMemberRegexRule' DESC ' Auto Membership Regex Rule Entry' SUP top STRUCTURAL MUST ( cn $ autoMember TargetGroup ) MAY ( autoMemberExclusiveRegex $ autoMemberInclusiveRegex $ d escription ) X-ORIGIN '389 Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.324 NAME 'dnaPluginConfig' DESC 'DNA plugin configuration' SUP top AUXILIARY MAY ( dnaType $ dnaPrefix $ dnaNext Value $ dnaMaxValue $ dnaInterval $ dnaMagicRegen $ dnaFilter $ dnaScope $ dnaExcludeScope $ dnaSharedCfgDN $ dnaThreshold $ dnaNextRange $ dnaRangeRe questTimeout $ dnaRemoteBindDN $ dnaRemoteBindCred $ cn ) X-ORIGIN '389 Dir ectory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.325 NAME 'dnaSharedConfig' DESC 'DNA Shared Configuration' SUP top AUXILIARY MAY ( dnaHostname $ dnaPortNum $ dn aSecurePortNum $ dnaRemoteBindMethod $ dnaRemoteConnProtocol $ dnaRemaining Values ) X-ORIGIN '389 Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.319 NAME 'mepManagedEntry' DESC 'Mana ged Entries Managed Entry' SUP top AUXILIARY MAY mepManagedBy X-ORIGIN '389 Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.320 NAME 'mepOriginEntry' DESC 'Manag ed Entries Origin Entry' SUP top AUXILIARY MAY mepManagedEntry X-ORIGIN '38 9 Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.321 NAME 'mepTemplateEntry' DESC 'Man aged Entries Template Entry' SUP top AUXILIARY MAY ( cn $ mepStaticAttr $ m epMappedAttr $ mepRDNAttr ) X-ORIGIN '389 Directory Server' ) objectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Standard LDAP obj ectclass' SUP top AUXILIARY MUST ( cn $ uid $ uidNumber $ gidNumber $ homeD irectory ) MAY ( userPassword $ loginShell $ gecos $ description ) X-ORIGIN 'RFC 2307' ) objectClasses: ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Standard LDAP ob jectclass' SUP top AUXILIARY MUST uid MAY ( userPassword $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ description ) X-ORIGIN 'RFC 2307' ) objectClasses: ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Standard LDAP objec tclass' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPassword $ mem berUid $ description ) X-ORIGIN 'RFC 2307' ) objectClasses: ( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Standard LDAP object class' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipServiceProtocol ) M AY description X-ORIGIN 'RFC 2307' ) objectClasses: ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Standard LDAP objec tclass' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber ) MAY description X -ORIGIN 'RFC 2307' ) objectClasses: ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Standard LDAP objectcla ss' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber ) MAY description X-ORIGIN 'RFC 2307' ) objectClasses: ( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Standard LDAP objectcla ss' SUP top AUXILIARY MUST ( ipHostNumber $ cn ) MAY ( manager $ descriptio n $ l $ o $ ou $ owner $ seeAlso $ serialNumber ) X-ORIGIN 'RFC 2307' ) objectClasses: ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Standard LDAP object class' SUP top STRUCTURAL MUST ( ipNetworkNumber $ cn ) MAY ( ipNetmaskNumb er $ manager $ l $ description ) X-ORIGIN 'RFC 2307' ) objectClasses: ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Standard LDAP obje ctclass' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNetg roup $ description ) X-ORIGIN 'RFC 2307' ) objectClasses: ( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'Standard LDAP objec tclass' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY descr iption X-ORIGIN 'RFC 2307' ) objectClasses: ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'Standard LDAP o bjectclass' SUP top AUXILIARY MUST cn MAY ( macAddress $ description $ l $ o $ ou $ owner $ seeAlso $ serialNumber ) X-ORIGIN 'RFC 2307' ) objectClasses: ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'Standard LDAP objectclass' SUP top AUXILIARY MUST cn MAY ( bootFile $ bootParameter $ des cription $ l $ o $ ou $ owner $ seeAlso $ serialNumber ) X-ORIGIN 'RFC 2307 ' ) objectClasses: ( 1.3.6.1.1.1.2.13 NAME 'nisMap' DESC 'Standard LDAP objectcl ass' SUP top STRUCTURAL MUST nisMapName MAY description X-ORIGIN 'RFC 2307' ) objectClasses: ( 2.16.840.1.113730.3.2.129 NAME 'inetDomain' DESC 'Auxiliary class for virtual domain nodes' SUP top AUXILIARY MAY ( inetDomainBaseDN $ inetDomainStatus ) X-ORIGIN 'Netscape subscriber interoperability' ) objectClasses: ( 2.16.840.1.113730.3.2.130 NAME 'inetUser' DESC 'Auxiliary c lass which must be present in an entry for delivery of subscriber services' SUP top AUXILIARY MAY ( uid $ inetUserStatus $ inetUserHttpURL $ userPassw ord $ memberOf ) X-ORIGIN 'Netscape subscriber interoperability' ) objectClasses: ( 1.3.6.1.4.1.1466.101.120.141 NAME 'NetscapeLinkedOrganizati on' AUXILIARY MAY parentOrganization X-ORIGIN 'Netscape' ) objectClasses: ( 1.3.6.1.4.1.1466.101.120.142 NAME 'NetscapePreferences' AUX ILIARY MAY ( preferredLanguage $ preferredLocale $ preferredTimeZone ) X-OR IGIN 'Netscape' ) objectClasses: ( 2.16.840.1.113730.3.2.134 NAME 'inetSubscriber' SUP top AUX ILIARY MAY ( inetSubscriberAccountId $ inetSubscriberChallenge $ inetSubscr iberResponse ) X-ORIGIN 'Netscape subscriber interoperability' ) objectClasses: ( 2.16.840.1.113730.3.2.112 NAME 'inetAdmin' DESC 'Marker for an administrative group or user' SUP top AUXILIARY MAY ( aci $ memberOf $ adminRole ) X-ORIGIN 'Netscape Delegated Administrator' ) objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.1 NAME 'javaContainer' DESC 'Contai ner for a Java object' SUP top STRUCTURAL MUST cn X-ORIGIN 'RFC 2713' ) objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.4 NAME 'javaObject' DESC 'Java obje ct representation' SUP top ABSTRACT MUST javaClassName MAY ( javaClassNames $ javaCodebase $ javaDoc $ description ) X-ORIGIN 'RFC 2713' ) objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.5 NAME 'javaSerializedObject' DESC 'Java serialized object' SUP javaObject AUXILIARY MUST javaSerializedData X -ORIGIN 'RFC 2713' ) objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.7 NAME 'javaNamingReference' DESC ' JNDI reference' SUP javaObject AUXILIARY MAY ( javaReferenceAddress $ javaF actory ) X-ORIGIN 'RFC 2713' ) objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.8 NAME 'javaMarshalledObject' DESC 'Java marshalled object' SUP javaObject AUXILIARY MUST javaSerializedData X -ORIGIN 'RFC 2713' ) objectClasses: ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject' DESC 'Standard LDAP objectclass' SUP top STRUCTURAL MAY ( audio $ ditRedirect $ info $ jp egPhoto $ lastModifiedBy $ lastModifiedTime $ manager $ photo $ uniqueIdent ifier ) X-ORIGIN 'RFC 1274' ) objectClasses: ( nsAdminDomain-oid NAME 'nsAdminDomain' DESC 'Netscape defin ed objectclass' SUP organizationalUnit STRUCTURAL MAY nsAdminDomainName X-O RIGIN 'Netscape' ) objectClasses: ( nsHost-oid NAME 'nsHost' DESC 'Netscape defined objectclass ' SUP top STRUCTURAL MUST cn MAY ( serverHostName $ description $ l $ nsHos tLocation $ nsHardwarePlatform $ nsOsVersion ) X-ORIGIN 'Netscape' ) objectClasses: ( nsAdminGroup-oid NAME 'nsAdminGroup' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsAdminGroupName $ descripti on $ nsConfigRoot $ nsAdminSIEDN ) X-ORIGIN 'Netscape' ) objectClasses: ( nsApplication-oid NAME 'nsApplication' DESC 'Netscape defin ed objectclass' SUP top STRUCTURAL MUST cn MAY ( nsVendor $ description $ n sProductName $ nsNickName $ nsProductVersion $ nsBuildNumber $ nsRevisionNu mber $ nsSerialNumber $ nsInstalledLocation $ installationTimeStamp $ nsExp irationDate $ nsBuildSecurity $ nsLdapSchemaVersion $ nsServerMigrationClas sname $ nsServerCreationClassname ) X-ORIGIN 'Netscape' ) objectClasses: ( nsResourceRef-oid NAME 'nsResourceRef' DESC 'Netscape defin ed objectclass' SUP top STRUCTURAL MUST cn MAY seeAlso X-ORIGIN 'Netscape' ) objectClasses: ( nsTask-oid NAME 'nsTask' DESC 'Netscape defined objectclass ' SUP top STRUCTURAL MUST cn MAY ( nsTaskLabel $ nsHelpRef $ nsExecRef $ ns LogSuppress ) X-ORIGIN 'Netscape' ) objectClasses: ( nsTaskGroup-oid NAME 'nsTaskGroup' DESC 'Netscape defined o bjectclass' SUP top STRUCTURAL MUST cn MAY nsTaskLabel X-ORIGIN 'Netscape' ) objectClasses: ( nsAdminObject-oid NAME 'nsAdminObject' DESC 'Netscape defin ed objectclass' SUP top STRUCTURAL MUST cn MAY ( nsJarfilename $ nsClassnam e ) X-ORIGIN 'Netscape' ) objectClasses: ( nsConfig-oid NAME 'nsConfig' DESC 'Netscape defined objectc lass' SUP top STRUCTURAL MUST cn MAY ( description $ nsServerPort $ nsServe rAddress $ nsSuiteSpotUser $ nsErrorLog $ nsPidLog $ nsAccessLog $ nsDefaul tAcceptLanguage $ nsServerSecurity ) X-ORIGIN 'Netscape' ) objectClasses: ( nsDirectoryInfo-oid NAME 'nsDirectoryInfo' DESC 'Netscape d efined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsBindDN $ nsBindPassw ord $ nsDirectoryURL $ nsDirectoryFailoverList $ nsDirectoryInfoRef ) X-ORI GIN 'Netscape' ) objectClasses: ( nsAdminServer-oid NAME 'nsAdminServer' DESC 'Netscape defin ed objectclass' SUP top STRUCTURAL MUST ( cn $ nsServerID ) MAY description X-ORIGIN 'Netscape Administration Services' ) objectClasses: ( nsAdminConfig-oid NAME 'nsAdminConfig' DESC 'Netscape defin ed objectclass' SUP nsConfig STRUCTURAL MAY ( nsAdminCgiWaitPid $ nsAdminUs ers $ nsAdminAccessHosts $ nsAdminAccessAddresses $ nsAdminOneACLDir $ nsAd minEnableDSGW $ nsAdminEnableEnduser $ nsAdminCacheLifetime ) X-ORIGIN 'Net scape Administration Services' ) objectClasses: ( nsAdminResourceEditorExtension-oid NAME 'nsAdminResourceEdi torExtension' DESC 'Netscape defined objectclass' SUP nsAdminObject STRUCTU RAL MAY ( nsAdminAccountInfo $ nsDeleteclassname ) X-ORIGIN 'Netscape Admin istration Services' ) objectClasses: ( nsAdminGlobalParameters-oid NAME 'nsAdminGlobalParameters' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsAdmi nEndUserHTMLIndex $ nsNickName ) X-ORIGIN 'Netscape Administration Services ' ) objectClasses: ( nsGlobalParameters-oid NAME 'nsGlobalParameters' DESC 'Nets cape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsUniqueAttribut e $ nsUserIDFormat $ nsUserRDNComponent $ nsGroupRDNComponent $ nsWellKnown Jarfiles $ nsNYR ) X-ORIGIN 'Netscape Administration Services' ) objectClasses: ( nsDefaultObjectClasses-oid NAME 'nsDefaultObjectClasses' DE SC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY nsDefaultO bjectClass X-ORIGIN 'Netscape Administration Services' ) objectClasses: ( nsAdminConsoleUser-oid NAME 'nsAdminConsoleUser' DESC 'Nets cape defined objectclass' SUP top STRUCTURAL MUST cn MAY nsPreference X-ORI GIN 'Netscape Administration Services' ) objectClasses: ( nsCustomView-oid NAME 'nsCustomView' DESC 'Netscape defined objectclass' SUP nsAdminObject STRUCTURAL MAY nsDisplayName X-ORIGIN 'Nets cape Administration Services' ) objectClasses: ( nsTopologyCustomView-oid NAME 'nsTopologyCustomView' DESC ' Netscape defined objectclass' SUP nsCustomView STRUCTURAL MAY nsViewConfigu ration X-ORIGIN 'Netscape Administration Services' ) objectClasses: ( nsTopologyPlugin-oid NAME 'nsTopologyPlugin' DESC 'Netscape defined objectclass' SUP nsAdminObject STRUCTURAL X-ORIGIN 'Netscape Admin istration Services' ) objectClasses: ( 2.16.840.1.113730.3.2.18 NAME 'netscapeCertificateServer' D ESC 'Netscape defined objectclass' SUP top STRUCTURAL X-ORIGIN 'Netscape Ce rtificate Management System' ) objectClasses: ( nsCertificateServer-oid NAME 'nsCertificateServer' DESC 'Ne tscape defined objectclass' SUP top STRUCTURAL MUST nsServerID MAY ( server HostName $ nsServerPort $ nsCertConfig ) X-ORIGIN 'Netscape Certificate Man agement System' ) objectClasses: ( 2.16.840.1.113730.3.2.23 NAME 'netscapeDirectoryServer' DES C 'Netscape defined objectclass' SUP top STRUCTURAL X-ORIGIN 'Netscape Dire ctory Server' ) objectClasses: ( nsDirectoryServer-oid NAME 'nsDirectoryServer' DESC 'Netsca pe defined objectclass' SUP top STRUCTURAL MUST nsServerID MAY ( serverHost Name $ nsServerPort $ nsSecureServerPort $ nsBindPassword $ nsBindDN $ nsBa seDN ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.8 NAME 'ntUser' DESC 'Netscape define d objectclass' SUP top STRUCTURAL MUST ntUserDomainId MAY ( description $ l $ ou $ seeAlso $ ntUserPriv $ ntUserHomeDir $ ntUserComment $ ntUserFlags $ ntUserScriptPath $ ntUserAuthFlags $ ntUserUsrComment $ ntUserParms $ ntU serWorkstations $ ntUserLastLogon $ ntUserLastLogoff $ ntUserAcctExpires $ ntUserMaxStorage $ ntUserUnitsPerWeek $ ntUserLogonHours $ ntUserBadPwCount $ ntUserNumLogons $ ntUserLogonServer $ ntUserCountryCode $ ntUserCodePage $ ntUserUniqueId $ ntUserPrimaryGroupId $ ntUserProfile $ ntUserHomeDirDri ve $ ntUserPasswordExpired $ ntUserCreateNewAccount $ ntUserDeleteAccount $ ntUniqueId $ ntUserNtPassword ) X-ORIGIN 'Netscape NT Synchronization' ) objectClasses: ( 2.16.840.1.113730.3.2.9 NAME 'ntGroup' DESC 'Netscape defin ed objectclass' SUP top STRUCTURAL MUST ntUserDomainId MAY ( description $ l $ ou $ seeAlso $ ntGroupId $ ntGroupAttributes $ ntGroupCreateNewGroup $ ntGroupDeleteGroup $ ntGroupType $ ntUniqueId $ mail ) X-ORIGIN 'Netscape N T Synchronization' ) objectClasses: ( 2.16.840.1.113730.3.2.82 NAME 'nsChangelog4Config' DESC 'Ne tscape defined objectclass' SUP top STRUCTURAL MAY cn X-ORIGIN 'Netscape Di rectory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.114 NAME 'nsConsumer4Config' DESC 'Ne tscape defined objectclass' SUP top STRUCTURAL MAY cn X-ORIGIN 'Netscape Di rectory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.36 NAME 'LDAPReplica' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( description $ l $ ou $ seeAlso $ replicaRoot $ replicaHost $ replicaPort $ replicaBindDn $ repli caCredentials $ replicaBindMethod $ replicaUseSSL $ replicaUpdateSchedule $ replicaUpdateReplayed $ replicaUpdateFailedAt $ replicaBeginOrc $ replicaN ickName $ replicaEntryFilter $ replicatedattributelist $ replicaCFUpdated $ replicaAbandonedChanges $ replicaLastRelevantChange ) X-ORIGIN 'Netscape D irectory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.11 NAME 'cirReplicaSource' DESC 'Nets cape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( cirReplicaRoot $ cirHost $ cirPort $ cirBindDn $ cirUsePersistentSearch $ cirUseSsl $ cirBi ndCredentials $ cirLastUpdateApplied $ cirUpdateSchedule $ cirSyncInterval $ cirUpdateFailedat $ cirBeginORC $ replicaNickName $ replicaEntryFilter $ replicatedattributelist ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.3 NAME 'mailRecipient' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MAY ( cn $ mai l $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForward ingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ multi LineDescription $ uid $ userPassword ) X-ORIGIN 'Netscape Messaging Server 4.x' ) objectClasses: ( 2.16.840.113730.3.2.37 NAME 'nsMessagingServerUser' DESC 'N etscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MAY ( c n $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDelivery Option $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ nsmsgDisallowAccess $ nsmsgNumMsgQuota $ nswmExtendedUserPre fs $ vacationstartdate $ vacationenddate ) X-ORIGIN 'Netscape Messaging Ser ver 4.x' ) objectClasses: ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' DESC 'mailGroup' S UP top STRUCTURAL MUST mail MAY ( cn $ mgrpRFC822MailMember ) X-ORIGIN ( 'I PA v4.4.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.2.5 NAME 'groupOfMailEnhancedUniqueName s' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIA RY MUST cn MAY ( businessCategory $ description $ mailEnhancedUniqueMember $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Messaging Server 4.x' ) objectClasses: ( 2.16.840.1.113730.3.2.24 NAME 'netscapeMailServer' DESC 'Ne tscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY X-ORIGIN 'Netscape Messaging Server 4.x' ) objectClasses: ( 2.16.840.1.113730.3.2.45 NAME 'nsValueItem' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsValueCIS $ nsValueC ES $ nsValueTel $ nsValueInt $ nsValueBin $ nsValueDN $ nsValueType $ nsVal ueSyntax $ nsValueDescription $ nsValueHelpURL $ nsValueFlags $ nsValueDefa ult ) X-ORIGIN 'Netscape servers - value item' ) objectClasses: ( 2.16.840.1.113730.3.2.29 NAME 'netscapeWebServer' DESC 'Net scape defined objectclass' SUP top STRUCTURAL MUST ( cn $ nsServerID ) MAY ( description $ nsServerPort ) X-ORIGIN 'Netscape Web Server' ) objectClasses: ( 2.16.840.1.113730.3.2.154 NAME 'netscapeReversiblePasswordO bject' DESC 'object that contains an netscapeReversiblePassword' AUXILIARY MAY netscapeReversiblePassword X-ORIGIN 'Netscape Web Server' ) objectClasses: ( 1.3.6.1.4.1.11.1.3.2.2.1 NAME 'accountPolicy' DESC 'Account policy entry' SUP top AUXILIARY MAY accountInactivityLimit X-ORIGIN 'Accou nt Policy Plugin' ) objectClasses: ( 1.3.6.1.1.1.2.17 NAME 'automount' DESC 'Automount informati on' SUP top STRUCTURAL MUST ( automountKey $ automountInformation ) MAY des cription X-ORIGIN ( 'RFC 2307bis' 'user defined' ) ) objectClasses: ( 1.3.6.1.1.1.2.16 NAME 'automountMap' DESC 'Automount Map in formation' SUP top STRUCTURAL MUST automountMapName MAY description X-ORIGI N ( 'RFC 2307bis' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.4.1 NAME 'ipaHost' AUXILIARY MUST fqd n MAY ( userPassword $ ipaClientVersion $ enrolledBy $ memberOf $ userClass $ ipaAssignedIDView ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.4.12 NAME 'ipaObject' DESC 'IPA objec tclass' AUXILIARY MUST ipaUniqueID X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.4.14 NAME 'ipaEntitlement' DESC 'IPA Entitlement object' AUXILIARY MUST ipaEntitlementId MAY ( userPKCS12 $ user Certificate ) X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.4.15 NAME 'ipaPermission' DESC 'IPA P ermission objectclass' AUXILIARY MAY ipaPermissionType X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.4.2 NAME 'ipaService' DESC 'IPA servi ce objectclass' AUXILIARY MAY ( memberOf $ managedBy $ ipaKrbAuthzData ) X- ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.4.3 NAME 'nestedGroup' DESC 'Group th at supports nesting' SUP groupOfNames STRUCTURAL MAY memberOf X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.4.4 NAME 'ipaUserGroup' DESC 'IPA use r group object class' SUP nestedGroup STRUCTURAL X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.4.5 NAME 'ipaHostGroup' DESC 'IPA hos t group object class' SUP nestedGroup STRUCTURAL X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.4.6 NAME 'ipaAssociation' ABSTRACT MU ST ( ipaUniqueID $ cn ) MAY ( memberUser $ userCategory $ memberHost $ host Category $ ipaEnabledFlag $ description ) X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.4.7 NAME 'ipaHBACRule' SUP ipaAssocia tion STRUCTURAL MUST accessRuleType MAY ( sourceHost $ sourceHostCategory $ serviceCategory $ memberService $ externalHost $ accessTime ) X-ORIGIN 'IP A v2' ) objectClasses: ( 2.16.840.1.113730.3.8.4.8 NAME 'ipaNISNetgroup' DESC 'IPA v ersion of NIS netgroup' SUP ipaAssociation STRUCTURAL MAY ( externalHost $ nisDomainName $ member $ memberOf ) X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.4.9 NAME 'ipaCAaccess' STRUCTURAL MAY ( member $ hostCApolicy ) X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.4.10 NAME 'ipaHBACService' STRUCTURAL MUST cn MAY ( description $ memberOf ) X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.4.11 NAME 'ipaHBACServiceGroup' DESC 'IPA HBAC service group object class' SUP groupOfNames STRUCTURAL X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.12.1 NAME 'ipaExternalGroup' SUP top STRUCTURAL MUST cn MAY ( ipaExternalMember $ memberOf $ description $ owner ) X-ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.2 NAME 'ipaNTUserAttrs' SUP top AU XILIARY MUST ipaNTSecurityIdentifier MAY ( ipaNTHash $ ipaNTLogonScript $ i paNTProfilePath $ ipaNTHomeDirectory $ ipaNTHomeDirectoryDrive ) X-ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.3 NAME 'ipaNTGroupAttrs' SUP top A UXILIARY MUST ipaNTSecurityIdentifier X-ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.4 NAME 'ipaNTDomainAttrs' SUP top AUXILIARY MUST ( ipaNTSecurityIdentifier $ ipaNTFlatName $ ipaNTDomainGUID ) MAY ipaNTFallbackPrimaryGroup X-ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.5 NAME 'ipaNTTrustedDomain' DESC ' Trusted Domain Object' SUP top STRUCTURAL MUST cn MAY ( ipaNTTrustType $ ip aNTTrustAttributes $ ipaNTTrustDirection $ ipaNTTrustPartner $ ipaNTFlatNam e $ ipaNTTrustAuthOutgoing $ ipaNTTrustAuthIncoming $ ipaNTTrustedDomainSID $ ipaNTTrustForestTrustInfo $ ipaNTTrustPosixOffset $ ipaNTSupportedEncryp tionTypes $ ipaNTSIDBlacklistIncoming $ ipaNTSIDBlacklistOutgoing $ ipaNTAd ditionalSuffixes ) X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.6 NAME 'groupOfPrincipals' SUP top AUXILIARY MUST cn MAY memberPrincipal X-ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.7 NAME 'ipaKrb5DelegationACL' SUP groupOfPrincipals STRUCTURAL MAY ( ipaAllowToImpersonate $ ipaAllowedTarget ) X-ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.10 NAME 'ipaSELinuxUserMap' SUP ip aAssociation STRUCTURAL MUST ipaSELinuxUser MAY ( accessTime $ seeAlso ) X- ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.11 NAME 'ipaSshGroupOfPubKeys' ABS TRACT MAY ipaSshPubKey X-ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.12 NAME 'ipaSshUser' SUP ipaSshGro upOfPubKeys AUXILIARY X-ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.13 NAME 'ipaSshHost' SUP ipaSshGro upOfPubKeys AUXILIARY X-ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.14 NAME 'ipaIDobject' SUP top AUXI LIARY MAY ( uidNumber $ gidNumber $ ipaNTSecurityIdentifier ) X-ORIGIN ( 'I PA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.15 NAME 'ipaIDrange' ABSTRACT MUST ( cn $ ipaBaseID $ ipaIDRangeSize $ ipaRangeType ) X-ORIGIN ( 'IPA v3' 'us er defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.16 NAME 'ipaDomainIDRange' SUP ipa IDrange STRUCTURAL MAY ( ipaBaseRID $ ipaSecondaryBaseRID ) X-ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.17 NAME 'ipaTrustedADDomainRange' SUP ipaIDrange STRUCTURAL MUST ( ipaBaseRID $ ipaNTTrustedDomainSID ) X-ORI GIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.19 NAME 'ipaUserAuthTypeClass' DES C 'Class for authentication methods definition' SUP top AUXILIARY MAY ipaUs erAuthType X-ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 1.3.6.1.4.1.5923.1.1.2 NAME 'eduPerson' AUXILIARY MAY ( edu PersonAffiliation $ eduPersonNickName $ eduPersonOrgDN $ eduPersonOrgUnitDN $ eduPersonPrimaryAffiliation $ eduPersonPrincipalName $ eduPersonEntitlem ent $ eduPersonPrimaryOrgUnitDN $ eduPersonScopedAffiliation ) X-ORIGIN 'ht tp://middleware.internet2.edu/eduperson/' ) objectClasses: ( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( ipaUserSearchFields $ ipaGroupSearchFields $ ipaSearchTimeLimit $ ipaSea rchRecordsLimit $ ipaCustomFields $ ipaHomesRootDir $ ipaDefaultLoginShell $ ipaDefaultPrimaryGroup $ ipaMaxUsernameLength $ ipaPwdExpAdvNotify $ ipaU serObjectClasses $ ipaGroupObjectClasses $ ipaDefaultEmailDomain $ ipaMigra tionEnabled $ ipaCertificateSubjectBase $ ipaSELinuxUserMapDefault $ ipaSEL inuxUserMapOrder $ ipaKrbAuthzData ) X-ORIGIN 'user defined' ) objectClasses: ( 2.16.840.1.113730.3.8.4.13 NAME 'ipaConfigObject' DESC 'gen eric config object for IPA' AUXILIARY MAY ipaConfigString X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC 'dns Recor d, usually a host' SUP top STRUCTURAL MUST idnsName MAY ( cn $ idnsAllowDyn Update $ dNSTTL $ dNSClass $ aRecord $ aAAARecord $ a6Record $ nSRecord $ c NAMERecord $ pTRRecord $ sRVRecord $ tXTRecord $ mXRecord $ mDRecord $ hInf oRecord $ mInfoRecord $ aFSDBRecord $ SigRecord $ KeyRecord $ LocRecord $ n XTRecord $ nAPTRRecord $ kXRecord $ certRecord $ dNameRecord $ dSRecord $ s SHFPRecord $ rRSIGRecord $ nSECRecord $ DLVRecord $ TLSARecord $ UnknownRec ord $ RPRecord $ APLRecord $ IPSECKEYRecord $ DHCIDRecord $ HIPRecord $ SPF Record ) X-ORIGIN ( 'IPA v4.2.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' SUP idnsRecord STRUCTURAL MUST ( idnsZoneActive $ idnsSOAmName $ idnsSOArN ame $ idnsSOAserial $ idnsSOArefresh $ idnsSOAretry $ idnsSOAexpire $ idnsS OAminimum ) MAY ( idnsUpdatePolicy $ idnsAllowQuery $ idnsAllowTransfer $ i dnsAllowSyncPTR $ idnsForwardPolicy $ idnsForwarders $ idnsSecInlineSigning $ nSEC3PARAMRecord $ dNSdefaultTTL ) X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.6.2 NAME 'idnsConfigObject' DESC 'DNS global config options' STRUCTURAL MAY ( idnsForwardPolicy $ idnsForwarders $ idnsAllowSyncPTR $ idnsZoneRefresh $ idnsPersistentSearch ) X-ORIGIN 'us er defined' ) objectClasses: ( 2.16.840.1.113730.3.8.12.18 NAME 'ipaDNSZone' SUP top AUXIL IARY MUST idnsName MAY managedBy X-ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113719.1.301.6.1.1 NAME 'krbContainer' SUP top S TRUCTURAL MUST cn ) objectClasses: ( 2.16.840.1.113719.1.301.6.2.1 NAME 'krbRealmContainer' SUP top STRUCTURAL MUST cn MAY ( krbMKey $ krbUPEnabled $ krbSubTrees $ krbSear chScope $ krbLdapServers $ krbSupportedEncSaltTypes $ krbDefaultEncSaltType s $ krbTicketPolicyReference $ krbKdcServers $ krbPwdServers $ krbAdmServer s $ krbPrincNamingAttr $ krbPwdPolicyReference $ krbPrincContainerRef ) ) objectClasses: ( 2.16.840.1.113719.1.301.6.3.1 NAME 'krbService' SUP top ABS TRACT MUST cn MAY ( krbHostServer $ krbRealmReferences ) ) objectClasses: ( 2.16.840.1.113719.1.301.6.4.1 NAME 'krbKdcService' SUP krbS ervice STRUCTURAL ) objectClasses: ( 2.16.840.1.113719.1.301.6.5.1 NAME 'krbPwdService' SUP krbS ervice STRUCTURAL ) objectClasses: ( 2.16.840.1.113719.1.301.6.8.1 NAME 'krbPrincipalAux' AUXILI ARY MAY ( krbPrincipalName $ krbCanonicalName $ krbUPEnabled $ krbPrincipal Key $ krbTicketPolicyReference $ krbPrincipalExpiration $ krbPasswordExpira tion $ krbPwdPolicyReference $ krbPrincipalType $ krbPwdHistory $ krbLastPw dChange $ krbPrincipalAliases $ krbLastSuccessfulAuth $ krbLastFailedAuth $ krbLoginFailedCount $ krbExtraData $ krbLastAdminUnlock $ krbAllowedToDele gateTo $ krbPrincipalAuthInd ) X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined ' ) ) objectClasses: ( 2.16.840.1.113719.1.301.6.9.1 NAME 'krbPrincipal' SUP top S TRUCTURAL MUST krbPrincipalName MAY krbObjectReferences ) objectClasses: ( 2.16.840.1.113719.1.301.6.11.1 NAME 'krbPrincRefAux' SUP to p AUXILIARY MAY krbPrincipalReferences ) objectClasses: ( 2.16.840.1.113719.1.301.6.13.1 NAME 'krbAdmService' SUP krb Service STRUCTURAL ) objectClasses: ( 2.16.840.1.113719.1.301.6.14.1 NAME 'krbPwdPolicy' SUP top STRUCTURAL MUST cn MAY ( krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars $ krbPwdMinLength $ krbPwdHistoryLength $ krbPwdMaxFailure $ krbPwdFailure CountInterval $ krbPwdLockoutDuration $ krbPwdAttributes $ krbPwdMaxLife $ krbPwdMaxRenewableLife $ krbPwdAllowedKeysalts ) X-ORIGIN ( 'IPA v4.3.0' 'u ser defined' ) ) objectClasses: ( 2.16.840.1.113719.1.301.6.16.1 NAME 'krbTicketPolicyAux' AU XILIARY MAY ( krbTicketFlags $ krbMaxTicketLife $ krbMaxRenewableAge ) ) objectClasses: ( 2.16.840.1.113719.1.301.6.17.1 NAME 'krbTicketPolicy' SUP t op STRUCTURAL MUST cn ) objectClasses: ( 1.3.6.1.4.1.13769.9.1 NAME 'mozillaAbPersonAlpha' SUP top A UXILIARY MUST cn MAY ( c $ description $ displayName $ facsimileTelephoneNu mber $ givenName $ homePhone $ l $ mail $ mobile $ mozillaCustom1 $ mozilla Custom2 $ mozillaCustom3 $ mozillaCustom4 $ mozillaHomeCountryName $ mozill aHomeLocalityName $ mozillaHomePostalCode $ mozillaHomeState $ mozillaHomeS treet $ mozillaHomeStreet2 $ mozillaHomeUrl $ mozillaNickname $ mozillaSeco ndEmail $ mozillaUseHtmlMail $ mozillaWorkStreet2 $ mozillaWorkUrl $ nsAIMi d $ o $ ou $ pager $ postalCode $ postOfficeBox $ sn $ st $ street $ teleph oneNumber $ title ) X-ORIGIN 'Mozilla Address Book' ) objectClasses: ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject' DESC 'Auxiliary object class for adding authorizedService attribute' SUP top AU XILIARY MAY authorizedService X-ORIGIN 'NSS LDAP schema' ) objectClasses: ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject' DESC 'Auxiliary o bject class for adding host attribute' SUP top AUXILIARY MAY host X-ORIGIN 'NSS LDAP schema' ) objectClasses: ( 2.16.840.1.113730.3.2.318 NAME 'pamConfig' DESC 'PAM plugin configuration' SUP top AUXILIARY MAY ( cn $ pamMissingSuffix $ pamExcludeS uffix $ pamIncludeSuffix $ pamIDAttr $ pamIDMapMethod $ pamFallback $ pamSe cure $ pamService $ pamFilter ) X-ORIGIN 'Red Hat Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.326 NAME 'dynamicGroup' DESC 'Group c ontaining internal dynamically-generated members' SUP posixGroup AUXILIARY MAY dsOnlyMemberUid X-ORIGIN 'Red Hat Directory Server' ) objectClasses: ( 1.3.6.1.4.1.6981.11.2.3 NAME 'PureFTPdUser' DESC 'PureFTPd user with optional quota, throttling and ratio' STRUCTURAL MAY ( FTPStatus $ FTPQuotaFiles $ FTPQuotaMBytes $ FTPUploadRatio $ FTPDownloadRatio $ FTPU ploadBandwidth $ FTPDownloadBandwidth $ FTPuid $ FTPgid ) X-ORIGIN 'Pure-FT Pd' ) objectClasses: ( 1.2.840.113556.1.5.87 NAME 'calEntry' DESC 'RFC2739: Calend ar Entry' SUP top AUXILIARY MAY ( calCalURI $ calFBURL $ calOtherCalURIs $ calOtherFBURLs $ calCAPURI $ calOtherCAPURIs ) X-ORIGIN 'rfc2739' ) objectClasses: ( 1.3.18.0.2.6.258 NAME 'printerAbstract' DESC 'Printer relat ed information.' SUP top ABSTRACT MAY ( printer-name $ printer-natural-lang uage-configured $ printer-location $ printer-info $ printer-more-info $ pri nter-make-and-model $ printer-multiple-document-jobs-supported $ printer-ch arset-configured $ printer-charset-supported $ printer-generated-natural-la nguage-supported $ printer-document-format-supported $ printer-color-suppor ted $ printer-compression-supported $ printer-pages-per-minute $ printer-pa ges-per-minute-color $ printer-finishings-supported $ printer-number-up-sup ported $ printer-sides-supported $ printer-media-supported $ printer-media- local-supported $ printer-resolution-supported $ printer-print-quality-supp orted $ printer-job-priority-supported $ printer-copies-supported $ printer -job-k-octets-supported $ printer-current-operator $ printer-service-person $ printer-delivery-orientation-supported $ printer-stacking-order-supporte d $ printer-output-features-supported ) X-ORIGIN 'rfc3712' ) objectClasses: ( 1.3.18.0.2.6.255 NAME 'printerService' DESC 'Printer inform ation.' SUP printerAbstract STRUCTURAL MAY ( printer-uri $ printer-xri-supp orted ) X-ORIGIN 'rfc3712' ) objectClasses: ( 1.3.18.0.2.6.257 NAME 'printerServiceAuxClass' DESC 'Printe r information.' SUP printerAbstract AUXILIARY MAY ( printer-uri $ printer-x ri-supported ) X-ORIGIN 'rfc3712' ) objectClasses: ( 1.3.18.0.2.6.256 NAME 'printerIPP' DESC 'Internet Printing Protocol (IPP) information.' SUP top AUXILIARY MAY ( printer-ipp-versions-s upported $ printer-multiple-document-jobs-supported ) X-ORIGIN 'rfc3712' ) objectClasses: ( 1.3.18.0.2.6.253 NAME 'printerLPR' DESC 'LPR information.' SUP top AUXILIARY MUST printer-name MAY printer-aliases X-ORIGIN 'rfc3712' ) objectClasses: ( 1.3.6.1.4.1.2312.4.3.4.1 NAME 'sabayonProfile' DESC 'sabayo n profile' SUP top STRUCTURAL MUST cn MAY ( sabayonProfileURL $ description ) X-ORIGIN 'Sabayon' ) objectClasses: ( 1.3.6.1.4.1.2312.4.3.4.2 NAME 'sabayonProfileNameObject' DE SC 'contains sabayon profile name' SUP top AUXILIARY MUST sabayonProfileNam e X-ORIGIN 'Sabayon' ) objectClasses: ( 1.3.6.1.4.1.2312.4.3.4.3 NAME 'sabayonProfileURLObject' DES C 'contains sabayon profile' SUP top AUXILIARY MUST cn MAY sabayonProfileUR L X-ORIGIN 'Sabayon' ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'Samba 3 .0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ s ambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogo nScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPri maryGroupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ sambaBadPasswordTime $ sambaPasswordHistory $ sambaLogonHours ) ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' DESC 'Samba Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $ sambaGroupT ype ) MAY ( displayName $ description $ sambaSIDList ) ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' DESC 'Sam ba Trust Password' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaNTPassw ord $ sambaTrustFlags ) MAY ( sambaSID $ sambaPwdLastSet ) ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba Domai n Information' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidB ase $ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $ samb aMaxPwdAge $ sambaMinPwdAge $ sambaLockoutDuration $ sambaLockoutObservatio nWindow $ sambaLockoutThreshold $ sambaForceLogoff $ sambaRefuseMachinePwdC hange ) ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' DESC 'Pool fo r allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gidNumber ) ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' DESC 'Mapping from a SID to an ID' SUP top AUXILIARY MUST sambaSID MAY ( uidNumber $ gid Number ) ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' DESC 'Structura l Class for a SID' SUP top STRUCTURAL MUST sambaSID ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' DESC 'Samba Conf iguration Section' SUP top AUXILIARY MAY description ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' DESC 'Samba Share Section' SUP top STRUCTURAL MUST sambaShareName MAY description ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' DESC 'Samb a Configuration Option' SUP top STRUCTURAL MUST sambaOptionName MAY ( samba BoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListOption $ description ) ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' D ESC 'Samba Trusted Domain Password' SUP top STRUCTURAL MUST ( sambaDomainNa me $ sambaSID $ sambaClearTextPassword $ sambaPwdLastSet ) MAY sambaPreviou sClearTextPassword ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' DESC 'Sam ba Trusted Domain Object' SUP top STRUCTURAL MUST cn MAY ( sambaTrustType $ sambaTrustAttributes $ sambaTrustDirection $ sambaTrustPartner $ sambaFlat Name $ sambaTrustAuthOutgoing $ sambaTrustAuthIncoming $ sambaSecurityIdent ifier $ sambaTrustForestTrustInfo $ sambaTrustPosixOffset $ sambaSupportedE ncryptionTypes ) ) objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' DESC 'Sudoer Entrie s' SUP top STRUCTURAL MUST cn MAY ( sudoUser $ sudoHost $ sudoCommand $ sud oRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ sudoNotBefore $ sudo NotAfter $ sudoOrder $ description ) X-ORIGIN 'SUDO' ) objectClasses: ( 5.3.6.1.1.1.2.0 NAME 'trustAccount' DESC 'Sets trust accoun ts information' SUP top AUXILIARY MUST trustModel MAY accessTo X-ORIGIN 'ns s_ldap/pam_ldap' ) objectClasses: ( 2.16.840.1.113730.3.8.12.8 NAME 'ipaKrbPrincipal' SUP krbPr incipalAux AUXILIARY MUST ( krbPrincipalName $ ipaKrbPrincipalAlias ) X-ORI GIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.8.1 NAME 'ipaSudoRule' SUP ipaAssocia tion STRUCTURAL MAY ( externalUser $ externalHost $ hostMask $ memberAllowC md $ memberDenyCmd $ cmdCategory $ ipaSudoOpt $ ipaSudoRunAs $ ipaSudoRunAs ExtUser $ ipaSudoRunAsUserCategory $ ipaSudoRunAsGroup $ ipaSudoRunAsExtGro up $ ipaSudoRunAsGroupCategory $ sudoNotBefore $ sudoNotAfter $ sudoOrder $ ipaSudoRunAsExtUserGroup ) X-ORIGIN ( 'IPA v4.0.0' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.8.2 NAME 'ipaSudoCmd' DESC 'IPA objec t class for SUDO command' STRUCTURAL MUST ( ipaUniqueID $ sudoCmd ) MAY ( m emberOf $ description ) X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.8.3 NAME 'ipaSudoCmdGrp' DESC 'IPA ob ject class to store groups of SUDO commands' SUP groupOfNames STRUCTURAL MU ST ipaUniqueID X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.16.2.1 NAME 'ipaToken' DESC 'Abstract token class for tokens' SUP top ABSTRACT MUST ipatokenUniqueID MAY ( descr iption $ managedBy $ ipatokenOwner $ ipatokenDisabled $ ipatokenNotBefore $ ipatokenNotAfter $ ipatokenVendor $ ipatokenModel $ ipatokenSerial ) X-ORI GIN ( 'IPA v4.0.0' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.16.2.2 NAME 'ipatokenTOTP' DESC 'TOTP Token Type' SUP ipaToken STRUCTURAL MAY ( ipatokenOTPkey $ ipatokenOTPalgo rithm $ ipatokenOTPdigits $ ipatokenTOTPclockOffset $ ipatokenTOTPtimeStep $ ipatokenTOTPwatermark ) X-ORIGIN ( 'IPA v4.1.3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.16.2.3 NAME 'ipatokenRadiusProxyUser' DESC 'Radius Proxy User' SUP top AUXILIARY MAY ( ipatokenRadiusConfigLink $ ipatokenRadiusUserName ) X-ORIGIN ( 'IPA v4.0.0' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.16.2.4 NAME 'ipatokenRadiusConfigurat ion' DESC 'Proxy Radius Configuration' SUP top STRUCTURAL MUST ( cn $ ipato kenRadiusServer $ ipatokenRadiusSecret ) MAY ( description $ ipatokenRadius Timeout $ ipatokenRadiusRetries $ ipatokenUserMapAttribute ) X-ORIGIN ( 'IP A OTP' 'user defined' ) ) objectClasses: ( cmsuser-oid NAME 'cmsuser' DESC 'CMS User' SUP top STRUCTUR AL MUST usertype MAY userstate X-ORIGIN 'user defined' ) objectClasses: ( CertACLS-oid NAME 'CertACLS' DESC 'CMS defined class' SUP t op STRUCTURAL MUST cn MAY resourceACLS X-ORIGIN 'user defined' ) objectClasses: ( repository-oid NAME 'repository' DESC 'CMS defined class' S UP top STRUCTURAL MUST ou MAY ( serialno $ description $ nextRange $ publis hingStatus ) X-ORIGIN 'user defined' ) objectClasses: ( request-oid NAME 'request' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( requestId $ dateOfCreate $ dateOfModify $ request State $ requestResult $ requestOwner $ requestAgentGroup $ requestSourceId $ requestType $ requestFlag $ requestError $ userMessages $ adminMessages ) X-ORIGIN 'user defined' ) objectClasses: ( transaction-oid NAME 'transaction' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( transId $ description $ transName $ trans Status $ transOps ) X-ORIGIN 'user defined' ) objectClasses: ( crlIssuingPointRecord-oid NAME 'crlIssuingPointRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOf Modify $ crlNumber $ crlSize $ thisUpdate $ nextUpdate $ deltaNumber $ delt aSize $ firstUnsaved $ certificateRevocationList $ deltaRevocationList $ cr lCache $ revokedCerts $ unrevokedCerts $ expiredCerts $ cACertificate ) X-O RIGIN 'user defined' ) objectClasses: ( certificateRecord-oid NAME 'certificateRecord' DESC 'CMS de fined class' SUP top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dat eOfModify $ certStatus $ autoRenew $ issueInfo $ metaInfo $ revInfo $ versi on $ duration $ notAfter $ notBefore $ algorithmId $ subjectName $ signingA lgorithmId $ userCertificate $ issuedBy $ revokedBy $ revokedOn $ extension $ publicKeyData $ issuerName ) X-ORIGIN 'user defined' ) objectClasses: ( userDetails-oid NAME 'userDetails' DESC 'CMS defined class' SUP top STRUCTURAL MUST userDN MAY ( dateOfCreate $ dateOfModify $ passwor d $ p12Expiration ) X-ORIGIN 'user defined' ) objectClasses: ( keyRecord-oid NAME 'keyRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dateOfModify $ keyS tate $ privateKeyData $ ownerName $ keySize $ metaInfo $ dateOfArchival $ d ateOfRecovery $ algorithm $ publicKeyFormat $ publicKeyData $ archivedBy $ clientId $ dataType $ status ) X-ORIGIN 'user defined' ) objectClasses: ( pkiSecurityDomain-oid NAME 'pkiSecurityDomain' DESC 'CMS de fined class' SUP top STRUCTURAL MUST ( ou $ name ) X-ORIGIN 'user defined' ) objectClasses: ( pkiSecurityGroup-oid NAME 'pkiSecurityGroup' DESC 'CMS defi ned class' SUP top STRUCTURAL MUST cn X-ORIGIN 'user defined' ) objectClasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined clas s' SUP top STRUCTURAL MUST ( cn $ host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager $ SecureAgentPort $ SecureAdminPort $ SecureEEClient AuthPort $ UnSecurePort ) X-ORIGIN 'user defined' ) objectClasses: ( pkiRange-oid NAME 'pkiRange' DESC 'CMS defined class' SUP t op STRUCTURAL MUST ( cn $ beginRange $ endRange $ host $ SecurePort ) X-ORI GIN 'user defined' ) objectClasses: ( securityDomainSessionEntry-oid NAME 'securityDomainSessionE ntry' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ host $ uid $ cmsUserGroup $ dateOfCreate ) X-ORIGIN 'user defined' ) objectClasses: ( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' DESC 'nisKeyObject' SU P top STRUCTURAL MUST ( cn $ nisPublickey $ nisSecretkey ) MAY ( uidNumber $ description ) X-ORIGIN 'user defined' ) objectClasses: ( 1.3.1.6.1.1.1.2.15 NAME 'nisDomainObject' DESC 'nisDomainOb ject' SUP top AUXILIARY MUST nisDomain X-ORIGIN 'user defined' ) objectClasses: ( 1.3.6.1.4.1.42.2.27.1.2.6 NAME 'nisNetId' DESC 'nisNetId' S UP top STRUCTURAL MUST cn MAY ( nisNetIdUser $ nisNetIdGroup $ nisNetIdHost ) X-ORIGIN 'user defined' ) objectClasses: ( 1.3.6.1.4.1.11.1.3.1.2.5 NAME 'DUAConfigProfile' DESC 'Abst raction of a base configuration for a DUA' SUP top STRUCTURAL MUST cn MAY ( defaultServerList $ preferredServerList $ defaultSearchBase $ defaultSearc hScope $ searchTimeLimit $ bindTimeLimit $ credentialLevel $ authentication Method $ followReferrals $ dereferenceAliases $ serviceSearchDescriptor $ s erviceCredentialLevel $ serviceAuthenticationMethod $ objectclassMap $ attr ibuteMap $ profileTTL ) X-ORIGIN ( 'RFC4876' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.22 NAME 'ipaAllowedOperations' DES C 'Class to apply access controls to arbitrary operations' SUP top AUXILIAR Y MAY ( ipaAllowedToPerform $ ipaProtectedOperation ) X-ORIGIN ( 'IPA v4.0. 0' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.21 NAME 'ipaPermissionV2' DESC 'IP A Permission objectclass, version 2' SUP ipaPermission AUXILIARY MUST ( ipa PermBindRuleType $ ipaPermLocation ) MAY ( ipaPermDefaultAttr $ ipaPermIncl udedAttr $ ipaPermExcludedAttr $ ipaPermRight $ ipaPermTargetFilter $ ipaPe rmTarget $ ipaPermTargetTo $ ipaPermTargetFrom ) X-ORIGIN ( 'IPA v4.2.2' 'u ser defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.20 NAME 'ipaUser' AUXILIARY MUST u id MAY ( userClass $ ipaKrbAuthzData ) X-ORIGIN ( 'IPA v4.3.1' 'user define d' ) ) objectClasses: ( 2.16.840.1.113730.3.8.6.3 NAME 'idnsForwardZone' DESC 'Forw ard Zone class' SUP top STRUCTURAL MUST ( idnsName $ idnsZoneActive ) MAY ( idnsForwarders $ idnsForwardPolicy ) X-ORIGIN ( 'IPA v4.0.0' 'user defined ' ) ) objectClasses: ( 2.16.840.1.113730.3.8.16.2.5 NAME 'ipatokenHOTP' DESC 'HOTP Token Type' SUP ipaToken STRUCTURAL MUST ( ipatokenOTPkey $ ipatokenOTPalg orithm $ ipatokenOTPdigits $ ipatokenHOTPcounter ) X-ORIGIN ( 'IPA v4.0.0' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.25 NAME 'ipaPrivateKeyObject' DESC 'Wrapped private keys' SUP top AUXILIARY MUST ( ipaPrivateKey $ ipaWrappin gKey $ ipaWrappingMech ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.24 NAME 'ipaPublicKeyObject' DESC 'Wrapped public keys' SUP top AUXILIARY MUST ipaPublicKey X-ORIGIN ( 'IPA v 4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.34 NAME 'ipaSecretKeyRefObject' DE SC 'Indirect storage for encoded key material' SUP top AUXILIARY MUST ipaSe cretKeyRef X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.26 NAME 'ipaSecretKeyObject' DESC 'Wrapped secret keys' SUP top AUXILIARY MUST ( ipaSecretKey $ ipaWrappingKe y $ ipaWrappingMech ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.17.2.1 NAME 'ipk11Object' DESC 'Objec t' SUP top STRUCTURAL MUST ipk11UniqueId X-ORIGIN ( 'IPA v4.1.2' 'user defi ned' ) ) objectClasses: ( 2.16.840.1.113730.3.8.17.2.2 NAME 'ipk11StorageObject' DESC 'Storage object' SUP top ABSTRACT MAY ( ipk11Private $ ipk11Modifiable $ i pk11Label $ ipk11Copyable $ ipk11Destroyable ) X-ORIGIN ( 'IPA v4.1.2' 'use r defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.17.2.5 NAME 'ipk11Key' DESC 'Key' SUP ipk11StorageObject ABSTRACT MAY ( ipk11KeyType $ ipk11Id $ ipk11StartDate $ ipk11EndDate $ ipk11Derive $ ipk11Local $ ipk11KeyGenMechanism $ ipk11All owedMechanisms ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.17.2.7 NAME 'ipk11PrivateKey' DESC 'P rivate key' SUP ipk11Key AUXILIARY MAY ( ipk11Subject $ ipk11Sensitive $ ip k11Decrypt $ ipk11Sign $ ipk11SignRecover $ ipk11Unwrap $ ipk11Extractable $ ipk11AlwaysSensitive $ ipk11NeverExtractable $ ipk11WrapWithTrusted $ ipk 11UnwrapTemplate $ ipk11AlwaysAuthenticate $ ipk11PublicKeyInfo ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.17.2.8 NAME 'ipk11SecretKey' DESC 'Se cret key' SUP ipk11Key AUXILIARY MAY ( ipk11Sensitive $ ipk11Encrypt $ ipk1 1Decrypt $ ipk11Sign $ ipk11Verify $ ipk11Wrap $ ipk11Unwrap $ ipk11Extract able $ ipk11AlwaysSensitive $ ipk11NeverExtractable $ ipk11CheckValue $ ipk 11WrapWithTrusted $ ipk11Trusted $ ipk11WrapTemplate $ ipk11UnwrapTemplate ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.17.2.6 NAME 'ipk11PublicKey' DESC 'Pu blic key' SUP ipk11Key AUXILIARY MAY ( ipk11Subject $ ipk11Encrypt $ ipk11V erify $ ipk11VerifyRecover $ ipk11Wrap $ ipk11Trusted $ ipk11WrapTemplate $ ipk11Distrusted $ ipk11PublicKeyInfo ) X-ORIGIN ( 'IPA v4.1.2' 'user defin ed' ) ) objectClasses: ( 2.16.840.1.113730.3.8.6.4 NAME 'idnsSecKey' DESC 'DNSSEC ke y metadata' SUP top STRUCTURAL MUST ( idnsSecKeyRef $ idnsSecKeyCreated $ i dnsSecAlgorithm ) MAY ( idnsSecKeyPublish $ idnsSecKeyActivate $ idnsSecKey Inactive $ idnsSecKeyDelete $ idnsSecKeyZone $ idnsSecKeyRevoke $ idnsSecKe ySep $ cn ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.27 NAME 'ipaCertificate' SUP top S TRUCTURAL MUST ( cn $ ipaCertIssuerSerial $ ipaCertSubject $ ipaPublicKey ) MAY ipaConfigString X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.28 NAME 'ipaKeyPolicy' SUP top AUX ILIARY MAY ( ipaKeyTrust $ ipaKeyUsage $ ipaKeyExtUsage ) X-ORIGIN ( 'IPA v 4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.29 NAME 'ipaIDView' SUP nsContaine r STRUCTURAL MAY description X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.35 NAME 'ipaOverrideTarget' SUP to p STRUCTURAL MUST ipaAnchorUUID X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.30 NAME 'ipaOverrideAnchor' SUP to p STRUCTURAL MUST ipaAnchorUUID MAY description X-ORIGIN ( 'IPA v4.1.2' 'us er defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.31 NAME 'ipaUserOverride' DESC 'Ov erride for User Attributes' SUP ipaOverrideAnchor STRUCTURAL MAY ( uid $ ui dNumber $ gidNumber $ homeDirectory $ loginShell $ gecos $ ipaOriginalUid $ userCertificate ) X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.32 NAME 'ipaGroupOverride' DESC 'O verride for Group Attributes' SUP ipaOverrideAnchor STRUCTURAL MAY ( gidNum ber $ cn ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.16.2.6 NAME 'ipatokenOTPConfig' DESC 'OTP Global Configuration' SUP top STRUCTURAL MUST cn MAY ( ipatokenTOTPaut hWindow $ ipatokenTOTPsyncWindow $ ipatokenHOTPauthWindow $ ipatokenHOTPsyn cWindow ) X-ORIGIN ( 'IPA v4.1.3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.18.1.1 NAME 'ipaVault' DESC 'IPA vaul t' SUP top STRUCTURAL MUST cn MAY ( description $ ipaVaultType $ ipaVaultSa lt $ ipaVaultPublicKey $ owner $ member ) X-ORIGIN ( 'IPA v4.2.2' 'user def ined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.18.1.2 NAME 'ipaVaultContainer' DESC 'IPA vault container' SUP top STRUCTURAL MUST cn MAY ( description $ owner ) X-ORIGIN ( 'IPA v4.2.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.21.2.1 NAME 'ipaCertProfile' SUP top STRUCTURAL MUST ( cn $ description $ ipaCertProfileStoreIssued ) X-ORIGIN ( 'IPA v4.2.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.21.2.2 NAME 'ipaCaAcl' SUP ipaAssocia tion STRUCTURAL MAY ( ipaCaCategory $ ipaCertProfileCategory $ serviceCateg ory $ ipaMemberCa $ ipaMemberCertProfile $ memberService ) X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.20.1.2 NAME 'ipaReplTopoSegment' DESC 'IPA defined objectclass' SUP top STRUCTURAL MUST ( ipaReplTopoSegmentDire ction $ ipaReplTopoSegmentLeftNode $ ipaReplTopoSegmentRightNode ) MAY ( cn $ ipaReplTopoSegmentStatus $ ipaReplTopoSegmentGenerated $ nsDS5Replicated AttributeList $ nsDS5ReplicatedAttributeListTotal $ nsds5BeginReplicaRefres h $ description $ nsds5replicaTimeout $ nsds5ReplicaEnabled $ nsds5ReplicaS tripAttrs $ nsds5replicaSessionPauseTime $ nsds5ReplicaProtocolTimeout ) X- ORIGIN ( 'IPA v4.2.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.20.1.1 NAME 'ipaReplTopoConf' DESC 'I PA defined objectclass' SUP top STRUCTURAL MUST ipaReplTopoConfRoot MAY ( c n $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicatedAttrib uteListTotal $ nsds5ReplicaStripAttrs ) X-ORIGIN ( 'IPA v4.3.0' 'user defin ed' ) ) objectClasses: ( 2.16.840.1.113730.3.8.20.1.4 NAME 'ipaReplTopoManagedServer ' DESC 'part of managed replication topology' SUP top AUXILIARY MAY ipaRepl TopoManagedSuffix X-ORIGIN ( 'IPA v4.2.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.20.1.3 NAME 'ipaReplTopoManagedAgreem ent' DESC 'marker objectclass for managed replication agreements' SUP top A UXILIARY MAY ipaReplTopoManagedAgreementState X-ORIGIN ( 'IPA v4.2.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.19.1.2 NAME 'ipaSupportedDomainLevelC onfig' DESC 'Supported Domain Level Configuration' SUP ipaConfigObject AUXI LIARY MUST ( ipaMinDomainLevel $ ipaMaxDomainLevel ) X-ORIGIN ( 'IPA v4.2.2 ' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.19.1.1 NAME 'ipaDomainLevelConfig' DE SC 'Domain Level Configuration' SUP ipaConfigObject AUXILIARY MUST ipaDomai nLevel X-ORIGIN ( 'IPA v4.2.2' 'user defined' ) ) objectClasses: ( certProfile-oid NAME 'certProfile' DESC 'Certificate profil e' SUP top STRUCTURAL MUST cn MAY ( classId $ certProfileConfig ) X-ORIGIN 'user defined' ) objectClasses: ( tokenRecord-oid NAME 'tokenRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ modified $ tokenReason $ tokenUserID $ tokenStatus $ tokenAppletID $ keyInfo $ tokenPo licy $ extensions $ numberOfResets $ numberOfEnrollments $ numberOfRenewals $ numberOfRecoveries $ userCertificate $ tokenType ) X-ORIGIN 'user define d' ) objectClasses: ( tokenActivity-oid NAME 'tokenActivity' DESC 'CMS defined cl ass' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ tokenOp $ tokenIP $ tokenResult $ tokenID $ tokenUserID $ tokenMsg $ extensions $ tokenType ) X-ORIGIN 'user defined' ) objectClasses: ( tokenCert-oid NAME 'tokenCert' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ userCertificate $ tokenUserID $ tokenID $ tokenIssuer $ tokenOrigin $ tokenSubject $ token Serial $ tokenStatus $ tokenType $ tokenKeyType $ tokenNotBefore $ tokenNot After $ extensions ) X-ORIGIN 'user defined' ) objectClasses: ( tpsProfileID-oid NAME 'tpsProfileID' DESC 'CMS defined clas s' SUP top AUXILIARY MAY profileID X-ORIGIN ( 'user-defined' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.6.7 NAME 'ipaLocationObject' DESC 'Ob ject for storing IPA server location' SUP top STRUCTURAL MUST idnsName MAY description X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.36 NAME 'ipaDNSContainer' DESC 'IP A DNS container' AUXILIARY MUST ipaDNSVersion X-ORIGIN ( 'IPA v4.4.0.alpha1 ' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.6.6 NAME 'idnsServerConfigObject' DES C 'DNS server configuration options' SUP top STRUCTURAL MUST idnsServerId M AY ( idnsSubstitutionVariable $ idnsSOAmName $ idnsForwarders $ idnsForward Policy ) X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.6.5 NAME 'idnsTemplateObject' DESC 'T emplate object for dynamic DNS attribute generation' AUXILIARY MUST idnsTem plateAttribute X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.6.8 NAME 'ipaLocationMember' DESC 'Me mber object of IPA location' AUXILIARY MAY ( ipaLocation $ ipaServiceWeight ) X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.21.2.3 NAME 'ipaCa' SUP top STRUCTURA L MUST ( cn $ ipaCaId $ ipaCaSubjectDN $ ipaCaIssuerDN ) MAY description X- ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) objectClasses: ( authority-oid NAME 'authority' DESC 'Certificate Authority' SUP top STRUCTURAL MUST ( cn $ authorityID $ authorityKeyNickname $ author ityEnabled $ authorityDN ) MAY ( authoritySerial $ authorityParentID $ auth orityParentDN $ authorityKeyHost $ description ) X-ORIGIN ( 'IPA v4.4.0.alp ha1' 'user defined' ) ) python-ldap-3.2.0/Tests/data/subschema-openldap-all.ldif0000644000175000017500000203673413327633471025114 0ustar pviktoripviktorin00000000000000######################################################################## # LDIF export by web2ldap 1.2.80, see http://www.web2ldap.de # Date and time: Saturday, 2017-02-18 17:09:50 GMT # Bind-DN: u'cn=Michael Str\xf6der+mail=michael@stroeder.com,ou=Private,dc=stroeder,dc=de' # LDAP-URL of search: # ldapi:///cn%3DSubschema?matchingRuleUse,ldapSyntaxes,nameForms,dITStructureRules,attributeTypes,matchingRules,dITContentRules,objectClasses,objectClass,cn?base?%28objectClass%3D%2A%29?x-saslmech=EXTERNAL ######################################################################## version: 1 dn: cn=Subschema attributeTypes: ( 2.5.4.0 NAME 'objectClass' DESC 'RFC4512: object classes o f the entity' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.38 ) attributeTypes: ( 2.5.21.9 NAME 'structuralObjectClass' DESC 'RFC4512: struc tural object class of entry' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOper ation ) attributeTypes: ( 2.5.18.1 NAME 'createTimestamp' DESC 'RFC4512: time which object was created' EQUALITY generalizedTimeMatch ORDERING generalizedTimeO rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODI FICATION USAGE directoryOperation ) attributeTypes: ( 2.5.18.2 NAME 'modifyTimestamp' DESC 'RFC4512: time which object was last modified' EQUALITY generalizedTimeMatch ORDERING generalize dTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USE R-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 2.5.18.3 NAME 'creatorsName' DESC 'RFC4512: name of creato r' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SIN GLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 2.5.18.4 NAME 'modifiersName' DESC 'RFC4512: name of last modifier' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 2.5.18.9 NAME 'hasSubordinates' DESC 'X.501: entry has chi ldren' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VAL UE NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 2.5.18.10 NAME 'subschemaSubentry' DESC 'RFC4512: name of controlling subschema entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOpe ration ) attributeTypes: ( 2.5.18.12 NAME 'collectiveAttributeSubentries' DESC 'RFC36 71: collective attribute subentries' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE directoryOperatio n ) attributeTypes: ( 2.5.18.7 NAME 'collectiveExclusions' DESC 'RFC3671: collec tive attribute exclusions' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.38 USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.1.20 NAME 'entryDN' DESC 'DN of the entry' EQUALIT Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC 'UUID of the entry' E QUALITY UUIDMatch ORDERING UUIDOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-V ALUE NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN' DESC 'change sequ ence number of the entry content' EQUALITY CSNMatch ORDERING CSNOrderingMat ch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.13 NAME 'namingCSN' DESC 'change se quence number of the entry naming (RDN)' EQUALITY CSNMatch ORDERING CSNOrde ringMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIF ICATION USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.23 NAME 'syncreplCookie' DESC 'sync repl Cookie for shadow copy' EQUALITY octetStringMatch ORDERING octetString OrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE NO-USER-MOD IFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.25 NAME 'contextCSN' DESC 'the larg est committed CSN of a context' EQUALITY CSNMatch ORDERING CSNOrderingMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} NO-USER-MODIFICATION USAGE dSAOpera tion ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' DESC 'RFC4512: alternative servers' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperati on ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' DESC 'RFC 4512: naming contexts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperat ion ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' DESC ' RFC4512: supported controls' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSA Operation ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' DESC 'RFC4512: supported extended operations' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 38 USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' DE SC 'RFC4512: supported LDAP versions' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms' DESC 'RFC4512: supported SASL mechanisms' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' DESC 'RFC4 512: features supported by the server' EQUALITY objectIdentifierMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.10 NAME 'monitorContext' DESC 'moni tor context' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.1 NAME 'configContext' DESC 'confi g context' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.1.4 NAME 'vendorName' DESC 'RFC3045: name of imple mentation vendor' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.1.5 NAME 'vendorVersion' DESC 'RFC3045: version of implementation' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 2.5.18.5 NAME 'administrativeRole' DESC 'RFC3672: administ rative role' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.38 USAGE directoryOperation ) attributeTypes: ( 2.5.18.6 NAME 'subtreeSpecification' DESC 'RFC3672: subtre e specification' SYNTAX 1.3.6.1.4.1.1466.115.121.1.45 SINGLE-VALUE USAGE di rectoryOperation ) attributeTypes: ( 2.5.21.1 NAME 'dITStructureRules' DESC 'RFC4512: DIT struc ture rules' EQUALITY integerFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.17 USAGE directoryOperation ) attributeTypes: ( 2.5.21.2 NAME 'dITContentRules' DESC 'RFC4512: DIT content rules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.16 USAGE directoryOperation ) attributeTypes: ( 2.5.21.4 NAME 'matchingRules' DESC 'RFC4512: matching rule s' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.30 USAGE directoryOperation ) attributeTypes: ( 2.5.21.5 NAME 'attributeTypes' DESC 'RFC4512: attribute ty pes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.3 USAGE directoryOperation ) attributeTypes: ( 2.5.21.6 NAME 'objectClasses' DESC 'RFC4512: object classe s' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.37 USAGE directoryOperation ) attributeTypes: ( 2.5.21.7 NAME 'nameForms' DESC 'RFC4512: name forms ' EQUA LITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 35 USAGE directoryOperation ) attributeTypes: ( 2.5.21.8 NAME 'matchingRuleUse' DESC 'RFC4512: matching ru le uses' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.31 USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' DESC 'RFC4 512: LDAP syntaxes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.54 USAGE directoryOperation ) attributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) DE SC 'RFC4512: name of aliased object' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'RFC3296: subordi nate referral URL' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 USAGE distributedOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.1.3.1 NAME 'entry' DESC 'OpenLDAP ACL ent ry pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE NO-USER-MOD IFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.1.3.2 NAME 'children' DESC 'OpenLDAP ACL children pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE NO-US ER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.8 NAME ( 'authzTo' 'saslAuthzTo' ) DESC 'proxy authorization targets' EQUALITY authzMatch SYNTAX 1.3.6.1.4.1.4 203.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.9 NAME ( 'authzFrom' 'saslAuthzFrom ' ) DESC 'proxy authorization sources' EQUALITY authzMatch SYNTAX 1.3.6.1.4 .1.4203.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' DESC 'RFC2589: entry time-to-live' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-US ER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.1466.101.119.4 NAME 'dynamicSubtrees' DESC 'RF C2589: dynamic subtrees' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIF ICATION USAGE dSAOperation ) attributeTypes: ( 2.5.4.49 NAME 'distinguishedName' DESC 'RFC4519: common su pertype of DN attributes' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.12 ) attributeTypes: ( 2.5.4.41 NAME 'name' DESC 'RFC4519: common supertype of na me attributes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) attributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) DESC 'RFC4519: common n ame(s) for which the entity is known by' SUP name ) attributeTypes: ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) DESC 'RF C4519: user identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'RFC2307: An integer uniquely identifying a user in an administrative domain' EQUALITY integerM atch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN GLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' DESC 'RFC2307: An integer uniquely identifying a group in an administrative domain' EQUALITY integer Match ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SI NGLE-VALUE ) attributeTypes: ( 2.5.4.35 NAME 'userPassword' DESC 'RFC4519/2307: password of user' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128 } ) attributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' DESC 'RFC2079: Unif orm Resource Identifier with optional label' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.5.4.13 NAME 'description' DESC 'RFC4519: descriptive inf ormation' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) attributeTypes: ( 2.5.4.34 NAME 'seeAlso' DESC 'RFC4519: DN of related objec t' SUP distinguishedName ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.78 NAME 'olcConfigFile' DESC ' File for slapd configuration directives' EQUALITY caseIgnoreMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.79 NAME 'olcConfigDir' DESC 'D irectory for slapd configuration backend' EQUALITY caseIgnoreMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.1 NAME 'olcAccess' DESC 'Acces s Control List' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.86 NAME 'olcAddContentAcl' DES C 'Check ACLs against content of Add ops' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.2 NAME 'olcAllows' DESC 'Allow ed set of deprecated features' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.3 NAME 'olcArgsFile' DESC 'Fil e for slapd command line options' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.5 NAME 'olcAttributeOptions' E QUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.4 NAME 'olcAttributeTypes' DES C 'OpenLDAP attributeTypes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.6 NAME 'olcAuthIDRewrite' EQUA LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES ' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.7 NAME 'olcAuthzPolicy' EQUALI TY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.8 NAME 'olcAuthzRegexp' EQUALI TY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.9 NAME 'olcBackend' DESC 'A ty pe of backend' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 SINGLE-VALUE X-ORDERED 'SIBLINGS' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.10 NAME 'olcConcurrency' SYNTA X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.11 NAME 'olcConnMaxPending' SY NTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.12 NAME 'olcConnMaxPendingAuth ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.13 NAME 'olcDatabase' DESC 'Th e backend type for a database instance' SUP olcBackend SINGLE-VALUE X-ORDER ED 'SIBLINGS' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.14 NAME 'olcDefaultSearchBase' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.15 NAME 'olcDisallows' EQUALIT Y caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.16 NAME 'olcDitContentRules' D ESC 'OpenLDAP DIT content rules' EQUALITY caseIgnoreMatch SUBSTR caseIgnore SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.20 NAME 'olcExtraAttrs' EQUA LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.17 NAME 'olcGentleHUP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.17 NAME 'olcHidden' SYNTAX 1 .3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.18 NAME 'olcIdleTimeout' SYNTA X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.19 NAME 'olcInclude' SUP label edURI ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.20 NAME 'olcIndexSubstrIfMinLe n' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.21 NAME 'olcIndexSubstrIfMaxLe n' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.22 NAME 'olcIndexSubstrAnyLen' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.23 NAME 'olcIndexSubstrAnyStep ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.84 NAME 'olcIndexIntLen' SYNTA X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.4 NAME 'olcLastMod' SYNTAX 1 .3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.85 NAME 'olcLdapSyntaxes' DESC 'OpenLDAP ldapSyntax' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.5 NAME 'olcLimits' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.93 NAME 'olcListenerThreads' S YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.26 NAME 'olcLocalSSF' SYNTAX 1 .3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.27 NAME 'olcLogFile' SYNTAX 1. 