././@PaxHeader0000000000000000000000000000003400000000000010212 xustar0028 mtime=1700253999.7852356 python-ldap-3.4.4/0000755000175000017500000000000014525750460014241 5ustar00spichugispichugi././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/.coveragerc0000644000175000017500000000060014521037673016356 0ustar00spichugispichugi[run] branch = True source = ldap ldif ldapurl slapdtest [paths] source = Lib/ .tox/*/lib/python*/site-packages/ [report] ignore_errors = False precision = 1 exclude_lines = pragma: no cover raise NotImplementedError if 0: if __name__ == .__main__.: if PY2 if not PY2 [html] directory = build/htmlcov title = python-ldap coverage report ././@PaxHeader0000000000000000000000000000003400000000000010212 xustar0028 mtime=1700253999.7672355 python-ldap-3.4.4/Build/0000755000175000017500000000000014525750460015300 5ustar00spichugispichugi././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Build/setup.cfg.mingw0000644000175000017500000000162514521037673020245 0ustar00spichugispichugi# Win32 setup.cfg # You have to edit this file to reflect your system configuration # Section for compiling the C extension module # for wrapping OpenLDAP 2 libs # Platform: Win32 # Compile environment: MinGW [_ldap] class = OpenLDAP2 maintainer = Mauro Cicognini defines = WIN32 # modify these to fit your local configuration library_dirs = C:/msys/1.0/home/mcicogni/openldap-mingw-build-4/openldap-2.2.18/libraries/libldap_r/.libs C:/msys/1.0/home/mcicogni/openldap-mingw-build-4/openldap-2.2.18/libraries/liblber/.libs C:\msys\1.0\home\mcicogni\openldap-mingw-build-4\openssl-0.9.7e include_dirs = C:/msys/1.0/home/mcicogni/openldap-mingw-build-4/openldap-2.2.18/include extra_compile_args = extra_objects = libs = ldap_r lber ssl crypto ws2_32 gdi32 [build] compiler = mingw32 # Installation options [install] compile = 1 optimize = 1 record = python-ldap_install.log [bdist_wininst] target_version = 2.4 ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Build/setup.cfg.suse-linux0000644000175000017500000000150414521037673021234 0ustar00spichugispichugi# Example for setup.cfg # You have to edit this file to reflect your system configuation [_ldap] # Section for compiling the C extension module # for wrapping OpenLDAP 2 libs library_dirs = /usr/lib/sasl2 include_dirs = /usr/include/sasl extra_compile_args = extra_objects = # Example for full-featured SuSE build: # Support for StartTLS/LDAPS, SASL bind and reentrant libldap_r. # This needs recent OpenLDAP 2.0.26+ or 2.1.3+ built with # ./configure --with-cyrus-sasl --with-tls libs = ldap_r lber sasl2 ssl crypto [install] # Installation options compile = 1 optimize = 1 # For SuSE Linux 8.2 [bdist_rpm] provides = python-ldap requires = python openldap2-client openssl cyrus-sasl2 distribution_name = SuSE Linux 8.2 release = 1 packager = Michael Stroeder doc_files = CHANGES README INSTALL TODO Demo/ ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Build/setup.cfg.win320000644000175000017500000000227614521037673020071 0ustar00spichugispichugi# Section for compiling the C extension module # for wrapping OpenLDAP 2 libs # Platform: Win32 # Compile environment: Microsoft Visual Studio .NET 2003 [_ldap] class = OpenLDAP2 defines = WIN32 # Cannot have SSL/TLS support under Win32 for the moment # (OpenLDAP 2.x port is incomplete) libs = olber32 oldap_r ws2_32 libsasl # Set these to your correct Openldap and Cyrus-sasl paths library_dirs = ../openldap/openldap-2.1.22/Release ../openldap/cyrus-sasl/lib include_dirs = ../openldap/openldap-2.1.22/include ../openldap/cyrus-sasl/include # Needs to compile as /MT ("MS libs to use: multithreaded statically-linked") # instead of /MD ("MS libs to use: multithreaded DLL") which is distutils' default # because OpenLDAP libs compile that way, too # This may change, however extra_compile_args = /MT extra_link_args = /NODEFAULTLIB:msvcrt.lib # Pull in SASL DLL as a convenience to end-user (which almost never will have it) # Destination path is a rather crude hack, but site-packages would be created anyway # Set source path to your Cyrus-sasl lib path extra_files = Lib/site-packages:../openldap/cyrus-sasl/lib/libsasl.dll # Installation options [install] compile = 1 record = python-ldap_install.log ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253016.0 python-ldap-3.4.4/CHANGES0000644000175000017500000017453514525746530015256 0ustar00spichugispichugiReleased 3.4.4 2022-11-17 Fixes: * Reconnect race condition in ReconnectLDAPObject is now fixed * Socket ownership is now claimed once we've passed it to libldap * LDAP_set_option string formats are now compatible with Python 3.12 Doc/ * Security Policy was created * Broken article links are fixed now * Bring Conscious Language improvements Infrastructure: * Add testing and document support for Python 3.10, 3.11, and 3.12 ---------------------------------------------------------------- Released 3.4.3 2022-09-15 This is a minor release to bring back the removed OPT_X_TLS option. Please note, it's still a deprecated option and it will be removed in 3.5.0. The following deprecated option has been brought back: - ``OPT_X_TLS`` Fixes: * Sphinx documentation is now successfully built * pypy3 tests stability was improved * setup.py deprecation warning is now resolved ---------------------------------------------------------------- Released 3.4.2 2022-07-06 This is a minor release to provide out-of-the-box compatibility with the merge of libldap and libldap_r that happened with OpenLDAP's 2.5 release. The following undocumented functions are deprecated and scheduled for removal: - ``ldap.cidict.strlist_intersection`` - ``ldap.cidict.strlist_minus`` - ``ldap.cidict.strlist_union`` The following deprecated option has been removed: - ``OPT_X_TLS`` Doc/ * SASL option usage has been clarified Lib/ * ppolicy control definition has been updated to match Behera draft 11 Modules/ * By default, compile against libldap, checking whether it provides a threadsafe implementation at runtime * When decoding controls, the module can now distinguish between no value (now exposed as ``None``) and an empty value (exposed as ``b''``) * Several new OpenLDAP options are now supported: * ``OPT_SOCKET_BIND_ADDRESSES`` * ``OPT_TCP_USER_TIMEOUT`` * ``OPT_X_SASL_MAXBUFSIZE`` * ``OPT_X_SASL_SECPROPS`` * ``OPT_X_TLS_ECNAME`` * ``OPT_X_TLS_PEERCERT`` * ``OPT_X_TLS_PROTOCOL``-related options and constants Fixes: * Encoding/decoding of boolean controls has been corrected * ldap.schema.models.Entry is now usable * ``method`` keyword to ReconnectLDAPObject.bind_s is now usable ---------------------------------------------------------------- Released 3.4.0 2021-11-26 This release requires Python 3.6 or above, and is tested with Python 3.6 to 3.10. Python 2 is no longer supported. New code in the python-ldap project is available under the MIT licence (available in ``LICENCE.MIT`` in the source). Several contributors have agreed to apply this licence their previous contributions as well. See the ``README`` for details. The following undocumented functions are deprecated and scheduled for removal: - ``ldap.cidict.strlist_intersection`` - ``ldap.cidict.strlist_minus`` - ``ldap.cidict.strlist_union`` Security fixes: * Fix inefficient regular expression which allows denial-of-service attacks when parsing specially-crafted LDAP schema. (GHSL-2021-117) Changes: * On MacOS, remove option to make LDAP connections from a file descriptor when built with the system libldap (which lacks the underlying function, ``ldap_init_fd``) * Attribute values of the post read control are now ``bytes`` instead of ISO8859-1 decoded ``str`` * ``LDAPUrl`` now treats urlscheme as case-insensitive * Several OpenLDAP options are now supported: * ``OPT_X_TLS_REQUIRE_SAN`` * ``OPT_X_SASL_SSF_EXTERNAL`` * ``OPT_X_TLS_PEERCERT`` Fixes: * The ``copy()`` method of ``cidict`` was added back. It was unintentionally removed in 3.3.0 * Fixed getting/setting ``SASL`` options on big endian platforms * Unknown LDAP result code are now converted to ``LDAPexception``, rather than raising a ``SystemError``. slapdtest: * Show stderr of slapd -Ttest * ``SlapdObject`` uses directory-based configuration of ``slapd`` * ``SlapdObject`` startup is now faster Infrastructure: * CI now runs on GitHub Actions rather than Travis CI. ---------------------------------------------------------------- Released 3.3.0 2020-06-18 Highlights: * ``LDAPError`` now contains additional fields, such as ctrls, result, msgid * ``passwd_s`` can now extract the newly generated password * LDAP connections can now be made from a file descriptor This release is tested on Python 3.8, and the beta of Python 3.9. The following undocumented functions are deprecated and scheduled for removal: - ``ldap.cidict.strlist_intersection`` - ``ldap.cidict.strlist_minus`` - ``ldap.cidict.strlist_union`` Modules/ * Ensure ReconnectLDAPObject is not left in an inconsistent state after a reconnection timeout * Syncrepl now correctly parses SyncInfoMessage when the message is a syncIdSet * Release GIL around global get/set option call * Do not leak serverctrls in result functions * Don't overallocate memory in attrs_from_List() * Fix thread support check for Python 3 * With OpenLDAP 2.4.48, use the new header openldap.h Lib/ * Fix some edge cases regarding quoting in the schema tokenizer * Fix escaping a single space in ldap.escape_dn_chars * Fix string formatting in ldap.compare_ext_s * Prefer iterating dict instead of calling dict.keys() Doc/ * Clarify the relationship between initialize() and LDAPObject() * Improve documentation of TLS options * Update FAQ to include Samba AD-DC error message "Operation unavailable without authentication" * Fix several incorrect examples and demos (but note that these are not yet tested) * Update Debian installation instructions for Debian Buster * Typo fixes in docs and docstrings Test/ * Test and document error cases in ldap.compare_s * Test if reconnection is done after connection loss * Make test certificates valid for the far future * Use slapd -Tt instead of slaptest Infrastructure: * Mark the LICENCE file as a license for setuptools * Use "unittest discover" rather than "setup.py test" to run tests ---------------------------------------------------------------- Released 3.2.0 2019-03-13 Lib/ * Add support for X-ORIGIN in ldap.schema's ObjectClass * Make initialize() pass extra keyword arguments to LDAPObject * ldap.controls.sss: use str instead of basestring on Python 3 * Provide ldap._trace_* atributes in non-debug mode Doc/ * Fix ReST syntax for links to set_option and get_option Tests/ * Use intersphinx to link to Python documentation * Correct type of some attribute values to bytes * Use system-specific ENOTCONN value Infrastructure: * Add testing and document support for Python 3.7 * Add Python 3.8-dev to Tox and CI configuration * Add Doc/requirements.txt for building on Read the Docs ---------------------------------------------------------------- Released 3.1.0 2018-05-25 This release brings two minor API changes: - Long-deprecated functions `ldap.open()` and `ldap.init()` are removed - `LDAPObject.compare_s()` and `compare_ext_s` return bool instead of 0 or 1 All changes since 3.0.0: Lib/ * Remove long deprecated functions ldap.open() and ldap.init() * LDAPObject.compare_s() and LDAPObject.compare_ext_s() now return a bool instead of 1 or 0. * Make iteration over cidict yield same values as keys() * Fail if pyasn1 is not installed * Fix parsing of PPolicyControl ASN.1 structure * Use items() when appropriate in dict iteration * Add support for tracing LDAP calls. Tracing can now be enabled with the env var PYTHON_LDAP_TRACE_LEVEL and redirected to a file with PYTHON_LDAP_TRACE_FILE. (This is mainly intended for debugging and internal testing; the configuration or output may change in future versions.) Modules/ * Fix ref counting bug in LDAPmessage_to_python Doc/ * Remove warning about unreleased version * Doc: Replace Mac OS X -> macOS Tests/ * Add tests and coverage for tracing * Disable warnings-as-errors for Python 3.4 * Fix assertTrue to assertEqual * Mark several test values as bytes Lib/slapdtest/ * Fix error message for missing commands * Make SlapdObject a context manager * Disable SASL external when missing SASL support * Make SlapdObject.root_dn a property * In SlapdObject, build include directives dynamically * Move import statements to top level Code style: * Add Makefile rules for automatic formatting of C and Python code * Reformat and indent all C files * Trim white space throughout the project Infrastructure: * Add py3-trace tox environment to Travis CI config * Add new Pytest cache directory to gitignore General: * Update all pypi.python.org URLs to pypi.org ---------------------------------------------------------------- Released 3.0.0 2018-03-12 Notable changes since 2.4.45 (please see detailed logs below): * Python 3 support and bytes_mode see: https://python-ldap.readthedocs.io/en/latest/bytes_mode.html * The module `ldap.async` is renamed to `ldap.asyncsearch` * New dependencies: pyasn1, pyasn1_modules * Dropped support for Python 2.6 and 3.3 Changes since 3.0.0b4: Lib/ * Add bytes_strictness to allow configuring behavior on bytes/text mismatch Modules/ * Add argument name to bytes mode TypeError * Use correct integer types for BER encode/decode (fix for big endian machines) Test/ * Set $LDAPNOINIT in all tests * Add test for secure TLS default * Ignore SASL methods in DSE test (fix for restricted environments) * Remove filterstr workaround from syncrepl test * Explicitly set TLS_REQUIRE_CERT option to TLS_HARD in test_tls_ext_noca Doc/ * Link to bytes mode from text-string arguments in the ldap module Infrastructure: * Include lber in list of libraries in setup.cfg ---------------------------------------------------------------- Released 3.0.0b4 2018-01-10 Changes since 3.0.0b3: Removed support for Python 3.3, which reached its end-of-life 2017-09-29. Lib/ * Make default argument values work under bytes_mode * Update use of map() to use list/set comprehensions instead Test/ * Refactor syncrepl tests to run with bytes_mode Doc/ * Document all_records attribute of LDIFRecordList ---------------------------------------------------------------- Released 3.0.0b3 2017-12-20 Changes since 3.0.0b2: The functions `ldap.open()`, `ldap.init()`, `ldif.CreateLDIF()` and `ldif.ParseLDIF()`, which were deprecated for over a decade, are scheduled for removal in python-ldap 3.1. Infrastructure: * Require setuptools to build * Start running automatic tests on PyPy Lib/ * When raising LDAPBytesWarning, give helpful code locations * Use modern Python idioms in several places * Avoid reimplementing UserDict.get() in cidict and models.Entry Doc/ * Use https links Test/ * Add reproducer for openldap's NSS shutdown/restart issue * Make testing on non-Linux platforms easier ---------------------------------------------------------------- Released 3.0.0b2 2017-12-11 Changes since 3.0.0b1: The module `ldap.async` is renamed to `ldap.asyncsearch`, due to `async` becoming a keyword in Python 3.7. The old module name is deprecated, but will be available as long as Python 3.6 is supported. Lib/ * Use custom ldap.LDAPBytesWarning class * Rename ldap.async to ldap.asyncsearch Modules/ * Support None for set_option(OPT_TIMEOUT) and OPT_NETWORK_TIMEOUT * Fix error reporting of LDAPObject.set_option() * Change memory handling in attrs_from_List() Test/ * Remove workaround for OpenLDAP NSS issue Demo/ * Use uniform shebang in all demos Doc/ * Provide build deps for Alpine and CentOS * Move sample workflow out of the main Contributing guide Infrastructure: * Add valgrind target to check for memory leaks * Minimal configuration for pytest ---------------------------------------------------------------- Released 3.0.0b1 2017-12-04 Changes since 2.4.45: (this list includes changes from 2.5.x) New dependencies (automatically installed when using pip): * pyasn1 0.3.7+ * pyasn1_modules 0.1.5+ Python 3 support and bytes_mode: * merged from the pyldap fork (https://github.com/pyldap) * please see documentation on bytes_mode and text/bytes handling: https://python-ldap.readthedocs.io/en/latest/bytes_mode.html Removed support for Python 2.6. Infrastructure: * Move to Git * Don't define search path for includes and libs in the default setup.cfg * Include sasl/sasl.h from the standard path * Re-format README to ReStructured Text * Setup for automatic testing using Travis CI * Add coverage reporting for Python and C * Add install requires into setup.py * Remove distclean.sh in favor of make clean * Use `package`, `depends`, `install_requires` in setup.py * Add make target for scan-build (static analysis using clang) * Add make target and suppression file for Valgrind (memory checker) Modules/ * Remove unused LDAPberval helper functions * Fix type conversion in page control * Fix multiple ref leaks in error-handling code * Fix reference leak in result4 * Fix several compiler warnings * Fix memory leak in whoami * Fix internal error handling of LDAPControl_to_List() * Fix two memory leaks and release GIL in encode_assertion_control * Allow set_option() to set timeouts to infinity and, thanks to Michael Ströder: * removed unused code schema.c * moved code from version.c to ldapmodule.c * removed obsolete back-ward compability constants from common.h * build checks whether LDAP_API_VERSION is OpenLDAP 2.4.x * _ldap.__author__ and _ldap.__license__ also set from ldap.pkginfo * assume C extension API for Python 2.7+ Lib/ * Avoid eval() for getting module-level variables to fix running under pytest * Compability changes for pyasn1 0.3 or newer and, thanks to Michael Ströder: * ldap.__version__, ldap.__author__ and ldap.__license__ now imported from new sub-module ldap.pkginfo also to setup.py * Added safety assertion when importing _ldap: ldap.pkginfo.__version__ must match _ldap.__version__ * removed stand-alone module dsml * slapdtest.SlapdObject.restart() just restarts slapd without cleaning any data * The methods SSSResponseControl.decodeControlValue() and VLVResponseControl.decodeControlValue() now follow the coding convention to use camel-cased ASN.1 name as class attribute name. The old class names are still set for back-ward compability but should not be used in new code because they might be removed in a later release. * removed SSSRequestControl from ldap.controls.KNOWN_RESPONSE_CONTROLS * removed all dependencies on modules string and types * removed use of .has_key() * removed class ldap.ldapobject.NonblockingLDAPObject * new global constant ldap.LIBLDAP_API_INFO * right after importing _ldap there is a call into libldap to initialize it * method .decodeControlValue() of SSSResponseControl and VLVResponseControl does not set class attribute result_code anymore * always use bytes() for UUID() constructor in ldap.syncrepl * module ldif now uses functions b64encode() and b64decode() * fixed pickling and restoring of ReconnectLDAPObject Lib/slapdtest * Automatically try some common locations for SCHEMADIR * Ensure server is stopped when the process exits * Check for LDAP schema and slapd binaries * slapdtest is now a package and includes testing certificates Tests/ * Expand cidict membership test * Add test suite for binds * Add test suite for edits * Add a smoke-check for listall() and attribute_types() * Add test case for SASL EXTERNAL auth * Add tests for start_tls * In CI, treat compiler warnings as fatal errors * Added tests for ldap.syncrepl and, thanks to Michael Ströder: * added explicit reconnect tests for ReconnectLDAPObject * scripts do not directly call SlapdTestCase.setUpClass() anymore * added LDIF test with folded, base64-encoded attribute * added more tests for sub-module ldap.dn Doc/ * Build documentation without the compiled C extension * Merge contents from python-ldap.org * Move reference documentation in its own section * Document return value of {modify,add,delete}_ext_s() as a tuple * Add tests for documentation (build & spelling) * Link to documentation of old versions * Add a contributing guide ---------------------------------------------------------------- Released 2.4.45 2017-10-09 Changes since 2.4.44: Lib/ * Fixed reraising of wrong exception in SimpleLDAPObject._ldap_call() (thanks to Aigars Grins) Tests/ * removed work-around in t_cext.py ---------------------------------------------------------------- Released 2.4.44 2017-09-08 Changes since 2.4.43: Modules/ * more fine-grained GIL releasing in function l_ldap_result4() ---------------------------------------------------------------- Released 2.4.43 2017-09-06 Changes since 2.4.42: Lib/ * fixed passing all arguments from LDAPObject.sasl_non_interactive_bind_s() to LDAPObject.sasl_interactive_bind_s() Tests/ * added test for LDAPObject.sasl_external_bind_s() Doc/ * added docs for SASL bind methods * more references * better sorting of LDAPObject methods ---------------------------------------------------------------- Released 2.4.42 2017-09-04 Changes since 2.4.41: Lib/ * added new SlapdObject methods _ln_schema_files() and _create_sub_dirs() * SlapdObject methods setup_rundir() and gen_config() are now "public" methods * removed pseudo test script from module ldap.cidict Tests/ * added sub-module for testing class ldap.cidict.cidict * avoid deprecated method alias unittest.TestCase.assertEquals ---------------------------------------------------------------- Released 2.4.41 2017-07-12 Changes since 2.4.40: Lib/ * Added support for increment: lines in LDIF changes records ---------------------------------------------------------------- Released 2.4.40 2017-06-27 Changes since 2.4.39: Modules/ * fixed memory leaks when using extended controls (thanks to Erik Cumps) ---------------------------------------------------------------- Released 2.4.39 2017-05-31 Changes since 2.4.38: Lib/ * fixed errno-related ldap.TIMEOUT regression Lib/slapdtest.py * Removed obsolete assert statements ---------------------------------------------------------------- Released 2.4.38 2017-04-28 Changes since 2.4.37: Lib/slapdtest.py * SlapdObject now evaluates env var SLAPD for optionally pointing to OpenLDAP's slapd executable (e.g. with OpenLDAP LTB builds) * added LDAPI support in slaptest.SlapdObject which is internally used in methods ldapadd() and ldapwhoami() * added method slaptest.SlapdObject.ldapmodify() * fixed enabling logger in slaptest * directory name now contains port to be able to run several SlapdObject instances side-by-side (e.g. with replication) * added authz-regexp mapping to rootdn for user running the test * internally use SASL/EXTERNAL via LDAPI to bind * SlapdObject.server_id used as serverID in slapd.conf for MMR * Removed method SlapdObject.started() because SlapdTestCase.setUpClass() will be used to add initial entries Tests/ * ReconnectLDAPObject is also tested by sub-classing test class ---------------------------------------------------------------- Released 2.4.37 2017-04-27 Changes since 2.4.36: Lib/ * fixed errno-related regression introduced in 2.4.35 Tests/ * added more checks to t_cext.py * renamed t_search.py to t_ldapobject.py and code-cleaning * added test for errno-related regression to t_ldapobject.py ---------------------------------------------------------------- Released 2.4.36 2017-04-26 Changes since 2.4.35: Lib/ * gracefully handle KeyError in LDAPObject._ldap_call() when using errno * added new stand-alone module slapdtest (formerly Tests/slapd.py) for general use (still experimental) Tests/ * re-factored t_cext.py and t_search.py * set env var LDAPNOINIT=1 in t_cext.py and t_search.py to avoid interference with locally installed .ldaprc or ldap.conf * by default back-mdb is now used for slapd-based tests which requires fairly recent OpenLDAP builds but implements full feature set * env vars can be set for slapd.py to tweak path names of executables, temporary and schema data to be used * new class SlapdTestCase ---------------------------------------------------------------- Released 2.4.35 2017-04-25 Changes since 2.4.33: (2.4.34 is missing because of foolish pypi version madness) Modules/ * use errno in a safer way * set errno as LDAPError class item * do not use strerror() which is not thread-safe and platform-specific Lib/ * LDAPObject._ldap_call() sets LDAPError info to value returned by platform-neutral os.stderror() ---------------------------------------------------------------- Released 2.4.33 2017-04-25 Changes since 2.4.32: Lib/ * faster implementation of ldap.schema.tokenizer.split_tokens() (thanks to Christian Heimes) * removed unused 2nd argument of ldap.schema.tokenizer.split_tokens() * fixed method calls in ReconnectLDAPObject (thanks to Philipp Hahn) Modules/ * an empty info message is replaced with strerror(errno) if errno is non-zero which gives more information e.g. in case of ldap.SERVER_DOWN (thanks to Markus Klein) * removed superfluous ldap_memfree(error) from LDAPerror() (thanks to Markus Klein) Tests/ * re-factored t_ldap_schema_tokenizer.py ---------------------------------------------------------------- Released 2.4.32 2017-02-14 Changes since 2.4.31: Running tests made easier: - python setup.py test - added tox.ini ---------------------------------------------------------------- Released 2.4.31 2017-02-14 Changes since 2.4.30: Tests/ * new test scripts t_ldap_schema_tokenizer.py and t_ldap_modlist.py on former raw scripts (thanks to Petr Viktorin) * new test-cases in t_ldapurl.py based on former raw scripts (thanks to Petr Viktorin) * new test-cases in t_ldap_dn.py * moved a script to Demo/ ---------------------------------------------------------------- Released 2.4.30 2017-02-08 Changes since 2.4.29: Lib/ * compability fix in ldap.controls.deref to be compatible to recent pyasn1 0.2.x (thanks to Ilya Etingof) ---------------------------------------------------------------- Released 2.4.29 2017-01-25 Changes since 2.4.28: Modules/ * Fixed checking for empty server error message (thanks to Bradley Baetz) * Fixed releasing GIL when calling ldap_start_tls_s() (thanks to Lars Munch) ---------------------------------------------------------------- Released 2.4.28 2016-11-17 Changes since 2.4.27: Lib/ * LDAPObject.unbind_ext_s() invokes LDAPObject._trace_file.flush() only if LDAPObject._trace_level is non-zero and Python is running in debug mode * LDAPObject.unbind_ext_s() now ignores AttributeError in case LDAPObject._trace_file has no flush() method * added dummy method ldap.logger.logging_file_class.flush() because LDAPObject.unbind_ext_s() invokes it ---------------------------------------------------------------- Released 2.4.27 2016-08-01 Changes since 2.4.26: Lib/ * added 'strf_secs' and 'strp_secs' to ldap.functions.__all__ * fixed regression introduced with 2.4.26: ldif.LDIFParser did not fully parse LDIF records without trailing empty separator line ---------------------------------------------------------------- Released 2.4.26 2016-07-24 Changes since 2.4.25: Installation: * added ldap.controls.sss to py_modules in setup.py Lib/ * LDAPObject.unbind_ext() now removes class attribute LDAPObject._l to completely invalidate C wrapper object * LDAPObject.unbind_ext() now flushes trace file * ldap.ldapobject.SimpleLDAPObject: added convenience methods read_rootdse_s() and get_naming_contexts() * added functions ldap.strf_secs() and ldap.strp_secs() * added function ldap.filter.time_span_filter() * Refactored ldif.LDIFParser * ldif.LDIFParser.version ís now Integer * ignore multiple empty lines between records * Fixed ldap.dn.is_dn() Modules/ * Fixed #69 Segmentation fault on whoami_s after unbind (thanks to Christian Heimes and Petr Viktorin) Tests/ * Fixed result3() being used instead of correct result4() (see #66, thanks to David D. Riddle) * Tests/slapd.py honors env var $TMP instead of just using hard-coded /var/tmp * Tests/slapd.py now expects schema to be in /etc/openldap/ * Tests/t_ldapurl.py now independent of module ldap * Tests/t_ldif.py now has more test-cases including change records * added some more test scripts for sub-modules ldap.dn, ldap.filter and ldap.functions (not complete yet) ---------------------------------------------------------------- Released 2.4.25 2016-01-18 Changes since 2.4.23: (2.4.24 is missing because of foolish pypi version madness) Lib/ * Fix for attrlist=None regression introduced in 2.4.23 by ref count patch ---------------------------------------------------------------- Released 2.4.23 2016-01-17 Changes since 2.4.22: Modules/ * Ref count issue in attrs_from_List() was fixed (thanks to Elmir Jagudin) ---------------------------------------------------------------- Released 2.4.22 2015-10-25 Changes since 2.4.21: Lib/ * LDIFParser now also accepts value-spec without a space after the colon. * Added key-word argument authz_id to LDAPObject methods sasl_non_interactive_bind_s(), sasl_external_bind_s() and sasl_gssapi_bind_s() * Hmmpf! Added missing self to LDAPObject.fileno(). * ReconnectLDAPObject.sasl_bind_s() now correctly uses generic wrapper arguments *args,**kwargs * Correct method name LDIFParser.handle_modify() * Corrected __all__ in modules ldap.controls.pwdpolicy and ldap.controls.openldap Doc/ * Started missing docs for sub-module ldap.sasl. ---------------------------------------------------------------- Released 2.4.21 2015-09-25 Changes since 2.4.20: Lib/ * LDAPObject.read_s() now returns None instead of raising ldap.NO_SUCH_OBJECT in case the search operation returned emtpy result. * ldap.resiter.ResultProcessor.allresults() now takes new key-word argument add_ctrls which is internally passed to LDAPObject.result4() and lets the method also return response control along with the search results. * Added ldap.controls.deref implementing support for dereference control Tests/ * Unit tests for module ldif (thanks to Petr Viktorin) ---------------------------------------------------------------- Released 2.4.20 2015-07-07 Changes since 2.4.19: * New wrapping of OpenLDAP's function ldap_sasl_bind_s() allows to intercept the SASL handshake (thanks to René Kijewski) Modules/ * Added exceptions ldap.VLV_ERROR, ldap.X_PROXY_AUTHZ_FAILURE and ldap.AUTH_METHOD_NOT_SUPPORTED Lib/ * Abandoned old syntax when raising ValueError in modules ldif and ldapurl, more information in some exceptions. * ldap.ldapobject.LDAPObject: New convenience methods for SASL GSSAPI or EXTERNAL binds * Refactored parts in ldif.LDIFParser: - New class attributes line_counter and byte_counter contain amount of LDIF data read so far - Renamed some internally used methods - Added support for parsing change records currently limited to changetype: modify - New separate methods parse_entry_records() (also called by parse()) and parse_change_records() - Stricter order checking of dn:, changetype:, etc. - Removed non-existent 'AttrTypeandValueLDIF' from ldif.__all__ * New mix-in class ldap.controls.openldap.SearchNoOpMixIn adds convience method noop_search_st() to LDAPObject class * Added new modules which implement the control classes for Virtual List View (see draft-ietf-ldapext-ldapv3-vlv) and Server-side Sorting (see RFC 2891) (thanks to Benjamin Dauvergne) Note: This is still experimental! Even the API can change later. ---------------------------------------------------------------- Released 2.4.19 2015-01-10 Changes since 2.4.18: Lib/ * Fixed missing ReconnectLDAPObject._reconnect_lock when pickling (see SF#64, thanks to Dan O'Reilly) * Added ldap.controls.pagedresults which is pure Python implementation of Simple Paged Results Control (see RFC 2696) and delivers the correct result size ---------------------------------------------------------------- Released 2.4.18 2014-10-09 Changes since 2.4.17: Lib/ * Fixed raising exception in LDAPObject.read_s() when reading an entry returns empty search result ---------------------------------------------------------------- Released 2.4.17 2014-09-27 Changes since 2.4.16: Lib/ * New hook syncrepl_refreshdone() in ldap.syncrepl.SyncReplConsumer (thanks to Petr Spacek and Chris Mikkelson) Modules/ * Added support for getting file descriptor of connection with ldap.OPT_DESC ---------------------------------------------------------------- Released 2.4.16 2014-09-10 Changes since 2.4.15: Lib/ * New convenience function ldap.dn.is_dn() * New convenience function ldap.escape_str() * New convenience methods LDAPObject.read_s() and LDAPObject.find_unique_entry() * Fixed invoking start_tls_s() in ReconnectLDAPObject.reconnect() (thanks to Philipp Hahn) ---------------------------------------------------------------- Released 2.4.15 2014-03-24 Changes since 2.4.14: Lib/ * Added missing modules ldap.controls.openldap and ldap.controls.pwdpolicy to setup.py * Added missing imports to ldap.controls.pwdpolicy * Fixed ldap.controls.pwdpolicy.decodeControlValue() to decode string of digits * Support for X-SUBST in schema element class LDAPSyntax * Support for X-ORDERED and X-ORIGIN in schema element class AttributeType * ldapurl: New scope 'subordinates' defined in draft-sermersheim-ldap-subordinate-scope Modules/ * New constant ldap.SCOPE_SUBORDINATE derived from ldap.h for draft-sermersheim-ldap-subordinate-scope * Fixed constant ldap.sasl.CB_GETREALM (thanks to Martin Pfeifer) ---------------------------------------------------------------- Released 2.4.14 2014-01-31 Changes since 2.4.13: Lib/ * Added ldap.controls.openldap.SearchNoOpControl * New method ldap.async.AsyncSearchHandler.afterFirstResult() for doing something right after successfully receiving but before processing first result * Better log data written when invoking ldap.LDAPLock.acquire() and ldap.LDAPLock.release() * LDAPObject and friends now pass `desc' to ldap.LDAPLock() which results in better logging * ldapobject.ReconnectLDAPObject now uses internal class-wide lock for serializing reconnects * Method signature of ReconnectLDAPObject.reconnect() changed to be able to call it with separate retry_max and retry_delay values Modules/ * Added support for retrieving negotiated TLS version/cipher with LDAPObject.get_option() with the help of upcoming OpenLDAP libs ---------------------------------------------------------------- Released 2.4.13 2013-06-27 Changes since 2.4.12: Lib/ * ldapobject.ReconnectLDAPObject._apply_last_bind() now sends anonymous simple bind request even if the calling application did not to provoke ldap.SERVER_DOWN in method reconnect() * ldapobject.ReconnectLDAPObject.reconnect() now also catches ldap.TIMEOUT exception after reconnection attempt * Several other fixes for ldapobject.ReconnectLDAPObject (thanks to Jonathan Giannuzzi) ---------------------------------------------------------------- Released 2.4.12 2013-06-01 Changes since 2.4.11: Lib/ * Truly optional import of PyAsn1Error exception which should not fail anymore if pyasn1 is not installed ---------------------------------------------------------------- Released 2.4.11 2013-05-27 Changes since 2.4.10: Lib/ * ldap.controls.DecodeControlTuples() now simply ignores PyAsn1Error exception raised during decoding malformed response control values in case of non-critical controls. * ldif.LDIFWriter.unparse() does not simply skip empty records anymore. ---------------------------------------------------------------- Released 2.4.10 2012-06-07 Changes since 2.4.9: Lib/ * ldapobject.ReconnectLDAPObject.reconnect() now preserves order of options set with LDAPObject.set_option before. This is needed e.g. for setting connection-specific TLS options. Demo/ * Better version of Demo/pyasn1/syncrepl.py (thanks to Ben Cooksley) ---------------------------------------------------------------- Released 2.4.9 2012-03-14 Changes since 2.4.8: Lib/ * ldapobject.ReconnectLDAPObject.reconnect() now does kind of an internal locking to pause other threads while reconnecting is pending. * Changes to bind- and startTLS-related operation methods of class ReconnectLDAPObject for more robustness * New constant ldap.OPT_NAMES_DICT contains mapping from integer to variable name for all option-related constants. ---------------------------------------------------------------- Released 2.4.8 2012-02-21 Changes since 2.4.7: Lib/ * Fixed overzealous check for non-unique NAMEs in ldap.schema.subentry.SubSchema.__init__() * Fixed typos in control decoding method ldap.controls.simple.OctetStringInteger.decodeControlValue() * Added experimental support for draft-vchu-ldap-pwd-policy ---------------------------------------------------------------- Released 2.4.7 2012-12-19 Changes since 2.4.6: Lib/ * Separate classes for request/response controls for RFC 3829 * Fixed ldap.schema.subentry.SubSchema.attribute_types() to also eliminate double attribute types in MAY clause of DIT content rule Modules/ * Fixed memory leak (thanks to David Malcolm) ---------------------------------------------------------------- Released 2.4.6 2011-11-27 Changes since 2.4.5: Lib/ * ldap.controls.ppolicy: Another fix for decoding the password policy response control ---------------------------------------------------------------- Released 2.4.5 2011-11-25 Changes since 2.4.4: Installation: * defines for SASL and SSL in setup.cfg to be more friendly to Python setup tools (easy_install) Lib/ * Fixed typo in ldap.functions._ldap_function_call() which always released ldap._ldap_module_lock instead of local lock * ldap.controls.ppolicy: Fixed decoding the password policy response control Demo/ * Demo script for ldap.controls.ppolicy ---------------------------------------------------------------- Released 2.4.4 2011-10-26 Changes since 2.4.3: Modules/ * Format intermediate messages as 3-tuples instead of 4-tuples to match the format of other response messages. (thanks to Chris Mikkelson) * Fixes for memory leaks (thanks to Chris Mikkelson) Lib/ * New experimental(!) sub-module ldap.syncrepl implementing syncrepl consumer (see RFC 4533, thanks to Chris Mikkelson) Doc/ * Cleaned up rst files * Added missing classes ---------------------------------------------------------------- Released 2.4.3 2011-07-23 Changes since 2.4.2: Lib/ * Mostly corrected/updated __doc__ strings Doc/ * Corrected rst files * Added missing modules, functions, classes, methods, parameters etc. at least as auto-generated doc ---------------------------------------------------------------- Released 2.4.2 2011-07-21 Changes since 2.4.1: Lib/ Logging: * pprint.pformat() is now used when writing method/function arguments to the trace log ldap.schema.subentry: * SubSchema.