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.28 NAME 'olcLogLevel' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.6 NAME 'olcMaxDerefDepth' SY NTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.16 NAME 'olcMirrorMode' SYNT AX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.30 NAME 'olcModuleLoad' EQUALI TY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.31 NAME 'olcModulePath' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.18 NAME 'olcMonitoring' SYNT AX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.32 NAME 'olcObjectClasses' DES C 'OpenLDAP object classes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.33 NAME 'olcObjectIdentifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.34 NAME 'olcOverlay' SUP olcDa tabase SINGLE-VALUE X-ORDERED 'SIBLINGS' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.35 NAME 'olcPasswordCryptSaltF ormat' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.36 NAME 'olcPasswordHash' EQUA LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.37 NAME 'olcPidFile' SYNTAX 1. 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.38 NAME 'olcPlugin' EQUALITY c aseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.39 NAME 'olcPluginLogFile' SYN TAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.40 NAME 'olcReadOnly' SYNTAX 1 .3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.41 NAME 'olcReferral' SUP labe ledURI SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.7 NAME 'olcReplica' SUP labe ledURI EQUALITY caseIgnoreMatch X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.43 NAME 'olcReplicaArgsFile' S YNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.44 NAME 'olcReplicaPidFile' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.45 NAME 'olcReplicationInterva l' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.46 NAME 'olcReplogFile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.47 NAME 'olcRequires' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.48 NAME 'olcRestrict' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.49 NAME 'olcReverseLookup' SYN TAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.8 NAME 'olcRootDN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.51 NAME 'olcRootDSE' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.9 NAME 'olcRootPW' SYNTAX 1. 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.89 NAME 'olcSaslAuxprops' SYNT AX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.53 NAME 'olcSaslHost' SYNTAX 1 .3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.54 NAME 'olcSaslRealm' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.56 NAME 'olcSaslSecProps' SYNT AX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.58 NAME 'olcSchemaDN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.59 NAME 'olcSecurity' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.81 NAME 'olcServerID' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.60 NAME 'olcSizeLimit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.61 NAME 'olcSockbufMaxIncoming ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.62 NAME 'olcSockbufMaxIncoming Auth' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.83 NAME 'olcSortVals' DESC 'At tributes whose values will always be sorted' EQUALITY caseIgnoreMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.15 NAME 'olcSubordinate' SYN TAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.10 NAME 'olcSuffix' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.19 NAME 'olcSyncUseSubentry' DESC 'Store sync context in a subentry' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.11 NAME 'olcSyncrepl' EQUALI TY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.90 NAME 'olcTCPBuffer' DESC 'C ustom TCP buffer size' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.66 NAME 'olcThreads' SYNTAX 1. 3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.67 NAME 'olcTimeLimit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.68 NAME 'olcTLSCACertificateFi le' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.69 NAME 'olcTLSCACertificatePa th' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.70 NAME 'olcTLSCertificateFile ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.71 NAME 'olcTLSCertificateKeyF ile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.72 NAME 'olcTLSCipherSuite' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.73 NAME 'olcTLSCRLCheck' SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.82 NAME 'olcTLSCRLFile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.74 NAME 'olcTLSRandFile' SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.75 NAME 'olcTLSVerifyClient' S YNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.77 NAME 'olcTLSDHParamFile' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.87 NAME 'olcTLSProtocolMin' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.80 NAME 'olcToolThreads' SYNTA X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.12 NAME 'olcUpdateDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.13 NAME 'olcUpdateRef' SUP l abeledURI EQUALITY caseIgnoreMatch ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.88 NAME 'olcWriteTimeout' SYNT AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.1 NAME 'olcDbDirectory' DESC 'Directory for database content' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.5 NAME 'OpenLDAPaci' DESC 'OpenLDAP access control information (experimental)' EQUALITY OpenLDAPaciMatch SYNTA X 1.3.6.1.4.1.4203.666.2.1 USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.2 NAME 'olcDbCheckpoint' DES C 'Database checkpoint interval in kbytes and minutes' SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.4 NAME 'olcDbNoSync' DESC 'D isable synchronous database writes' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SIN GLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.12.3 NAME 'olcDbEnvFlags' DESC 'Database environment flags' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.2 NAME 'olcDbIndex' DESC 'At tribute index parameters' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.12.1 NAME 'olcDbMaxReaders' DE SC 'Maximum number of threads that may access the DB concurrently' SYNTAX 1 .3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.12.2 NAME 'olcDbMaxSize' DESC 'Maximum size of DB in bytes' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-V ALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.3 NAME 'olcDbMode' DESC 'Uni x permissions of database files' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.12.5 NAME 'olcDbRtxnSize' DESC 'Number of entries to process in one read transaction' SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.9 NAME 'olcDbSearchStack' DE SC 'Depth of search stack in IDLs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN GLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.11 NAME 'olcDbCacheFree' DES C 'Number of extra entries to free when max is reached' SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.1 NAME 'olcDbCacheSize' DESC 'Entry cache size in entries' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.16 NAME 'olcDbChecksum' DESC 'Enable database checksum validation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.13 NAME 'olcDbCryptFile' DES C 'Pathname of file containing the DB encryption key' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.14 NAME 'olcDbCryptKey' DESC 'DB encryption key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.3 NAME 'olcDbConfig' DESC 'B erkeleyDB DB_CONFIG configuration directives' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.26 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.15 NAME 'olcDbPageSize' DESC 'Page size of specified DB, in Kbytes' EQUALITY caseExactMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.5 NAME 'olcDbDirtyRead' DESC 'Allow reads of uncommitted data' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SING LE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.12 NAME 'olcDbDNcacheSize' D ESC 'DN cache size' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.6 NAME 'olcDbIDLcacheSize' D ESC 'IDL cache size in IDLs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VA LUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.7 NAME 'olcDbLinearIndex' DE SC 'Index attributes one at a time' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SIN GLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.8 NAME 'olcDbLockDetect' DES C 'Deadlock detection algorithm' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.10 NAME 'olcDbShmKey' DESC ' Key for shared memory region' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-V ALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.14 NAME 'olcDbURI' DESC 'URI (list) for remote DSA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.1 NAME 'olcDbStartTLS' DESC 'StartTLS' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.2 NAME 'olcDbACLAuthcDn' DES C 'Remote ACL administrative identity' OBSOLETE SYNTAX 1.3.6.1.4.1.1466.115 .121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.3 NAME 'olcDbACLPasswd' DESC 'Remote ACL administrative identity credentials' OBSOLETE SYNTAX 1.3.6.1.4 .1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.4 NAME 'olcDbACLBind' DESC ' Remote ACL administrative identity auth bind configuration' SYNTAX 1.3.6.1. 4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.5 NAME 'olcDbIDAssertAuthcDn ' DESC 'Remote Identity Assertion administrative identity' OBSOLETE SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.6 NAME 'olcDbIDAssertPasswd' DESC 'Remote Identity Assertion administrative identity credentials' OBSOL ETE SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.7 NAME 'olcDbIDAssertBind' D ESC 'Remote Identity Assertion administrative identity auth bind configurat ion' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.8 NAME 'olcDbIDAssertMode' D ESC 'Remote Identity Assertion mode' OBSOLETE SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.9 NAME 'olcDbIDAssertAuthzFr om' DESC 'Remote Identity Assertion authz rules' EQUALITY caseIgnoreMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.10 NAME 'olcDbRebindAsUser' DESC 'Rebind as user' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.11 NAME 'olcDbChaseReferrals ' DESC 'Chase referrals' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.12 NAME 'olcDbTFSupport' DES C 'Absolute filters support' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA LUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.13 NAME 'olcDbProxyWhoAmI' D ESC 'Proxy whoAmI exop' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.14 NAME 'olcDbTimeout' DESC 'Per-operation timeouts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.15 NAME 'olcDbIdleTimeout' D ESC 'connection idle timeout' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.16 NAME 'olcDbConnTtl' DESC 'connection ttl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.17 NAME 'olcDbNetworkTimeout ' DESC 'connection network timeout' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.18 NAME 'olcDbProtocolVersio n' DESC 'protocol version' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALU E ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.19 NAME 'olcDbSingleConn' DE SC 'cache a single connection per identity' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.20 NAME 'olcDbCancel' DESC ' abandon/ignore/exop operations when appropriate' SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.21 NAME 'olcDbQuarantine' DE SC 'Quarantine database if connection fails and retry according to rule' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.22 NAME 'olcDbUseTemporaryCo nn' DESC 'Use temporary connections if the cached one is busy' SYNTAX 1.3.6 .1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.23 NAME 'olcDbConnectionPool Max' DESC 'Max size of privileged connections pool' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.24 NAME 'olcDbSessionTrackin gRequest' DESC 'Add session tracking control to proxied requests' SYNTAX 1. 3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.25 NAME 'olcDbNoRefs' DESC ' Do not return search reference responses' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.26 NAME 'olcDbNoUndefFilter' DESC 'Do not propagate undefined search filters' SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.108 NAME 'olcDbOnErr' DESC ' error handling' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.27 NAME 'olcDbIDAssertPassTh ru' DESC 'Remote Identity Assertion passthru rules' EQUALITY caseIgnoreMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.29 NAME 'olcDbKeepalive' DES C 'TCP keepalive' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.3.1 NAME 'olcChainingBehavior' DESC 'Chaining behavior control parameters (draft-sermersheim-ldap-chainin g)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.3.2 NAME 'olcChainCacheURI' DE SC 'Enables caching of URIs not present in configuration' SYNTAX 1.3.6.1.4. 1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.3.3 NAME 'olcChainMaxReferralD epth' DESC 'max referral depth' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.3.4 NAME 'olcChainReturnError' DESC 'Errors are returned instead of the original referral' SYNTAX 1.3.6.1 .4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.101 NAME 'olcDbRewrite' DESC 'DN rewriting rules' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.102 NAME 'olcDbMap' DESC 'Ma p attribute and objectclass names' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.103 NAME 'olcDbSubtreeExclud e' DESC 'DN of subtree to exclude from target' EQUALITY caseIgnoreMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.104 NAME 'olcDbSubtreeInclud e' DESC 'DN of subtree to include in target' EQUALITY caseIgnoreMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.105 NAME 'olcDbDefaultTarget ' DESC 'Specify the default target' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.106 NAME 'olcDbDnCacheTtl' D ESC 'dncache ttl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.107 NAME 'olcDbBindTimeout' DESC 'bind timeout' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.109 NAME 'olcDbPseudoRootBin dDefer' DESC 'error handling' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VA LUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.110 NAME 'olcDbNretries' DES C 'retry handling' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.111 NAME 'olcDbClientPr' DES C 'PagedResults handling' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.100 NAME 'olcMetaSub' DESC ' Placeholder to name a Target entry' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.15 SINGLE-VALUE X-ORDERED 'SIBLINGS' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.112 NAME 'olcDbFilter' DESC 'Filter regex pattern to include in target' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.1 NAME 'monitoredInfo' DESC 'mon itored info' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.15{32768} NO-USER-MODIFICATION USAGE dSAOpera tion ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.2 NAME 'managedInfo' DESC 'monit or managed info' SUP name ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.3 NAME 'monitorCounter' DESC 'mo nitor counter' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.27 NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.4 NAME 'monitorOpCompleted' DESC 'monitor completed operations' SUP monitorCounter NO-USER-MODIFICATION USA GE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.5 NAME 'monitorOpInitiated' DESC 'monitor initiated operations' SUP monitorCounter NO-USER-MODIFICATION USA GE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.6 NAME 'monitorConnectionNumber' DESC 'monitor connection number' SUP monitorCounter NO-USER-MODIFICATION U SAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.7 NAME 'monitorConnectionAuthzDN ' DESC 'monitor connection authorization DN' EQUALITY distinguishedNameMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE dSAOperat ion ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.8 NAME 'monitorConnectionLocalAd dress' DESC 'monitor connection local address' SUP monitoredInfo NO-USER-MO DIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.9 NAME 'monitorConnectionPeerAdd ress' DESC 'monitor connection peer address' SUP monitoredInfo NO-USER-MODI FICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.10 NAME 'monitorTimestamp' DESC 'monitor timestamp' EQUALITY generalizedTimeMatch ORDERING generalizedTimeO rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODI FICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.11 NAME 'monitorOverlay' DESC 'n ame of overlays defined for a given database' SUP monitoredInfo NO-USER-MOD IFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.12 NAME 'readOnly' DESC 'read/wr ite status of a given database' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.7 SINGLE-VALUE USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.13 NAME 'restrictedOperation' DE SC 'name of restricted operation for a given database' SUP managedInfo ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.14 NAME 'monitorConnectionProtoc ol' DESC 'monitor connection protocol' SUP monitoredInfo NO-USER-MODIFICATI ON USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.15 NAME 'monitorConnectionOpsRec eived' DESC 'monitor number of operations received by the connection' SUP m onitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.16 NAME 'monitorConnectionOpsExe cuting' DESC 'monitor number of operations in execution within the connecti on' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.17 NAME 'monitorConnectionOpsPen ding' DESC 'monitor number of pending operations within the connection' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.18 NAME 'monitorConnectionOpsCom pleted' DESC 'monitor number of operations completed within the connection' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.19 NAME 'monitorConnectionGet' D ESC 'number of times connection_get() was called so far' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.20 NAME 'monitorConnectionRead' DESC 'number of times connection_read() was called so far' SUP monitorCount er NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.21 NAME 'monitorConnectionWrite' DESC 'number of times connection_write() was called so far' SUP monitorCou nter NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.22 NAME 'monitorConnectionMask' DESC 'monitor connection mask' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.23 NAME 'monitorConnectionListen er' DESC 'monitor connection listener' SUP monitoredInfo NO-USER-MODIFICATI ON USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.24 NAME 'monitorConnectionPeerDo main' DESC 'monitor connection peer domain' SUP monitoredInfo NO-USER-MODIF ICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.25 NAME 'monitorConnectionStartT ime' DESC 'monitor connection start time' SUP monitorTimestamp SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.26 NAME 'monitorConnectionActivi tyTime' DESC 'monitor connection activity time' SUP monitorTimestamp SINGLE -VALUE NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.27 NAME 'monitorIsShadow' DESC ' TRUE if the database is shadow' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.7 SINGLE-VALUE USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.28 NAME 'monitorUpdateRef' DESC 'update referral for shadow databases' SUP monitoredInfo SINGLE-VALUE USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.29 NAME 'monitorRuntimeConfig' D ESC 'TRUE if component allows runtime configuration' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.30 NAME 'monitorSuperiorDN' DESC 'monitor superior DN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.12 NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.5.1 NAME 'olcRelay' DESC 'Rela y DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.15.1 NAME 'olcAuditlogFile' DE SC 'Filename for auditlogging' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.1 NAME 'olcAccessLogDB' DESC 'Suffix of database for log content' SUP distinguishedName SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.2 NAME 'olcAccessLogOps' DES C 'Operation types to log' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.3 NAME 'olcAccessLogPurge' D ESC 'Log cleanup parameters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA LUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.4 NAME 'olcAccessLogSuccess' DESC 'Log successful ops only' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE- VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.5 NAME 'olcAccessLogOld' DES C 'Log old values when modifying entries matching the filter' SYNTAX 1.3.6. 1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.6 NAME 'olcAccessLogOldAttr' DESC 'Log old values of these attributes even if unmodified' EQUALITY case IgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.7 NAME 'olcAccessLogBase' DE SC 'Operation types to log under a specific branch' EQUALITY caseIgnoreMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.1 NAME 'reqDN' DESC 'Target DN of request' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.2 NAME 'reqStart' DESC 'Start time of request' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrde ringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.3 NAME 'reqEnd' DESC 'End time of request' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrdering Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.4 NAME 'reqType' DESC 'Type of request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN GLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.5 NAME 'reqSession' DESC 'Sess ion ID of request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.6 NAME 'reqAuthzID' DESC 'Auth orization ID of requestor' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.7 NAME 'reqResult' DESC 'Resul t code of request' EQUALITY integerMatch ORDERING integerOrderingMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.8 NAME 'reqMessage' DESC 'Erro r text of request' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.9 NAME 'reqReferral' DESC 'Ref errals returned for request' SUP labeledURI ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.10 NAME 'reqControls' DESC 'Re quest controls' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1 .4.1.4203.666.11.5.3.1 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.11 NAME 'reqRespControls' DESC 'Response controls of request' EQUALITY objectIdentifierFirstComponentMatc h SYNTAX 1.3.6.1.4.1.4203.666.11.5.3.1 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.12 NAME 'reqId' DESC 'ID of Re quest to Abandon' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.13 NAME 'reqVersion' DESC 'Pro tocol version of Bind request' EQUALITY integerMatch ORDERING integerOrderi ngMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.14 NAME 'reqMethod' DESC 'Bind method of request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.15 NAME 'reqAssertion' DESC 'C ompare Assertion of request' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA LUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.16 NAME 'reqMod' DESC 'Modific ations of request' EQUALITY octetStringMatch SUBSTR octetStringSubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.17 NAME 'reqOld' DESC 'Old val ues of entry before request completed' EQUALITY octetStringMatch SUBSTR oct etStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.18 NAME 'reqNewRDN' DESC 'New RDN of request' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.19 NAME 'reqDeleteOldRDN' DESC 'Delete old RDN' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.20 NAME 'reqNewSuperior' DESC 'New superior DN of request' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.21 NAME 'reqScope' DESC 'Scope of request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.22 NAME 'reqDerefAliases' DESC 'Disposition of Aliases in request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.23 NAME 'reqAttrsOnly' DESC 'A ttributes and values of request' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.24 NAME 'reqFilter' DESC 'Filt er of request' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.25 NAME 'reqAttr' DESC 'Attrib utes of request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.26 NAME 'reqSizeLimit' DESC 'S ize limit of request' EQUALITY integerMatch ORDERING integerOrderingMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.27 NAME 'reqTimeLimit' DESC 'T ime limit of request' EQUALITY integerMatch ORDERING integerOrderingMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.28 NAME 'reqEntries' DESC 'Num ber of entries returned' EQUALITY integerMatch ORDERING integerOrderingMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.29 NAME 'reqData' DESC 'Data o f extended request' EQUALITY octetStringMatch SUBSTR octetStringSubstringsM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.30 NAME 'auditContext' DESC 'D N of auditContainer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-U SER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.31 NAME 'reqEntryUUID' DESC 'U UID of entry' EQUALITY UUIDMatch ORDERING UUIDOrderingMatch SYNTAX 1.3.6.1. 1.16.1 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.19.1 NAME 'olcCollectInfo' DES C 'DN of entry and attribute to distribute' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.8.1 NAME 'olcDlAttrSet' DESC ' Dynamic list: , , ' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.11.1 NAME 'olcRefintAttribute' DESC 'Attributes for referential integrity' EQUALITY caseIgnoreMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.11.2 NAME 'olcRefintNothing' D ESC 'Replacement DN to supply when needed' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.11.3 NAME 'olcRefintModifiersN ame' DESC 'The DN to use as modifiersName' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.12 SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.102 NAME 'memberOf' DESC 'Group that th e entry belongs to' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.12 USAGE dSAOperation X-ORIGIN 'iPlanet Delegated Administrator' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.0 NAME 'olcMemberOfDN' DESC 'DN to be used as modifiersName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SING LE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.1 NAME 'olcMemberOfDangling ' DESC 'Behavior with respect to dangling members, constrained to ignore, d rop, error' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.2 NAME 'olcMemberOfRefInt' DESC 'Take care of referential integrity' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.3 NAME 'olcMemberOfGroupOC' DESC 'Group objectClass' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.4 NAME 'olcMemberOfMemberAD ' DESC 'member attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.5 NAME 'olcMemberOfMemberOf AD' DESC 'memberOf attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.7 NAME 'olcMemberOfDangling Error' DESC 'Error code returned in case of dangling back reference' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.1.1 NAME 'olcSpCheckpoint' DES C 'ContextCSN checkpoint interval in ops and minutes' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.1.2 NAME 'olcSpSessionlog' DES C 'Session log size in ops' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VAL UE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.1.3 NAME 'olcSpNoPresent' DESC 'Omit Present phase processing' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE -VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.1.4 NAME 'olcSpReloadHint' DES C 'Observe Reload Hint in Request control' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.14.1 NAME 'olcTranslucentStric t' DESC 'Reveal attribute deletion constraint violations' SYNTAX 1.3.6.1.4. 1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.14.2 NAME 'olcTranslucentNoGlu e' DESC 'Disable automatic glue records for ADD and MODRDN' SYNTAX 1.3.6.1. 