__init__() now has new key-word argument check_uniqueness which enables checking whether OIDs are unique in the subschema subentry * Code-cleaning: consequent use of method SubSchema.getoid() instead of accessing SubSchema.name2oid directly. * SubSchema.getoid() and SubSchema.getoid() now have key-word argument raise_keyerror=0 and raise KeyError with appropriate description. ---------------------------------------------------------------- Released 2.4.1 2011-07-05 Changes since 2.4.0: Modules: * New LDAP option OPT_X_TLS_PACKAGE available in OpenLDAP 2.4.26+ to determine the name of the SSL/TLS package OpenLDAP was built with Lib/ * ldap.modlist.modifyModlist(): New key-word argument case_ignore_attr_types used to define attribute types for which comparison of old and new values should be case-insensitive * Minor changes to which data is sent to debug output for various trace levels * Now tag [1] is used in ldap.extop.dds.RefreshResponse in compliance with RFC 2589 (fix available for OpenLDAP ITS#6886) * New sub-module ldap.controls.sessiontrack implements request control as described in draft-wahl-ldap-session (needs pyasn1_modules) ---------------------------------------------------------------- Released 2.4.0 2011-06-02 Changes since 2.3.13: * OpenLDAP 2.4.11+ required to build * Support for extracting LDAPv3 extended controls in LDAP_RES_SEARCH_ENTRY responses (see SF#2829057, thanks to Rich) * Generic support for LDAPv3 extended operations (thanks to Rich) Lib/ * new class API in ldap.controls, not backwards-compatible! * new sub-modules for ldap.controls, some require pyasn1 and pyasn1_modules * New methods LDAPObject.result4() and LDAPObject.extop_result() * New (optional) class ldap.controls.AssertionControl * New helper module ldap.logger contains file-like object which sends trace messages to logging.log() * Removed non-functional method LDAPObject.set_cache_options() * Removed unused dictionary ldap.controls.knownLDAPControls Modules/ * ldapcontrol.c: Fixed encode_assertion_control() and function is no longer hidden behind ifdef-statement ---------------------------------------------------------------- Released 2.3.13 2011-02-19 Changes since 2.3.12: Modules/ * Correct #ifdef-statement for LDAP_OPT_X_TLS_CRLFILE in constants.c fixes build with older OpenLDAP libs * Support for LDAP_OPT_DEFBASE (see SF#3072016, thanks to Johannes) ---------------------------------------------------------------- Released 2.3.12 2010-08-05 Changes since 2.3.11: Lib/ * Removed tabs from various modules to make things work with python -tt. * Quick fix to ldif.is_dn() to let multi-valued RDNs pass as valid. Is too liberal in some corner-cases though... * Fix to ldif.is_dn() to allow dashes in attribute type (see SF#3020292) * ldap.open() now outputs a deprecation warning * module-wide locking is now limited to calling _ldap.initialize(). Still ldap.functions._ldap_function_call() is used to wrap all calls for writing debug log. Modules/ * New LDAP options available in OpenLDAP 2.4.18+ supported in LDAPObject.get/set_option(): ldap.OPT_X_KEEPALIVE_IDLE, ldap.OPT_X_KEEPALIVE_PROBES, ldap.OPT_X_KEEPALIVE_INTERVAL, ldap.OPT_X_TLS_CRLCHECK, ldap.OPT_X_TLS_CRLFILE Doc/ * Various small updates/improvements ---------------------------------------------------------------- Released 2.3.11 2010-02-26 Changes since 2.3.10: Lib/ * Fixed LDAP URL parsing with four ? but no real extensions * ldap.ldapobject.LDAPObject.rename_s() now also accepts arguments serverctrls and clientctrls * Removed untested and undocumented class ldap.ldapobject.SmartLDAPObject * Removed broken method ldap.ldapobject.LDAPObject.manage_dsa_it() Modules/ * Make use of LDAP_OPT_X_TLS_NEWCTX only if available in OpenLDAP libs used for the build * Fixed #ifdef-statements for OPT_X_TLS_PROTOCOL_MIN Doc/ * Some updates and corrections regarding description of use of LDAPv3 controls * Some more descriptions for constants * Removed comments related to old LaTeX-based documentation system ---------------------------------------------------------------- Released 2.3.10 2009-10-30 Changes since 2.3.9: Lib/ * The diagnosticMessage returned by a server is written to the trace output also for successful operations. * Fixed handling of LDAP URL extensions with implicit value None which are mapped to class attributes of LDAPUrl. * Fixed handling of LDAP URLs with ? being part of extensions. * Fixed exceptions raised by get_option/set_option (SF#1964993) * ldap.functions: Fixed import trace-related variables from base-module ldap * Fixed ldap.resiter missing in RPMs built with python setup.py bdist_rpm * Fix in class ldap.schema.models.SchemaElement: repr() was liberally used in methods key_attr() and key_list() to enclose values in quotes. Modules/ * Changed internal API List_to_LDAPControls() to LDAPControls_from_object() * Supported was added for retrieving the SASL username during SASL bind with ldap_get_option(LDAP_OPT_X_SASL_USERNAME) if available in libldap. * New LDAP option constant ldap.OPT_X_TLS_NEWCTX supported in LDAPObject.set_option() * New LDAP option constants supported in LDAPObject.get/set_option(): ldap.OPT_X_TLS_PROTOCOL_MIN, ldap.OPT_CONNECT_ASYNC, ldap.OPT_X_TLS_DHFILE * Fixed setting _ldap.OPT_ON and _ldap.OPT_OFF * l_ldap_result3(): controls are now parsed for all response types (SF#2829057) Doc/ * Added example for ldap.resiter ---------------------------------------------------------------- Released 2.3.9 2009-07-26 Changes since 2.3.8: Lib/ * All modules (ldap, ldif, dsml and ldapurl) have common version number now * Non-exported function ldif.needs_base64() was abandoned and is now implemented as method LDIFWriter._needs_base64_encoding(). This allows sub-classes of LDIFWriter to implement determining whether attribute values have to be base64-encoded in a different manner and is the same approach like in class dsml.DSMLWriter. * LDAPUrlExtension._parse() now gracefully handles LDAP URL extensions without explicit exvalue as being set with implicit value None. Modules/ * New LDAP option constant ldap.OPT_X_SASL_NOCANON supported in LDAPObject.get/set_option() ---------------------------------------------------------------- Released 2.3.8 2009-04-30 Changes since 2.3.7: Lib/ * ldap.schema.models: More fault-tolerant parsing of SYNTAX in AttributeTypeDescription * ldap.schema.tokenizer.split_tokens(): More tolerant parsing of items separated only with a DOLLAR without surrounding white-spaces (because WSP is declared as zero or more spaces in RFC 4512) ---------------------------------------------------------------- Released 2.3.7 2009-04-09 Changes since 2.3.6: Lib/ * urllib.quote() is now used in LDAPUrlExtension.unparse() to quote all special URL characters in extension values Modules/ * Fixed ldapcontrol.c not to raise ldap.ENCODING_ERROR in function encode_rfc2696() on 64-bit systems * Fixed seg fault if error code in a LDAP response was outside the known error codes and could not be mapped to a specific exception class (thanks to Sean) * errors.c: LDAP_ERROR_MAX set to LDAP_PROXIED_AUTHORIZATION_DENIED if available in OpenLDAP header * new exception class ldap.PROXIED_AUTHORIZATION_DENIED if available in OpenLDAP header * Fixed functions.c not to raise ldap.ENCODING_ERROR in function l_ldap_str2dn() on 64-bit systems (see SF#2725356) ---------------------------------------------------------------- Released 2.3.6 2009-02-22 Changes since 2.3.5: Lib/ * Importing ldap.str2dn() which directly imported _ldap.str2dn() is prohibited now (see SF#2181141) Modules/ * get_option(): Added support for reading more SASL options. (OPT_X_SASL_MECH, OPT_X_SASL_REALM, OPT_X_SASL_AUTHCID and OPT_X_SASL_AUTHZID) * Added some explicit type casts to fix issues while building with SunStudio * Fixed compiling issue with GCC 4.4 (see SF#2555793, thanks to Matej and Martin) Doc/ * Clarified not to use ldap_get_dn() directly * Fixed description of ldap.SASL_AVAIL and ldap.TLS_AVAIL (see SF#2555804, thanks to Matej and Martin) ---------------------------------------------------------------- Released 2.3.5 2008-07-06 Changes since 2.3.4: Lib/ * Fixed methods ldap.cidict.__contains__() and ldap.schema.models.Entry.__contains__() * FWIW method LDAPObject.cancel_s() returns a result now * Fixed ldap.schema.models.NameForm: Class attribute oc is now of type string, not tuple to be compliant with RFC 4512 ---------------------------------------------------------------- Released 2.3.4 2008-03-29 Changes since 2.3.3: Modules/ * Fixed seg fault when calling LDAPObject.get_option() (see SF#1926507, thanks to Matej) ---------------------------------------------------------------- Released 2.3.3 2008-03-26 Changes since 2.3.2: Fixed backward-compability when building with OpenLDAP 2.3.x libs. ---------------------------------------------------------------- Released 2.3.2 2008-03-26 Changes since 2.3.1: Lib/ * ldap.dn.escape_dn_chars() now really adheres to RFC 4514 section 2.4 by escaping null characters and a space occurring at the beginning of the string * New method ldap.cidict.cidict.__contains__() * ldap.dn.explode_dn() and ldap.dn.explode_rdn() have a new optional key-word argument flags which is passed to ldap.dn.str2dn(). Modules/ * Removed unused OPT_PRIVATE_EXTENSION_BASE from constants.c Doc/ * Various additions, updates, polishing (thanks to James). ---------------------------------------------------------------- Released 2.3.1 2007-07-25 Changes since 2.3.0: * Support for setuptools (building .egg, thanks to Torsten) * Support for matched values control (RFC 3876, thanks to Andreas) Lib/ * Fixed ldif (see SF#1709111, thanks to Dmitry) * ldap.schema.models: SUP now separated by $ (method __str__() of classes AttributeType, ObjectClass and DITStructureRule, thanks to Stefan) Modules/ * Added constant MOD_INCREMENT to support modify+increment extension (see RFC 4525, thanks to Andreas) ---------------------------------------------------------------- Released 2.3.0 2007-03-27 Changes since 2.2.1: * OpenLDAP 2.3+ required now to build. * Added support for Cancel operation ext. op. if supported in OpenLDAP API of the libs used for the build. Modules/ * Removed deprecated code for setting options by name * Added l_ldap_cancel() * Some modifications related to PEP 353 for Python 2.5 on 64-bit platforms (see SF#1467529, thanks to Matej) * Added new function l_ldap_str2dn(), removed functions l_ldap_explode_dn() and l_ldap_explode_rdn() (see SF#1657848, thanks to David) Lib/ * Added method ldapobject.LDAPObject.cancel() * ldap.schema.subentry.urlfetch() now can do non-anonymous simple bind if the LDAP URL provided contains extensions 'bindname' and 'X-BINDPW'. (see SF#1589206) * ldap.filter.escape_filter_chars() has new a key-word argument escape_mode now which defines which chars to be escaped (see SF#1193271). * Various important fixes to ldapobject.ReconnectLDAPObject * Moved all DN-related functions to sub-module ldap.dn, import them in ldap.functions for backward compability * ldap.dn.explode_dn() and ldap.dn.explode_rdn() use the new wrapper function ldap.dn.str2dn() (related to SF#1657848) * changetype issue partially fixed (see SF#1683746) ---------------------------------------------------------------- Released 2.2.1 2006-11-15 Changes since 2.2.0: Modules/ * Fix for Python 2.5 free(): invalid pointer (see SF#1575329) * passwd() accepts None for arguments user, oldpw, newpw (see SF#1440151) Lib/ * ldif.LDIFWriter.unparse() now accepts instances of derived dict and list classes (see SF#1489898) ---------------------------------------------------------------- Released 2.2.0 2006-04-10 Changes since 2.0.11: * OpenLDAP 2.2+ required now to build. Modules/ * Dropped all occurences of '#ifdef #LDAP_VENDOR_VERSION'. * Fixed wrong tuple size in l_ldap_result3() (see SF#1368108) * Fixed get_option(ldap.OPT_API_INFO) (see SF#1440165) * Fixed memory leak in l_ldap_result3() when all=0 (see SF#1457325) * Fixed memory leak in l_ldap_result3() in error cases (see SF#1464085) Lib/ * Fixed ldap.schema.models.DITStructureRule.__str__() to separate SUP rule-ids with a single space instead of ' $ ' * Fixed ldap.async.Dict * Added ldap.async.IndexedDict * ldap.schema.subentry.SubSchema.attribute_types() has new key-word argument ignore_dit_content_rule ---------------------------------------------------------------- Released 2.0.11 2005-11-07 Changes since 2.0.10: Lib/ * Class ldap.ldapobject.LDAPObject: Each method returns a result now * Class ldap.ldapobject.ReconnectLDAPObject: Some methods called the wrong methods of LDAPObject. Fixed. * Added new class ldap.async.Dict * Slightly cleaned up ldap.schema.subentry.attribute_types() * New sub-module ldap.resiter which simply provides a mix-in class for ldap.ldapobject.LDAPObject with a generator method allresults(). Obviously this only works with Python 2.3+. And it's still experimental. ---------------------------------------------------------------- Released 2.0.10 2005-09-23 Changes since 2.0.9: Lib/ * Switched back to old implementation of ldap.schema.tokenizer.split_tokens() since the new one had a bug which deletes the spaces from DESC * ldap.INSUFFICIENT_ACCESS is now ignored in ldap.ldapobject.LDAPObject.search_subschemasubentry_s() ---------------------------------------------------------------- Released 2.0.9 2005-07-28 Changes since 2.0.8: Modules/ * Removed __doc__ strings from ldapcontrol.c to "fix" build problems with Python versions 2.2 and earlier. ---------------------------------------------------------------- Released 2.0.8 2005-06-22 at Linuxtag 2005, Karlsruhe, Germany Changes since 2.0.7: * Preliminary support for receiving LDAP controls added. Contributor: - Andreas Ames Lib/ - Added classes in module ldif to ldif.__all__ to fix from ldif import * - Removed BitString syntax from ldap.schema.models.NOT_HUMAN_READABLE_LDAP_SYNTAXES since the LDAP encoding is in fact human-readable - ldapurl.LDAPUrlExtension.unparse() outputs empty string if LDAPUrlExtension.exvalue is None - Added ldap.controls.SimplePagedResultsControl ---------------------------------------------------------------- Released 2.0.7 2005-04-29 Changes since 2.0.6: * Added preliminary support for sending LDAP controls with a request. Contributors: - Deepak Giridharagopal - Ingo Steuwer (Receiving controls in LDAP results still not supported.) Modules: * LDAPObject.c: removed l_ldap_manage_dsa_it() * LDAPObject.c: Added missing #ifdef around l_ldap_passwd() for compability with older OpenLDAP libs. Lib/ * New algorithm in ldap.schema.tokenizer.split_tokens() contributed by Wido Depping which is more robust when parsing very broken schema elements (e.g. Oracle's OID). * Fixed argument list (position of timeout) when calling LDAPObject.search_ext_s() from search_st() and search_s(). * LDAPObject.search_ext_s() correctly calls search_ext_s() now. * Re-implemented LDAPObject.manage_dsa_it() without calling _ldap. ---------------------------------------------------------------- Released 2.0.6 2004-12-03 Changes since 2.0.5: Lib/ * Added sub-module ldap.dn * Added function ldap.dn.escape_dn_chars() * Special check when implicitly setting SUP 'top' to structural object classes without SUP defined to avoid a loop in the super class chain. ---------------------------------------------------------------- Released 2.0.5 2004-11-11 Changes since 2.0.4: Some small improvements for SASL: The noisy output during SASL bind is avoided now. Interaction with output on stderr can be enabled by the calling application by explicitly defining SASL flags. Removed obsolete directory Win32/. Lib/ * Make sure that ldap.sasl.sasl.cb_value_dict is a dictionary even when the caller passes in None to argument cb_value_dict * Added new key-word arg sasl_flags to method LDAPObject.sasl_interactive_bind_s() Modules/ * l_ldap_sasl_interactive_bind_s(): New key-word arg sasl_flags passed to ldap_sasl_interactive_bind_s() ---------------------------------------------------------------- Released 2.0.4 2004-10-27 Changes since 2.0.3: Modules/ * Applied some fixes for 64-bit platforms to LDAPObject.c * Constants ldap.TLS_AVAIL and ldap.SASL_AVAIL will indicate whether python-ldap was built with support for SSL/TLS and/or SASL setup.py and Modules/ * Applied some fixes for building under Win32 ---------------------------------------------------------------- Released 2.0.3 2004-10-06 Changes since 2.0.2: * Added support for LDAP Password Modify Extended Operation (see RFC 3062) Demo/: * Added passwd_ext_op.py Modules/ * Added l_ldap_passwd() in LDAPObject.c Lib/ * Added methods passwd() and passwd_s() to ldap.ldapobject.LDAPObject ---------------------------------------------------------------- Released 2.0.2 2004-07-29 Changes since 2.0.1: Modules/ * Fixed detecting appropriate OpenLDAP libs version for determining whether ldap_whoami_s() is available or not. This fixes build problems with OpenLDAP libs 2.1.0 up to 2.1.12. ---------------------------------------------------------------- Released 2.0.1 2004-06-29 Changes since 2.0.0: dsml: * Fixed wrong exception message format string ldap.schema.models: * Fixed Entry.__delitem__() to delete really everything when deleting an attribute dictionary item. ---------------------------------------------------------------- Released 2.0.0 2004-05-18 Changes since 2.0.0pre21: ldif: * Empty records are simply ignored in ldif.LDIFWriter.unparse() Modules/ * New method result2() returns 3-tuple containing the msgid of the outstanding operation. ldap.ldapobject: * New _ldap wrapper method LDAPObject.result2() (see above) which is now used by LDAPObject.result(). ---------------------------------------------------------------- Released 2.0.0pre21 2004-03-29 Changes since 2.0.0pre20: setup.py: * runtime_library_dirs is set Modules/ * (Hopefully) fixed building with OpenLDAP 2.2 libs in errors.c * Removed meaningless repr() function from LDAPObject.c * Removed setting LDAP_OPT_PROTOCOL_VERSION in l_ldap_sasl_bind_s() * Modified string handling via berval instead of *char in l_ldap_compare_ext() makes it possible to compare attribute values with null chars. * Wrapped ldap_sasl_bind() for simple binds instead of ldap_bind() since 1. the latter is marked deprecated and 2. ldap_sasl_bind() allows password credentials with null chars. * Removed unused sources linkedlist.c and linkedlist.h * Function l_ldap_whoami_s() only added if built against OpenLDAP 2.1.x+ libs (should preserve compability with 2.0 libs) ldap.ldapobject: * LDAPObject.bind() only allows simple binds since Kerberos V4 binds of LDAPv2 are not supported anymore. An assert statement was added to make the coder aware of that. * Renamed former LDAPObject.sasl_bind_s() to LDAPObject.sasl_interactive_bind_s() since it wraps OpenLDAP's ldap_sasl_interactive_bind_s() ---------------------------------------------------------------- Released 2.0.0pre20 2004-03-19 Changes since 2.0.0pre19: Modules/ * Removed doc strings from functions.c * Removed probably unused wrapper function l_ldap_dn2ufn() since ldap_dn2ufn() is deprecated in OpenLDAP 2.1+ * Removed wrapper function l_ldap_is_ldap_url(). * Removed macro add_int_r() from constants.c since it caused incompability issues with OpenLDAP 2.2 libs (Warning: all result types are Integers now! Use the constants!) * New wrapper function l_ldap_whoami_s() ldap.ldapobject: * New wrapper method LDAPObject.whoami_s() ldap.functions: * Removed is_ldap_url(). The more general function ldapurl.isLDAPUrl() should be used instead. ldap.sasl: * Added class cram_md5 (for SASL mech CRAM-MD5) ldap.async: * Use constants for search result types (see note about add_int_r() above). ---------------------------------------------------------------- Released 2.0.0pre19 2004-01-22 Changes since 2.0.0pre18: Modules/ * LDAPObject.c: Most deprecated functions of OpenLDAP C API are not used anymore. * functions.c: Removed unused default_ldap_port(). * constants.c: Removed unused or silly constants AUTH_KRBV4, AUTH_KRBV41, AUTH_KRBV42, URL_ERR_BADSCOPE, URL_ERR_MEM * errors.c: Fixed building with OpenLDAP 2.2.x (errors caused by negative error constants in ldap.h) ldap.ldapobject.LDAPObject: * Removed unused wrapper methods uncache_entry(), uncache_request(), url_search(), url_search_st() and url_search_s() * New wrapper methods for all the _ext() methods in _ldap.LDAPObject. ldap.modlist: * Some performance optimizations and simplifications in function modifyModlist() ---------------------------------------------------------------- Released 2.0.0pre18 2003-12-09 Changes since 2.0.0pre17: ldap.ldapobject: * Fixed missing ldap._ldap_function_call() in ReconnectLDAPObject.reconnect() ---------------------------------------------------------------- Released 2.0.0pre17 2003-12-03 Changes since 2.0.0pre16: ldap.functions: * Fixed ImportError when running python -O ---------------------------------------------------------------- Released 2.0.0pre16 2003-12-02 Changes since 2.0.0pre15: Modules/ * Removed definition of unused constant RES_EXTENDED_PARTIAL since the corresponding symbol LDAP_RES_EXTENDED_PARTIAL seems to not be available in OpenLDAP-HEAD (pre 2.2) anymore. All in Lib/ * Fixed some subtle bugs/oddities mentioned by pychecker. dsml: * Renamed DSMLWriter._f to DSMLWriter._output_file * Added wrapper method DSMLWriter.unparse() which simply calls DSMLWriter.writeRecord() ldap.ldapobject: * Simplified LDAPObject.search_subschemasubentry_s() ldap.functions: * Moved ldap._ldap_function_call() into ldap.functions. * apply() is not used anymore since it seems deprecated ldap.async: * Added class DSMLWriter ldap.schema: * Removed unused key-word argument strict from ldap.schema.subentry.SubSchema.attribute_types() * Fixed backward compability issue (for Python prior to 2.2) in ldap.schema.subentry.SubSchema.listall() ---------------------------------------------------------------- Released 2.0.0pre15 2003-11-11 Changes since 2.0.0pre14: Modules/ Follow rule "Always include Python.h first" ldap.schema.subentry: * Added new method SubSchema.get_structural_oc() * Added new method SubSchema.get_applicable_aux_classes() * Methods SubSchema.listall() and SubSchema.tree() have new key-word argument schema_element_filters * Support for DIT content rules in SubSchema.attribute_types() ---------------------------------------------------------------- Released 2.0.0pre14 2003-10-03 Changes since 2.0.0pre13: setup.py: * Some modifications to ease building for Win32 * Added directory Build/ mainly intended for platform-specific examples of setup.cfg * Fixed installing ldap.filter ldap.ldapobject: * Added class attribute LDAPObject.network_timeout mapped to set_option(ldap.OPT_NETWORK_TIMEOUT,..) * LDAPObject.search_ext(): Pass arguments serverctrls,clientctrls to _ldap.search_ext() ldap.sasl: * Added class ldap.sasl.external for handling the SASL mechanism EXTERNAL * Dictionary ldap.sasl.saslmech_handler_class built during import for all the known SASL mechanisms derived from class definitions ldap.schema: * More graceful handling of KeyError in SubSchema.attribute_types() * New method SubSchema.get_inheritedattr() for retrieving inherited class attributes * New method SubSchema.get_inheritedobj() for retrieving a schema element instance including all inherited class attributes ---------------------------------------------------------------- Released 2.0.0pre13 2003-06-02 Changes since 2.0.0pre12: ldap.async: * Checking type of argument writer_obj relaxed in LDIFWriter.__init__() since file-like objects are not necessarily an instance of file. ldap.schema: * ldap.schema.subentry.SubSchema.attribute_types() now correctly handles attribute types without NAME set * If SUP is not defined for a structural object class 'top' is assumed to be the only super-class by default * '_' is now the abstract top node in SubSchema.tree() for all schema element classes since ABSTRACT and AUXILIARY object classes are not derived from 'top' by default ---------------------------------------------------------------- Released 2.0.0pre12 2003-05-27 Changes since 2.0.0pre11: New sub-module ldap.filter: * Added functions escape_filter_chars() and filter_format() ldap.ldapobject: * Trace log writes LDAP URI of connection instead of module name * search_s() passes self.timeout as argument timeout when calling search_ext_s() * Key-word arguments for simple_bind() and simple_bind_s() with defaults for anonymous bind. * LDAPObject.protocol_version is set to LDAPv3 as default (this might make code changes necessary in a real LDAPv2 environment) * Default for key-word argument trace_stack_limit passed to __init__() is 5 * Updated __doc__ strings * Aligned and tested ReconnectLDAPObject and SmartLDAPObject ldap.async: * LDIFWriter uses ldif.LDIFWriter instead of calling function ldif.CreateLDIF * LDIFWriter accepts either file-like object or ldif.LDIFWriter instance as argument for specifying the output ldif: * Abandoned argument all_records of LDIFRecordList.__init__() ldapurl: * urllib.unquote() used instead of urllib.unquote_plus() ---------------------------------------------------------------- Released 2.0.0pre11 2003-05-02 Changes since 2.0.0pre10: ldap.ldapobject: * Cosmetic change: Named argument list for LDAPObject.compare() instead of *args,**kwargs. * Fixed bug in ReconnectLDAPObject._apply_method_s() affecting compability with Python 2.0. The bug was introduced with 2.0.0pre09 by dropping use of apply(). ldap.modlist: * modifyModlist(): Only None is filtered from attribute value lists, '' is preserved as valid attribute value. But filtering applies to old_value and new_value now. ldap.schema: * Zero-length attribute values for schema elements are ignored (needed on e.g. Active Directory) dsml: Added support for parsing and generating DSMLv1. Still experimental though. ---------------------------------------------------------------- Released 2.0.0pre10 2003-04-19 Changes since 2.0.0pre09: ldap.schema: * Emulate BooleanType for compability with Python2.3 in assert statements ---------------------------------------------------------------- Released 2.0.0pre09 2003-04-19 Changes since 2.0.0pre08: Modified setup.py to support Cyrus-SASL 2.x. ldap.ldapobject: * apply() is not used anymore since it seems deprecated * Fixed __setstate__() and __getstate__() of ReconnectLDAPObject ldap.schema: * Completed classes for nameForms, dITStructureRules and dITContentRules ---------------------------------------------------------------- Released 2.0.0pre08 2003-04-11 Changes since 2.0.0pre07: ldap.schema: * For backward compability with Python versions prior to 2.2 Lib/ldap/schema/tokenizer.py and Lib/ldap/schema/models.py use (()) instead of tuple() for creating empty tuples. ---------------------------------------------------------------- Released 2.0.0pre07 2003-04-03 Changes since 2.0.0pre06: LDAPObject.c: * Wrapped OpenLDAP's ldap_search_ext() * Removed empty __doc__ strings * Removed fileno * Removed all stuff related to caching in OpenLDAP libs ldap.ldapobject: * Fixed SASL rebind in ldap.ldapobject.ReconnectLDAPObject * use search_ext() instead ldap_search() * new class attribute timeout for setting a global time-out value for all synchronous operations ldap.schema: * Fixed two typos in ldap.schema.models * Some attempts to improve performance of parser/tokenizer * Completely reworked to have separate OID dictionaries for the different schema element classes * Fixed the Demo/schema*.py to reflect changes to ldap.schema Documentation updates and various __doc__ string modifications. ldapurl: * Removed all Unicode stuff from module ldapurl * Consistent URL encoding in module ldapurl ldif: * Removed ldif.FileWriter * Proper handling of FILL (see RFC 2849) ---------------------------------------------------------------- Released 2.0.0pre06 2002-09-23 Changes since 2.0.0pre05: - Fine-grained locking when linking against libldap_r - New wrapper class ldap.ReconnectLDAPObject - Security fix to module ldapurl - Other fixes and improvements to whole package - LDAPv3 schema support (still somewhat premature and undocumented) ---------------------------------------------------------------- Released 2.0.0pre05 2002-07-20 ---------------------------------------------------------------- Released 2.0.0pre04 2002-02-09 ---------------------------------------------------------------- Released 2.0.0pre02 2002-02-01 ---------------------------------------------------------------- Released 1.10alpha3 2000-09-19 ././@PaxHeader0000000000000000000000000000003400000000000010212 xustar0028 mtime=1700253999.7692356 python-ldap-3.4.4/Demo/0000755000175000017500000000000014525750460015125 5ustar00spichugispichugi././@PaxHeader0000000000000000000000000000003400000000000010212 xustar0028 mtime=1700253999.7642357 python-ldap-3.4.4/Demo/Lib/0000755000175000017500000000000014525750460015633 5ustar00spichugispichugi././@PaxHeader0000000000000000000000000000003400000000000010212 xustar0028 mtime=1700253999.7642357 python-ldap-3.4.4/Demo/Lib/ldap/0000755000175000017500000000000014525750460016553 5ustar00spichugispichugi././@PaxHeader0000000000000000000000000000003400000000000010212 xustar0028 mtime=1700253999.7692356 python-ldap-3.4.4/Demo/Lib/ldap/async/0000755000175000017500000000000014525750460017670 5ustar00spichugispichugi././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/Lib/ldap/async/deltree.py0000644000175000017500000000510514521037673021667 0ustar00spichugispichugiimport ldap,ldap.async class DeleteLeafs(ldap.async.AsyncSearchHandler): """ Class for deleting entries which are results of a search. DNs of Non-leaf entries are collected in DeleteLeafs.nonLeafEntries. """ _entryResultTypes = ldap.async._entryResultTypes def __init__(self,l): ldap.async.AsyncSearchHandler.__init__(self,l) self.nonLeafEntries = [] self.deletedEntries = 0 def startSearch(self,searchRoot,searchScope): if not searchScope in [ldap.SCOPE_ONELEVEL,ldap.SCOPE_SUBTREE]: raise ValueError("Parameter searchScope must be either ldap.SCOPE_ONELEVEL or ldap.SCOPE_SUBTREE.") self.nonLeafEntries = [] self.deletedEntries = 0 ldap.async.AsyncSearchHandler.startSearch( self, searchRoot, searchScope, filterStr='(objectClass=*)', attrList=['hasSubordinates','numSubordinates'], attrsOnly=0, ) def _processSingleResult(self,resultType,resultItem): if resultType in self._entryResultTypes: # Don't process search references dn,entry = resultItem hasSubordinates = entry.get( 'hasSubordinates', entry.get('hassubordinates',['FALSE'] ) )[0] numSubordinates = entry.get( 'numSubordinates', entry.get('numsubordinates',['0']) )[0] if hasSubordinates=='TRUE' or int(numSubordinates): self.nonLeafEntries.append(dn) else: try: self._l.delete_s(dn) except ldap.NOT_ALLOWED_ON_NONLEAF as e: self.nonLeafEntries.append(dn) else: self.deletedEntries = self.deletedEntries+1 def DelTree(l,dn,scope=ldap.SCOPE_ONELEVEL): """ Recursively delete entries below or including entry with name dn. """ leafs_deleter = DeleteLeafs(l) leafs_deleter.startSearch(dn,scope) leafs_deleter.processResults() deleted_entries = leafs_deleter.deletedEntries non_leaf_entries = leafs_deleter.nonLeafEntries[:] while non_leaf_entries: dn = non_leaf_entries.pop() print(deleted_entries,len(non_leaf_entries),dn) leafs_deleter.startSearch(dn,ldap.SCOPE_SUBTREE) leafs_deleter.processResults() deleted_entries = deleted_entries+leafs_deleter.deletedEntries non_leaf_entries.extend(leafs_deleter.nonLeafEntries) return # DelTree() # Create LDAPObject instance l = ldap.initialize('ldap://localhost:1390') # Try a bind to provoke failure if protocol version is not supported l.simple_bind_s('cn=Directory Manager,dc=IMC,dc=org','controller') # Delete all entries *below* the entry dc=Delete,dc=IMC,dc=org DelTree(l,'dc=Delete,dc=IMC,dc=org',ldap.SCOPE_ONELEVEL) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/Lib/ldap/async/ldifwriter.py0000644000175000017500000000154714521037673022424 0ustar00spichugispichugi""" ldifwriter - using ldap.async module for output of LDIF stream of LDAP search results Written by Michael Stroeder This example translates the naming context of data read from input, sanitizes some attributes, maps/removes object classes, maps/removes attributes., etc. It's far from being complete though. """ import sys,ldap,ldap.async s = ldap.async.LDIFWriter( ldap.initialize('ldap://localhost:1390'), sys.stdout ) s.startSearch( 'dc=stroeder,dc=de', ldap.SCOPE_SUBTREE, '(objectClass=*)', ) try: partial = s.processResults() except ldap.SIZELIMIT_EXCEEDED: sys.stderr.write('Warning: Server-side size limit exceeded.\n') else: if partial: sys.stderr.write('Warning: Only partial results received.\n') sys.stderr.write( '%d results received.\n' % ( s.endResultBreak-s.beginResultsDropped ) ) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/Lib/ldap/async/sizelimit.py0000644000175000017500000000162714521037673022261 0ustar00spichugispichugi""" ldifwriter - using ldap.async module for retrieving partial results in a list even though the exception ldap.SIZELIMIT_EXCEEDED was raised.output of LDIF stream Written by Michael Stroeder This example translates the naming context of data read from input, sanitizes some attributes, maps/removes object classes, maps/removes attributes., etc. It's far from being complete though. """ import sys,ldap,ldap.async s = ldap.async.List( ldap.initialize('ldap://localhost:1390'), ) s.startSearch( 'dc=stroeder,dc=de', ldap.SCOPE_SUBTREE, '(objectClass=*)', ) try: partial = s.processResults() except ldap.SIZELIMIT_EXCEEDED: sys.stderr.write('Warning: Server-side size limit exceeded.\n') else: if partial: sys.stderr.write('Warning: Only partial results received.\n') sys.stderr.write( '%d results received.\n' % ( len(s.allResults) ) ) ././@PaxHeader0000000000000000000000000000003400000000000010212 xustar0028 mtime=1700253999.7692356 python-ldap-3.4.4/Demo/Lib/ldapurl/0000755000175000017500000000000014525750460017276 5ustar00spichugispichugi././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/Lib/ldapurl/urlsearch.py0000644000175000017500000000144514521037673021644 0ustar00spichugispichugi""" Do a search with the LDAP URL specified at command-line. No output of LDAP data is produced except trace output. """ import sys,getpass,ldap,ldapurl try: ldapUrl = ldapurl.LDAPUrl(ldapUrl=sys.argv[1]) except IndexError: print('Usage: %s [LDAP URL]' % (sys.argv[0])) sys.exit(1) for a in [ 'urlscheme','hostport','dn','attrs','scope', 'filterstr','extensions','who','cred' ]: print(a,repr(getattr(ldapUrl,a))) l = ldap.initialize(ldapUrl.initializeUrl(),trace_level=1) if ldapUrl.who!=None: if ldapUrl.cred!=None: cred=ldapUrl.cred else: print('Enter password for simple bind with',repr(ldapUrl.who)) cred=getpass.getpass() l.simple_bind_s(ldapUrl.who,cred) res = l.search_s(ldapUrl.dn,ldapUrl.scope,ldapUrl.filterstr,ldapUrl.attrs) print(len(res),'search results') ././@PaxHeader0000000000000000000000000000003400000000000010212 xustar0028 mtime=1700253999.7692356 python-ldap-3.4.4/Demo/Lib/ldif/0000755000175000017500000000000014525750460016551 5ustar00spichugispichugi././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/Lib/ldif/ldifcopy.py0000644000175000017500000000103114521037673020727 0ustar00spichugispichugi""" ldifcopy - reads LDIF from stdin, retrieve values by URL and write resulting LDIF to stdout Written by Michael Stroeder This example translates the naming context of data read from input, sanitizes some attributes, maps/removes object classes, maps/removes attributes., etc. It's far from being complete though. """ import sys,ldif infile = sys.stdin outfile = sys.stdout ldif_collector = ldif.LDIFCopy( infile, outfile, process_url_schemes=['file','ftp','http'] ) ldif_collector.parse() ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/initialize.py0000644000175000017500000000613414521037673017644 0ustar00spichugispichugi""" Various examples how to connect to a LDAP host with the new factory function ldap.initialize() introduced in OpenLDAP 2 API. Assuming you have LDAP servers running on ldap://localhost:1390 (LDAP with StartTLS) ldaps://localhost:1391 (LDAP over SSL) ldapi://%2ftmp%2fopenldap2 (domain socket /tmp/openldap2) """ import sys,os,ldap # Switch off processing .ldaprc or ldap.conf os.environ['LDAPNOINIT']='1' # Set debugging level #ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) ldapmodule_trace_level = 1 ldapmodule_trace_file = sys.stderr ldap._trace_level = ldapmodule_trace_level # Complete path name of the file containing all trusted CA certs CACERTFILE='/etc/ssl/ca-bundle.pem' print("""################################################################## # LDAPv3 connection with StartTLS ext. op. ################################################################## """) # Create LDAPObject instance l = ldap.initialize('ldap://localhost:1390',trace_level=ldapmodule_trace_level,trace_file=ldapmodule_trace_file) # Set LDAP protocol version used l.protocol_version=ldap.VERSION3 # Force cert validation l.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,ldap.OPT_X_TLS_DEMAND) # Set path name of file containing all trusted CA certificates l.set_option(ldap.OPT_X_TLS_CACERTFILE,CACERTFILE) # Force libldap to create a new SSL context (must be last TLS option!) l.set_option(ldap.OPT_X_TLS_NEWCTX,0) # Now try StartTLS extended operation l.start_tls_s() print('***ldap.OPT_X_TLS_VERSION',l.get_option(ldap.OPT_X_TLS_VERSION)) print('***ldap.OPT_X_TLS_CIPHER',l.get_option(ldap.OPT_X_TLS_CIPHER)) # Try an explicit anon bind to provoke failure l.simple_bind_s('','') # Close connection l.unbind_s() print("""################################################################## # LDAPv3 connection over SSL ################################################################## """) # Create LDAPObject instance l = ldap.initialize('ldaps://localhost:1391',trace_level=ldapmodule_trace_level,trace_file=ldapmodule_trace_file) # Set LDAP protocol version used l.protocol_version=ldap.VERSION3 # Force cert validation l.