4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.14.3 NAME 'olcTranslucentLocal ' DESC 'Attributes to use in local search filter' SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.14.4 NAME 'olcTranslucentRemot e' DESC 'Attributes to use in remote search filter' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.14.5 NAME 'olcTranslucentBindL ocal' DESC 'Enable local bind' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-V ALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.14.6 NAME 'olcTranslucentPwMod Local' DESC 'Enable local RFC 3062 Password Modify extended operation' SYNT AX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.10.1 NAME 'olcUniqueBase' DESC 'Subtree for uniqueness searches' EQUALITY distinguishedNameMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.10.2 NAME 'olcUniqueIgnore' DE SC 'Attributes for which uniqueness shall not be enforced' EQUALITY caseIgn oreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.10.3 NAME 'olcUniqueAttribute' DESC 'Attributes for which uniqueness shall be enforced' EQUALITY caseIgno reMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.10.4 NAME 'olcUniqueStrict' DE SC 'Enforce uniqueness of null values' EQUALITY booleanMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.10.5 NAME 'olcUniqueURI' DESC 'List of keywords and LDAP URIs for a uniqueness domain' EQUALITY caseExact Match ORDERING caseExactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.13.1 NAME 'olcConstraintAttrib ute' DESC 'constraint for list of attributes' EQUALITY caseIgnoreMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.5.1 NAME 'olcValSortAttr' DESC 'Sorting rule for attribute under given DN' EQUALITY caseIgnoreMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.21.1 NAME 'olcSssVlvMax' DESC 'Maximum number of concurrent Sort requests' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.21.2 NAME 'olcSssVlvMaxKeys' D ESC 'Maximum number of Keys in a Sort request' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.21.3 NAME 'olcSssVlvMaxPerConn ' DESC 'Maximum number of concurrent paged search requests per connection' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.16 NAME 'pwdChangedTime' DESC 'The time the password was last changed' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-V ALUE NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.17 NAME 'pwdAccountLockedTime' DES C 'The time an user account was locked' EQUALITY generalizedTimeMatch ORDER ING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL E-VALUE USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.19 NAME 'pwdFailureTime' DESC 'The timestamps of the last consecutive authentication failures' EQUALITY gener alizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.24 NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.20 NAME 'pwdHistory' DESC 'The his tory of users passwords' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.40 NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.21 NAME 'pwdGraceUseTime' DESC 'Th e timestamps of the grace login once the password has expired' EQUALITY gen eralizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.22 NAME 'pwdReset' DESC 'The indic ation that the password has been reset' EQUALITY booleanMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.23 NAME 'pwdPolicySubentry' DESC ' The pwdPolicy subentry in effect for this object' EQUALITY distinguishedNam eMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE USAGE directoryOpe ration ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.12.1 NAME 'olcPPolicyDefault' DESC 'DN of a pwdPolicy object for uncustomized objects' SYNTAX 1.3.6.1.4.1 .1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.12.2 NAME 'olcPPolicyHashClear text' DESC 'Hash passwords on add or modify' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.12.4 NAME 'olcPPolicyForwardUp dates' DESC 'Allow policy state updates to be forwarded via updateref' SYNT AX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.12.3 NAME 'olcPPolicyUseLockou t' DESC 'Warn clients with AccountLocked' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.57 NAME 'entryExpireTimestamp' DESC 'RFC2589 OpenLDAP extension: expire time of a dynamic object, computed as now + entryTtl' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrder ingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICA TION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.1 NAME 'olcDDSstate' DESC 'R FC2589 Dynamic directory services state' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.2 NAME 'olcDDSmaxTtl' DESC ' RFC2589 Dynamic directory services max TTL' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.3 NAME 'olcDDSminTtl' DESC ' RFC2589 Dynamic directory services min TTL' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.4 NAME 'olcDDSdefaultTtl' DE SC 'RFC2589 Dynamic directory services default TTL' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.5 NAME 'olcDDSinterval' DESC 'RFC2589 Dynamic directory services expiration task run interval' SYNTAX 1 .3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.6 NAME 'olcDDStolerance' DES C 'RFC2589 Dynamic directory services additional TTL in expiration scheduli ng' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.7 NAME 'olcDDSmaxDynamicObje cts' DESC 'RFC2589 Dynamic directory services max number of dynamic objects ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.453.16.2.188 NAME 'authTimestamp' DESC 'last s uccessful authentication using any method/mech' EQUALITY generalizedTimeMat ch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 24 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.4.5.1 NAME 'olcLastBindPrecision ' DESC 'Precision of authTimestamp attribute' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.0.1.1 NAME 'olmDbDirectory' DESC 'Path name of the directory where the database environment resides' SUP mo nitoredInfo NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: knowled ge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15{32768} ) attributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (famil y) name(s) for which the entity is known by' SUP name ) attributeTypes: ( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial number o f the entity' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) attributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC4519: two-lett er ISO-3166 country code' SUP name SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 SIN GLE-VALUE ) attributeTypes: ( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256: localit y which this object resides in' SUP name ) attributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'RFC2256: state or province which this object resides in' SUP name ) attributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC 'RFC2256: s treet address of this object' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) attributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC2256: or ganization this object belongs to' SUP name ) attributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC 'RFC2 256: organizational unit this object belongs to' SUP name ) attributeTypes: ( 2.5.4.12 NAME 'title' DESC 'RFC2256: title associated with the entity' SUP name ) attributeTypes: ( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search guide, d eprecated by enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) attributeTypes: ( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256: business c ategory' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.15{128} ) attributeTypes: ( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256: postal addres s' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) attributeTypes: ( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal code' EQU ALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15{40} ) attributeTypes: ( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post Office B ox' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.15{40} ) attributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'RFC2256: Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) attributeTypes: ( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256: Telephone N umber' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) attributeTypes: ( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex Number' S YNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) attributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'RFC2256: T eletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) attributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DESC 'R FC2256: Facsimile (Fax) Telephone Number' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .22 ) attributeTypes: ( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121 Address' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.36{15} ) attributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber' DESC 'RFC2256: int ernational ISDN number' EQUALITY numericStringMatch SUBSTR numericStringSub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) attributeTypes: ( 2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256: registere d postal address' SUP postalAddress SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) attributeTypes: ( 2.5.4.27 NAME 'destinationIndicator' DESC 'RFC2256: destin ation indicator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) attributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC 'RFC2256: pre ferred delivery method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SINGLE-VALUE ) attributeTypes: ( 2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256: present ation address' EQUALITY presentationAddressMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.43 SINGLE-VALUE ) attributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'RFC2256: supported application context' EQUALITY objectIdentifierMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.38 ) attributeTypes: ( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a group' S UP distinguishedName ) attributeTypes: ( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the object) ' SUP distinguishedName ) attributeTypes: ( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256: occupant of ro le' SUP distinguishedName ) attributeTypes: ( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256: X.509 user certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.8 ) attributeTypes: ( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256: X.509 CA cert ificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.8 ) attributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList' DESC 'RFC2256: X.5 09 authority revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.9 ) attributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList' DESC 'RFC2256: X .509 certificate revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.9 ) attributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair' DESC 'RFC2256: X.509 cross certificate pair, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 ) attributeTypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: first na me(s) for which the entity is known by' SUP name ) attributeTypes: ( 2.5.4.43 NAME 'initials' DESC 'RFC2256: initials of some o r all of names, but not the surname(s).' SUP name ) attributeTypes: ( 2.5.4.44 NAME 'generationQualifier' DESC 'RFC2256: name qu alifier indicating a generation' SUP name ) attributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'RFC2256: X.500 unique identifier' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.6 ) attributeTypes: ( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN qualifier' E QUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreS ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) attributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'RFC2256: enhance d search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) attributeTypes: ( 2.5.4.48 NAME 'protocolInformation' DESC 'RFC2256: protoco l information' EQUALITY protocolInformationMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.42 ) attributeTypes: ( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique member of a group' EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) attributeTypes: ( 2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256: house ident ifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.15{32768} ) attributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'RFC2256: support ed algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) attributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList' DESC 'RFC2256: delta r evocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) attributeTypes: ( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name of DMD' SUP na me ) attributeTypes: ( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th): pseudonym for the object' SUP name ) attributeTypes: ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' ) DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnor eIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' ) DESC 'RFC1274/2247: domain component' EQUALITY caseIgnoreIA5Match SUBSTR c aseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VAL UE ) attributeTypes: ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' DESC 'R FC1274: domain associated with object' EQUALITY caseIgnoreIA5Match SUBSTR c aseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.840.113549.1.9.1 NAME ( 'email' 'emailAddress' 'pkcs9e mail' ) DESC 'RFC3280: legacy attribute for email addresses in DNs' EQUALIT Y caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.26{128} ) attributeTypes: ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' EQUA LITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: gener al information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) attributeTypes: ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDrink' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgnore SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274: phot o (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) attributeTypes: ( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC1274: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: host computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC1274: D N of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.12 ) attributeTypes: ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' DESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR ca seIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC 'RFC1 274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DESC 'RF C1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC 'RFC 1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DESC 'R FC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR case IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTelepho neNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumberM atch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.50 ) attributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.12 ) attributeTypes: ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX 1.3. 6.1.4.1.1466.115.121.1.39 ) attributeTypes: ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY caseIgn oreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY caseIg noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY caseIg noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY caseIg noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY caseI gnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALITY cas eIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC 'RFC 1274: DN of entry associated with domain' EQUALITY distinguishedNameMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' DESC ' RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIgnor eListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) attributeTypes: ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC 'RFC1 274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTelephon eNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNumber Match SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.50 ) attributeTypes: ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelephoneN umber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumberMat ch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 50 ) attributeTypes: ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCountryNam e' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DESC 'R FC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus' DES C 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseIgno reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC 'RFC12 74: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption' DES C 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC 'RFC12 74: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RFC1274 : DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ) attributeTypes: ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE -VALUE ) attributeTypes: ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality' DE SC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) attributeTypes: ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality' DE SC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) attributeTypes: ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' DESC ' RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 ) attributeTypes: ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'RFC127 4: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.12 ) attributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274: aud io (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ) attributeTypes: ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' DESC ' RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC2798: v ehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR caseI gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC 'RFC2 798: identifies a department within an organization' EQUALITY caseIgnoreMat ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC2798 : preferred name to be used when displaying entries' EQUALITY caseIgnoreMat ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RFC279 8: numerically identifies an employee within an organization' EQUALITY case IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgnor eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) attributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC 'RF C2798: preferred written or spoken language for a person' EQUALITY caseIgno reMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.5 ) attributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.5 ) attributeTypes: ( 2.16.840.1.113730.3.1.13 NAME 'mailLocalAddress' DESC 'RFC 822 email address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3 .6.1.4.1.1466.115.121.1.26{256} ) attributeTypes: ( 2.16.840.1.113730.3.1.18 NAME 'mailHost' DESC 'FQDN of the SMTP/MTA of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 .1466.115.121.1.26{256} SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.47 NAME 'mailRoutingAddress' DESC 'R FC822 routing address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.2.1.15 NAME 'rfc822MailMember' DESC 'r fc822 mail address of group member(s)' EQUALITY caseIgnoreIA5Match SYNTAX 1 .3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; the co mmon name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolute pa th to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.146 6.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to the lo gin shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integerMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integerMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactIA5Mat ch SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY caseExa ctIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.26 ) attributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgroup t riple' SYNTAX 1.3.6.1.1.1.0.0 ) attributeTypes: ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY integerMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name ) attributeTypes: ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY integerM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP address' EQU ALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) attributeTypes: ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP network' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGL E-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netmask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGL E-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address' EQUA LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) attributeTypes: ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootparamd parameter' SYNTAX 1.3.6.1.1.1.0.1 ) attributeTypes: ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image name' EQ UALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name ) attributeTypes: ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseExactIA5M atch SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 6{1024} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.6 NAME 'javaClassName' DESC 'Fully qualified name of distinguished Java class or interface' EQUALITY caseExac tMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.7 NAME 'javaCodebase' DESC 'URL(s) specifying the location of class definition' EQUALITY caseExactIA5Match SY NTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.13 NAME 'javaClassNames' DESC 'Ful ly qualified Java class or interface name' EQUALITY caseExactMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.8 NAME 'javaSerializedData' DESC ' Serialized form of a Java object' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SING LE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.10 NAME 'javaFactory' DESC 'Fully qualified Java class name of a JNDI object factory' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.11 NAME 'javaReferenceAddress' DES C 'Addresses associated with a JNDI Reference' EQUALITY caseExactMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.12 NAME 'javaDoc' DESC 'The Java d ocumentation for the class' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1 466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.14 NAME 'corbaIor' DESC 'Stringifi ed interoperable object reference of a CORBA object' EQUALITY caseIgnoreIA5 Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.15 NAME 'corbaRepositoryId' DESC ' Repository ids of interfaces implemented by a CORBA object' EQUALITY caseEx actMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.16.840.1.113730.3.1.198 NAME 'memberURL' DESC 'Identifie s an URL associated with each member of a group. Any type of labeled URL ca n be used.' SUP labeledURI ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.8.1.1 NAME 'dgIdentity' DESC 'Iden tity to use when processing the memberURL' SUP distinguishedName SINGLE-VAL UE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.8.1.2 NAME 'dgAuthz' DESC 'Optiona l authorization rules that determine who is allowed to assume the dgIdentit y' EQUALITY authzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.1 NAME 'pwdAttribute' EQUALITY obj ectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.2 NAME 'pwdMinAge' EQUALITY intege rMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S INGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.3 NAME 'pwdMaxAge' EQUALITY intege rMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S INGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.4 NAME 'pwdInHistory' EQUALITY int egerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.5 NAME 'pwdCheckQuality' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.6 NAME 'pwdMinLength' EQUALITY int egerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.7 NAME 'pwdExpireWarning' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.8 NAME 'pwdGraceAuthNLimit' EQUALI TY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.9 NAME 'pwdLockout' EQUALITY boole anMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.10 NAME 'pwdLockoutDuration' EQUAL ITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.11 NAME 'pwdMaxFailure' EQUALITY i ntegerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.12 NAME 'pwdFailureCountInterval' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.13 NAME 'pwdMustChange' EQUALITY b ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.14 NAME 'pwdAllowUserChange' EQUAL ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.15 NAME 'pwdSafeModify' EQUALITY b ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.30 NAME 'pwdMaxRecordedFailure' EQ UALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4754.1.99.1 NAME 'pwdCheckModule' DESC 'Loadab le module that instantiates check_password() function' EQUALITY caseExactIA 5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.5.4.72 NAME 'role' DESC 'X.509 Role attribute, use ;bina ry' SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.6 ) attributeTypes: ( 2.5.4.75 NAME 'xmlPrivilegeInfo' DESC 'X.509 XML privilege information attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.5.4.58 NAME 'attributeCertificateAttribute' DESC 'X.509 Attribute certificate attribute, use ;binary' EQUALITY attributeCertificate ExactMatch SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.1 ) attributeTypes: ( 2.5.4.61 NAME 'aACertificate' DESC 'X.509 AA certificate a ttribute, use ;binary' EQUALITY attributeCertificateExactMatch SYNTAX 1.3.6 .1.4.1.4203.666.11.10.2.1 ) attributeTypes: ( 2.5.4.62 NAME 'attributeDescriptorCertificate' DESC 'X.509 Attribute descriptor certificate attribute, use ;binary' EQUALITY attribut eCertificateExactMatch SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.1 ) attributeTypes: ( 2.5.4.59 NAME 'attributeCertificateRevocationList' DESC 'X .509 Attribute certificate revocation list attribute, use ;binary' SYNTAX 1 .3.6.1.4.1.1466.115.121.1.9 X-EQUALITY 'certificateListExactMatch, not impl emented yet' ) attributeTypes: ( 2.5.4.63 NAME 'attributeAuthorityRevocationList' DESC 'X.5 09 AA certificate revocation list attribute, use ;binary' SYNTAX 1.3.6.1.4. 1.1466.115.121.1.9 X-EQUALITY 'certificateListExactMatch, not implemented y et' ) attributeTypes: ( 2.5.4.73 NAME 'delegationPath' DESC 'X.509 Delegation path attribute, use ;binary' SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.4 ) attributeTypes: ( 2.5.4.71 NAME 'privPolicy' DESC 'X.509 Privilege policy at tribute, use ;binary' SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.5 ) attributeTypes: ( 2.5.4.74 NAME 'protPrivPolicy' DESC 'X.509 Protected privi lege policy attribute, use ;binary' EQUALITY attributeCertificateExactMatch SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.1 ) attributeTypes: ( 2.5.4.76 NAME 'xmlPrivPolicy' DESC 'X.509 XML Protected pr ivilege policy attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.5.4.7.1 NAME 'c-l' SUP l COLLECTIVE ) attributeTypes: ( 2.5.4.8.1 NAME 'c-st' SUP st COLLECTIVE ) attributeTypes: ( 2.5.4.9.1 NAME 'c-street' SUP street COLLECTIVE ) attributeTypes: ( 2.5.4.10.1 NAME 'c-o' SUP o COLLECTIVE ) attributeTypes: ( 2.5.4.11.1 NAME 'c-ou' SUP ou COLLECTIVE ) attributeTypes: ( 2.5.4.16.1 NAME 'c-PostalAddress' SUP postalAddress COLLEC TIVE ) attributeTypes: ( 2.5.4.17.1 NAME 'c-PostalCode' SUP postalCode COLLECTIVE ) attributeTypes: ( 2.5.4.18.1 NAME 'c-PostOfficeBox' SUP postOfficeBox COLLEC TIVE ) attributeTypes: ( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName' SUP physica lDeliveryOfficeName COLLECTIVE ) attributeTypes: ( 2.5.4.20.1 NAME 'c-TelephoneNumber' SUP telephoneNumber CO LLECTIVE ) attributeTypes: ( 2.5.4.21.1 NAME 'c-TelexNumber' SUP telexNumber COLLECTIVE ) attributeTypes: ( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber' SUP facsimile TelephoneNumber COLLECTIVE ) attributeTypes: ( 2.5.4.25.1 NAME 'c-InternationalISDNNumber' SUP internatio nalISDNNumber COLLECTIVE ) attributeTypes: ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' DESC 'IAN A GSS-API authorized service name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.15{256} ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.0 NAME 'defaultServerList' DESC 'De fault LDAP server host address used by a DUA' EQUALITY caseIgnoreMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 NAME 'defaultSearchBase' DESC 'De fault LDAP base DN used by a DUA' EQUALITY distinguishedNameMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 NAME 'preferredServerList' DESC ' Preferred LDAP server host addresses to be used by a DUA' EQUALI TY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.3 NAME 'searchTimeLimit' DESC 'Maxi mum time in seconds a DUA should allow for a search to complete' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.4 NAME 'bindTimeLimit' DESC 'Maximu m time in seconds a DUA should allow for the bind operation to c omplete' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- VALUE ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.5 NAME 'followReferrals' DESC 'Tell s DUA if it should follow referrals returned by a DSA search res ult' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.16 NAME 'dereferenceAliases' DESC ' Tells DUA if it should dereference aliases' EQUALITY booleanMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 NAME 'authenticationMethod' DESC 'A keystring which identifies the type of authentication method used to contact the DSA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.7 NAME 'profileTTL' DESC 'Time to l ive, in seconds, before a client DUA should re-read this configu ration profile' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.14 NAME 'serviceSearchDescriptor' D ESC 'LDAP search descriptor list used by a DUA' EQUALITY caseExactMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.9 NAME 'attributeMap' DESC 'Attribu te mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.10 NAME 'credentialLevel' DESC 'Ide ntifies type of credentials a DUA should use when binding to the LDAP server' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1 .26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.11 NAME 'objectclassMap' DESC 'Obje ctclass mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1. 4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.12 NAME 'defaultSearchScope' DESC ' Default search scope used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3. 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.13 NAME 'serviceCredentialLevel' DE SC 'Identifies type of credentials a DUA should use when binding to the LDAP server for a specific service' EQUALITY caseIgnoreI A5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.15 NAME 'serviceAuthenticationMetho d' DESC 'Authentication method used by a service of the DUA' EQUALITY caseI gnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.2.840.113533.7.68.10 NAME 'attributeCertificate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) attributeTypes: ( 1.2.840.113533.7.68.0 NAME 'entrustCAInfo' SYNTAX 1.3.6.1. 4.1.1466.115.121.1.5 ) attributeTypes: ( 1.2.840.113533.7.68.30 NAME 'entrustPolicyCertificate' SYN TAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.2.840.113533.7.68.22 NAME 'entrustRoamFileEncInfo' EQUAL ITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.2.840.113533.7.79.0 NAME 'entrustRoamingCAPAB' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.2.840.113533.7.68.28 NAME 'entrustRoamingEOP' EQUALITY o ctetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.2.840.113533.7.68.24 NAME 'entrustRoamingPAB' EQUALITY o ctetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.2.840.113533.7.68.27 NAME 'entrustRoamingPRV' EQUALITY o ctetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.2.840.113533.7.68.23 NAME 'entrustRoamingProfile' EQUALI TY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.2.840.113533.7.68.25 NAME 'entrustRoamingRecipList' EQUA LITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.2.840.113533.7.68.26 NAME 'entrustRoamingSLA' EQUALITY o ctetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 2.16.840.1.114027.22.4 NAME 'entrustAttributeCertificate' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.2.840.113533.7.79.1 NAME 'entrustRoamingId' SUP uid ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.1 NAME 'eduPersonAffiliation' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SUBSTR case IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.2 NAME 'eduPersonNickname' DESC 'ed uPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SUBSTR caseIgn oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.3 NAME 'eduPersonOrgDN' DESC 'eduPe rson per Internet2 and EDUCAUSE' EQUALITY distinguishedNameMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.4 NAME 'eduPersonOrgUnitDN' DESC 'e duPerson per Internet2 and EDUCAUSE' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.5 NAME 'eduPersonPrimaryAffiliation ' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SUBS TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA LUE ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.6 NAME 'eduPersonPrincipalName' DES C 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SUBSTR ca seIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.7 NAME 'eduPersonEntitlement' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseExactMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.8 NAME 'eduPersonPrimaryOrgUnitDN' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.9 NAME 'eduPersonScopedAffiliation' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5923.1.2.1.2 NAME 'eduOrgHomePageURI' DESC 'ed uOrg per Internet2 and EDUCAUSE' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1. 4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.5923.1.2.1.3 NAME 'eduOrgIdentityAuthNPolicyUR I' DESC 'eduOrg per Internet2 and EDUCAUSE' EQUALITY caseExactIA5Match SYNT AX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.5923.1.2.1.4 NAME 'eduOrgLegalName' DESC 'eduO rg per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.5923.1.2.1.5 NAME 'eduOrgSuperiorURI' DESC 'ed uOrg per Internet2 and EDUCAUSE' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1. 4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.5923.1.2.1.6 NAME 'eduOrgWhitePagesURI' DESC ' eduOrg per Internet2 and EDUCAUSE' EQUALITY caseExactIA5Match SYNTAX 1.3.6. 1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.1 NAME 'schacMotherTongue' DESC 'RFC 3066 code for prefered language of communication' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.2 NAME 'schacGender' DESC 'Represent ation of human sex (see ISO 5218)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.3 NAME 'schacDateOfBirth' DESC 'Date of birth (format YYYYMMDD, only numeric chars)' EQUALITY numericStringMatc h ORDERING numericStringOrderingMatch SUBSTR numericStringSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.4 NAME 'schacPlaceOfBirth' DESC 'Bir th place of a person' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingM atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.5 NAME 'schacCountryOfCitizenship' D ESC 'Country of citizenship of a person. Format two-letter acronym accordin g to ISO 3166' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.6 NAME 'schacSn1' DESC 'First surnam e of a person' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SU BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.7 NAME 'schacSn2' DESC 'Second surna me of a person' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch S UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.8 NAME 'schacPersonalTitle' DESC 'RF C1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.9 NAME 'schacHomeOrganization' DESC 'Domain name of the home organization' EQUALITY caseIgnoreMatch SUBSTR case IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.10 NAME 'schacHomeOrganizationType' DESC 'Type of the home organization' EQUALITY caseIgnoreMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.11 NAME 'schacCountryOfResidence' DE SC 'Country of citizenship of a person. Format two-letter acronym according to ISO 3166' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.12 NAME 'schacUserPresenceID' DESC ' Used to store a set of values related to the network presence' EQUALITY cas eExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.13 NAME 'schacPersonalPosition' DESC 'Position inside an institution' EQUALITY caseIgnoreMatch SUBSTR caseIgnor eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.14 NAME 'schacPersonalUniqueCode' DE SC 'unique code for the subject' EQUALITY caseIgnoreMatch ORDERING caseIgno reOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.15 NAME 'schacPersonalUniqueID' DESC 'Unique identifier for the subject' EQUALITY caseExactMatch ORDERING caseE xactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.17 NAME 'schacExpiryDate' DESC 'Date from which the set of data is to be considered invalid (format YYYYMMDDhhm mssZ)' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.18 NAME 'schacUserPrivateAttribute' DESC 'Set of denied access attributes' EQUALITY caseIgnoreIA5Match SUBSTR c aseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.19 NAME 'schacUserStatus' DESC 'Used to store a set of status of a person as user of services' EQUALITY caseIgn oreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.20 NAME 'schacProjectMembership' DES C 'Name of the project' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.21 NAME 'schacProjectSpecificRole' D ESC 'Used to store a set of roles of a person inside a project' EQUALITY ca seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.0.2.3 NAME 'schacYearOfBirth' DESC 'Ye ar of birth (format YYYY, only numeric chars)' EQUALITY numericStringMatch ORDERING numericStringOrderingMatch SUBSTR numericStringSubstringsMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' DESC 'An integer den oting time to live' EQUALITY integerMatch ORDERING integerOrderingMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' DESC 'The class of a resource record' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115 .121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.11 NAME 'wKSRecord' DESC 'a well kno wn service description, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIg noreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' DESC 'domain nam e pointer, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord' DESC 'host inf ormation, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substri ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord' DESC 'mailbox or mail list information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR case IgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord' DESC 'text strin g, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.17 NAME 'rPRecord' DESC 'for Respons ible Person, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subs tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord' DESC 'for AFS Data Base location, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnore IA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord' DESC 'Signature, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord' DESC 'Key, RFC 2 535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.27 NAME 'gPosRecord' DESC 'Geographi cal Position, RFC 1712' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Sub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord' DESC 'IPv6 addr ess, RFC 1886' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord' DESC 'Location, RFC 1876' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord' DESC 'non-exista nt, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord' DESC 'service lo cation, RFC 2782' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord' DESC 'Naming A uthority Pointer, RFC 2915' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA 5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord' DESC 'Key Exchang e Delegation, RFC 2230' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Sub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord' DESC 'certifica te, RFC 2538' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record' DESC 'A6 Record T ype, RFC 2874' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' DESC 'Non-Term inal DNS Name Redirection, RFC 2672' EQUALITY caseIgnoreIA5Match SUBSTR cas eIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.42 NAME 'aPLRecord' DESC 'Lists of A ddress Prefixes, RFC 3123' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5 SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord' DESC 'Delegation Signer, RFC 3658' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord' DESC 'SSH Key Fingerprint, RFC 4255' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subs tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.45 NAME 'iPSecKeyRecord' DESC 'SSH K ey Fingerprint, RFC 4025' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5S ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord' DESC 'RRSIG, R FC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord' DESC 'NSEC, RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.48 NAME 'dNSKeyRecord' DESC 'DNSKEY, RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.49 NAME 'dHCIDRecord' DESC 'DHCID, R FC 4701' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.51 NAME 'nSec3ParamRecord' DESC 'par ameters for NSEC3, RFC 5155' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreI A5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.52 NAME 'TLSARecord' DESC 'DNS-Based Authentication of Named Entities - Transport Layer Security Protocol, RFC 6698' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.99 NAME 'sPFRecord' DESC 'Sender Pol icy Framework, RFC 4408' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Su bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.257 NAME 'CAARecord' DESC 'Certifica tion Authority Authorization, RFC 6844' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.32769 NAME 'DLVRecord' DESC 'RFC 443 1: DNSSEC Lookaside Validation' EQUALITY caseIgnoreIA5Match SUBSTR caseIgno reIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.1.1.28 NAME 'nisPublickey' DESC 'nisPublickey' E QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.1.1.29 NAME 'nisSecretkey' DESC 'nisSecretkey' E QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.1.1.30 NAME 'nisDomain' SUP name ) attributeTypes: ( 2.16.840.1.113730.3.1.30 NAME 'mgrpRFC822MailMember' DESC 'mgrpRFC822MailMember' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466. 115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.12 NAME 'nisNetIdUser' DESC 'nisNe tIdUser' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.13 NAME 'nisNetIdGroup' DESC 'nisN etIdGroup' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.14 NAME 'nisNetIdHost' DESC 'nisNe tIdHost' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.15 NAME 'SolarisLDAPServers' DESC 'SolarisLDAPServers' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.16 NAME 'SolarisSearchBaseDN' DESC 'SolarisSearchBaseDN' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.17 NAME 'SolarisCacheTTL' DESC 'So larisCacheTTL' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S INGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.18 NAME 'SolarisBindDN' DESC 'Sola risBindDN' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.19 NAME 'SolarisBindPassword' DESC 'SolarisBindPassword' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.20 NAME 'SolarisAuthMethod' DESC ' SolarisAuthMethod' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.21 NAME 'SolarisTransportSecurity' DESC 'SolarisTransportSecurity' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.24 NAME 'SolarisDataSearchDN' DESC 'SolarisDataSearchDN' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.25 NAME 'SolarisSearchScope' DESC 'SolarisSearchScope' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.26 NAME 'SolarisSearchTimeLimit' D ESC 'SolarisSearchTimeLimit' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.27 NAME 'SolarisPreferedServer' DE SC 'SolarisPreferedServer' SUP name ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.28 NAME 'SolarisPreferedServerOnly ' DESC 'SolarisPreferedServerOnly' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.29 NAME 'SolarisSearchReferral' DE SC 'SolarisSearchReferral' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.31 NAME 'homeFax' SYNTAX 1.3.6.1. 4.1.1466.115.121.1.22 ) attributeTypes: ( 2.16.128.113533.1.1400.1 NAME 'thumbnailPhoto' SYNTAX 1.3. 6.1.4.1.1466.115.121.1.28 ) attributeTypes: ( 2.16.128.113533.1.1400.2 NAME 'thumbnailLogo' SYNTAX 1.3.6 .1.4.1.1466.115.121.1.28 ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.34 NAME 'middleName' SUP name ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.1 NAME ( 'xmozillanickname' 'mozilla Nickname' ) SUP name ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.2 NAME ( 'xmozillausehtmlmail' 'mozi llaUseHtmlMail' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.3 NAME 'mozillaSecondEmail' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.26{256} ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.4 NAME 'mozillaHomeLocalityName' EQU ALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15{128} ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.5 NAME 'mozillaPostalAddress2' EQUAL ITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.41 ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.6 NAME 'mozillaHomePostalAddress2' E QUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.41 ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.7 NAME 'mozillaHomeState' SUP name ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.8 NAME 'mozillaHomePostalCode' EQUAL ITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.15{40} ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.9 NAME 'mozillaHomeCountryName' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.10 NAME 'mozillaHomeFriendlyCountryN ame' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.11 NAME ( 'homeurl' 'mozillaHomeUrl' ) EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.26{256} ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.12 NAME ( 'workurl' 'mozillaWorkUrl' ) EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.26{256} ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.13 NAME 'nsAIMid' DESC 'AOL Instant Messenger (AIM) Identity' EQUALITY telephoneNumberMatch SUBSTR telephoneNum berSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.96 NAME ( 'custom1' 'mozillaCustom1' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.97 NAME ( 'custom2' 'mozillaCustom2' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.98 NAME ( 'custom3' 'mozillaCustom3' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.99 NAME ( 'custom4' 'mozillaCustom4' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'LanMa nager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121 .1.26{32} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 h ash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 .1466.115.121.1.26{32} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Accoun t Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1 6} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'Times tamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC 'Tim estamp of when the user is allowed to update the password' EQUALITY integer Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC 'Ti mestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Timest amp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'Times tamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC 'Time stamp of when the user will be logged off automatically' EQUALITY integerMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' DESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' DESC ' Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC 'Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42 } SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'Driver letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 .1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC 'Logo n script path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5{255} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC 'Roam ing profile path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15{255} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' DESC 'List of user workstations the user is allowed to logon to' EQUALITY caseIg noreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Home di rectory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15{128} ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC 'Windo ws NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.15{128} ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC 'Base6 4 encoded user parameter string' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.15{1050} ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC ' Concatenated MD5 hashes of the salted NT passwords used on this account' EQ UALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' DESC ' Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 466.115.121.1.26{64} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' DESC 'Security ID List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 64} ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'NT Gro up Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC 'Next NT rid to give our for users' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC 'Nex t NT rid to give out for groups' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Next NT rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DES C 'Base at which the samba RID generation algorithm should operate' EQUALIT Y integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC 'Share Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC 'Optio n Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' DESC 'A boo lean option' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SING LE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' DESC 'An integer option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' DESC 'A s tring option' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. 26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' DESC 'A string list option' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC 'Trust Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.26 ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' DESC 'Min imal password length (default: 5)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength' DESC 'Length of Password History Entries (default: 0 => off)' EQUALITY integerMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' DESC 'Fo rce Users to logon for password change (default: 0 => off, 2 => on)' EQUALI TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC 'Maximu m password age, in seconds (default: -1 => never expire passwords)' EQUALIT Y integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC 'Minimu m password age, in seconds (default: 0 => allow immediate password change)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' DESC ' Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY integerM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindo w' DESC 'Reset time after lockout in minutes (default: 30)' EQUALITY intege rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold' DESC 'Lockout users after bad logon attempts (default: 0 => off)' EQUALITY integ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DESC 'Disc onnect Users outside logon hours (default: -1 => off, 0 => on)' EQUALITY in tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange' DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY integer Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword' DESC 'Clear text password (used for trusted domain passwords)' EQUALITY octetSt ringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPasswo rd' DESC 'Previous clear text password (used for trusted domain passwords)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.70 NAME 'sambaTrustType' DESC 'Type o f trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.71 NAME 'sambaTrustAttributes' DESC ' Trust attributes for a trusted domain' EQUALITY integerMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.72 NAME 'sambaTrustDirection' DESC 'D irection of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.73 NAME 'sambaTrustPartner' DESC 'Ful ly qualified name of the domain with which a trust exists' EQUALITY caseIgn oreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.74 NAME 'sambaFlatName' DESC 'NetBIOS name of a domain' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15{128} ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.75 NAME 'sambaTrustAuthOutgoing' DESC 'Authentication information for the outgoing portion of a trust' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.76 NAME 'sambaTrustAuthIncoming' DESC 'Authentication information for the incoming portion of a trust' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.77 NAME 'sambaSecurityIdentifier' DES C 'SID of a trusted domain' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5 SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.78 NAME 'sambaTrustForestTrustInfo' D ESC 'Forest trust information for a trusted domain object' EQUALITY caseExa ctMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.79 NAME 'sambaTrustPosixOffset' DESC 'POSIX offset of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.80 NAME 'sambaSupportedEncryptionType s' DESC 'Supported encryption types of a trust' EQUALITY integerMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5322.10.1.1 NAME 'krb5PrincipalName' DESC 'The unparsed Kerberos principal name' EQUALITY caseExactIA5Match SYNTAX 1.3.6. 1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5322.10.1.2 NAME 'krb5KeyVersionNumber' EQUALI TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5322.10.1.3 NAME 'krb5MaxLife' EQUALITY intege rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5322.10.1.4 NAME 'krb5MaxRenew' EQUALITY integ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5322.10.1.5 NAME 'krb5KDCFlags' EQUALITY integ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5322.10.1.6 NAME 'krb5EncryptionType' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 1.3.6.1.4.1.5322.10.1.7 NAME 'krb5ValidStart' EQUALITY gen eralizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5322.10.1.8 NAME 'krb5ValidEnd' EQUALITY gener alizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5322.10.1.9 NAME 'krb5PasswordEnd' EQUALITY ge neralizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5322.10.1.10 NAME 'krb5Key' DESC 'Encoded ASN1 Key as an octet string' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) attributeTypes: ( 1.3.6.1.4.1.5322.10.1.11 NAME 'krb5PrincipalRealm' DESC 'D istinguished name of krb5Realm entry' SUP distinguishedName ) attributeTypes: ( 1.3.6.1.4.1.5322.10.1.12 NAME 'krb5RealmName' EQUALITY oct etStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) attributeTypes: ( 2.16.840.1.113719.1.301.4.1.1 NAME 'krbPrincipalName' EQUA LITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.26 ) attributeTypes: ( 1.2.840.113554.1.4.1.6.1 NAME 'krbCanonicalName' EQUALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.3.1 NAME 'krbPrincipalType' EQUA LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.5.1 NAME 'krbUPEnabled' DESC 'Bo olean' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.6.1 NAME 'krbPrincipalExpiration ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE -VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.8.1 NAME 'krbTicketFlags' EQUALI TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.9.1 NAME 'krbMaxTicketLife' EQUA LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.10.1 NAME 'krbMaxRenewableAge' E QUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.14.1 NAME 'krbRealmReferences' E QUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.15.1 NAME 'krbLdapServers' EQUAL ITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.17.1 NAME 'krbKdcServers' EQUALI TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.18.1 NAME 'krbPwdServers' EQUALI TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.24.1 NAME 'krbHostServer' EQUALI TY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.25.1 NAME 'krbSearchScope' EQUAL ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.26.1 NAME 'krbPrincipalReference s' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.28.1 NAME 'krbPrincNamingAttr' E QUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.29.1 NAME 'krbAdmServers' EQUALI TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.30.1 NAME 'krbMaxPwdLife' EQUALI TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.31.1 NAME 'krbMinPwdLife' EQUALI TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.32.1 NAME 'krbPwdMinDiffChars' E QUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.33.1 NAME 'krbPwdMinLength' EQUA LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.34.1 NAME 'krbPwdHistoryLength' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5322.21.2.1 NAME 'krbPwdMaxFailure' EQUALITY i ntegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5322.21.2.2 NAME 'krbPwdFailureCountInterval' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5322.21.2.3 NAME 'krbPwdLockoutDuration' EQUAL ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.2.840.113554.1.4.1.6.2 NAME 'krbPwdAttributes' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.2.840.113554.1.4.1.6.3 NAME 'krbPwdMaxLife' EQUALITY int egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.2.840.113554.1.4.1.6.4 NAME 'krbPwdMaxRenewableLife' EQU ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.2.840.113554.1.4.1.6.5 NAME 'krbPwdAllowedKeysalts' EQUA LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.36.1 NAME 'krbPwdPolicyReference ' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SING LE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.37.1 NAME 'krbPasswordExpiration ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE -VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.39.1 NAME 'krbPrincipalKey' EQUA LITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.40.1 NAME 'krbTicketPolicyRefere nce' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 S INGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.41.1 NAME 'krbSubTrees' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.42.1 NAME 'krbDefaultEncSaltType s' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.43.1 NAME 'krbSupportedEncSaltTy pes' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.44.1 NAME 'krbPwdHistory' EQUALI TY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.45.1 NAME 'krbLastPwdChange' EQU ALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALU E ) attributeTypes: ( 1.3.6.1.4.1.5322.21.2.5 NAME 'krbLastAdminUnlock' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.46.1 NAME 'krbMKey' EQUALITY oct etStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.47.1 NAME 'krbPrincipalAliases' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.48.1 NAME 'krbLastSuccessfulAuth ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE -VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.49.1 NAME 'krbLastFailedAuth' EQ UALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VAL UE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.50.1 NAME 'krbLoginFailedCount' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.51.1 NAME 'krbExtraData' EQUALIT Y octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.52.1 NAME 'krbObjectReferences' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.53.1 NAME 'krbPrincContainerRef' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113730.3.8.15.2.1 NAME 'krbPrincipalAuthInd' EQ UALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.5322.21.2.4 NAME 'krbAllowedToDelegateTo' EQUA LITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.1 NAME ( 'esgSid' 'esgStreamId' ) DESC 'String uniquely identifying each stream' EQUALITY caseExactMatch SUBS TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA LUE ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.2 NAME ( 'esgSN' 'esgSessionName' ) DESC 'Session name/title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.3 NAME ( 'esgInfo' 'esgInformation ' ) DESC 'Short description' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.4 NAME 'esgInfoUri' DESC 'URI to m ore Information' SUP labeledURI ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.4.1 NAME 'esgContact' DESC 'Other co ntact Information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.4.2 NAME 'esgContactMail' DESC 'Emai l-address to contact-person' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreI A5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.4.3 NAME 'esgContactPhone' DESC 'Pho ne number to contact-person' EQUALITY telephoneNumberMatch SUBSTR telephone NumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.4.4 NAME 'esgContactDN' DESC 'LDAP D N to contact-person' SUP distinguishedName ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.6 NAME ( 'esgCategory' 'esgCat' ) DESC 'Meta-category: meeting, broadcast, test etc.' EQUALITY caseIgnoreMatc h SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.7 NAME 'esgTool' DESC 'Tool that m ade the announcement (SDP: a=tool:...)' EQUALITY caseIgnoreMatch SUBSTR cas eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.8 NAME 'esgSource' DESC 'How the a nnouncement entered the system' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.3.1 NAME 'esgFormat' DESC 'Media for mat' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.3.10 NAME 'esgStreamUri' DESC 'Direc t absolute url to stream' SUP labeledURI ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.3.11 NAME 'esgSdpUri' DESC 'Url to f ile in sdp-format, if any' SUP labeledURI ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.1 NAME 'esgAlwaysOn' DESC 'Whether the stream is permanent/on-demand or temporary/live' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.2 NAME 'esgFirstShown' DESC 'When the stream starts to be transmitted for the first time' EQUALITY generalize dTimeMatch ORDERING generalizedTimeOrderingMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.3 NAME 'esgFinalEnd' DESC 'When th e stream will no longer be transmitted' EQUALITY generalizedTimeMatch ORDER ING generalizedTimeOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.24 ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.4 NAME 'esgDuration' DESC 'Duratio n of stream if temporary' EQUALITY numericStringMatch SUBSTR numericStringS ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.5 NAME 'esgRepeatInterval' DESC 'F rom SDP: r=repeatinterval duration offset [offset [offset ...]]' EQUALITY n umericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.36 ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.6 NAME 'esgIntervalOffset' DESC 'F rom SDP: r=repeatinterval duration offset [offset [offset ...]]' EQUALITY n umericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.36 ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.8 NAME 'esgTotalDuration' DESC 'Le ngth if on-demand stream, else: finalend - firsthown' EQUALITY numericStrin gMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.36 ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.255 NAME 'esgSdp' DESC 'File in sd p-format, if any' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.1 NAME 'dhcpPrimaryDN' DESC 'The DN of the dhcpServer which is the primary server for the configuration.' E QUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE- VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.2 NAME 'dhcpSecondaryDN' DESC 'T he DN of dhcpServer(s) which provide backup service for the configuration.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.3 NAME 'dhcpStatements' DESC 'Fl exible storage for specific data depending on what object this exists in. L ike conditional statements, server parameters, etc. This allows the standar d to evolve without needing to adjust the schema.' EQUALITY caseIgnoreIA5Ma tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.4 NAME 'dhcpRange' DESC 'The sta rting & ending IP Addresses in the range (inclusive), separated by a hyphen ; if the range only contains one address, then just the address can be spec ified with no hyphen. Each range is defined as a separate value.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.5 NAME 'dhcpPermitList' DESC 'Th is attribute contains the permit lists associated with a pool. Each permit list is defined as a separate value.' EQUALITY caseIgnoreIA5Match SYNTAX 1. 3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.6 NAME 'dhcpNetMask' DESC 'The s ubnet mask length for the subnet. The mask can be easily computed from thi s length.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGL E-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.7 NAME 'dhcpOption' DESC 'Encode d option values to be sent to clients. Each value represents a single opti on and contains (OptionTag, Length, OptionValue) encoded in the format used by DHCP.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.8 NAME 'dhcpClassData' DESC 'Enc oded text string or list of bytes expressed in hexadecimal, separated by co lons. Clients match subclasses based on matching the class data with the r esults of match or spawn with statements in the class name declarations.' E QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALU E ) attributeTypes: ( 2.16.840.1.113719.1.203.4.9 NAME 'dhcpOptionsDN' DESC 'The distinguished name(s) of the dhcpOption objects containing the configurati on options provided by the server.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.10 NAME 'dhcpHostDN' DESC 'the d istinguished name(s) of the dhcpHost objects.' EQUALITY distinguishedNameMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.11 NAME 'dhcpPoolDN' DESC 'The d istinguished name(s) of pools.' EQUALITY distinguishedNameMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.12 NAME 'dhcpGroupDN' DESC 'The distinguished name(s) of the groups.' EQUALITY distinguishedNameMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.13 NAME 'dhcpSubnetDN' DESC 'The distinguished name(s) of the subnets.' EQUALITY distinguishedNameMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.14 NAME 'dhcpLeaseDN' DESC 'The distinguished name of a client address.' EQUALITY distinguishedNameMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.15 NAME 'dhcpLeasesDN' DESC 'The distinguished name(s) client addresses.' EQUALITY distinguishedNameMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.16 NAME 'dhcpClassesDN' DESC 'Th e distinguished name(s) of a class(es) in a subclass.' EQUALITY distinguish edNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.17 NAME 'dhcpSubclassesDN' DESC 'The distinguished name(s) of subclass(es).' EQUALITY distinguishedNameMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.18 NAME 'dhcpSharedNetworkDN' DE SC 'The distinguished name(s) of sharedNetworks.' EQUALITY distinguishedNam eMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.19 NAME 'dhcpServiceDN' DESC 'Th e DN of dhcpService object(s)which contain the configuration information. E ach dhcpServer object has this attribute identifying the DHCP configuration (s) that the server is associated with.' EQUALITY distinguishedNameMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.20 NAME 'dhcpVersion' DESC 'The version attribute of this object.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 .1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.21 NAME 'dhcpImplementation' DES C 'Description of the DHCP Server implementation e.g. DHCP Servers vendor.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VA LUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.22 NAME 'dhcpAddressState' DESC 'This stores information about the current binding-status of an address. F or dynamic addresses managed by DHCP, the values should be restricted to th e following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET", "ABANDONED", "BACKUP". For other addresses, it SHOULD be one of the following: "UNKNOW N", "RESERVED" (an address that is managed by DHCP that is reserved for a s pecific client), "RESERVED-ACTIVE" (same as reserved, but address is curren tly in use), "ASSIGNED" (assigned manually or by some other mechanism), "UN ASSIGNED", "NOTASSIGNABLE".' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 .1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.23 NAME 'dhcpExpirationTime' DES C 'This is the time the current lease for an address expires.' EQUALITY gen eralizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.24 NAME 'dhcpStartTimeOfState' D ESC 'This is the time of the last state change for a leased address.' EQUAL ITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.25 NAME 'dhcpLastTransactionTime ' DESC 'This is the last time a valid DHCP packet was received from the cli ent.' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SI NGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.26 NAME 'dhcpBootpFlag' DESC 'Th is indicates whether the address was assigned via BOOTP.' EQUALITY booleanM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.27 NAME 'dhcpDomainName' DESC 'T his is the name of the domain sent to the client by the server. It is esse ntially the same as the value for DHCP option 15 sent to the client, and re presents only the domain - not the full FQDN. To obtain the full FQDN assi gned to the client you must prepend the "dhcpAssignedHostName" to this valu e with a ".".' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121. 1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.28 NAME 'dhcpDnsStatus' DESC 'Th is indicates the status of updating DNS resource records on behalf of the c lient by the DHCP server for this address. The value is a 16-bit bitmask.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.29 NAME 'dhcpRequestedHostName' DESC 'This is the hostname that was requested by the client.' EQUALITY case IgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.30 NAME 'dhcpAssignedHostName' D ESC 'This is the actual hostname that was assigned to a client. It may not be the name that was requested by the client. The fully qualified domain n ame can be determined by appending the value of "dhcpDomainName" (with a do t separator) to this name.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1. 1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.31 NAME 'dhcpReservedForClient' DESC 'The distinguished name of a "dhcpClient" that an address is reserved for. This may not be the same as the "dhcpAssignedToClient" attribute if t he address is being reassigned but the current lease has not yet expired.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE -VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.32 NAME 'dhcpAssignedToClient' D ESC 'This is the distinguished name of a "dhcpClient" that an address is cu rrently assigned to. This attribute is only present in the class when the address is leased.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.33 NAME 'dhcpRelayAgentInfo' DES C 'If the client request was received via a relay agent, this contains info rmation about the relay agent that was available from the DHCP request. Th is is a hex-encoded option value.' EQUALITY octetStringMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.34 NAME 'dhcpHWAddress' DESC 'Th e clients hardware address that requested this IP address.' EQUALITY caseIg noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.35 NAME 'dhcpHashBucketAssignmen t' DESC 'HashBucketAssignment bit map for the DHCP Server, as defined in DH C Load Balancing Algorithm [RFC 3074].' EQUALITY octetStringMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.36 NAME 'dhcpDelayedServiceParam eter' DESC 'Delay in seconds corresponding to Delayed Service Parameter con figuration, as defined in DHC Load Balancing Algorithm [RFC 3074]. ' EQUAL ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.37 NAME 'dhcpMaxClientLeadTime' DESC 'Maximum Client Lead Time configuration in seconds, as defined in DHCP Failover Protocol [FAILOVR]' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.38 NAME 'dhcpFailOverEndpointSta te' DESC 'Server (Failover Endpoint) state, as defined in DHCP Failover Pro tocol [FAILOVR]' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.39 NAME 'dhcpErrorLog' DESC 'Gen eric error log attribute that allows logging error conditions within a dhcp Service or a dhcpSubnet, like no IP addresses available for lease.' EQUALIT Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.40 NAME 'dhcpLocatorDN' DESC 'Th e DN of dhcpLocator object which contain the DNs of all DHCP configuration objects. There will be a single dhcpLocator object in the tree with links t o all the DHCP objects in the tree' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.41 NAME 'dhcpKeyAlgorithm' DESC 'Algorithm to generate TSIG Key' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1 .4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.42 NAME 'dhcpKeySecret' DESC 'Se cret to generate TSIG Key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.43 NAME 'dhcpDnsZoneServer' DESC 'Master server of the DNS Zone' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1 .4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.44 NAME 'dhcpKeyDN' DESC 'The DN s of TSIG Key to use in secure dynamic updates. In case of locator object, this will be list of TSIG keys. In case of DHCP Service, Shared Network, S ubnet and DNS Zone, it will be a single key.' EQUALITY distinguishedNameMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.45 NAME 'dhcpZoneDN' DESC 'The D Ns of DNS Zone. In case of locator object, this will be list of DNS Zones i n the tree. In case of DHCP Service, Shared Network and Subnet, it will be a single DNS Zone.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.46 NAME 'dhcpFailOverPrimaryServ er' DESC 'IP address or DNS name of the server playing primary role in DHC Load Balancing and Fail over.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 .1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.47 NAME 'dhcpFailOverSecondarySe rver' DESC 'IP address or DNS name of the server playing secondary role in DHC Load Balancing and Fail over.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 .1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.48 NAME 'dhcpFailOverPrimaryPort ' DESC 'Port on which primary server listens for connections from its fail over peer (secondary server)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.49 NAME 'dhcpFailOverSecondaryPo rt' DESC 'Port on which secondary server listens for connections from its f ail over peer (primary server)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.27 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.50 NAME 'dhcpFailOverResponseDel ay' DESC 'Maximum response time in seconds, before Server assumes that conn ection to fail over peer has failed' EQUALITY integerMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.27 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.51 NAME 'dhcpFailOverUnackedUpda tes' DESC 'Number of BNDUPD messages that server can send before it receive s BNDACK from its fail over peer' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.52 NAME 'dhcpFailOverSplit' DESC 'Split between the primary and secondary servers for fail over purpose' EQ UALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.53 NAME 'dhcpFailOverLoadBalance Time' DESC 'Cutoff time in seconds, after which load balance is disabled' E QUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.54 NAME 'dhcpFailOverPeerDN' DES C 'The DNs of Fail over peers. In case of locator object, this will be list of fail over peers in the tree. In case of Subnet and pool, it will be a s ingle Fail Over Peer' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.55 NAME 'dhcpServerDN' DESC 'Lis t of all DHCP Servers in the tree. Used by dhcpLocatorObject' EQUALITY dis tinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.56 NAME 'dhcpComments' DESC 'Gen eric attribute that allows coments within any DHCP object' EQUALITY caseIg noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.10 NAME 'dlzZoneName' DESC 'DNS zone name - domain name not including host name' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.20 NAME 'dlzHostName' DESC 'Host por tion of a domain name' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.30 NAME 'dlzData' DESC 'Data for the resource record' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.40 NAME 'dlzType' DESC 'DNS record t ype - A, SOA, NS, MX, etc...' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.50 NAME 'dlzSerial' DESC 'SOA record serial number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.60 NAME 'dlzRefresh' DESC 'SOA recor d refresh time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.70 NAME 'dlzRetry' DESC 'SOA retry t ime in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.80 NAME 'dlzExpire' DESC 'SOA expire time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.90 NAME 'dlzMinimum' DESC 'SOA minim um time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.100 NAME 'dlzAdminEmail' DESC 'E-mai l address of person responsible for this zone - @ should be replaced with . (period)' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.110 NAME 'dlzPrimaryNS' DESC 'Primar y name server for this zone - should be host name not IP address' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.120 NAME 'dlzIPAddr' DESC 'IP addres s - IPV4 should be in dot notation xxx.xxx.xxx.xxx IPV6 should be in colon notation xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx' EQUALITY caseExactIA5Matc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{40} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.130 NAME 'dlzCName' DESC 'DNS cname' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.140 NAME 'dlzPreference' DESC 'DNS M X record preference. Lower numbers have higher preference' EQUALITY intege rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.150 NAME 'dlzTTL' DESC 'DNS time to live - how long this record can be cached by caching DNS servers' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.160 NAME 'dlzRecordID' DESC 'Unique ID for each DLZ resource record' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'automount M ap Name' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.32 NAME 'automountKey' DESC 'Automount Key v alue' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC 'Automou nt information' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.37 NAME 'x509CRLThisUpdate' DESC ' Date at which this revocation list was issued - see RFC3280 5.1.2.4' EQUALI TY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.38 NAME 'x509CRLNextUpdate' DESC ' Date by which the next revocation list in this series will be issued, see - RFC3280 5.1.2.5' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOr deringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.102 NAME 'x509CRLNumber' DESC 'seq uence number of issued CRL - see RFC3280 5.2.3' EQUALITY integerMatch ORDER ING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.48 NAME 'x509CRLDPRfc822Name' DESC 'Internet electronic mail address of the issuing distribution point, se e RFC3280 5.2.5' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.49 NAME 'x509CRLDPDnsName' DESC 'I nternet domain name of the issuing distribution point, see RFC3280 5.2.5' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.50 NAME 'x509CRLDPDN' DESC 'Distin guished name of the issuing distribution point, see RFC3280 5.2.5' EQUALIT Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.51 NAME 'x509CRLDPURI' DESC 'Unifo rm Resource Identifier of the issuing distribution point, see RFC3280 5.2 .5' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.52 NAME 'x509CRLDPIpAddress' DESC 'Internet Protocol address, of the issuing distribution point, see RFC3280 5.2.5' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.53 NAME 'x509CRLDPRegisteredID' DE SC 'Any registered OID of the certificate issuer, see RFC3280 5.2.5' EQUAL ITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.54 NAME 'x509CRLDPOnlyUserCerts' D ESC 'If true, the CRL only contains revocations for end-entity certs, see RFC3280 5.2.5' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.55 NAME 'x509CRLDPOnlyCACerts' DES C 'If true, the CRL only contains revocations for CA certs, see RFC3280 5. 2.5' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.56 NAME 'x509CRLDPOnlySomeReasons' DESC 'If true, the CRL only contains some revocation reason codes, see RF C3280 5.2.5' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.57 NAME 'x509CRLDPOnlyAttCerts' DE SC 'If true, the CRL only contains revocations for attribute certs, see RF C3280 5.2.5' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.58 NAME 'x509CRLDPindirect' DESC ' If true, the CRL is an indirect CRL, see RFC3280 5.2.5' EQUALITY booleanMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.59 NAME 'x509CRLDeltaIndicator' DE SC 'Indicates this is a delta CRL, and the value points to the sequence nu mber of the issued base CRL to which this is a delta - see RFC3280 5.2.4' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.27 SINGLE-VALUE ) attributeTypes:: KCAxLjIuODI2LjAuMS4zMzQ0ODEwLjEuMS4zOSBOQU1FICd4NTA5Q1JMQ2V ydFJldm9jYXRpb25EYXRlJyBERVNDICdEYXRlL3RpbWUgdGhlIENBIGFjdHVhbGx5IHJldm9rZW QgdGhlIGNlcnRpZmljYXRlLCBzZWUg4oCTICAJUkZDMzI4MCA1LjEuMi42JyBFUVVBTElUWSBnZ W5lcmFsaXplZFRpbWVNYXRjaCBPUkRFUklORyBnZW5lcmFsaXplZFRpbWVPcmRlcmluZ01hdGNo IFNZTlRBWCAxLjMuNi4xLjQuMS4xNDY2LjExNS4xMjEuMS4yNCBTSU5HTEUtVkFMVUUgKQ== attributeTypes: ( 1.2.826.0.1.3344810.1.1.40 NAME 'x509CRLCertInvalidityDate ' DESC 'date at which it is known or suspected that the private key was co mpromised, see RFC3280 5.3.3' EQUALITY generalizedTimeMatch ORDERING genera lizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.41 NAME 'x509CRLCertIssuerRfc822Na me' DESC 'Internet electronic mail address of the certificate issuer, see RFC3280 5.3.4' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.42 NAME 'x509CRLCertIssuerDnsName' DESC 'Internet domain name of the certificate issuer, see RFC3280 5.3.4' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.43 NAME 'x509CRLCertIssuerDN' DESC 'Distinguished name of the certificate issuer, see RFC3280 5.3.4' EQUALIT Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.44 NAME 'x509CRLCertIssuerURI' DES C 'Uniform Resource Identifier of the certificate issuer, see RFC3280 5.3. 4' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.45 NAME 'x509CRLCertIssuerIpAddres s' DESC 'Internet Protocol address, of the certificate issuer, see RFC3280 5.3.4' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.46 NAME 'x509CRLCertIssuerRegister edID' DESC 'Any registered OID of the certificate issuer, see RFC3280 5.3. 4' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.47 NAME 'x509CRLCertReasonCode' DE SC 'An integer code indicating the reason for the revocation, see RFC3280 5.3.1' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.27 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.103 NAME 'x509CRLCertHoldInstructi onCode' DESC 'Any registered OID indicating a hold instruction, see RFC328 0 5.3.2' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 8 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.1 NAME 'x509version' DESC 'X.509 V ersion of the certificate, or of the CRL' EQUALITY integerMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.2 NAME 'x509serialNumber' DESC 'Un ique integer for each certificate issued by a particular CA' EQUALITY inte gerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.3 NAME 'x509signatureAlgorithm' DE SC 'OID of the algorithm used by the CA in signing the CRL or the certific ate' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SI NGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.4 NAME 'x509issuer' DESC 'Distingu ished name of the entity who has signed and issued the certificate' EQUALI TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.5 NAME 'x509validityNotBefore' DES C 'Date on which the certificate validity period begins' EQUALITY generaliz edTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.24 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.6 NAME 'x509validityNotAfter' DESC 'Date on which the certificate validity period ends' EQUALITY generalizedT imeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.24 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.7 NAME 'x509subject' DESC 'Disting uished name of the entity associated with this public-key' EQUALITY distin guishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.8 NAME 'x509subjectPublicKeyInfoAl gorithm' DESC 'OID identifying the algorithm associated with the certified public key' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.38 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.11 NAME 'x509authorityKeyIdentifie r' DESC 'Key Identifier field of the Authority Key Identifier extension' E QUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.12 NAME 'x509authorityCertIssuer' DESC 'Authority Cert Issuer field of the Authority Key Identifier extensio n' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SIN GLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.13 NAME 'x509authorityCertSerialNu mber' DESC 'Authority Cert Serial Number field of the Authority Key Identi fier extension' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.14 NAME 'x509subjectKeyIdentifier' DESC 'Key identifier which must be unique with respect to all key identif iers for the subject' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.15 NAME 'x509keyUsage' DESC 'Purpo se for which the certified public key is used' EQUALITY caseIgnoreMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.16 NAME 'x509policyInformationIden tifier' DESC 'OID which indicates the policy under which the certificate h as been issued and the purposes for which the certificate may be used' EQU ALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VAL UE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.17 NAME 'x509subjectRfc822Name' DE SC 'Internet electronic mail address of the entity associated with this pu blic-key' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.18 NAME 'x509subjectDnsName' DESC 'Internet domain name of the entity associated with this public-key' EQUAL ITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.19 NAME 'x509subjectDirectoryName' DESC 'Distinguished name of the entity associated with this public-key' E QUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.20 NAME 'x509subjectUniformResourc eIdentifier' DESC 'Uniform Resource Identifier for the World-Wide Web of t he entity associated with this public-key' EQUALITY caseExactIA5Match SUBST R caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.21 NAME 'x509subjectIpAddress' DES C 'Internet Protocol address of the entity associated with this public-key ' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.22 NAME 'x509subjectRegisteredID' DESC 'OID of any registered object identifying the entity associated with this public-key' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.38 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.23 NAME 'x509issuerRfc822Name' DES C 'Internet electronic mail address of the entity who has signed and issue d the certificate' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.24 NAME 'x509issuerDnsName' DESC ' Internet domain name of the entity who has signed and issued the certifica te' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.25 NAME 'x509issuerDirectoryName' DESC 'Distinguished name of the entity who has signed and issued the certi ficate' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 2 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.26 NAME 'x509issuerUniformResource Identifier' DESC 'Uniform Resource Identifier for the World-Wide Web of th e entity who has signed and issued the certificate' EQUALITY caseExactIA5Ma tch SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.27 NAME 'x509issuerIpAddress' DESC 'Internet Protocol address of the entity who has signed and issued the ce rtificate' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.28 NAME 'x509issuerRegisteredID' D ESC 'OID of any registered object identifying the entity who has signed an d issued the certificate' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.38 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.29 NAME 'x509basicConstraintsCa' D ESC 'Identifies whether the subject of the certificate is a CA' EQUALITY b ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.30 NAME 'x509extKeyUsage' DESC 'Pu rposes for which the certified public key may be used, identified by an OI D' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.32 NAME 'x509fullCRLDistributionPo intURI' DESC 'URI type of DistributionPointName for the full CRL' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.4.74 NAME 'x509certLocation' DESC 'P ointer to a x509certificate Entry' EQUALITY distinguishedNameMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.4.75 NAME 'x509certHolder' DESC 'Poi nter to the directory entry of the end entity to which this certificate wa s issued' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .12 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.4.76 NAME 'x509userCert' DESC 'Compl ete x.509 user certificate' SUP userCertificate SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.4.77 NAME 'x509caCert' DESC 'Complet e x.509 CA certificate' SUP caCertificate SINGLE-VALUE ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.60 NAME 'x509issuerSerial' DESC 'U sed to hold the RDN of a certificate entry, formed by concatenating the AC serial number and issuer fields ' EQUALITY distinguishedNameMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.61 NAME 'x509ACHolderPKCSerialNumb er' DESC 'The serial number of the PKC of the AC holder - see RFC3281 4.2. 2' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.62 NAME 'x509ACHolderPKCissuerDN' DESC 'Distinguished name of the issuer of the PKC belonging to the AC hold er - see RFC3281 4.2.2' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.12 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.63 NAME 'x509ACHolderRfc822Name' D ESC 'Internet electronic mail address of the AC holder - see RFC3281 4.2. 2' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.64 NAME 'x509ACHolderDNSName' DESC 'Internet domain name of the AC Holder, see RFC3281 4.2.2' EQUALITY caseI gnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.65 NAME 'x509ACHolderDN' DESC 'Dis tinguished name of the AC Holder, see RFC3281 4.2.2' EQUALITY distinguishe dNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.66 NAME 'x509ACHolderURI' DESC 'Un iform Resource Identifier of the AC Holder - see RFC3281 4.2.2' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.67 NAME 'x509ACHolderIPAddress' DE SC 'Internet Protocol address of the AC Holder, see RFC3281 4.2.2' EQUALIT Y caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.68 NAME 'x509ACHolderRegisteredID' DESC 'Any registered OID of the AC holder, see RFC3281 4.2.2' EQUALITY ob jectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) attributeTypes:: KCAxLjIuODI2LjAuMS4zMzQ0ODEwLjEuMS42OSBOQU1FICd4NTA5QUNPYmp lY3REaWdlc3QnIERFU0MgJ0hvbGRzIHRoZSBoYXNoIHZhbHVlIG9mIHRoZSBvYmplY3QgaWRlbn RpZmllZCBieSAJeDUwOUFDRGlnZXN0ZWRPYmplY3RUeXBlIOKAkyBzZWUgUkZDIDMyODEsIHNlY 3Rpb24gNy4zJyBFUVVBTElUWSBiaXRTdHJpbmdNYXRjaCBTWU5UQVggMS4zLjYuMS40LjEuMTQ2 Ni4xMTUuMTIxLjEuNiBTSU5HTEUtVkFMVUUgKQ== attributeTypes: ( 1.2.826.0.1.3344810.1.1.70 NAME 'x509ACDigestAlgorithm' DE SC 'OID of the hashing algorithm used to create the Object digest, see RFC 3281, section 7.3' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.38 SINGLE-VALUE ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.71 NAME 'x509ACDigestedObjectType' DESC 'Type of object being digested - see RFC3281, section 7.3' EQUALITY i ntegerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .27 SINGLE-VALUE ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.72 NAME 'x509ACAuditID' DESC 'Iden tity of holder used in audit trails - see RFC3281 4.3.1' EQUALITY octetStri ngMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.73 NAME 'x509ACTargetRfc822Name' D ESC 'Internet electronic mail address of the ACs Target - see RFC3281 4.3 .2' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.74 NAME 'x509ACTargetDNSName' DESC 'Internet domain name of the ACs Target, see RFC3281 4.3.2' EQUALITY case IgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.75 NAME 'x509ACTargetDN' DESC 'Dis tinguished name of the ACs Target, see RFC3281 4.3.2' EQUALITY distinguishe dNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.76 NAME 'x509ACTargetURI' DESC 'Un iform Resource Identifier of the ACs Target - see RFC3281 4.3.2' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.77 NAME 'x509ACTargetIPAddress' DE SC 'Internet Protocol address of the ACs Target, see RFC3281 4.3.2' EQUALI TY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.78 NAME 'x509ACTargetRegisteredID' DESC 'Any registered OID of the ACs Target, see RFC3281 4.3.2' EQUALITY o bjectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.79 NAME 'x509ACTargetGroupRfc822Na me' DESC 'Internet electronic mail address of the ACs Target group - see RFC3281 4.3.2' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.80 NAME 'x509ACTargetGroupDNSName' DESC 'Internet domain name of the ACs Target group, see RFC3281 4.3.2' EQ UALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.26 ) attributeTypes:: KCAxLjIuODI2LjAuMS4zMzQ0ODEwLjEuMS44MSBOQU1FICd4NTA5QUNUYXJ nZXRHcm91cEROJyBERVNDICdEaXN0aW5ndWlzaGVkIG5hbWUgb2YgdGhlIEFD4oCZcyBUYXJnZX QgZ3JvdXAsIHNlZSAJUkZDMzI4MSA0LjMuMicgRVFVQUxJVFkgZGlzdGluZ3Vpc2hlZE5hbWVNY XRjaCBTWU5UQVggMS4zLjYuMS40LjEuMTQ2Ni4xMTUuMTIxLjEuMTIgKQ== attributeTypes:: KCAxLjIuODI2LjAuMS4zMzQ0ODEwLjEuMS44MiBOQU1FICd4NTA5QUNUYXJ nZXRHcm91cFVSSScgREVTQyAnVW5pZm9ybSBSZXNvdXJjZSBJZGVudGlmaWVyIG9mIHRoZSBBQ+ KAmXMgVGFyZ2V0IGdyb3VwICAJLSBzZWUgUkZDMzI4MSA0LjMuMicgRVFVQUxJVFkgY2FzZUV4Y WN0SUE1TWF0Y2ggU1VCU1RSIGNhc2VFeGFjdElBNVN1YnN0cmluZ3NNYXRjaCBTWU5UQVggMS4z LjYuMS40LjEuMTQ2Ni4xMTUuMTIxLjEuMjYgKQ== attributeTypes: ( 1.2.826.0.1.3344810.1.1.83 NAME 'x509ACTargetGroupIPAddres s' DESC 'Internet Protocol address of the ACs Target group, see RFC3281 4. 3.2' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.84 NAME 'x509ACTargetGroupRegister edID' DESC 'Any registered OID of the ACs Target group, see RFC3281 4.3.2' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.85 NAME 'x509ACNoRevocation' DESC 'If true, the AC will never be revoked, see RFC3281 section 4.3.6' EQUALIT Y booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.86 NAME 'x509DPRfc822Name' DESC 'I nternet electronic mail address of the distribution point, see RFC3280 section 4.2.1.14' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.87 NAME 'x509DPDNSName' DESC 'Inte rnet domain name of the distribution point, see RFC3280 section 4.2.1.14' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.88 NAME 'x509DPDN' DESC 'Distingui shed name of the distribution point, see RFC3280 section 4.2.1.14' EQUALIT Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.89 NAME 'x509DPURI' DESC 'Uniform Resource Identifier of the distribution point, see RFC3280 section 4.2.1. 14' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.90 NAME 'x509DPIPAddress' DESC 'In ternet Protocol address of the distribution point, see RFC3280 section 4.2 .1.14' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.91 NAME 'x509DPRegisteredID' DESC 'Any registered OID of the distribution point, see RFC3280 section 4.2.1.1 4' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.92 NAME 'x509DPrelativeToIssuer' D ESC 'RDN of the distribution point, relative to the issuer, see RFC3280 s ection 4.2.1.14' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.12 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.93 NAME 'x509DPissuerRfc822Name' D ESC 'Internet electronic mail address of the distribution point CRL iss uer, see RFC3280 section 4.2.1.14' EQUALITY caseIgnoreIA5Match SUBSTR caseI gnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.94 NAME 'x509DPissuerDNSName' DESC 'Internet domain name of the distribution point CRL issuer, see RFC3280 s ection 4.2.1.14' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.95 NAME 'x509DPissuerDN' DESC 'Dis tinguished name of the distribution point CRL issuer, see RFC3280 section 4.2.1.14' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.12 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.96 NAME 'x509DPissuerURI' DESC 'Un iform Resource Identifier of the distribution point CRL issuer, see RFC32 80 section 4.2.1.14' EQUALITY caseExactIA5Match SUBSTR caseExactIA5Substrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.97 NAME 'x509DPissuerIPAddress' DE SC 'Internet Protocol address of the distribution point CRL issuer, see RF C3280 section 4.2.1.14' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Sub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.98 NAME 'x509DPissuerRegisteredID' DESC 'Any registered OID of the distribution point CRL issuer, see RFC32 80 section 4.2.1.14' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.38 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.99 NAME 'x509DPReasonCodes' DESC ' The reason codes used by a DP, see RFC3280 section 4.2.1.14' EQUALITY bitS tringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) attributeTypes: ( 1.3.6.1.1.11.1.2.1 NAME 'vPIMTelephoneNumber' DESC 'draft- ietf-vpim-vpimdir: The full E.164 form of the telephone number, including a ny sub-addressing portion' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.44{20} ) attributeTypes: ( 1.3.6.1.1.11.1.2.2 NAME 'vPIMRfc822Mailbox' DESC 'draft-ie tf-vpim-vpimdir: stores the inter-domain SMTP address of the voice mailbox associated with a given telephone number' EQUALITY caseIgnoreIA5Match SYNTA X 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributeTypes: ( 1.3.6.1.1.11.1.2.3 NAME 'vPIMSpokenName' DESC 'draft-ietf- vpim-vpimdir: the spoken name of the user in the voice of the user' EQUALIT Y octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{20000} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.11.1.2.4 NAME 'vPIMTextName' DESC 'draft-ietf-vp im-vpimdir: consistent with the unstructured text name databases used for c alling name delivery service of caller ID' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{20} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.11.1.2.5 NAME 'vPIMSupportedAudioMediaTypes' DES C 'draft-ietf-vpim-vpimdir: MIME audio subtype(s) of encodings that can be received at the address specified in vPIMRfc822Mailbox' EQUALITY caseIgnore IA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.11.1.2.6 NAME 'vPIMSupportedMessageContext' DESC 'draft-ietf-vpim-vpimdir: provides guidance to the sender about the messag e contexts the recipient is likely to accept' EQUALITY caseIgnoreIA5Match S YNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.11.1.2.7 NAME 'vPIMExtendedAbsenceStatus' DESC ' draft-ietf-vpim-vpimdir: indicates to the subscriber whether the recipient is accepting messages during his absence' EQUALITY caseIgnoreIA5Match SYNTA X 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.11.1.2.8 NAME 'vPIMSupportedUABehaviors' DESC 'd raft-ietf-vpim-vpimdir: list of the attributes considered optional by VPIM and other vendor-specific attributes maybe supported by the recipient' EQUA LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.11.1.2.9 NAME 'vPIMMaxMessageSize' DESC 'draft-i etf-vpim-vpimdir: maximum message length in seconds the receiving mailbox a ccepts' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-V ALUE ) attributeTypes: ( 1.3.6.1.1.11.1.2.10 NAME 'vPIMSubMailboxes' DESC 'draft-ie tf-vpim-vpimdir: indicates the presence of sub-mailboxes' EQUALITY numericS tringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{4} ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.1 NAME 'AstContext' DESC 'Asterisk C ontext' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.2 NAME 'AstExtension' DESC 'Asterisk Extension' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.3 NAME 'AstPriority' DESC 'Asterisk Priority' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.4 NAME 'AstApplication' DESC 'Asteri sk Application' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.5 NAME 'AstApplicationData' DESC 'As terisk Application Data' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.6 NAME 'AstAccountAMAFlags' DESC 'As terisk Account AMA Flags' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.7 NAME 'AstAccountCallerID' DESC 'As terisk Account CallerID' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.8 NAME 'AstAccountContext' DESC 'Ast erisk Account Context' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.9 NAME 'AstAccountMailbox' DESC 'Ast erisk Account Mailbox' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.10 NAME 'AstMD5secret' DESC 'Asteris k Account MD5 Secret' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.11 NAME 'AstAccountDeny' DESC 'Aster isk Account Deny' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.12 NAME 'AstAccountPermit' DESC 'Ast erisk Account Permit' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.13 NAME 'AstAccountQualify' DESC 'As terisk Account Qualify' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.14 NAME 'AstAccountType' DESC 'Aster isk Account Type' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.15 NAME 'AstAccountDisallowedCodec' DESC 'Asterisk Account Disallowed Codec' EQUALITY