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,ldap.OPT_X_TLS_DEMAND) # Set path name of file containing all trusted CA certificates l.set_option(ldap.OPT_X_TLS_CACERTFILE,CACERTFILE) # Force libldap to create a new SSL context (must be last TLS option!) l.set_option(ldap.OPT_X_TLS_NEWCTX,0) # Try an explicit anon bind to provoke failure l.simple_bind_s('','') print('***ldap.OPT_X_TLS_VERSION',l.get_option(ldap.OPT_X_TLS_VERSION)) print('***ldap.OPT_X_TLS_CIPHER',l.get_option(ldap.OPT_X_TLS_CIPHER)) # Close connection l.unbind_s() print("""################################################################## # LDAPv3 connection over Unix domain socket ################################################################## """) # Create LDAPObject instance l = ldap.initialize('ldapi://%2ftmp%2fopenldap-socket',trace_level=ldapmodule_trace_level,trace_file=ldapmodule_trace_file) # Set LDAP protocol version used l.protocol_version=ldap.VERSION3 # Try an explicit anon bind to provoke failure l.simple_bind_s('','') # Close connection l.unbind_s() ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/ldapcontrols.py0000644000175000017500000000150314521037673020202 0ustar00spichugispichugiimport ldap,ldapurl,pprint from ldap.controls import LDAPControl,BooleanControl l = ldap.initialize('ldap://localhost:1390',trace_level=2) print(60*'#') pprint.pprint(l.get_option(ldap.OPT_SERVER_CONTROLS)) l.manage_dsa_it(1,1) pprint.pprint(l.get_option(ldap.OPT_SERVER_CONTROLS)) print(60*'#') # Search with ManageDsaIT control (which has no value) pprint.pprint(l.search_ext_s( 'cn=Test-Referral,ou=Testing,dc=stroeder,dc=de', ldap.SCOPE_BASE, '(objectClass=*)', ['*','+'], serverctrls = [ LDAPControl('2.16.840.1.113730.3.4.2',1,None) ], )) print(60*'#') # Search with Subentries control (which has boolean value) pprint.pprint(l.search_ext_s( 'dc=stroeder,dc=de', ldap.SCOPE_SUBTREE, '(objectClass=subentry)', ['*','+'], serverctrls = [ BooleanControl('1.3.6.1.4.1.4203.1.10.1',1,1) ], )) print(60*'#') ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/ldapurl_search.py0000644000175000017500000000152214521037673020467 0ustar00spichugispichugiimport sys,pprint,ldap from ldap.ldapobject import LDAPObject from ldapurl import LDAPUrl class MyLDAPUrl(LDAPUrl): attr2extype = { 'who':'bindname', 'cred':'X-BINDPW', 'start_tls':'startTLS', 'trace_level':'trace', } ldap_url = MyLDAPUrl(sys.argv[1]) trace_level = int(ldap_url.trace_level or '0') print('***trace_level',trace_level) ldap.trace_level = trace_level l = LDAPObject( ldap_url.initializeUrl(), trace_level=trace_level, ) l.protocol_version = 3 l.set_option(ldap.OPT_REFERRALS,0) l.simple_bind_s((ldap_url.who or ''),(ldap_url.cred or '')) result = l.search_s( ldap_url.dn, ldap_url.scope or ldap.SCOPE_SUBTREE, ldap_url.filterstr or '(objectClass=*)', ldap_url.attrs or ['*'] ) pprint.pprint(result) print('***DIAGNOSTIC_MESSAGE',repr(l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE))) l.unbind_s() ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/matchedvalues.py0000644000175000017500000000356514521037673020335 0ustar00spichugispichugi#!/usr/bin/env python # # demo for matched values control (RFC 3876) # # suppose the uid=jsmith LDAP entry has two mail attributes: # # dn: uid=jsmith,ou=People,dc=example,dc=com # (...) # mail: jsmith@example.com # mail: jsmith@example.org # # Let's say you want to fetch only the example.org email. Without MV, # you would first fetch all mail attributes and then filter them further # on the client. With the MV control, the result can be given to the # client already filtered. # # Sample output: # $ ./matchedvalues.py # LDAP filter used: (&(objectClass=inetOrgPerson)(mail=*@example.org)) # Requesting 'mail' attribute back # # No matched values control: # dn: uid=jsmith,ou=People,dc=example,dc=com # mail: jsmith@example.org # mail: john@example.com # # Matched values control: (mail=*@example.org) # dn: uid=jsmith,ou=People,dc=example,dc=com # mail: jsmith@example.org import ldap from ldap.controls import MatchedValuesControl def print_result(search_result): for n in range(len(search_result)): print("dn: %s" % search_result[n][0]) for attr in search_result[n][1].keys(): for i in range(len(search_result[n][1][attr])): print("{}: {}".format(attr, search_result[n][1][attr][i])) print uri = "ldap://ldap.example.com" base = "dc=example,dc=com" scope = ldap.SCOPE_SUBTREE filter = "(&(objectClass=inetOrgPerson)(mail=*@example.org))" control_filter = "(mail=*@example.org)" ld = ldap.initialize(uri) mv = MatchedValuesControl(criticality=True, controlValue=control_filter) res = ld.search_ext_s(base, scope, filter, attrlist = ['mail']) print("LDAP filter used: %s" % filter) print("Requesting 'mail' attribute back") print print("No matched values control:") print_result(res) res = ld.search_ext_s(base, scope, filter, attrlist = ['mail'], serverctrls = [mv]) print("Matched values control: %s" % control_filter) print_result(res) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/ms_ad_bind.py0000644000175000017500000000204314521037673017555 0ustar00spichugispichugi# How to bind to MS AD with python-ldap and various methods import ldap,ldap.sasl ldap_uri = "ldap://dc1.example.com" dn = "CN=Anna Blume,CN=Users,DC=addomain,DC=example,DC=com" sAMAccountName = "ABlume" userPrincipalName = "ablume@addomain.example.com" password = 'testsecret' trace_level = 2 l = ldap.initialize(ldap_uri,trace_level=trace_level) # Normal LDAPv3 compliant simple bind l.simple_bind_s(dn,password) # This is AD-specific and not LDAPv3 compliant l.simple_bind_s(userPrincipalName,password) # This is AD-specific and not LDAPv3 compliant l.simple_bind_s(userPrincipalName,password) # SASL bind with mech DIGEST-MD5 with sAMAccountName as SASL user name sasl_auth = ldap.sasl.sasl( { ldap.sasl.CB_AUTHNAME:sAMAccountName, ldap.sasl.CB_PASS :password, }, 'DIGEST-MD5' ) l.sasl_interactive_bind_s("", sasl_auth) # SASL bind with mech GSSAPI # with the help of Kerberos V TGT obtained before with command # kinit ablume@ADDOMAIN.EXAMPLE.COM sasl_auth = ldap.sasl.sasl({},'GSSAPI') l.sasl_interactive_bind_s("", sasl_auth) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/options.py0000644000175000017500000000165214521037673017176 0ustar00spichugispichugiimport ldap host="localhost:1390" print("API info:",ldap.get_option(ldap.OPT_API_INFO)) print("debug level:",ldap.get_option(ldap.OPT_DEBUG_LEVEL)) #print("Setting debug level to 255...") #ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) #print("debug level:",ldap.get_option(ldap.OPT_DEBUG_LEVEL)) print("default size limit:",ldap.get_option(ldap.OPT_SIZELIMIT)) print("Setting default size limit to 10...") ldap.set_option(ldap.OPT_SIZELIMIT,10) print("default size limit:",ldap.get_option(ldap.OPT_SIZELIMIT)) print("Creating connection to",host,"...") l=ldap.init(host) print("size limit:",l.get_option(ldap.OPT_SIZELIMIT)) print("Setting connection size limit to 20...") l.set_option(ldap.OPT_SIZELIMIT,20) print("size limit:",l.get_option(ldap.OPT_SIZELIMIT)) #print("Setting time limit to 60 secs...") l.set_option(ldap.OPT_TIMELIMIT,60) #print("time limit:",l.get_option(ldap.OPT_TIMELIMIT)) print("Binding...") l.simple_bind_s("","") ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/page_control.py0000644000175000017500000000362014521037673020154 0ustar00spichugispichugiurl = "ldap://localhost:1390" base = "dc=stroeder,dc=de" search_flt = r'(objectClass=*)' page_size = 10 binddn = '' bindpw = '' trace_level = 0 import ldap,pprint try: from ldap.controls.pagedresults import SimplePagedResultsControl except ImportError: from ldap.controls.libldap import SimplePagedResultsControl searchreq_attrlist=['cn','entryDN','entryUUID','mail','objectClass'] #ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) ldap.set_option(ldap.OPT_REFERRALS, 0) l = ldap.initialize(url,trace_level=trace_level) l.protocol_version = 3 l.simple_bind_s(binddn,bindpw) req_ctrl = SimplePagedResultsControl(True,size=page_size,cookie='') known_ldap_resp_ctrls = { SimplePagedResultsControl.controlType:SimplePagedResultsControl, } # Send search request msgid = l.search_ext( base, ldap.SCOPE_SUBTREE, search_flt, attrlist=searchreq_attrlist, serverctrls=[req_ctrl] ) pages = 0 while True: pages += 1 print('-'*60) print("Getting page %d" % (pages)) rtype, rdata, rmsgid, serverctrls = l.result3(msgid,resp_ctrl_classes=known_ldap_resp_ctrls) print('%d results' % len(rdata)) print('serverctrls=',pprint.pprint(serverctrls)) print('rdata=',pprint.pprint(rdata)) pctrls = [ c for c in serverctrls if c.controlType == SimplePagedResultsControl.controlType ] if pctrls: print('pctrls[0].size',repr(pctrls[0].size)) print('pctrls[0].cookie',repr(pctrls[0].cookie)) if pctrls[0].cookie: # Copy cookie from response control to request control req_ctrl.cookie = pctrls[0].cookie msgid = l.search_ext( base, ldap.SCOPE_SUBTREE, search_flt, attrlist=searchreq_attrlist, serverctrls=[req_ctrl] ) else: break else: print("Warning: Server ignores RFC 2696 control.") break l.unbind_s() ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/paged_search_ext_s.py0000644000175000017500000000571614521037673021317 0ustar00spichugispichugiurl = "ldap://localhost:1390/" base = "dc=stroeder,dc=de" search_flt = r'(objectClass=*)' searchreq_attrlist=['cn','entryDN','entryUUID','mail','objectClass'] from ldap.ldapobject import ReconnectLDAPObject import ldap,pprint from ldap.controls import SimplePagedResultsControl class PagedResultsSearchObject: page_size = 50 def paged_search_ext_s(self,base,scope,filterstr='(objectClass=*)',attrlist=None,attrsonly=0,serverctrls=None,clientctrls=None,timeout=-1,sizelimit=0): """ Behaves exactly like LDAPObject.search_ext_s() but internally uses the simple paged results control to retrieve search results in chunks. This is non-sense for really large results sets which you would like to process one-by-one """ while True: # loop for reconnecting if necessary req_ctrl = SimplePagedResultsControl(True,size=self.page_size,cookie='') try: # Send first search request msgid = self.search_ext( base, scope, filterstr=filterstr, attrlist=attrlist, attrsonly=attrsonly, serverctrls=(serverctrls or [])+[req_ctrl], clientctrls=clientctrls, timeout=timeout, sizelimit=sizelimit ) result_pages = 0 all_results = [] while True: rtype, rdata, rmsgid, rctrls = self.result3(msgid) all_results.extend(rdata) result_pages += 1 # Extract the simple paged results response control pctrls = [ c for c in rctrls if c.controlType == SimplePagedResultsControl.controlType ] if pctrls: if pctrls[0].cookie: # Copy cookie from response control to request control req_ctrl.cookie = pctrls[0].cookie msgid = self.search_ext( base, scope, filterstr=filterstr, attrlist=attrlist, attrsonly=attrsonly, serverctrls=(serverctrls or [])+[req_ctrl], clientctrls=clientctrls, timeout=timeout, sizelimit=sizelimit ) else: break # no more pages available except ldap.SERVER_DOWN as e: try: self.reconnect(self._uri) except AttributeError: raise e else: return result_pages,all_results class MyLDAPObject(ReconnectLDAPObject,PagedResultsSearchObject): pass #ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) ldap.set_option(ldap.OPT_REFERRALS, 0) l = MyLDAPObject(url,trace_level=2,retry_max=100,retry_delay=2) l.protocol_version = 3 l.simple_bind_s("", "") l.page_size=10 # Send search request result_pages,all_results = l.paged_search_ext_s( base, ldap.SCOPE_SUBTREE, search_flt, attrlist=searchreq_attrlist, serverctrls=None ) l.unbind_s() print('Received %d results in %d pages.' % (len(all_results),result_pages)) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/passwd_ext_op.py0000644000175000017500000000141714521037673020361 0ustar00spichugispichugi""" Example showing the use of the password extended operation. """ import sys,ldap,ldapurl,getpass # Set debugging level ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) ldapmodule_trace_level = 2 ldapmodule_trace_file = sys.stderr lu = ldapurl.LDAPUrl(sys.argv[1]) print('Old password') oldpw = getpass.getpass() print('New password') newpw = getpass.getpass() # Set path name of file containing all CA certificates # needed to validate server certificates ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,'/etc/httpd/ssl.crt/myCA-cacerts.pem') # Create LDAPObject instance l = ldap.initialize(lu.initializeUrl(),trace_level=ldapmodule_trace_level,trace_file=ldapmodule_trace_file) l.protocol_version=ldap.VERSION3 l.simple_bind_s(lu.dn,oldpw) l.passwd(lu.dn,oldpw,newpw) l.unbind_s() ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/pickle_ldapobject.py0000644000175000017500000000063114521037673021135 0ustar00spichugispichugiimport os,ldap,pickle temp_file_name = os.path.join(os.environ.get('TMP','/tmp'),'pickle_ldap-%d' % (os.getpid())) l1 = ldap.ldapobject.ReconnectLDAPObject('ldap://localhost:1390',trace_level=1) l1.protocol_version = 3 l1.search_s('',ldap.SCOPE_BASE,'(objectClass=*)') pickle.dump(l1,open(temp_file_name,'wb')) l2 = pickle.load(open(temp_file_name,'rb')) l2.search_s('',ldap.SCOPE_BASE,'(objectClass=*)') ././@PaxHeader0000000000000000000000000000003400000000000010212 xustar0028 mtime=1700253999.7702355 python-ldap-3.4.4/Demo/pyasn1/0000755000175000017500000000000014525750460016340 5ustar00spichugispichugi././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/pyasn1/dds.py0000644000175000017500000000250614521037673017467 0ustar00spichugispichugi""" Demo script for Dynamic Entries (see RFC 2589) This needs the following software: Python pyasn1 pyasn1-modules python-ldap 2.4+ """ from ldap.extop.dds import RefreshRequest,RefreshResponse import sys,ldap,ldapurl,getpass try: ldap_url = ldapurl.LDAPUrl(sys.argv[1]) request_ttl = int(sys.argv[2]) except (IndexError, ValueError): print('Usage: dds.py ') sys.exit(1) # Set debugging level #ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) ldapmodule_trace_level = 2 ldapmodule_trace_file = sys.stderr ldap_conn = ldap.ldapobject.LDAPObject( ldap_url.initializeUrl(), trace_level=ldapmodule_trace_level, trace_file=ldapmodule_trace_file ) if ldap_url.cred is None: print('Password for %s:' % (repr(ldap_url.who))) ldap_url.cred = getpass.getpass() try: ldap_conn.simple_bind_s(ldap_url.who or '',ldap_url.cred or '') except ldap.INVALID_CREDENTIALS as e: print('Simple bind failed:',str(e)) sys.exit(1) else: extreq = RefreshRequest(entryName=ldap_url.dn,requestTtl=request_ttl) try: extop_resp_obj = ldap_conn.extop_s(extreq,extop_resp_class=RefreshResponse) except ldap.LDAPError as e: print(str(e)) else: if extop_resp_obj.responseTtl!=request_ttl: print('Different response TTL:',extop_resp_obj.responseTtl) else: print('Response TTL:',extop_resp_obj.responseTtl) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/pyasn1/derefcontrol.py0000644000175000017500000000220614521037673021400 0ustar00spichugispichugi#!/usr/bin/env python """ This sample script demonstrates the use of the dereference control (see https://tools.ietf.org/html/draft-masarati-ldap-deref) """ import pprint,ldap,ldap.modlist,ldap.resiter from ldap.controls.deref import DereferenceControl uri = "ldap://ipa.demo1.freeipa.org" class MyLDAPObject(ldap.ldapobject.LDAPObject,ldap.resiter.ResultProcessor): pass l = MyLDAPObject(uri,trace_level=0) l.simple_bind_s('uid=admin,cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org','Secret123') dc = DereferenceControl( True, { 'member':[ 'uid', 'description', 'cn', 'mail', ], } ) print('pyasn1 output of request control:') print(dc._derefSpecs().prettyPrint()) msg_id = l.search_ext( 'dc=demo1,dc=freeipa,dc=org', ldap.SCOPE_SUBTREE, '(objectClass=groupOfNames)', attrlist=['cn','objectClass','member','description'], serverctrls = [dc] ) for res_type,res_data,res_msgid,res_controls in l.allresults(msg_id,add_ctrls=1): for dn,entry,deref_control in res_data: # process dn and entry print(dn,entry['objectClass']) if deref_control: pprint.pprint(deref_control[0].derefRes) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/pyasn1/noopsearch.py0000644000175000017500000000333714521037673021061 0ustar00spichugispichugi""" Demo script for counting searching with OpenLDAP's no-op control See https://www.python-ldap.org/ for project details. This needs the following software: Python pyasn1 pyasn1-modules python-ldap 2.4+ """ import sys,ldap,ldapurl,getpass from ldap.controls.openldap import SearchNoOpControl SEARCH_TIMEOUT=30.0 try: ldap_url = ldapurl.LDAPUrl(sys.argv[1]) except IndexError: print('Usage: noopsearch.py ') sys.exit(1) # Set debugging level #ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) ldapmodule_trace_level = 2 ldapmodule_trace_file = sys.stderr ldap_conn = ldap.ldapobject.LDAPObject( ldap_url.initializeUrl(), trace_level=ldapmodule_trace_level, trace_file=ldapmodule_trace_file ) if ldap_url.who and ldap_url.cred is None: print('Password for %s:' % (repr(ldap_url.who))) ldap_url.cred = getpass.getpass() try: ldap_conn.simple_bind_s(ldap_url.who or '',ldap_url.cred or '') except ldap.INVALID_CREDENTIALS as e: print('Simple bind failed:',str(e)) sys.exit(1) try: msg_id = ldap_conn.search_ext( ldap_url.dn, ldap_url.scope, filterstr=ldap_url.filterstr or '(objectClass=*)', attrlist=['1.1'], timeout=SEARCH_TIMEOUT, serverctrls=[SearchNoOpControl(criticality=True)], ) _,_,_,search_response_ctrls = ldap_conn.result3(msg_id,all=1,timeout=SEARCH_TIMEOUT) except ( ldap.TIMEOUT, ldap.TIMELIMIT_EXCEEDED, ldap.SIZELIMIT_EXCEEDED, ldap.ADMINLIMIT_EXCEEDED) as e: ldap_conn.abandon(msg_id) sys.exit(1) noop_srch_ctrl = [ c for c in search_response_ctrls if c.controlType==SearchNoOpControl.controlType ][0] print('Number of search results: %d' % noop_srch_ctrl.numSearchResults) print('Number of search continuations: %d' % noop_srch_ctrl.numSearchContinuations) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/pyasn1/ppolicy.py0000644000175000017500000000272614521037673020400 0ustar00spichugispichugi""" Demo script for Password Policy Controls (see https://tools.ietf.org/html/draft-behera-ldap-password-policy) This needs the following software: Python pyasn1 pyasn1-modules python-ldap 2.4+ """ import sys,ldap,ldapurl,getpass from ldap.controls.ppolicy import PasswordPolicyError,PasswordPolicyControl try: ldap_url = ldapurl.LDAPUrl(sys.argv[1]) except (IndexError,ValueError): print('Usage: ppolicy.py ') sys.exit(1) # Set debugging level #ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) ldapmodule_trace_level = 2 ldapmodule_trace_file = sys.stderr ldap_conn = ldap.ldapobject.LDAPObject( ldap_url.initializeUrl(), trace_level=ldapmodule_trace_level, trace_file=ldapmodule_trace_file ) if ldap_url.cred is None: print('Password for %s:' % (repr(ldap_url.who))) ldap_url.cred = getpass.getpass() try: msgid = ldap_conn.simple_bind(ldap_url.who,ldap_url.cred,serverctrls=[PasswordPolicyControl()]) res_type,res_data,res_msgid,res_ctrls = ldap_conn.result3(msgid) except ldap.INVALID_CREDENTIALS as e: print('Simple bind failed:',str(e)) sys.exit(1) else: if res_ctrls[0].controlType==PasswordPolicyControl.controlType: ppolicy_ctrl = res_ctrls[0] print('PasswordPolicyControl') print('error',repr(ppolicy_ctrl.error),(ppolicy_ctrl.error!=None)*repr(PasswordPolicyError(ppolicy_ctrl.error))) print('timeBeforeExpiration',repr(ppolicy_ctrl.timeBeforeExpiration)) print('graceAuthNsRemaining',repr(ppolicy_ctrl.graceAuthNsRemaining)) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/pyasn1/psearch.py0000644000175000017500000000405114521037673020337 0ustar00spichugispichugi""" Demo script for Persistent Search Control (see https://tools.ietf.org/html/draft-ietf-ldapext-psearch) See https://www.python-ldap.org/ for project details. This needs the following software: Python pyasn1 pyasn1-modules python-ldap 2.4+ """ import sys,ldap,ldapurl,getpass from ldap.controls.psearch import PersistentSearchControl,EntryChangeNotificationControl,CHANGE_TYPES_STR try: ldap_url = ldapurl.LDAPUrl(sys.argv[1]) except IndexError: print('Usage: psearch.py ') sys.exit(1) # Set debugging level #ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) ldapmodule_trace_level = 2 ldapmodule_trace_file = sys.stderr ldap_conn = ldap.ldapobject.LDAPObject( ldap_url.initializeUrl(), trace_level=ldapmodule_trace_level, trace_file=ldapmodule_trace_file ) if ldap_url.cred is None: print('Password for %s:' % (repr(ldap_url.who))) ldap_url.cred = getpass.getpass() try: ldap_conn.simple_bind_s(ldap_url.who,ldap_url.cred) except ldap.INVALID_CREDENTIALS as e: print('Simple bind failed:',str(e)) sys.exit(1) psc = PersistentSearchControl() msg_id = ldap_conn.search_ext( ldap_url.dn, ldap_url.scope, ldap_url.filterstr, attrlist = ldap_url.attrs or ['*','+'], serverctrls=[psc], ) while True: try: res_type,res_data,res_msgid,_,_,_ = ldap_conn.result4( msg_id, all=0, timeout=10.0, add_ctrls=1, add_intermediates=1, resp_ctrl_classes={EntryChangeNotificationControl.controlType:EntryChangeNotificationControl}, ) except ldap.TIMEOUT: print('Timeout waiting for results...') else: for dn,entry,srv_ctrls in res_data: ecn_ctrls = [ c for c in srv_ctrls if c.controlType == EntryChangeNotificationControl.controlType ] if ecn_ctrls: changeType,previousDN,changeNumber = ecn_ctrls[0].changeType,ecn_ctrls[0].previousDN,ecn_ctrls[0].changeNumber change_type_desc = CHANGE_TYPES_STR[changeType] print('changeType: %s (%d), changeNumber: %s, previousDN: %s' % (change_type_desc,changeType,changeNumber,repr(previousDN))) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/pyasn1/readentrycontrol.py0000644000175000017500000000654114521037673022316 0ustar00spichugispichugi#!/usr/bin/env python """ This sample script demonstrates the use of the pre-read control (see RFC 4527). Originally contributed by Andreas Hasenack """ import pprint,ldap,ldap.modlist from ldap.controls.readentry import PreReadControl,PostReadControl uri = "ldap://localhost:2071/" l = ldap.initialize(uri,trace_level=2) l.simple_bind_s('uid=diradm,ou=schulung,dc=stroeder,dc=local','testsecret') print("""#--------------------------------------------------------------------------- # Add new entry #--------------------------------------------------------------------------- """) new_test_dn = "uid=ablume,ou=Users,ou=schulung,dc=stroeder,dc=local" new_test_dn2 = "uid=ablume2,ou=Users,ou=schulung,dc=stroeder,dc=local" new_test_entry = { 'objectClass':['account','posixAccount'], 'uid':['ablume'], 'cn':['Anna Blume'], 'uidNumber':['10000'], 'gidNumber':['10000'], 'homeDirectory':['/home/ablume'], } pr = PostReadControl(criticality=True,attrList=['entryUUID','entryCSN']) msg_id = l.add_ext( new_test_dn, ldap.modlist.addModlist(new_test_entry), serverctrls = [pr] ) _,_,_,resp_ctrls = l.result3(msg_id) print("resp_ctrls[0].dn:", resp_ctrls[0].dn) print("resp_ctrls[0].entry:", pprint.pformat(resp_ctrls[0].entry)) print("""#--------------------------------------------------------------------------- # Modify entry #--------------------------------------------------------------------------- """) pr = PreReadControl(criticality=True,attrList=['uidNumber','gidNumber','entryCSN']) msg_id = l.modify_ext( new_test_dn, [(ldap.MOD_INCREMENT, "uidNumber", "1"),(ldap.MOD_INCREMENT, "gidNumber", "1")], serverctrls = [pr] ) _,_,_,resp_ctrls = l.result3(msg_id) print("resp_ctrls[0].dn:",resp_ctrls[0].dn) print("resp_ctrls[0].entry:",pprint.pformat(resp_ctrls[0].entry)) pr = PostReadControl(criticality=True,attrList=['uidNumber','gidNumber','entryCSN']) msg_id = l.modify_ext( new_test_dn, [(ldap.MOD_INCREMENT, "uidNumber", "1"),(ldap.MOD_INCREMENT, "gidNumber", "1")], serverctrls = [pr] ) _,_,_,resp_ctrls = l.result3(msg_id) print("resp_ctrls[0].dn:",resp_ctrls[0].dn) print("resp_ctrls[0].entry:",pprint.pformat(resp_ctrls[0].entry)) print("""#--------------------------------------------------------------------------- # Rename entry #--------------------------------------------------------------------------- """) pr = PostReadControl(criticality=True,attrList=['uid']) msg_id = l.rename( new_test_dn, "uid=ablume2", delold=1, serverctrls = [pr] ) _,_,_,resp_ctrls = l.result3(msg_id) print("resp_ctrls[0].dn:",resp_ctrls[0].dn) print("resp_ctrls[0].entry:",pprint.pformat(resp_ctrls[0].entry)) pr = PreReadControl(criticality=True,attrList=['uid']) msg_id = l.rename( new_test_dn2, "uid=ablume", delold=1, serverctrls = [pr] ) _,_,_,resp_ctrls = l.result3(msg_id) print("resp_ctrls[0].dn:",resp_ctrls[0].dn) print("resp_ctrls[0].entry:",pprint.pformat(resp_ctrls[0].entry)) print("""#--------------------------------------------------------------------------- # Delete entry #--------------------------------------------------------------------------- """) pr = PreReadControl(criticality=True,attrList=['*','+']) msg_id = l.delete_ext( new_test_dn, serverctrls = [pr] ) _,_,_,resp_ctrls = l.result3(msg_id) print("resp_ctrls[0].dn:",resp_ctrls[0].dn) print("resp_ctrls[0].entry:",pprint.pformat(resp_ctrls[0].entry)) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/pyasn1/sessiontrack.py0000644000175000017500000000250014521037673021417 0ustar00spichugispichugi#!/usr/bin/env python """ demo_track_ldap_session.py Client-side demo implementation of Session Tracking Control https://tools.ietf.org/html/draft-wahl-ldap-session-03 """ __version__ = '0.1' import sys,getpass,ldap,ldapurl from ldap.controls.sessiontrack import SessionTrackingControl,SESSION_TRACKING_FORMAT_OID_USERNAME try: ldap_url = ldapurl.LDAPUrl(sys.argv[1]) except (IndexError, ValueError): print('Usage: %s ' % (sys.argv[0])) sys.exit(1) # Set debugging level #ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) ldapmodule_trace_level = 2 ldapmodule_trace_file = sys.stderr ldap_conn = ldap.ldapobject.LDAPObject( ldap_url.initializeUrl(), trace_level=ldapmodule_trace_level, trace_file=ldapmodule_trace_file ) if ldap_url.who and ldap_url.cred is None: print('Password for %s:' % (repr(ldap_url.who))) ldap_url.cred = getpass.getpass() try: ldap_conn.simple_bind_s(ldap_url.who or '',ldap_url.cred or '') except ldap.INVALID_CREDENTIALS as e: print('Simple bind failed:',str(e)) sys.exit(1) st_ctrl = SessionTrackingControl( '192.0.2.1', 'app.example.com', SESSION_TRACKING_FORMAT_OID_USERNAME, 'bloggs' ) ldap_conn.search_ext_s( ldap_url.dn or '', ldap_url.scope or ldap.SCOPE_SUBTREE, ldap_url.filterstr or '(objectClass=*)', ldap_url.attrs or ['*'], serverctrls=[st_ctrl] ) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/pyasn1/sss_highest_number.py0000644000175000017500000000231414521037673022605 0ustar00spichugispichugi#!/usr/bin/env python """ This sample script demonstrates the use of the server-side-sorting control (see RFC 2891) """ import pprint,ldap from ldap.ldapobject import LDAPObject from ldap.controls.sss import SSSRequestControl from ldap.resiter import ResultProcessor class MyLDAPObject(LDAPObject,ResultProcessor): pass uri = "ldap://ipa.demo1.freeipa.org" l = MyLDAPObject(uri,trace_level=0) l.simple_bind_s('uid=admin,cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org','Secret123') for id_attr in ('uidNumber','gidNumber'): # reverse sorting request control sss_control = SSSRequestControl(ordering_rules=['-%s' % (id_attr)]) # send search request msg_id = l.search_ext( 'dc=demo1,dc=freeipa,dc=org', ldap.SCOPE_SUBTREE, '(%s=*)' % (id_attr), attrlist=[id_attr], sizelimit=1, serverctrls = [sss_control], ) # collect result ldap_result = [] try: for res_type,res_data,res_msgid,res_controls in l.allresults(msg_id,add_ctrls=0): ldap_result.extend(res_data) except ldap.SIZELIMIT_EXCEEDED: pass # print result print('Highest value of %s' % (id_attr)) if ldap_result: dn,entry = ldap_result[0] print('->',entry[id_attr]) else: print('not found') ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/pyasn1/syncrepl.py0000644000175000017500000001470514521037673020560 0ustar00spichugispichugi#!/usr/bin/env python """ This script implements a syncrepl consumer which syncs data from an OpenLDAP server to a local (shelve) database. Notes: The bound user needs read access to the attributes entryDN and entryCSN. """ # Import modules from Python standard lib import logging import shelve import signal import sys import time # Import the python-ldap modules import ldap import ldapurl # Import specific classes from python-ldap from ldap.ldapobject import ReconnectLDAPObject from ldap.syncrepl import SyncreplConsumer logger = logging.getLogger('syncrepl') logger.setLevel(logging.DEBUG) logger.addHandler(logging.StreamHandler()) # Global state watcher_running = True ldap_connection = False class SyncReplClient(ReconnectLDAPObject, SyncreplConsumer): """ Syncrepl Consumer Client """ def __init__(self, db_path, *args, **kwargs): # Initialise the LDAP Connection first ldap.ldapobject.ReconnectLDAPObject.__init__(self, *args, **kwargs) # Now prepare the data store if db_path: self.__data = shelve.open(db_path, 'c') else: self.__data = {} # We need this for later internal use self.__presentUUIDs = {} def close_db(self): # Close the data store properly to avoid corruption self.__data.close() def syncrepl_get_cookie(self): if 'cookie' in self.__data: return self.__data['cookie'] def syncrepl_set_cookie(self,cookie): self.__data['cookie'] = cookie def syncrepl_entry(self, dn, attributes, uuid): logger.debug('dn=%r attributes=%r uuid=%r', dn, attributes, uuid) # First we determine the type of change we have here # (and store away the previous data for later if needed) previous_attributes = {} if uuid in self.__data: change_type = 'modify' previous_attributes = self.__data[uuid] else: change_type = 'add' # Now we store our knowledge of the existence of this entry # (including the DN as an attribute for convenience) attributes['dn'] = dn self.__data[uuid] = attributes # Debugging logger.debug('Detected %s of entry %r', change_type, dn) # If we have a cookie then this is not our first time being run, # so it must be a change if 'ldap_cookie' in self.__data: self.perform_application_sync(dn, attributes, previous_attributes) def syncrepl_delete(self,uuids): # Make sure we know about the UUID being deleted, just in case... uuids = [uuid for uuid in uuids if uuid in self.__data] # Delete all the UUID values we know of for uuid in uuids: logger.debug('Detected deletion of entry %r', self.__data[uuid]['dn']) del self.__data[uuid] def syncrepl_present(self,uuids,refreshDeletes=False): # If we have not been given any UUID values, # then we have recieved all the present controls... if uuids is None: # We only do things if refreshDeletes is false as the syncrepl # extension will call syncrepl_delete instead when it detects a # delete notice if refreshDeletes is False: deletedEntries = [ uuid for uuid in self.__data.keys() if uuid not in self.__presentUUIDs and uuid != 'ldap_cookie' ] self.syncrepl_delete( deletedEntries ) # Phase is now completed, reset the list self.__presentUUIDs = {} else: # Note down all the UUIDs we have been sent for uuid in uuids: self.__presentUUIDs[uuid] = True def syncrepl_refreshdone(self): logger.info('Initial synchronization is now done, persist phase begins') def perform_application_sync(self,dn,attributes,previous_attributes): logger.info('Performing application sync for %r', dn) return True # Shutdown handler def commenceShutdown(signum, stack): # Declare the needed global variables global watcher_running, ldap_connection logger.warn('Shutting down!') # We are no longer running watcher_running = False # Tear down the server connection if ldap_connection: ldap_connection.close_db() ldap_connection.unbind_s() del ldap_connection # Shutdown sys.exit(0) # Time to actually begin execution # Install our signal handlers signal.signal(signal.SIGTERM, commenceShutdown) signal.signal(signal.SIGINT, commenceShutdown) try: ldap_url = ldapurl.LDAPUrl(sys.argv[1]) database_path = sys.argv[2] except IndexError,e: print ( 'Usage:\n' '{script_name} \n' '{script_name} "ldap://127.0.0.1/cn=users,dc=test' '?*' '?sub' '?(objectClass=*)' '?bindname=uid=admin%2ccn=users%2cdc=test,' 'X-BINDPW=password" db.shelve' ).format(script_name=sys.argv[0]) sys.exit(1) except ValueError as e: print('Error parsing command-line arguments:',str(e)) sys.exit(1) while watcher_running: logger.info('Connecting to %s now...', ldap_url.initializeUrl()) # Prepare the LDAP server connection (triggers the connection as well) ldap_connection = SyncReplClient(database_path, ldap_url.initializeUrl()) # Now we login to the LDAP server try: ldap_connection.simple_bind_s(ldap_url.who, ldap_url.cred) except ldap.INVALID_CREDENTIALS as err: logger.error('Login to LDAP server failed: %s', err) sys.exit(1) except ldap.SERVER_DOWN: logger.warn('LDAP server is down, going to retry.') time.sleep(5) continue # Commence the syncing logger.debug('Commencing sync process') ldap_search = ldap_connection.syncrepl_search( ldap_url.dn or '', ldap_url.scope or ldap.SCOPE_SUBTREE, mode = 'refreshAndPersist', attrlist=ldap_url.attrs, filterstr = ldap_url.filterstr or '(objectClass=*)' ) try: while ldap_connection.syncrepl_poll( all = 1, msgid = ldap_search): pass except KeyboardInterrupt: # User asked to exit commenceShutdown(None, None) except Exception as err: # Handle any exception if watcher_running: logger.exception('Unhandled exception, going to retry: %s', err) logger.info('Going to retry after 5 secs') time.sleep(5) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/reconnect.py0000644000175000017500000000103114521037673017452 0ustar00spichugispichugiimport sys,time,ldap,ldap.ldapobject,ldapurl from ldap.ldapobject import * ldap_url = ldapurl.LDAPUrl(sys.argv[1]) ldap_url.applyDefaults({ 'who':'', 'cred':'', 'filterstr':'(objectClass=*)', 'scope':ldap.SCOPE_BASE }) ldap.trace_level=1 l = ldap.ldapobject.ReconnectLDAPObject( ldap_url.initializeUrl(),trace_level=ldap.trace_level ) l.protocol_version = ldap.VERSION3 l.simple_bind_s(ldap_url.who,ldap_url.cred) while 1: l.search_s(ldap_url.dn,ldap_url.scope,ldap_url.filterstr,ldap_url.attrs) sys.stdin.readline() ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/rename.py0000644000175000017500000000203314521037673016744 0ustar00spichugispichugiimport ldap from getpass import getpass # Create LDAPObject instance l = ldap.initialize('ldap://localhost:1389',trace_level=1) print('Password:') cred = getpass() try: # Set LDAP protocol version used l.set_option(ldap.OPT_PROTOCOL_VERSION,3) # Try a bind to provoke failure if protocol version is not supported l.bind_s('cn=root,dc=stroeder,dc=com',cred,ldap.AUTH_SIMPLE) print('Using rename_s():') l.rename_s( 'uid=fred,ou=Unstructured testing tree,dc=stroeder,dc=com', 'cn=Fred Feuerstein', 'dc=stroeder,dc=com', 0 ) l.rename_s( 'cn=Fred Feuerstein,dc=stroeder,dc=com', 'uid=fred', 'ou=Unstructured testing tree,dc=stroeder,dc=com', 0 ) m = l.rename( 'uid=fred,ou=Unstructured testing tree,dc=stroeder,dc=com', 'cn=Fred Feuerstein', 'dc=stroeder,dc=com', 0 ) r = l.result(m,1) m = l.rename( 'cn=Fred Feuerstein,dc=stroeder,dc=com', 'uid=fred', 'ou=Unstructured testing tree,dc=stroeder,dc=com', 0 ) r = l.result(m,1) finally: l.unbind_s() ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/resiter.py0000644000175000017500000000112114521037673017147 0ustar00spichugispichugi""" Demo for using ldap.resiter.ResultProcessor written by Michael Stroeder See https://www.python-ldap.org for details. """ import ldap,ldap.resiter class LDAPObject(ldap.ldapobject.LDAPObject,ldap.resiter.ResultProcessor): pass l = LDAPObject('ldap://localhost:1390',trace_level=1) l.protocol_version = 3 msgid = l.search('dc=stroeder,dc=de',ldap.SCOPE_SUBTREE,'(cn=m*)') result_iter = l.allresults(msgid) for result_type,result_list,result_msgid,result_serverctrls in result_iter: print(result_type,result_list,result_msgid,result_serverctrls) l.unbind_s() ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/sasl_bind.py0000644000175000017500000000364414521037673017444 0ustar00spichugispichugi# For documentation, see comments in Module/LDAPObject.c and the # ldap.sasl module documentation. import ldap,ldap.sasl ldap.sasl._trace_level=0 ldap.set_option(ldap.OPT_DEBUG_LEVEL,0) for ldap_uri,sasl_mech,sasl_cb_value_dict in [ ( "ldap://nb2.stroeder.local:1390/", 'CRAM-MD5', { ldap.sasl.CB_AUTHNAME :'fred', ldap.sasl.CB_PASS :'secret', } ), ( "ldap://nb2.stroeder.local:1390/", 'PLAIN', { ldap.sasl.CB_AUTHNAME :'fred', ldap.sasl.CB_PASS :'secret', } ), ( "ldap://nb2.stroeder.local:1390/", 'LOGIN', { ldap.sasl.CB_AUTHNAME :'fred', ldap.sasl.CB_PASS :'secret', } ), ( "ldapi://%2Ftmp%2Fopenldap-socket/", 'EXTERNAL', { } ), ( "ldap://nb2.stroeder.local:1390/", 'GSSAPI', { } ), ( "ldap://nb2.stroeder.local:1390/", 'NTLM', { ldap.sasl.CB_AUTHNAME :'fred', ldap.sasl.CB_PASS :'secret', } ), ( "ldap://nb2.stroeder.local:1390/", 'DIGEST-MD5', { ldap.sasl.CB_AUTHNAME :'fred', ldap.sasl.CB_PASS :'secret', } ), ]: sasl_auth = ldap.sasl.sasl(sasl_cb_value_dict,sasl_mech) print(20*'*',sasl_auth.mech,20*'*') # Open the LDAP connection l = ldap.initialize(ldap_uri,trace_level=0) # Set protocol version to LDAPv3 to enable SASL bind! l.protocol_version = 3 try: l.sasl_interactive_bind_s("", sasl_auth) except ldap.LDAPError as e: print('Error using SASL mechanism',sasl_auth.mech,str(e)) else: print('Sucessfully bound using SASL mechanism:',sasl_auth.mech) try: print('Result of Who Am I? ext. op:',repr(l.whoami_s())) except ldap.LDAPError as e: print('Error using SASL mechanism',sasl_auth.mech,str(e)) try: print('OPT_X_SASL_USERNAME',repr(l.get_option(ldap.OPT_X_SASL_USERNAME))) except AttributeError: pass l.unbind() del l ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/schema.py0000644000175000017500000000365114521037673016744 0ustar00spichugispichugiimport sys,ldap,ldap.schema schema_attrs = ldap.schema.SCHEMA_ATTRS ldap.set_option(ldap.OPT_DEBUG_LEVEL,0) ldap._trace_level = 0 subschemasubentry_dn,schema = ldap.schema.urlfetch(sys.argv[-1]) if subschemasubentry_dn is None: print('No sub schema sub entry found!') sys.exit(1) if schema.non_unique_oids: print('*** Schema errors ***') print('non-unique OIDs:\n','\r\n'.join(schema.non_unique_oids)) print('*** Schema from',repr(subschemasubentry_dn)) # Display schema for attr_type,schema_class in ldap.schema.SCHEMA_CLASS_MAPPING.items(): print('*'*20,attr_type,'*'*20) for element_id in schema.listall(schema_class): se_orig = schema.get_obj(schema_class,element_id) print(attr_type,str(se_orig)) print('*** Testing object class inetOrgPerson ***') drink = schema.get_obj(ldap.schema.AttributeType,'favouriteDrink') if not drink is None: print('*** drink ***') print('drink.names',repr(drink.names)) print('drink.collective',repr(drink.collective)) inetOrgPerson = schema.get_obj(ldap.schema.ObjectClass,'inetOrgPerson') if not inetOrgPerson is None: print(inetOrgPerson.must,inetOrgPerson.may) print('*** person,organizationalPerson,inetOrgPerson ***') try: print(schema.attribute_types() ['person','organizationalPerson','inetOrgPerson'] ) print(schema.attribute_types() ['person','organizationalPerson','inetOrgPerson'], attr_type_filter = [ ('no_user_mod',[0]), ('usage',range(2)), ] ) except KeyError as e: print('***KeyError',str(e)) schema.ldap_entry() print(str(schema.get_obj(ldap.schema.MatchingRule,'2.5.13.0'))) print(str(schema.get_obj(ldap.schema.MatchingRuleUse,'2.5.13.0'))) print(str(schema.get_obj(ldap.schema.AttributeType,'name'))) print(str(schema.get_inheritedobj(ldap.schema.AttributeType,'cn',['syntax','equality','substr','ordering']))) must_attr,may_attr = schema.attribute_types(['person','organizationalPerson','inetOrgPerson'],raise_keyerror=0) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/schema_tree.py0000644000175000017500000000452314521037673017762 0ustar00spichugispichugi""" Outputs the object class tree read from LDAPv3 schema of a given server Usage: schema_oc_tree.py [--html] [LDAP URL] """ import sys,getopt,ldap,ldap.schema ldap.trace_level = 1 def PrintSchemaTree(schema,se_class,se_tree,se_oid,level): """ASCII text output for console""" se_obj = schema.get_obj(se_class,se_oid) if se_obj!=None: print('| '*(level-1)+'+---'*(level>0), ', '.join(se_obj.names), '(%s)' % se_obj.oid) for sub_se_oid in se_tree[se_oid]: print('| '*(level+1)) PrintSchemaTree(schema,se_class,se_tree,sub_se_oid,level+1) def HTMLSchemaTree(schema,se_class,se_tree,se_oid,level): """HTML output for browser""" se_obj = schema.get_obj(se_class,se_oid) if se_obj!=None: print("""