caseIgnoreMatch SUBSTR ca seIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.16 NAME 'AstAccountExpirationTimesta mp' DESC 'Asterisk Account Expiration Timestamp' EQUALITY caseIgnoreMatch S UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.17 NAME 'AstAccountRegistrationConte xt' DESC 'Asterisk Account Registration Context' EQUALITY caseIgnoreMatch S UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.18 NAME 'AstAccountRegistrationExten ' DESC 'Asterisk Account Registration Extension' EQUALITY caseIgnoreMatch S UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.19 NAME 'AstAccountNoTransfer' DESC 'Asterisk Account No Transfer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.20 NAME 'AstAccountCallGroup' DESC ' Asterisk Account Call Group' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.21 NAME 'AstAccountCanReinvite' DESC 'Asterisk Account Can Reinvite' EQUALITY caseIgnoreMatch SUBSTR caseIgnore SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.22 NAME 'AstAccountDTMFMode' DESC 'A sterisk Account DTMF Flags' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.23 NAME 'AstAccountFromUser' DESC 'A sterisk Account From User' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.24 NAME 'AstAccountFromDomain' DESC 'Asterisk Account From Domain' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.25 NAME 'AstAccountFullContact' DESC 'Asterisk Account Full Contact' EQUALITY caseIgnoreMatch SUBSTR caseIgnore SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.26 NAME 'AstAccountHost' DESC 'Aster isk Account Host' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.27 NAME 'AstAccountInsecure' DESC 'A sterisk Account Insecure' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.28 NAME 'AstAccountNAT' DESC 'Asteri sk Account NAT' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.29 NAME 'AstAccountPickupGroup' DESC 'Asterisk Account PickupGroup' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.30 NAME 'AstAccountPort' DESC 'Aster isk Account Port' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.31 NAME 'AstAccountRestrictCID' DESC 'Asterisk Account Restrict CallerID' EQUALITY caseIgnoreMatch SUBSTR caseI gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.32 NAME 'AstAccountRTPTimeout' DESC 'Asterisk Account RTP Timeout' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.33 NAME 'AstAccountRTPHoldTimeout' D ESC 'Asterisk Account RTP Hold Timeout' EQUALITY caseIgnoreMatch SUBSTR cas eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.34 NAME 'AstAccountRealmedPassword' DESC 'Asterisk Account Realmed Password' EQUALITY caseIgnoreMatch SUBSTR ca seIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.35 NAME 'AstAccountAllowedCodec' DES C 'Asterisk Account Allowed Codec' EQUALITY caseIgnoreMatch SUBSTR caseIgno reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.36 NAME 'AstAccountMusicOnHold' DESC 'Asterisk Account Music On Hold' EQUALITY caseIgnoreMatch SUBSTR caseIgnor eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.37 NAME 'AstAccountCanCallForward' D ESC 'Asterisk Account Can Call Forward' EQUALITY caseIgnoreMatch SUBSTR cas eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.38 NAME 'AstAccountSecret' DESC 'Ast erisk Account Secret' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.39 NAME 'AstAccountName' DESC 'Aster isk Account Username' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.40 NAME 'AstConfigFilename' DESC 'As terisk LDAP Configuration Filename' EQUALITY caseIgnoreMatch SUBSTR caseIgn oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.41 NAME 'AstConfigCategory' DESC 'As terisk LDAP Configuration Category' EQUALITY caseIgnoreMatch SUBSTR caseIgn oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.42 NAME 'AstConfigCategoryMetric' DE SC 'Asterisk LDAP Configuration Category Metric' EQUALITY caseIgnoreMatch S UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.43 NAME 'AstConfigVariableName' DESC 'Asterisk LDAP Configuration Variable Name' EQUALITY caseIgnoreMatch SUBST R caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.44 NAME 'AstConfigVariableValue' DES C 'Asterisk LDAP Configuration Variable Value' EQUALITY caseIgnoreMatch SUB STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.45 NAME 'AstConfigCommented' DESC 'A sterisk LDAP Configuration Commented' EQUALITY caseIgnoreMatch SUBSTR caseI gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.46 NAME 'AstAccountIPAddress' DESC ' Asterisk Account IP Address' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.47 NAME 'AstAccountDefaultUser' DESC 'Asterisk Account Default User' EQUALITY caseIgnoreMatch SUBSTR caseIgnore SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.48 NAME 'AstAccountRegistrationServe r' DESC 'Asterisk Account Registration Server' EQUALITY caseIgnoreMatch SUB STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.49 NAME 'AstAccountLastQualifyMillis econds' DESC 'Asterisk Account Last Qualify Milliseconds' EQUALITY caseIgno reMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.50 NAME 'AstAccountCallLimit' DESC ' Asterisk Account Call Limit' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.51 NAME 'AstVoicemailMailbox' DESC ' Asterisk voicemail mailbox' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.52 NAME 'AstVoicemailPassword' DESC 'Asterisk voicemail password' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.53 NAME 'AstVoicemailFullname' DESC 'Asterisk voicemail fullname' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.54 NAME 'AstVoicemailEmail' DESC 'As terisk voicemail email' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.55 NAME 'AstVoicemailPager' DESC 'As terisk voicemail pager' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.56 NAME 'AstVoicemailOptions' DESC ' Asterisk voicemail options' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.57 NAME 'AstVoicemailTimestamp' DESC 'Asterisk voicemail timestamp' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.58 NAME 'AstVoicemailContext' DESC ' Asterisk voicemail context' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.59 NAME 'AstAccountSubscribeContext' DESC 'Asterisk subscribe context' EQUALITY caseIgnoreMatch SUBSTR caseIgno reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.61 NAME 'AstAccountUserAgent' DESC ' Asterisk account user context' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.62 NAME 'AstAccountLanguage' DESC 'A sterisk account user language' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.63 NAME 'AstAccountTransport' DESC ' Asterisk account transport type' EQUALITY caseIgnoreMatch SUBSTR caseIgnore SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.64 NAME 'AstAccountPromiscRedir' DES C 'Asterisk account promiscous redirects' EQUALITY caseIgnoreMatch SUBSTR c aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.65 NAME 'AstAccountAccountCode' DESC 'Asterisk account billing code' EQUALITY caseIgnoreMatch SUBSTR caseIgnore SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.66 NAME 'AstAccountSetVar' DESC 'Ast erisk account setvar' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.67 NAME 'AstAccountAllowOverlap' DES C 'Asterisk account allow overlap dialing' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.68 NAME 'AstAccountVideoSupport' DES C 'Asterisk account video support' EQUALITY caseIgnoreMatch SUBSTR caseIgno reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.69 NAME 'AstAccountIgnoreSDPVersion' DESC 'Asterisk account ignore SDP version' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.70 NAME 'AstAccountPathSupport' DESC 'Asterisk account support Path RFC 3327' EQUALITY caseIgnoreMatch SUBSTR c aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.8 NAME 'pgpBaseKeySpaceDN' DESC 'Poin ts to DN of the object that will store the PGP keys.' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.9 NAME 'pgpSoftware' DESC 'pgpSoftwar e attribute for PGP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-OR IGIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.10 NAME 'pgpVersion' DESC 'pgpVersion attribute for PGP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORI GIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.11 NAME 'pgpKey' DESC 'pgpKey attribu te for PGP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Pre tty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.12 NAME 'pgpCertID' DESC 'pgpCertID a ttribute for PGP' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Pr ivacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.13 NAME 'pgpDisabled' DESC 'pgpDisabl ed attribute for PGP' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.14 NAME 'pgpKeyID' DESC 'pgpKeyID att ribute for PGP' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Priv acy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.15 NAME 'pgpKeyType' DESC 'pgpKeyType attribute for PGP' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.16 NAME 'pgpUserID' DESC 'User ID(s) associated with the PGP key.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Pretty Good Pri vacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.17 NAME 'pgpKeyCreateTime' DESC 'pgpK eyCreateTime attribute for PGP' EQUALITY caseIgnoreMatch ORDERING caseIgnor eOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.18 NAME 'pgpSignerID' DESC 'pgpSigner ID attribute for PGP' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Pretty Good Privacy (PG P)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.19 NAME 'pgpRevoked' DESC 'pgpRevoked attribute for PGP' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.20 NAME 'pgpSubKeyID' DESC 'Sub-key I D(s) of the PGP key.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Pretty Good Privacy (PG P)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.21 NAME 'pgpKeySize' DESC 'pgpKeySize attribute for PGP' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMat ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- ORIGIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.22 NAME 'pgpKeyExpireTime' DESC 'pgpK eyExpireTime attribute for PGP' EQUALITY caseIgnoreMatch ORDERING caseIgnor eOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.6 NAME 'pgpReconData' DESC 'PGP defin ed attributed containing reconstruction data' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.40 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.7 NAME 'pgpReconCertID' DESC 'PGP def ined attribute containing the certID of the key' EQUALITY caseIgnoreMatch S UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.2 NAME 'pgpElementType' DESC 'PGP def ined attribute containing the type of the pref object' EQUALITY caseIgnoreM atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.3 NAME 'pgpData' DESC 'PGP defined at tribute containing the admin pref data' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4 0 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.2.840.113556.1.4.478 NAME 'calCalURI' DESC 'URI to a sna pshot of the users entire default calendar' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALU E ) attributeTypes: ( 1.2.840.113556.1.4.479 NAME 'calFBURL' DESC 'URI to the us ers default free/busy time data' EQUALITY caseIgnoreMatch SUBSTR caseIgnore SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.480 NAME 'calCAPURI' DESC 'URI used to communicate with the users calendar' EQUALITY caseIgnoreMatch SUBSTR caseIg noreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.481 NAME 'calCalAdrURI' DESC 'URI to wh ich event requests should be sent for the user' EQUALITY caseIgnoreMatch SU BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE ) attributeTypes: ( 1.2.840.113556.1.4.482 NAME 'calOtherCalURIs' DESC 'URIs t o snapshots of non-default calendars belonging to the user' EQUALITY caseIg noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 ) attributeTypes: ( 1.2.840.113556.1.4.483 NAME 'calOtherFBURLs' DESC 'URIs to non-default free/busy data belonging to the user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.2.840.113556.1.4.484 NAME 'calOtherCAPURIs' DESC 'URIs t o non-default calendars belonging to the user' EQUALITY caseIgnoreMatch SUB STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.2.840.113556.1.4.485 NAME 'calOtherCalAdrURIs' DESC 'URI s of destinations for event requests to non-default calendars' EQUALITY cas eIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 ) attributeTypes: ( 1.3.6.1.4.1.13040.2.1.1 NAME 'hordePrefs' DESC 'Horde Pref erences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1 024} ) attributeTypes: ( 1.3.6.1.4.1.13040.3.1.1 NAME 'impPrefs' DESC 'IMP Preferen ces' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.4.1.1 NAME 'turbaPrefs' DESC 'Turba Pref erences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1 024} ) attributeTypes: ( 1.3.6.1.4.1.13040.4.1.2 NAME 'turbaType' DESC 'Turba Objec t Type: Contact/List' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{8} ) attributeTypes: ( 1.3.6.1.4.1.13040.4.1.3 NAME 'turbaMembers' DESC 'Encoded members of a Turba list' SUP name ) attributeTypes: ( 1.3.6.1.4.1.13040.4.1.4 NAME 'turbaPGPPublicKey' DESC 'PGP /GPG Public Key' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.26{4000} ) attributeTypes: ( 1.3.6.1.4.1.13040.5.1.1 NAME 'kronolithPrefs' DESC 'Kronol ith Preferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.26{1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.6.1.1 NAME 'nagPrefs' DESC 'Nag Preferen ces' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.7.1.1 NAME 'gollemPrefs' DESC 'Gollem Pr eferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 {1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.8.1.1 NAME 'choraPrefs' DESC 'Chora Pref erences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1 024} ) attributeTypes: ( 1.3.6.1.4.1.13040.9.1.1 NAME 'mnemoPrefs' DESC 'Mnemo Pref erences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1 024} ) attributeTypes: ( 1.3.6.1.4.1.13040.10.1.1 NAME 'trollPrefs' DESC 'Troll Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.11.1.1 NAME 'klutzPrefs' DESC 'Klutz Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.12.1.1 NAME 'jonahPrefs' DESC 'Jonah Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.13.1.1 NAME 'hermesPrefs' DESC 'Hermes P references' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 6{1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.14.1.1 NAME 'junoPrefs' DESC 'Juno Prefe rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 24} ) attributeTypes: ( 1.3.6.1.4.1.13040.15.1.1 NAME 'treanPrefs' DESC 'Trean Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.16.1.1 NAME 'whupsPrefs' DESC 'Whups Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.17.1.1 NAME 'ingoPrefs' DESC 'Ingo Prefe rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 24} ) attributeTypes: ( 1.3.6.1.4.1.13040.18.1.1 NAME 'anselPrefs' DESC 'Ansel Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.19.1.1 NAME 'geniePrefs' DESC 'Genie Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.20.1.1 NAME 'scryPrefs' DESC 'Scry Prefe rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 24} ) attributeTypes: ( 1.3.6.1.4.1.13040.21.1.1 NAME 'wickedPrefs' DESC 'Wicked P references' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 6{1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.22.1.1 NAME 'agoraPrefs' DESC 'Agora Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.24.1.1 NAME 'goopsPrefs' DESC 'Goops Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.25.1.1 NAME 'merkPrefs' DESC 'Merk Prefe rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 24} ) attributeTypes: ( 1.3.6.1.4.1.13040.26.1.1 NAME 'mimpPrefs' DESC 'MIMP Prefe rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 24} ) attributeTypes: ( 1.3.6.1.4.1.13040.27.1.1 NAME 'mottlePrefs' DESC 'Mottle P references' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 6{1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.28.1.1 NAME 'nicPrefs' DESC 'NIC Prefere nces' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024 } ) attributeTypes: ( 1.3.6.1.4.1.13040.29.1.1 NAME 'occamPrefs' DESC 'Occam Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.30.1.1 NAME 'odinPrefs' DESC 'Odin Prefe rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 24} ) attributeTypes: ( 1.3.6.1.4.1.13040.31.1.1 NAME 'rakimPrefs' DESC 'Rakim Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.32.1.1 NAME 'seshaPrefs' DESC 'Sesha Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.33.1.1 NAME 'swooshPrefs' DESC 'Swoosh P references' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 6{1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.34.1.1 NAME 'thorPrefs' DESC 'Thor Prefe rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 24} ) attributeTypes: ( 1.3.6.1.4.1.13040.35.1.1 NAME 'ulaformPrefs' DESC 'Ulaform Preferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1 .26{1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.36.1.1 NAME 'volosPrefs' DESC 'Volos Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.37.1.1 NAME 'jetaPrefs' DESC 'Jeta Prefe rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 24} ) attributeTypes: ( 1.3.6.1.4.1.412.100.1.2.5 NAME 'arrayIndex' DESC 'the inde x of this child' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.101 NAME 'dlmIdentifyingDescriptio n' DESC 'A free-form string providing explanation and details be hind the entries in the dlmOtherIdentifyingInfo attribute.' EQUA LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.112 NAME 'dlmOtherIdentifyingInfo' DESC 'OtherIdentifyingInfo captures additional data, beyond tha t of Tag information, that could be used to identify a Physical Element. One example is bar code data associated with an Element that also has an asset tag. Note that if only bar code data is available and is unique/able to be used as an Element key, this property would be NULL and the bar code data used as the class key, in the Tag property.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.1.2.1 NAME 'orderedCimKeys' DESC 'The model path for the instance (without propagated keys). May be us ed as an RDN' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.1.2.2 NAME 'orderedCimModelPath' DESC 'The model path for the instance (with propagated keys). May be used as an RDN' OBSOLETE EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.103 NAME 'dlmCaption' DESC 'The Ca ption property is a short textual description (oneline string) o f the object.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5{64} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.104 NAME 'dlmDescription' DESC 'Th e Description property provides a textual description of the obje ct.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.105 NAME 'dlmInstallDate' DESC 'A datetime value indicating when the object was installed. A lack of a value does not indicate that the object is not installed.' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-V ALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.106 NAME 'dlmName' DESC 'The Name property defines the label by which the object is known. When su bclassed, the Name property can be overridden to be a Key proper ty.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SIN GLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.107 NAME 'dlmStatus' DESC 'A strin g indicating the current status of the object. Various operation al and non-operational statuses are defined. Operational statuse s are "OK", "Degraded", "Stressed" and "Pred Fail". "Stressed" indicates that the Element is functioning, but needs a ttention. Examples of "Stressed" states are overload, overheate d, etc. The condition "Pred Fail" (failure predicted) indicates that an Element is functioning properly but predicting a failure in the near future. An example is a SMART-enabled hard drive. [...]' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15{10} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.108 NAME 'dlmCreationClassName' DE SC 'CreationClassName indicates the name of the class or the su bclass used in the creation of an instance. When used with the o ther key properties of this class, this property allows all ins tances of this class and its subclasses to be uniquely identifie d.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SING LE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.119 NAME 'dlmNameFormat' DESC 'The System object and its derivatives are Top Level Objects of CIM. They provide the scope for numerous components. Having unique S ystem keys is required. A heuristic can be defined in individual System subclasses to attempt to always generate the same System Name Key. The NameFormat property identifies how the System name was generated, using the subclass" heuristic.' EQUA LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.120 NAME 'dlmPrimaryOwnerContact' DESC 'A string that provides information on how the primary syst em owner can be reached (e.g. phone number, email address, ...). ' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE -VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.121 NAME 'dlmPrimaryOwnerName' DES C 'The name of the primary system owner.' EQUALITY caseIgnoreMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.15{64} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.122 NAME 'dlmRoles' DESC 'An array (bag) of strings that specify the roles this System plays in th e IT-environment. Subclasses of System may override this proper ty to define explicit Roles values. Alternately, a Working Group may describe the heuristics, conventions and guidelines for specifying Roles. For example, for an instance of a netw orking system, the Roles property might contain the string, "Swi tch" or "Bridge".' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.123 NAME 'dlmDedicated' DESC 'Enum eration indicating whether the ComputerSystem is a special-purp ose System (ie, dedicated to a particular use), versus being "ge neral purpose". For example, one could specify that the System i s dedicated to "Print" (value=11) or acts as a "Hub" (value=8). Values are 0="Not Dedicated", 1="Unknown", 2="Other" , 3="Storage", 4="Router", 5="Switch", 6="Layer 3 Switch", 7="Ce ntral Office Switch", 8="Hub", 9="Access Server", 10="Firewall", 11="Print", 12="I/O", 13="Web Caching", 14="Manageme nt"' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.136 NAME 'dlmStartMode' DESC 'Star tMode is a string value indicating whether the Service is automa tically started by a System, Operating System, etc. or only star ted upon request. Value Mapping are "Automatic", "Manual"' EQUA LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.137 NAME 'dlmStarted' DESC 'Starte d is a boolean indicating whether the Service has been started ( TRUE), or stopped (FALSE).' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALU E ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.139 NAME 'dlmSettingID' DESC 'The identifier by which the Setting object is known.' EQUALITY caseI gnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.159 NAME 'dlmElementSettingElement Ref' DESC 'The ManagedSystemElement. Values of this attribute po int to entries of class dlmManagedSystemElement.' EQUALITY disti nguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.160 NAME 'dlmElementSettingSetting Ref' DESC 'The Setting object associated with the ManagedSystem Element. Values of this attribute point to entries of class dlmS etting.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 12 ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.186 NAME 'dlmMemberOfCollectionCol lectionRef' DESC 'The Collection that aggregates members. Values of this attribute point to entries of class dlmCollection.' EQUALITY dist inguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.187 NAME 'dlmMemberOfCollectionMem berRef' DESC 'The aggregated member of the collection. Values of this attribute point to entries of class dlmManagedElement.' EQ UALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.8 NAME 'dlm1FilterListDirection' DESC 'This defines whether the FilterList is used for input, outp ut, or both input and output filtering. All values are used with r espect to the interface for which the FilterList applies. "Not Applicable" (0) is used when there is no direction applicabl e to the FilterList. "Input" (1) is used when the FilterList appli es to packets that are inbound on the related interface. "Output" (2) is used when the FilterList applies to packe ts that are outbound on the related interface. "Both" (3) is used to indicate that the direction is immaterial, e.g., to fi lter on a source subnet regardless of whether the flow is inbound or outbound. "Mirrored" (4) is also applicable to both inbound and outbound flow processing, but indicates that th e filter criteria are applied asymmetrically to traffic in both di rections and, thus, specifies the reversal of source and destination criteria (as opposed to the equality of these criteria as indicated by "Both"). The match conditions in the aggregated FilterEntryBase subclass instances are defined from the pe rspective of outbound flows and applied to inbound flows as well b y reversing the source and destination criteria. So, for example, consider a FilterList with 3 FilterEntries indicating des tination port = 80, and source and destination addresses of a and b, respectively. Then, for the outbound direction, the filter entries match as specified and the mirror (for the inbound di rection) matches on source port = 80 and source and destination ad dresses of b and a, respectively.), Values are "Not Appli cable", "Input", "Output", "Both", "Mirrored"' EQUALITY caseIgnore Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.1 NAME 'dlm1FilterEntryBaseIsNeg ated' DESC 'Boolean indicating that the match condition described in the properties of the FilterEntryBase subclass should be negate d.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.2 NAME 'dlmProtocolType' DESC 'P rotocolType is an enumeration that provides additional information that can be used to help categorize and classify different instan ces of this class. Values are "Unknown", "Other", "IPv4", "IPv6", "IPX", "AppleTalk", "DECnet", "SNA", "CONP", "CLNP", "VINES", "XNS", "ATM", "Frame Relay", "Ethernet", "TokenRing", "FDDI", "Infiniband", "Fibre Channel", "ISDN BRI Endpoint", "ISDN B Chann el Endpoint", "ISDN D Channel Endpoint"' EQUALITY caseIgnoreMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.3 NAME 'dlmOtherTypeDescription' DESC 'A string describing the type of ProtocolEndpoint that this instance is when the Type property of this class (or any of its s ubclasses) is set to "Other". The format of the string inserted in this property should be similar in format to the values defined f or the Type property. This property should be set to NULL when the Type property is any value other than "Other".' EQUALITY caseIgno reMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.4 NAME 'dlmIPAddress' DESC 'The IP address that this ProtocolEndpoint represents, formatted accord ing to the appropriate convention as defined in the AddressType pr operty of this class (e.g., 171.79.6.40).' EQUALITY caseIgnoreMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.5 NAME 'dlmIPSubnetMask' DESC 'T he mask for the IP address of this ProtocolEndpoint, formatted acc ording to the appropriate convention as defined in the AddressType property of this class (e.g., 255.255.252.0).' EQUALITY caseIgnor eMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.6 NAME 'dlmIPAddressType' DESC ' An enumeration that describes the format of the address property. Whenever possible, IPv4-compatible addresses should be used instea d of native IPv6 addresses (see RFC 2373, section 2.5.4). In order to have a consistent format for IPv4 addresses in a mixed IPv4/v6 environment, all IPv4 addresses and both IPv4-compatible IPv6 add resses and IPv4-mapped IPv6 addresses, per RFC 2373, section 2.5.4, should be formatted in standard IPv4 format. However, t his (the 2.2) version of the Network Common Model will not explici tly support mixed IPv4/IPv6 environments. This will be added in a future release. Values are "Unknown", "IPv4", "IPv6".' EQUALITY ca seIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.7 NAME 'dlmIPVersionSupport' DES C 'It is not possible to tell from the address alone if a given IP ProtocolEndpoint can support IPv4 and IPv6, or just one of these. This property explicitly defines the support for different version s of IP that this IPProtocolEndpoint has. More implementa tion experience is needed in order to correctly model mixed IPv4/I Pv6 networks; therefore, this version (2.2) of the Network Common Model will not support mixed IPv4/IPv6 environments. This will be looked at further in a future version. Values are "Unknow n", "IPv4 Only", "IPv6 Only".' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.18 NAME 'dlmBiometric' DESC 'Biome tric information used to identify a person. The property value is left null or set to "N/A" for non-human user or a user not u sing biometric information for authentication. Values are 0="N/ A", 1="Other", 2="Facial", 3="Retina", 4="Mark", 5="F inger", 6="Voice", 7="DNA-RNA", 8="EEG".' EQUALITY integerMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.19 NAME 'dlmElementID' DESC 'The E lementID property uniquely specifies the ManagedElement object i nstance that is the user represented by the UsersAccess object i nstance. The ElementID is formatted similarly to a model path except that the property-value pairs are ordered in al phabetical order (US ASCII lexical order).' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.41 NAME 'dlmElementAsUserAnteceden tRef' DESC 'The ManagedElement that has UsersAccess. The value of this attribute points to an entry of class dlm1ManagedElement .' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SIN GLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.42 NAME 'dlmElementAsUserDependent Ref' DESC 'The "owned" UsersAccess. Values of this attribute poi nt to entries of class dlm1UsersAccess.' EQUALITY distinguishedNameMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.57 NAME 'dlmUsersCredentialAnteced entRef' DESC 'The issued credential that may be used. Values of this attribute point to entries of class dlm1Credential.' EQUALI TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.58 NAME 'dlmUsersCredentialDepende ntRef' DESC 'The UsersAccess that has use of a credential. Value s of this attribute point to entries of class dlm1UsersAccess.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.26 NAME 'dlmRemoteID' DESC 'Remote ID is the name by which the user is known at the KDC security ser vice.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} S INGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.28 NAME 'dlmAlgorithm' DESC 'algor ithm names the transformation algorithm, if any, used to protect passwords before use in the protocol. For instance, Kerberos doe sn"t store passwords as the shared secret, but rather, a hash of the password.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.29 NAME 'dlmProtocol' DESC 'protoc ol names the protocol with which the SharedSecret is used.' EQUAL ITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.30 NAME 'dlmSecret' DESC 'secret i s the secret known by the Users Access.' EQUALITY caseIgnoreMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.6.2.15 NAME 'pcimRoles' DESC 'RFC 3703: Each val ue of this attribute represents a role-combination.' EQUALITY caseIgnoreMat ch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.1.6.2.3 NAME 'pcimKeywords' DESC 'RFC 3703: A set of keywords to assist directory clients in locating the policy objects appl icable to them.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.1.6.2.4 NAME 'pcimGroupName' DESC 'RFC 3703: The u ser-friendly name of this policy group.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.6.2.5 NAME 'pcimRuleName' DESC 'RFC 3703: The us er-friendly name of this policy rule.' EQUALITY caseIgnoreMatch ORDERING ca seIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.6.2.6 NAME 'pcimRuleEnabled' DESC 'RFC 3703: An integer indicating whether a policy rule is administratively enabled (value =1), disabled (value=2), or enabled for debug (value=3).' EQUALITY integerM atch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN GLE-VALUE ) attributeTypes: ( 1.3.6.1.1.6.2.11 NAME 'pcimRuleUsage' DESC 'RFC 3703: This attribute is a free-form sting providing guidelines on how this policy sho uld be used.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUB STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE ) attributeTypes: ( 1.3.6.1.1.6.2.13 NAME 'pcimRuleMandatory' DESC 'RFC 3703: If TRUE, indicates that for this policy rule, the evaluation of its conditi ons and execution of its actions (if the condition is satisfied) is require d.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.6.2.16 NAME 'pcimConditionGroupNumber' DESC 'RFC 3703: The number of the group to which a policy condition belongs. This i s used to form the DNF or CNF expression associated with a policy rule.' EQ UALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.6.2.17 NAME 'pcimConditionNegated' DESC 'RFC 370 3: If TRUE (FALSE), it indicates that a policy condition IS (IS NOT) negate d in the DNF or CNF expression associated with a policy rule.' EQUALITY boo leanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.6.2.18 NAME 'pcimConditionName' DESC 'RFC 3703: A user-friendly name for a policy condition.' EQUALITY caseIgnoreMatch ORDE RING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.6.2.19 NAME 'pcimConditionDN' DESC 'RFC 3703: A DN that references an instance of a reusable policy condition.' EQUALITY di stinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.6.2.23 NAME 'pcimActionOrder' DESC 'RFC 3703: An integer indicating the relative order of an action in the context of a pol icy rule.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.6.2.22 NAME 'pcimActionName' DESC 'RFC 3703: A u ser-friendly name for a policy action.' EQUALITY caseIgnoreMatch ORDERING c aseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.6.2.24 NAME 'pcimActionDN' DESC 'RFC 3703: A DN that references a reusable policy action.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.6.2.36 NAME 'pcimRepositoryName' DESC 'RFC 3703: The user-friendly name of this policy repository.' EQUALITY caseIgnoreMatc h ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.1 NAME 'pcelsPolicySetName' DESC 'RFC 4104: User-friendly name of a policy set' EQUALITY caseIgnoreMatch ORDERING caseI gnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.2 NAME 'pcelsDecisionStrategy' DESC 'RFC 410 4: Evaluation method for the components of a pcelsPolicySet' EQUALITY integ erMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.3 NAME 'pcelsPolicySetList' DESC 'RFC 4104: Unordered set of DNs of pcelsPolicySetAssociation entries' EQUALITY disting uishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.1.9.2.4 NAME 'pcelsPriority' DESC 'RFC 4104: Prior ity of a component' EQUALITY integerMatch ORDERING integerOrderingMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.5 NAME 'pcelsPolicySetDN' DESC 'RFC 4104: DN of a pcelsPolicySet entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.62 NAME 'pcelsRuleValidityPeriodList' DESC ' RFC 4104: Unordered set of DNs of pcimRuleValidityAssociation entries' EQUA LITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.1.9.2.6 NAME 'pcelsConditionListType' DESC 'RFC 41 04: Indicates the type of condition aggregation' EQUALITY integerMatch ORDE RING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.7 NAME 'pcelsConditionList' DESC 'RFC 4104: Unordered set of DNs of pcelsConditionAssociation entries' EQUALITY disting uishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.1.9.2.8 NAME 'pcelsActionList' DESC 'RFC 4104: Uno rdered set of DNs of pcelsActionAssociation entries' EQUALITY distinguished NameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.1.9.2.9 NAME 'pcelsSequencedActions' DESC 'RFC 410 4: Indicates the importance of action sequencing' EQUALITY integerMatch ORD ERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALU E ) attributeTypes: ( 1.3.6.1.1.9.2.10 NAME 'pcelsExecutionStrategy' DESC 'RFC 4 104: Indicates the action execution strategy' EQUALITY integerMatch ORDERIN G integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.11 NAME 'pcelsVariableDN' DESC 'RFC 4104: DN of a pcelsVariable entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.12 NAME 'pcelsValueDN' DESC 'RFC 4104: DN of a pcelsValueAuxClass entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.13 NAME 'pcelsIsMirrored' DESC 'RFC 4104: In dicates whether the mirrored traffic matches' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.14 NAME 'pcelsVariableName' DESC 'RFC 4104: The user-friendly name of a variable.' EQUALITY caseIgnoreMatch ORDERING ca seIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.15 NAME 'pcelsExpectedValueList' DESC 'RFC 4 104: Unordered set of DNs of pcelsValueAuxClass entries representing expected values for a policy variable' EQUALITY distinguishedNameMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.1.9.2.16 NAME 'pcelsVariableModelClass' DESC 'RFC 4104: Identifies a CIM class' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.17 NAME 'pcelsVariableModelProperty' DESC 'R FC 4104: Identifies the property of a CIM class.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.18 NAME 'pcelsExpectedValueTypes' DESC 'RFC 4104: Identifies subclasses of pcelsValueAuxClass by name' EQUALITY caseIgn oreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.1.9.2.19 NAME 'pcelsValueName' DESC 'RFC 4104: The user-friendly name of a value' EQUALITY caseIgnoreMatch ORDERING caseIgnor eOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.20 NAME 'pcelsIPv4AddrList' DESC 'RFC 4104: Unordered set of IPv4 addresses, IPv4 address ranges or hosts' EQUAL ITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.1.9.2.21 NAME 'pcelsIPv6AddrList' DESC 'RFC 4104: Unordered set of IPv6 addresses, IPv6 address ranges or hosts' EQUAL ITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.1.9.2.22 NAME 'pcelsMACAddrList' DESC 'RFC 4104: U nordered set of MAC addresses or MAC address ranges' EQUALITY caseIgnoreMat ch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.1.9.2.23 NAME 'pcelsStringList' DESC 'RFC 4104: Un ordered set of strings with wildcards' EQUALITY caseIgnoreMatch ORDERING ca seIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.1.9.2.24 NAME 'pcelsBitStringList' DESC 'RFC 4104: Unordered set of bit strings or bit string ranges' EQUALITY caseIgnoreMatc h ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.1.9.2.25 NAME 'pcelsIntegerList' DESC 'RFC 4104: U nordered set of integers or integer ranges' EQUALITY caseIgnoreMatch ORDERI NG caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.1.9.2.26 NAME 'pcelsBoolean' DESC 'RFC 4104: Boole an value' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE- VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.27 NAME 'pcelsReusableContainerName' DESC 'R FC 4104: User-friendly name of a reusable policy container' EQUALITY caseIg noreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.28 NAME 'pcelsReusableContainerList' DESC 'R FC 4104: Unordered set of DNs of pcelsReusableContainer entries' EQUALITY d istinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.1.9.2.29 NAME 'pcelsRole' DESC 'RFC 4104: String r epresenting a role.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMa tch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.30 NAME 'pcelsRoleCollectionName' DESC 'RFC 4104: User-friendly name of a role collection' EQUALITY caseIgnoreMatch ORD ERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.31 NAME 'pcelsElementList' DESC 'RFC 4104: U nordered set of managed elements' EQUALITY distinguishedNameMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.1.9.2.32 NAME 'pcelsFilterName' DESC 'RFC 4104: Us er-friendly name of a filter entry' EQUALITY caseIgnoreMatch ORDERING caseI gnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.33 NAME 'pcelsFilterIsNegated' DESC 'RFC 410 4: Indicates whether the filter is negated' EQUALITY booleanMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.34 NAME 'pcelsIPHdrVersion' DESC 'RFC 4104: IP version' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.35 NAME 'pcelsIPHdrSourceAddress' DESC 'RFC 4104: Source IP address' EQUALITY octetStringMatch ORDERING octetStringOrde ringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.36 NAME 'pcelsIPHdrSourceAddressEndOfRange' DESC 'RFC 4104: End of a range of source IP addresses' EQUALITY octetString Match ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.4 0 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.37 NAME 'pcelsIPHdrSourceMask' DESC 'RFC 410 4: Mask to be used in comparing the source IP address' EQUALITY octetString Match ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.4 0 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.38 NAME 'pcelsIPHdrDestAddress' DESC 'RFC 41 04: Destination IP address' EQUALITY octetStringMatch ORDERING octetStringO rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.39 NAME 'pcelsIPHdrDestAddressEndOfRange' DE SC 'RFC 4104: End of a range of destination IP addresses' EQUALITY octetStr ingMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.40 NAME 'pcelsIPHdrDestMask' DESC 'RFC 4104: Mask to be used in comparing the destination IP address' EQUALITY octetStr ingMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.41 NAME 'pcelsIPHdrProtocolID' DESC 'RFC 410 4: IP protocol type' EQUALITY integerMatch ORDERING integerOrderingMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.42 NAME 'pcelsIPHdrSourcePortStart' DESC 'RF C 4104: Lower end of a range of UDP or TCP source ports' EQUALITY integerMa tch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING LE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.43 NAME 'pcelsIPHdrSourcePortEnd' DESC 'RFC 4104: Upper end of a range of UDP or TCP source ports' EQUALITY integerMatc h ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE -VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.44 NAME 'pcelsIPHdrDestPortStart' DESC 'RFC 4104: Lower end of a range of UDP or TCP destination ports' EQUALITY intege rMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S INGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.45 NAME 'pcelsIPHdrDestPortEnd' DESC 'RFC 41 04: Upper end of a range of UDP or TCP destination ports' EQUALITY integerM atch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN GLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.46 NAME 'pcelsIPHdrDSCPList' DESC 'RFC 4104: DSCP values' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 1.3.6.1.1.9.2.47 NAME 'pcelsIPHdrFlowLabel' DESC 'RFC 4104 : IP flow label' EQUALITY octetStringMatch ORDERING octetStringOrderingMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.48 NAME 'pcels8021HdrSourceMACAddress' DESC 'RFC 4104: Source MAC address' EQUALITY octetStringMatch ORDERING octetStri ngOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.49 NAME 'pcels8021HdrSourceMACMask' DESC 'RF C 4104: Source MAC address mask' EQUALITY octetStringMatch ORDERING octetSt ringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.50 NAME 'pcels8021HdrDestMACAddress' DESC 'R FC 4104: Destination MAC address' EQUALITY octetStringMatch ORDERING octetS tringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.51 NAME 'pcels8021HdrDestMACMask' DESC 'RFC 4104: Destination MAC address mask' EQUALITY octetStringMatch ORDERING octe tStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.52 NAME 'pcels8021HdrProtocolID' DESC 'RFC 4 104: Ethernet protocol ID' EQUALITY integerMatch ORDERING integerOrderingMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 1.3.6.1.1.9.2.53 NAME 'pcels8021HdrPriority' DESC 'RFC 410 4: 802.1Q priority' EQUALITY integerMatch ORDERING integerOrderingMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 1.3.6.1.1.9.2.54 NAME 'pcels8021HdrVLANID' DESC 'RFC 4104: 802.1Q VLAN ID' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 1.3.6.1.1.9.2.55 NAME 'pcelsFilterListName' DESC 'RFC 4104 : User-friendly name of a FilterList' EQUALITY caseIgnoreMatch ORDERING cas eIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.56 NAME 'pcelsFilterDirection' DESC 'RFC 410 4: Direction to which this filter is applied' EQUALITY integerMatch ORDERIN G integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.57 NAME 'pcelsFilterEntryList' DESC 'RFC 410 4: Unordered set of DNs of pcelsFilterEntryBase entries' EQUALITY distingui shedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.1.9.2.58 NAME 'pcelsVendorVariableData' DESC 'RFC 4104: Mechanism for representing variables that have not been specif ically modeled' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.3.6.1.1.9.2.59 NAME 'pcelsVendorVariableEncoding' DESC ' RFC 4104: Identifies the format and semantics for policy variables' EQUALIT Y objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.60 NAME 'pcelsVendorValueData' DESC 'RFC 410 4: Mechanism for representing values that have not been specifically modeled' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.3.6.1.1.9.2.61 NAME 'pcelsVendorValueEncoding' DESC 'RFC 4104: Identifies the format and semantics for policy values' EQUALITY obje ctIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7924.2.1.1.1 NAME 'demailMaxAuthLevel' DESC 'd escribes the maximum authentification the person is capable of (NORMAL/HIGH /VERY HIGH)' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s ) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.146 6.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) imp ersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.26 ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.26 ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group( s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466 .115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.8 NAME 'sudoNotBefore' DESC 'Start o f time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.9 NAME 'sudoNotAfter' DESC 'End of t ime interval for which the entry is valid' EQUALITY generalizedTimeMatch OR DERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.10 NAME 'sudoOrder' DESC 'an integer to order the sudoRole entries' EQUALITY integerMatch ORDERING integerOrder ingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' DESC 'M ANDATORY: OpenSSH Public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.40 ) attributeTypes: ( 1.3.6.1.4.1.34380.1.1.3.10 NAME 'puppetClass' DESC 'Puppet Node Class' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. 26 ) attributeTypes: ( 1.3.6.1.4.1.34380.1.1.3.9 NAME 'parentNode' DESC 'Puppet P arent Node' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 6 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.34380.1.1.3.11 NAME 'environment' DESC 'Puppet Node Environment' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115. 121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.34380.1.1.3.12 NAME 'puppetVar' DESC 'A variab le setting for puppet' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466. 115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.29426.2.2.1.1 NAME 'DKIMSelector' DESC 'Select or name associated with DKIM signing key' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.29426.2.2.1.2 NAME 'DKIMKey' DESC 'DKIM signin g key' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SING LE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.29426.2.2.1.3 NAME 'DKIMIdentity' DESC 'The Ag ent or User Identifier (AUID)' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4. 1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.29426.2.2.1.4 NAME 'DKIMDomain' DESC 'DKIM sen der domain' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.19937.1.1.1 NAME 'quota' DESC 'Quotas (FileSys tem:BlocksSoft,BlocksHard,InodesSoft,InodesHard)' EQUALITY caseIgnoreIA5Mat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} ) attributeTypes: ( 1.3.6.1.3.1.1.1.1.2.1 NAME 'tacacsClient' DESC 'Valid clie nt address range for this user, in CIDR notation' EQUALITY caseExactIA5Matc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{20} ) attributeTypes: ( 1.3.6.1.3.1.1.1.1.2.2 NAME 'tacacsMember' DESC 'Tacacs gro up membership' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1 .26{40} ) attributeTypes: ( 1.3.6.1.3.1.1.1.1.2.3 NAME 'tacacsProfile' DESC 'Tacacs us er profile' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 {1024} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.3.1.1.1.1.2.8 NAME 'tacacsFlag' DESC 'Arbitrary te xt, may be used by LDAP filters' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1. 4.1.1466.115.121.1.26{40} ) attributeTypes: ( 1.3.6.1.4.1.3.8.1.1.1 NAME 'cmusaslsecretCRAM-MD5' DESC 'P rehashed password as described in CRAM-MD5' EQUALITY octetStringMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.40{32} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.3.8.1.1.2 NAME 'cmusaslsecretDIGEST-MD5' DESC 'Shared secret for DIGEST-MD5' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.40{16} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.3.8.1.1.3 NAME 'cmusaslsecretOTP' DESC 'OTP se cret' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.3.6.1.4.1.3.8.1.1.4 NAME 'cmusaslsecretSRP' DESC 'base64 encoded SRP secret' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.40 ) attributeTypes: ( 1.3.6.1.4.1.3.8.1.1.5 NAME 'cmusaslsecretPLAIN' DESC 'PLAI N secret' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.3.6.1.4.1.31103.1.1 NAME 'fedfsUuid' DESC 'A UUID used b y NSDB' EQUALITY uuidMatch ORDERING uuidOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.4 NAME 'fedfsFsnUuid' DESC 'The FSN UU ID component of an FSN' SUP fedfsUuid SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.11 NAME 'fedfsFsnTTL' DESC 'Time to li ve of an FSN tree' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.14 NAME 'fedfsNceDN' DESC 'NCE Disting uished Name' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.8 NAME 'fedfsFslUuid' DESC 'UUID of an FSL' SUP fedfsUuid SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.12 NAME 'fedfsAnnotation' DESC 'Annota tion of an object' SUP name ) attributeTypes: ( 1.3.6.1.4.1.31103.1.13 NAME 'fedfsDescr' DESC 'Description of an object' SUP name ) attributeTypes: ( 1.3.6.1.4.1.31103.1.120 NAME 'fedfsNfsURI' DESC 'Location of fileset' SUP labeledURI SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.103 NAME 'fedfsNfsCurrency' DESC 'up-t o-date measure of the data' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.104 NAME 'fedfsNfsGenFlagWritable' DES C 'Indicates if the file system is writable' EQUALITY booleanMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.105 NAME 'fedfsNfsGenFlagGoing' DESC ' Indicates if the file system is going' EQUALITY booleanMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.106 NAME 'fedfsNfsGenFlagSplit' DESC ' Indicates if there are multiple file systems' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.107 NAME 'fedfsNfsTransFlagRdma' DESC 'Indicates if the transport supports RDMA' EQUALITY booleanMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.108 NAME 'fedfsNfsClassSimul' DESC 'Th e simultaneous-use class of the file system' EQUALITY integerMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.109 NAME 'fedfsNfsClassHandle' DESC 'T he handle class of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.110 NAME 'fedfsNfsClassFileid' DESC 'T he fileid class of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.111 NAME 'fedfsNfsClassWritever' DESC 'The write-verifier class of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.112 NAME 'fedfsNfsClassChange' DESC 'T he change class of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.113 NAME 'fedfsNfsClassReaddir' DESC ' The readdir class of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.114 NAME 'fedfsNfsReadRank' DESC 'The read rank of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.115 NAME 'fedfsNfsReadOrder' DESC 'The read order of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.116 NAME 'fedfsNfsWriteRank' DESC 'The write rank of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.117 NAME 'fedfsNfsWriteOrder' DESC 'Th e write order of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.118 NAME 'fedfsNfsVarSub' DESC 'Indica tes if variable substitution is present' EQUALITY booleanMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.19 NAME 'fedfsNfsValidFor' DESC 'Valid for time' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGL E-VALUE ) attributeTypes: ( 0.0.8.350.1.1.1.1.1 NAME 'commURI' DESC 'Labeled URI forma t to point to the distinguished name of the commUniqueId' EQUALITY caseExac tMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 0.0.8.350.1.1.2.1.1 NAME 'commUniqueId' DESC 'To hold the endpoints unique Id' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 0.0.8.350.1.1.2.1.2 NAME 'commOwner' DESC 'Labeled URI to point back to the original owner' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15 ) attributeTypes: ( 0.0.8.350.1.1.2.1.3 NAME 'commPrivate' DESC 'To decide whe ther the entry is visible to world or not' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.26 ) attributeTypes: ( 0.0.8.350.1.1.6.1.1 NAME 'SIPIdentitySIPURI' DESC 'Univers al Resource Indicator of the SIP UA' EQUALITY caseExactMatch SUBSTR caseExa ctSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 0.0.8.350.1.1.6.1.2 NAME 'SIPIdentityRegistrarAddress' DES C 'specifies the location of the registrar' EQUALITY caseIgnoreIA5Match SYN TAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 0.0.8.350.1.1.6.1.3 NAME 'SIPIdentityProxyAddress' DESC 'S pecifies the location of the SIP Proxy' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 0.0.8.350.1.1.6.1.4 NAME 'SIPIdentityAddress' DESC 'IP add ress of the UA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121 .1.26 ) attributeTypes: ( 0.0.8.350.1.1.6.1.5 NAME 'SIPIdentityPassword' DESC 'The u ser agent SIP password ' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.40 ) attributeTypes: ( 0.0.8.350.1.1.6.1.6 NAME 'SIPIdentityUserName' DESC 'The u ser agent user name.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 0.0.8.350.1.1.6.1.7 NAME 'SIPIdentityServiceLevel' DESC 'T o define services that a user can belong to.' EQUALITY caseIgnoreIA5Match S UBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.1 NAME 'radiusArapFeatures' EQUALI TY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.2 NAME 'radiusArapSecurity' EQUALI TY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.3 NAME 'radiusArapZoneAccess' EQUA LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.44 NAME 'radiusAuthType' DESC 'con trolItem: Auth-Type' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.4 NAME 'radiusCallbackId' DESC 're plyItem: Callback-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.5 NAME 'radiusCallbackNumber' DESC 'replyItem: Callback-Number' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4. 1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.6 NAME 'radiusCalledStationId' DES C 'controlItem: Called-Station-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 .1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.7 NAME 'radiusCallingStationId' DE SC 'controlItem: Calling-Station-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3 .6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.8 NAME 'radiusClass' DESC 'replyIt em: Class' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.45 NAME 'radiusClientIPAddress' EQ UALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.9 NAME 'radiusFilterId' DESC 'repl yItem: Filter-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.10 NAME 'radiusFramedAppleTalkLink ' DESC 'replyItem: Framed-AppleTalk-Link' EQUALITY caseIgnoreIA5Match SYNTA X 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.11 NAME 'radiusFramedAppleTalkNetw ork' DESC 'replyItem: Framed-AppleTalk-Network' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.12 NAME 'radiusFramedAppleTalkZone ' DESC 'replyItem: Framed-AppleTalk-Zone' EQUALITY caseIgnoreIA5Match SYNTA X 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.13 NAME 'radiusFramedCompression' DESC 'replyItem: Framed-Compression' EQUALITY caseIgnoreIA5Match SYNTAX 1.3 .6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.14 NAME 'radiusFramedIPAddress' DE SC 'replyItem: Framed-IP-Address' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6. 1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.15 NAME 'radiusFramedIPNetmask' DE SC 'replyItem: Framed-IP-Netmask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6. 1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.16 NAME 'radiusFramedIPXNetwork' D ESC 'replyItem: Framed-IPX-Network' EQUALITY caseIgnoreIA5Match SYNTAX 1.3. 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.17 NAME 'radiusFramedMTU' DESC 're plyItem: Framed-MTU' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.18 NAME 'radiusFramedProtocol' DES C 'replyItem: Framed-Protocol' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 .1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.19 NAME 'radiusFramedRoute' DESC ' replyItem: Framed-Route' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.146 6.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.20 NAME 'radiusFramedRouting' DESC 'replyItem: Framed-Routing' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 .1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.46 NAME 'radiusGroupName' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.47 NAME 'radiusHint' EQUALITY case IgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.48 NAME 'radiusHuntgroupName' EQUA LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.21 NAME 'radiusIdleTimeout' DESC ' replyItem: Idle-Timeout' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.146 6.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.22 NAME 'radiusLoginIPHost' DESC ' replyItem: Login-IP-Host' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.14 66.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.23 NAME 'radiusLoginLATGroup' DESC 'replyItem: Login-LAT-Group' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4. 1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.24 NAME 'radiusLoginLATNode' DESC 'replyItem: Login-LAT-Node' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1. 1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.25 NAME 'radiusLoginLATPort' DESC 'replyItem: Login-LAT-Port' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1. 1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.26 NAME 'radiusLoginLATService' DE SC 'replyItem: Login-LAT-Service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6. 1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.27 NAME 'radiusLoginService' DESC 'replyItem: Login-Service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.28 NAME 'radiusLoginTCPPort' DESC 'replyItem: Login-TCP-Port' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1. 1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.29 NAME 'radiusPasswordRetry' EQUA LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.30 NAME 'radiusPortLimit' DESC 're plyItem: Port-Limit' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.49 NAME 'radiusProfileDN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.31 NAME 'radiusPrompt' EQUALITY ca seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.50 NAME 'radiusProxyToRealm' EQUAL ITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.51 NAME 'radiusReplicateToRealm' D ESC 'control:Replicate-To-Realm' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1 .4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.52 NAME 'radiusRealm' EQUALITY cas eIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.32 NAME 'radiusServiceType' DESC ' replyItem: Service-Type' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.146 6.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.33 NAME 'radiusSessionTimeout' DES C 'replyItem: Session-Timeout' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 .1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.34 NAME 'radiusTerminationAction' DESC 'replyItem: Termination-Action' EQUALITY caseIgnoreIA5Match SYNTAX 1.3 .6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.35 NAME 'radiusTunnelAssignmentId' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.36 NAME 'radiusTunnelMediumType' E QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.37 NAME 'radiusTunnelPassword' EQU ALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.38 NAME 'radiusTunnelPreference' E QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.39 NAME 'radiusTunnelPrivateGroupI d' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.40 NAME 'radiusTunnelServerEndpoin t' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.41 NAME 'radiusTunnelType' EQUALIT Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.42 NAME 'radiusVSA' EQUALITY caseI gnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.43 NAME 'radiusTunnelClientEndpoin t' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.53 NAME 'radiusSimultaneousUse' DE SC 'controlItem: Simultaneous-Use' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN GLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.54 NAME 'radiusLoginTime' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.55 NAME 'radiusUserCategory' EQUAL ITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.56 NAME 'radiusStripUserName' SYNT AX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.57 NAME 'dialupAccess' EQUALITY ca seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.58 NAME 'radiusExpiration' DESC 'c ontrolItem: Expiration' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466 .115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.59 NAME 'radiusAttribute' DESC 'co ntrolItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.61 NAME 'radiusNASIpAddress' EQUAL ITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.62 NAME 'radiusReplyMessage' DESC 'replyItem: Reply-Message' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.63 NAME 'radiusControlAttribute' D ESC 'controlItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 .1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.64 NAME 'radiusReplyAttribute' DES C 'replyItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.146 6.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.65 NAME 'radiusRequestAttribute' D ESC 'requestItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 .1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.1 NAME 'radiusClientIdentifier' DESC 'Client Identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.2 NAME 'radiusClientSecret' DESC 'Client Secret' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.3 NAME 'radiusClientShortname' D ESC 'Client Shortname' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.4 NAME 'radiusClientVirtualServe r' DESC 'VirtualServer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.5 NAME 'radiusClientType' DESC ' Client Type' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.6 NAME 'radiusClientRequireMa' D ESC 'Require Message Authenticator' EQUALITY booleanMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.7 NAME 'radiusClientComment' DES C 'Client comment' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.2 NAME 'dateOfBirth' DESC 'Date o f birth (format YYYY-MM-DD, see ISO 8601)' EQUALITY caseExactIA5Match SUBST R caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10} SING LE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.12 NAME 'birthPlace' DESC 'Place of birth' SUP l SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.14 NAME 'birthName' DESC 'Last na me at time of birth, e.g. maiden name' SUP sn SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.7 NAME 'gender' DESC 'Representat ion of human sex (see ISO 5218)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.27{1} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.9 NAME 'businessTitle' DESC 'Busi ness title describing the kind of job a person does' SUP title ) attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.15 NAME 'academicTitle' DESC 'Aca demic title a person is allowed to use' SUP title ) attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.10 NAME 'nickName' DESC 'A nick n ame of a person' SUP name ) attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.11 NAME 'euVATId' DESC 'value add ed tax ID of company within EU' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1. 4.1.1466.115.121.1.26{20} ) attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.13 NAME 'labeledBICandIBAN' DESC 'international bank arrangement consisting of BIC, IBAN and optional label (format: "BIC:,IBAN:#