{} ({})
{} """.format(', '.join(se_obj.names),se_obj.oid,se_obj.desc)) if se_tree[se_oid]: print('
') for sub_se_oid in se_tree[se_oid]: HTMLSchemaTree(schema,se_class,se_tree,sub_se_oid,level+1) print('
') print('
') ldap.set_option(ldap.OPT_DEBUG_LEVEL,0) ldap._trace_level = 0 subschemasubentry_dn,schema = ldap.schema.urlfetch(sys.argv[-1],ldap.trace_level) if subschemasubentry_dn is None: print('No sub schema sub entry found!') sys.exit(1) try: options,args=getopt.getopt(sys.argv[1:],'',['html']) except getopt.error: print('Error: %s\nUsage: schema_oc_tree.py [--html] [LDAP URL]') html_output = options and options[0][0]=='--html' oc_tree = schema.tree(ldap.schema.ObjectClass) at_tree = schema.tree(ldap.schema.AttributeType) #for k,v in oc_tree.items(): # print(k,'->',v) #for k,v in at_tree.items(): # print(k,'->',v) if html_output: print(""" Object class tree

Object class tree

""") HTMLSchemaTree(schema,ldap.schema.ObjectClass,oc_tree,'2.5.6.0',0) print("""

Attribute type tree

""") for a in schema.listall(ldap.schema.AttributeType): if at_tree[a]: HTMLSchemaTree(schema,ldap.schema.AttributeType,at_tree,a,0) print print("""
""") else: print('*** Object class tree ***\n') print PrintSchemaTree(schema,ldap.schema.ObjectClass,oc_tree,'2.5.6.0',0) print('\n*** Attribute types tree ***\n') PrintSchemaTree(schema,ldap.schema.AttributeType,at_tree,'_',0) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/simple.py0000644000175000017500000000450214521037673016771 0ustar00spichugispichugiimport sys,getpass import ldap #l = ldap.open("localhost", 31001) l = ldap.open("marta.it.uq.edu.au") login_dn = "cn=root,ou=CSEE,o=UQ,c=AU" login_pw = getpass.getpass("Password for %s: " % login_dn) l.simple_bind_s(login_dn, login_pw) # # create a new sub organisation # try: dn = "ou=CSEE,o=UQ,c=AU" print("Adding", repr(dn)) l.add_s(dn, [ ("objectclass",["organizationalUnit"]), ("ou", ["CSEE"]), ("description", [ "Department of Computer Science and Electrical Engineering"]), ] ) except _ldap.LDAPError: pass # # create an entry for me # dn = "cn=David Leonard,ou=CSEE,o=UQ,c=AU" print("Updating", repr(dn)) try: l.delete_s(dn) except: pass l.add_s(dn, [ ("objectclass", ["organizationalPerson"]), ("sn", ["Leonard"]), ("cn", ["David Leonard"]), ("description", ["Ph.D. student"]), ("display-name", ["David Leonard"]), #("commonname", ["David Leonard"]), ("mail", ["david.leonard@csee.uq.edu.au"]), ("othermailbox", ["d@openbsd.org"]), ("givenname", ["David"]), ("surname", ["Leonard"]), ("seeAlso", ["http://www.csee.uq.edu.au/~leonard/"]), ("url", ["http://www.csee.uq.edu.au/~leonard/"]), #("homephone", []), #("fax", []), #("otherfacsimiletelephonenumber",[]), #("officefax", []), #("mobile", []), #("otherpager", []), #("officepager", []), #("pager", []), ("info", ["info"]), ("title", ["Mr"]), #("telephonenumber", []), ("l", ["Brisbane"]), ("st", ["Queensland"]), ("c", ["AU"]), ("co", ["co"]), ("o", ["UQ"]), ("ou", ["CSEE"]), #("homepostaladdress", []), #("postaladdress", []), #("streetaddress", []), #("street", []), ("department", ["CSEE"]), ("comment", ["comment"]), #("postalcode", []), ("physicaldeliveryofficename", ["Bldg 78, UQ, St Lucia"]), ("preferredDeliveryMethod", ["email"]), ("initials", ["DRL"]), ("conferenceinformation", ["MS-conferenceinformation"]), #("usercertificate", []), ("labeleduri", ["labeleduri"]), ("manager", ["cn=Jaga Indulska"]), ("reports", ["reports"]), ("jpegPhoto", [open("/www/leonard/leonard.jpg").read()]), ("uid", ["leonard"]), ("userPassword", [""]) ]) # # search beneath the CSEE/UQ/AU tree # res = l.search_s( "ou=CSEE, o=UQ, c=AU", _ldap.SCOPE_SUBTREE, "objectclass=*", ) print(res) l.unbind() ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Demo/simplebrowse.py0000644000175000017500000000615114521037673020215 0ustar00spichugispichugi#!/usr/bin/env python # # simple LDAP server browsing example # import ldap from traceback import print_exc url = "ldap://ldap.openldap.org/" dn = "dc=openldap,dc=org" print("Connecting to", url) l = ldap.initialize(url) l.bind_s("", "", ldap.AUTH_SIMPLE); lastdn = dn dnlist = None while 1: #-- read a command try: cmd = raw_input(dn + "> ") except EOFError: print break try: if cmd == "?": print( "cd - change DN to ") print( "cd - change DN to number of last 'ls'") print( "cd - - change to previous DN") print( "cd .. - change to one-level higher DN") print( "cd - change to root DN") print( "ls - list children of crrent DN") print( ". - show attributes of current DN") print( "/ - list descendents matching filter ") print( "? - show this help") elif cmd == "ls": print("Children of", `dn`, ":") dnlist = [] # # List the children at one level down from the current dn # We use the filter 'objectclass=*' to match everything. # We're not interested in attributes at this stage, so # we specify [] as the list of attribute names to retreive. # for name,attrs in l.search_s(dn, ldap.SCOPE_ONELEVEL, "objectclass=*", []): #-- shorten resulting dns for output brevity if name.startswith(dn+", "): shortname = "+ "+name[len(dn)+2:] elif name.endswith(", "+dn): shortname = name[:-len(dn)-2]+" +" else: shortname = name print(" %3d. %s" % (len(dnlist), shortname)) dnlist.append(name) elif cmd == "cd": dn = "" dnlist = None elif cmd.startswith("cd "): arg = cmd[3:] if arg == '-': lastdn,dn = dn,lastdn elif arg == '..': dn = ldap.explode_dn(dn)[1:].join(",") dn = dn.strip() else: try: i = int(arg) except: godn = arg else: if dnlist is None: print("do an ls first") else: godn = dnlist[i] lastdn = dn dn = godn elif cmd == ".": # # Retrieve all the attributes for the current dn. # We construct a search using SCOPE_BASE (ie just the # given DN) and again filter with "objectclass=*". # No attributes are listed, so the default is for # the client to receive all attributes on the DN. # print("Attributes of", `dn`, ":") for name,attrs in l.search_s(dn, ldap.SCOPE_BASE, "objectclass=*"): print(" %-24s" % name) for k,vals in attrs.items(): for v in vals: if len(v) > 200: v = `v[:200]` + \ ("... (%d bytes)" % len(v)) else: v = `v` print(" %-12s: %s" % (k, v)) elif cmd.startswith("/"): # # Search descendent objects to match a given filter. # We use SCOPE_SUBTREE to indicate descendents, and # again specify an empty attribute list to indicate # that we're not interested in them. # expr = cmd[1:] print("Descendents matching filter", `expr`, ":") for name,attrs in l.search_s(dn, ldap.SCOPE_SUBTREE, expr, []): print(" %24s", name) else: print("unknown command - try '?' for help") except: print_exc() ././@PaxHeader0000000000000000000000000000003400000000000010212 xustar0028 mtime=1700253999.7712357 python-ldap-3.4.4/Doc/0000755000175000017500000000000014525750460014746 5ustar00spichugispichugi././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/Makefile0000644000175000017500000000422214521037673016406 0ustar00spichugispichugi# Makefile for Sphinx documentation # # You can set these variables from the command line. SPHINXOPTS = SPHINXBUILD = sphinx-build PAPER = # Internal variables. PAPEROPT_a4 = -D latex_paper_size=a4 PAPEROPT_letter = -D latex_paper_size=letter ALLSPHINXOPTS = -d .build/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . .PHONY: help clean html web htmlhelp latex changes linkcheck help: @echo "Please use \`make ' where is one of" @echo " html to make standalone HTML files" @echo " web to make files usable by Sphinx.web" @echo " htmlhelp to make HTML files and a HTML help project" @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" @echo " changes to make an overview over all changed/added/deprecated items" @echo " linkcheck to check all external links for integrity" clean: -rm -rf .build/* html: mkdir -p .build/html .build/doctrees $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) .build/html @echo @echo "Build finished. The HTML pages are in .build/html." web: mkdir -p .build/web .build/doctrees $(SPHINXBUILD) -b web $(ALLSPHINXOPTS) .build/web @echo @echo "Build finished; now you can run" @echo " python -m sphinx.web .build/web" @echo "to start the server." htmlhelp: mkdir -p .build/htmlhelp .build/doctrees $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) .build/htmlhelp @echo @echo "Build finished; now you can run HTML Help Workshop with the" \ ".hhp project file in .build/htmlhelp." latex: mkdir -p .build/latex .build/doctrees $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) .build/latex @echo @echo "Build finished; the LaTeX files are in .build/latex." @echo "Run \`make all-pdf' or \`make all-ps' in that directory to" \ "run these through (pdf)latex." changes: mkdir -p .build/changes .build/doctrees $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) .build/changes @echo @echo "The overview file is in .build/changes." linkcheck: mkdir -p .build/linkcheck .build/doctrees $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) .build/linkcheck @echo @echo "Link check complete; look for any errors in the above output " \ "or in .build/linkcheck/output.txt." ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/bytes_mode.rst0000644000175000017500000000315114521037673017632 0ustar00spichugispichugi.. _text-bytes: .. _bytes_mode: Bytes/text management ===================== The LDAP protocol states that some fields (distinguished names, relative distinguished names, attribute names, queries) be encoded in UTF-8. In python-ldap, these are represented as text (``str`` on Python 3). Attribute *values*, on the other hand, **MAY** contain any type of data, including text. To know what type of data is represented, python-ldap would need access to the schema, which is not always available (nor always correct). Thus, attribute values are *always* treated as ``bytes``. Encoding/decoding to other formats – text, images, etc. – is left to the caller. Historical note --------------- Python 3 introduced a hard distinction between *text* (``str``) – sequences of characters (formally, *Unicode codepoints*) – and ``bytes`` – sequences of 8-bit values used to encode *any* kind of data for storage or transmission. Python 2 had the same distinction between ``str`` (bytes) and ``unicode`` (text). However, values could be implicitly converted between these types as needed, e.g. when comparing or writing to disk or the network. The implicit encoding and decoding can be a source of subtle bugs when not designed and tested adequately. In python-ldap 2.x (for Python 2), bytes were used for all fields, including those guaranteed to be text. From version 3.0 to 3.3, python-ldap uses text where appropriate. On Python 2, special ``bytes_mode`` and ``bytes_strictness`` settings influenced how text was handled. From version 3.3 on, only Python 3 is supported. The “bytes mode” settings are deprecated and do nothing. ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/conf.py0000644000175000017500000001125214521037673016246 0ustar00spichugispichugi# # python-ldap documentation build configuration file, created by # sphinx-quickstart on Sat Mar 29 15:08:17 2008. # # This file is execfile()d with the current directory set to its containing dir. # # The contents of this file are pickled, so don't put values in the namespace # that aren't pickleable (module imports are okay, they're removed automatically). # # All configuration values have a default value; values that are commented out # serve to show the default value. import datetime import sys import os # If your extensions are in another directory, add it here. _doc_dir = os.path.dirname(__file__) sys.path.append(_doc_dir) sys.path.insert(0, os.path.join(_doc_dir, '../Lib/')) sys.path.insert(0, os.path.join(_doc_dir, '../Lib/ldap')) # Import fake `_ldap` module import fake_ldap_module_for_documentation # Now ldap can be used normally from ldap import __version__ # General configuration # --------------------- # Add any Sphinx extension module names here, as strings. They can be extensions # coming with Sphinx (named 'sphinx.ext.*') or your custom ones. extensions = [ 'sphinx.ext.autodoc', 'sphinx.ext.intersphinx', 'sphinx.ext.napoleon', ] try: import sphinxcontrib.spelling except ImportError: pass else: extensions.append('sphinxcontrib.spelling') # Add any paths that contain templates here, relative to this directory. templates_path = ['.templates'] # The suffix of source filenames. source_suffix = '.rst' # The root toctree document. root_doc = 'index' # General substitutions. project = 'python-ldap' copyright = 'python-ldap project team' # The default replacements for |version| and |release|, also used in various # other places throughout the built documents. # # The short X.Y version. version = '.'.join(__version__.split('.')[:2]) # The full version, including alpha/beta/rc tags. release = __version__ # There are two options for replacing |today|: either, you set today to some # non-false value, then it is used: #today = '' # Else, today_fmt is used as the format for a strftime call. today_fmt = '%B %d, %Y' # List of documents that shouldn't be included in the build. #unused_docs = [] # If true, '()' will be appended to :func: etc. cross-reference text. #add_function_parentheses = True # If true, the current module name will be prepended to all description # unit titles (such as .. function::). #add_module_names = True # If true, sectionauthor and moduleauthor directives will be shown in the # output. They are ignored by default. #show_authors = False # The name of the Pygments (syntax highlighting) style to use. pygments_style = 'sphinx' # Options for HTML output # ----------------------- # The style sheet to use for HTML and HTML Help pages. A file of that name # must exist either in Sphinx' static/ path, or in one of the custom paths # given in html_static_path. #html_style = 'pyramid.css' # Add any paths that contain custom static files (such as style sheets) here, # relative to this directory. They are copied after the builtin static files, # so a file named "default.css" will overwrite the builtin "default.css". #html_static_path = ['/usr/lib/python2.7/site-packages/sphinx/themes/pyramid/static'] # If not '', a 'Last updated on:' timestamp is inserted at every page bottom, # using the given strftime format. html_last_updated_fmt = '%b %d, %Y' # If true, SmartyPants will be used to convert quotes and dashes to # typographically correct entities. #html_use_smartypants = True # Content template for the index page. #html_index = '' # Custom sidebar templates, maps document names to template names. #html_sidebars = {} # Additional templates that should be rendered to pages, maps page names to # template names. #html_additional_pages = {} # If false, no module index is generated. html_use_modindex = True # If true, the reST sources are included in the HTML build as _sources/. #html_copy_source = True # Output file base name for HTML help builder. htmlhelp_basename = 'python-ldap-doc' # Options for LaTeX output # ------------------------ # The paper size ('letter' or 'a4'). #latex_paper_size = 'letter' # The font size ('10pt', '11pt' or '12pt'). #latex_font_size = '10pt' # Grouping the document tree into LaTeX files. List of tuples # (source start file, target name, title, author, document class [howto/manual]). latex_documents = [('index', 'python-ldap.tex', 'python-ldap Documentation', 'python-ldap project', 'manual')] # Additional stuff for the LaTeX preamble. #latex_preamble = '' # Documents to append as an appendix to all manuals. #latex_appendices = [] # If false, no module index is generated. latex_use_modindex = True intersphinx_mapping = {'python': ('https://docs.python.org/3', None)} ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/contributing.rst0000644000175000017500000001674214521037673020221 0ustar00spichugispichugi.. highlight:: console Contributing to python-ldap *************************** Thank you for your interest in python-ldap! If you'd like to contribute (be it code, documentation, maintenance effort, or anything else), this guide is for you. .. toctree:: :hidden: sample_workflow.rst Communication ============= Always keep in mind that python-ldap is developed and maintained by volunteers. We're happy to share our work, and to work with you to make the library better, but (until you pay someone), there's obligation to provide assistance. So, keep it friendly, respectful, and supportive! Mailing list ------------ Discussion about the use and future of python-ldap occurs in the ``python-ldap@python.org`` mailing list. It's also the channel to use if documentation (including this guide) is not clear to you. Do try searching around before you ask on the list, though! You can `subscribe or unsubscribe`_ to this list or browse the `list archive`_. .. _subscribe or unsubscribe: https://mail.python.org/mailman/listinfo/python-ldap .. _list archive: https://mail.python.org/pipermail/python-ldap/ Issues ------ Please report bugs, missing features and other issues to `the bug tracker`_ at GitHub. You will need a GitHub account for that. If you prefer not to open a GitHub account, you're always welcome to use the mailing list. Security Contact ---------------- If you found a security issue that should not be discussed publicly, please e-mail the maintainer at ``pviktori@redhat.com``. If required, write to coordinate a more secure channel. All other communication should be public. Contributing code ================= If you're used to open-source Python development with Git, here's the gist: * ``git clone https://github.com/python-ldap/python-ldap`` * Use GitHub for `the bug tracker`_ and pull requests. * Run tests with `tox`_; ignore Python interpreters you don't have locally. .. _the bug tracker: https://github.com/python-ldap/python-ldap/issues .. _tox: https://tox.readthedocs.io/en/latest/ Or, if you prefer to avoid closed-source services: * ``git clone https://pagure.io/python-ldap`` * Send bug reports and patches to the mailing list. * Run tests with `tox`_; ignore Python interpreters you don't have locally. * Read the documentation directly at `Read the Docs`_. .. _Read the Docs: https://python-ldap.readthedocs.io/ If you're new to some aspect of the project, you're welcome to use (or adapt) our :ref:`sample workflow `. .. _additional tests: Additional tests and scripts ============================ We use several specialized tools for debugging and maintenance. Make targets ------------ Make targets currently use the ``python3`` executable. Specify a different one using, for example:: make PYTHON=/usr/local/bin/python Notable targets are: ``make autoformat`` Automatically re-formats C and Python code to conform to Python style guides (`PEP 7`_ and `PEP 8`_). Note that no backups are made – please commit any other changes before using this target. Requires the ``indent`` program and the ``black`` Python module. .. _PEP 7: https://www.python.org/dev/peps/pep-0007/ .. _PEP 8: https://www.python.org/dev/peps/pep-0008/ ``make lcov lcov-open`` Generate and view test coverage for C code. Requires LCOV_. ``make scan-build`` Run static analysis. Requires ``clang``. ``make valgrind`` Run Valgrind_ to check for memory leaks. Requires ``valgrind`` and a Python suppression file, which you can specify as ``PYTHON_SUPP``, e.g.:: make valgrind PYTHON_SUPP=/your/path/to/valgrind-python.supp The suppression file is ``Misc/valgrind-python.supp`` in the Python source distribution, and it's frequently packaged together with Python development headers. .. _LCOV: https://github.com/linux-test-project/lcov .. _Valgrind: http://valgrind.org/ Reference leak tests -------------------- Reference leak tests require a *pydebug* build of CPython and `pytest`_ with `pytest-leaks`_ plugin. A *pydebug* build has a global reference counter, which keeps track of all reference increments and decrements. The leak plugin runs each test multiple times and checks if the reference count increases. .. _pytest: https://docs.pytest.org/en/latest/ .. _pytest-leaks: https://pypi.org/project/pytest-leaks/ Download and compile the *pydebug* build:: $ curl -O https://www.python.org/ftp/python/3.6.3/Python-3.6.3.tar.xz $ tar xJf Python-3.6.3.tar.xz $ cd Python-3.6.3 $ ./configure --with-pydebug $ make Create a virtual environment with the *pydebug* build:: $ ./python -m venv /tmp/refleak $ /tmp/refleak/bin/pip install pytest pytest-leaks Run reference leak tests:: $ cd path/to/python-ldap $ /tmp/refleak/bin/pip install --upgrade . $ /tmp/refleak/bin/pytest -v -R: Run ``/tmp/refleak/bin/pip install --upgrade .`` every time a file outside of ``Tests/`` is modified. .. _committer instructions: Instructions for core committers ================================ If you have the authority (and responsibility) of merging changes from others, remember: * All code changes need to be reviewed by someone other than the author. * Tests must always pass. New features without tests shall *not* pass review. * Make sure commit messages don't use GitHub-specific link syntax. Use the full URL, e.g. ``https://github.com/python-ldap/python-ldap/issues/50`` instead of ``#20``. * Exception: it's fine to use the short form in the summary line of a merge commit, if the full URL appears later. * It's OK to use shortcuts in GitHub *discussions*, where they are not hashed into immutable history. * Make a merge commit if the contribution contains several well-isolated separate commits with good descriptions. Use *squash-and-merge* (or *fast-forward* from a command line) for all other cases. * It's OK to push small changes into a pull request. If you do this, document what you have done (so the contributor can learn for the future), and get their :abbr:`ACK (confirmation)` before merging. * When squashing, do edit commit messages to add references to the pull request and relevant discussions/issues, and to conform to Git best practices. * Consider making the summary line suitable for the CHANGES document, and starting it with a prefix like ``Lib:`` or ``Tests:``. * Push to Pagure as well. If you have good reason to break the “rules”, go ahead and break them, but mention why. Instructions for release managers ================================= If you are tasked with releasing python-ldap, remember to: * Bump all instances of the version number. * Go through all changes since last version, and add them to ``CHANGES``. * Run :ref:`additional tests` as appropriate, fix any regressions. * Change the release date in ``CHANGES``. * Update ``__version__`` tags where appropriate (each module ``ldap``, ``ldif``, ``ldapurl``, ``slapdtest`` has its own copy). * Merge all that (using pull requests). * Run ``python setup.py sdist``, and smoke-test the resulting package (install in a clean virtual environment, import ``ldap``). * Create GPG-signed Git tag: ``git tag -s python-ldap-{version}``. Push it to GitHub and Pagure. * Release the ``sdist`` on PyPI. * Announce the release on the mailing list. Mention the Git hash. * Add the release's log from ``CHANGES`` on the `GitHub release page`_. * Check that python-ldap.org shows the latest version; if not, adjust things at readthedocs.org .. _GitHub release page: https://github.com/python-ldap/python-ldap/releases ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/fake_ldap_module_for_documentation.py0000644000175000017500000000146114521037673024374 0ustar00spichugispichugi""" A module that mocks `_ldap` for the purposes of generating documentation This module provides placeholders for the contents of `_ldap`, making it possible to generate documentation even _ldap is not compiled. It should also make the documentation independent of which features are available in the system OpenLDAP library. The overly long module name will show up in AttributeError messages, hinting that this is not the actual _ldap. See https://www.python-ldap.org/ for details. """ import sys # Cause `import _ldap` to import this module instead of the actual `_ldap`. sys.modules['_ldap'] = sys.modules[__name__] from constants import CONSTANTS from pkginfo import __version__ for constant in CONSTANTS: globals()[constant.name] = constant def get_option(num): pass class LDAPError: pass ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/faq.rst0000644000175000017500000001444214521037673016254 0ustar00spichugispichugipython-ldap FAQ =============== Project ------- **Q**: Is python-ldap yet another abandon-ware project? **A1**: “Jump on in.” **A2**: “Jump into the C ;-)” **A3**: see file CHANGES in source distribution or `repository`_. .. _repository: https://github.com/python-ldap/python-ldap/blob/main/CHANGES Usage ----- **Q**: Does it work with Python 3? **A0**: Yes, from 3.0 on. **A1**. For earlier versions, there's `pyldap`_, an independent fork now merged into python-ldap. .. _pyldap: https://pypi.org/project/pyldap/ **Q**: Does it work with Python 2.7? (1.5|2.0|2.1|2.2|2.3|2.4|2.5|2.6|2.7)? **A**: No. Old versions of python-ldap are still available from PyPI, though. **Q**: My code imports module ``_ldap``. That used to work, but after an upgrade it does not work anymore. Why? **A**: Despite some outdated programming examples, the extension module ``_ldap`` **MUST NOT** be imported directly, unless you really know what you're doing (e.g. for internal regression testing). Import ``ldap`` instead, which is a Python wrapper around ``_ldap`` providing the full functionality. **Q**: My script bound to MS Active Directory but a a search operation results in the exception :exc:`ldap.OPERATIONS_ERROR` with the diagnostic message text *“In order to perform this operation a successful bind must be completed on the connection.”* Alternatively, a Samba 4 AD returns the diagnostic message *"Operation unavailable without authentication"*. What's happening here? **A**: When searching from the domain level, MS AD returns referrals (search continuations) for some objects to indicate to the client where to look for these objects. Client-chasing of referrals is a broken concept, since LDAPv3 does not specify which credentials to use when chasing the referral. Windows clients are supposed to simply use their Windows credentials, but this does not work in general when chasing referrals received from and pointing to arbitrary LDAP servers. Therefore, per default, ``libldap`` automatically chases the referrals internally with an *anonymous* access which fails with MS AD. So, the best thing to do is to switch this behaviour off:: l = ldap.initialize('ldap://foobar') l.set_option(ldap.OPT_REFERRALS,0) Note that setting the above option does NOT prevent search continuations from being returned, rather only that ``libldap`` won't attempt to resolve referrals. **Q**: Why am I seeing a ``ldap.SUCCESS`` traceback as output? **A**: Most likely, you are using one of the non-synchronous calls, and probably mean to be using a synchronous call (see detailed explanation in :ref:`sending-ldap-requests`). **Q**: Can I use LDAPv2 via python-ldap? **A**: Yes, by explicitly setting the class attribute :attr:`~ldap.LDAPObject.protocol_version`. You should not do that nowadays since `LDAPv2 is considered historic `_ since many years. **Q**: My TLS settings are ignored/TLS isn't working? **A**: Make sure you call `set_option( ldap.OPT_X_TLS_NEWCTX, 0 )` after changing any of the `OPT_X_TLS_*` options. Installing ---------- **Q**: Does it work with Windows 32? **A**: Yes. You can find links to unofficial pre-compiled packages for Windows on the :ref:`installing` page. **Q**: Can python-ldap be built against OpenLDAP 2.3 libs or older? **A**: No. The needed minimal version of OpenLDAP is documented in :ref:`build prerequisites`. Patched builds of python-ldap linked to older libs are not supported by the python-ldap project. **Q**: During build there are warning messages displayed telling Lib/ldap.py and Lib/ldap/schema.py are not found:: warning: build_py: file Lib/ldap.py (for module ldap) not found warning: build_py: file Lib/ldap/schema.py (for module ldap.schema) not found .. **A**: ``ldap`` and ``ldap.schema`` are both module packages (directories containing various sub-modules). The messages above are falsely produced by DistUtils. Don't worry about it. .. _install-macosx: **Q**: What's the correct way to install on macOS? **A**:: xcode-select --install pip install python-ldap \ --global-option=build_ext \ --global-option="-I$(xcrun --show-sdk-path)/usr/include/sasl" **Q**: While importing module ``ldap``, some shared lib files are not found. The error message looks similar to this:: ImportError: ld.so.1: /usr/local/bin/python: fatal: liblber.so.2: open failed: No such file or directory .. **A1**: You need to make sure that the path to ``liblber.so.2`` and ``libldap.so.2`` is in your ``LD_LIBRARY_PATH`` environment variable. **A2**: Alternatively, if you're on Linux, you can add the path to ``liblber.so.2`` and ``libldap.so.2`` to ``/etc/ld.so.conf`` and invoke the command ``ldconfig`` afterwards. Historic -------- **Q**: Can python-ldap 2.x be built against Netscape, Mozilla or Novell libs? **A**: Nope. **Q**: My binary version of python-ldap was build with LDAP libs 3.3. But the python-ldap docs say LDAP libs 2.x are needed. I'm confused! Short answer: See answer above and the :ref:`installing` page for a more recent version. Long answer: E.g. some Win32 DLLs floating around for download are based on the old Umich LDAP code which is not maintained anymore for *many* years! Last Umich 3.3 release was 1997 if I remember correctly. The OpenLDAP project took over the Umich code and started releasing OpenLDAP 1.x series mainly fixing bugs and doing some improvements to the database backend. Still, only LDAPv2 was supported at server and client side. (Many commercial vendors also derived their products from the Umich code.) OpenLDAP 2.x is a full-fledged LDAPv3 implementation. It has its roots in Umich code but has many more features/improvements. **Q**: While importing module ``ldap``, there are undefined references reported. The error message looks similar to this:: ImportError: /usr/local/lib/libldap.so.2: undefined symbol: res_query .. **A**: Especially on older Linux systems, you might have to explicitly link against ``libresolv``. Tweak ``setup.cfg`` to contain this line:: libs = lber ldap resolv ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/index.rst0000644000175000017500000000347414521037673016617 0ustar00spichugispichugipython-ldap =========== What is python-ldap? -------------------- python-ldap provides an object-oriented API to access `LDAP`_ directory servers from `Python`_ programs. For LDAP operations the module wraps `OpenLDAP`_'s client library, *libldap*. Additionally, the package contains modules for other LDAP-related stuff: * `LDIF`_ parsing and generation * LDAP URLs * LDAPv3 subschema .. _LDAP: https://en.wikipedia.org/wiki/Ldap .. _Python: https://www.python.org/ .. _OpenLDAP: https://www.openldap.org/ .. _LDIF: https://en.wikipedia.org/wiki/LDIF Get it! ------- :ref:`Installation instructions ` are available for several platforms. Source code can be obtained using Git:: git clone https://github.com/python-ldap/python-ldap Mailing list ------------ Discussion about the use and future of python-ldap occurs in the ``python-ldap@python.org`` mailing list. You can `subscribe or unsubscribe`_ to this list or browse the `list archive`_. .. _subscribe or unsubscribe: https://mail.python.org/mailman/listinfo/python-ldap .. _list archive: https://mail.python.org/pipermail/python-ldap/ Documentation ------------- The documentation for python-ldap 3.x is hosted at `Read the Docs`_. You can switch between versions of the library, or download PDF or HTML versions for offline use, using the sidebar on the right. Documentation for some older versions is available for download at the `GitHub release page`_. .. _Read the Docs: https://python-ldap.readthedocs.io/en/latest/ .. _GitHub release page: https://github.com/python-ldap/python-ldap/releases Contents -------- .. toctree:: :maxdepth: 2 installing.rst bytes_mode.rst reference/index.rst resources.rst contributing.rst faq.rst Indices and tables ------------------ * :ref:`genindex` * :ref:`modindex` * :ref:`search` ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/installing.rst0000644000175000017500000001411614521037673017647 0ustar00spichugispichugi.. highlight:: console .. _installing: Installing python-ldap ###################### Installing from PyPI ==================== The preferred point for downloading the “official” source distribution is the `PyPI repository`_ which supports installing via `pip`_. For example:: $ python -m pip install python-ldap .. _PyPI repository: https://pypi.org/project/python-ldap/ .. _pip: https://pip.pypa.io/en/stable/ For installing from PyPI, you will need the same :ref:`build prerequisites` as when installing from source. We do not currently provide pre-built packages (wheels). Furthermore, python-ldap requires the modules `pyasn1`_ and `pyasn1-modules`_. ``pip`` will install these automatically. .. _pyasn1: https://pypi.org/project/pyasn1/ .. _pyasn1-modules: https://pypi.org/project/pyasn1-modules/ Pre-built Binaries ================== Because distributions seem to be all over the place, this page tries to list all the current ones we know of. Note that the python-ldap team is not responsible for the binary packages except the sources you can grab from the PyPI page. Also note that binary packages are most times not up to date. If you experience troubles with a binary package, it would be nice if you try to build a recent version of python-ldap before submitting a bug report to make sure you did not hit a problem already fixed in recent releases. `openSUSE Linux `_ --------------------------------------------- Ships with python-ldap and there's an additional `download repository `_ which contains builds of latest releases (see also `OBS package `_). `Debian Linux `_ ---------------------------------------- Have a look into the `Debian Package Tracker `_ to get up to date information which versions are available. Windows ------- Unofficial packages for Windows are available on `Christoph Gohlke's page `_. `FreeBSD `_ ------------------------------------- The CVS repository of FreeBSD contains the package `py-ldap `_ macOS ----- You can install directly with pip:: $ xcode-select --install $ pip install python-ldap \ --global-option=build_ext \ --global-option="-I$(xcrun --show-sdk-path)/usr/include/sasl" .. _install-source: Installing from Source ====================== python-ldap is built and installed using the Python setuptools. From a source repository:: $ python -m pip install setuptools $ python setup.py install If you have more than one Python interpreter installed locally, you should use the same one you plan to use python-ldap with. Further instructions can be found in :ref:`Setuptools documentation `. .. _build prerequisites: Build prerequisites =================== The following software packages are required to be installed on the local system when building python-ldap: - `Python`_ including its development files - C compiler corresponding to your Python version (on Linux, it is usually ``gcc``) - `OpenLDAP`_ client libs version 2.4.11 or later; it is not possible and not supported to build with prior versions. - `OpenSSL`_ (optional) - `Cyrus SASL`_ (optional) - Kerberos libraries, MIT or Heimdal (optional) .. _Python: https://www.python.org/ .. _OpenLDAP: https://www.openldap.org/ .. _OpenSSL: https://www.openssl.org/ .. _Cyrus SASL: https://www.cyrusimap.org/sasl/ Alpine ------ Packages for building:: # apk add build-base openldap-dev python3-dev CentOS ------ Packages for building:: # yum groupinstall "Development tools" # yum install openldap-devel python-devel Debian ------ Packages for building and testing:: # apt-get install build-essential python3-dev \ libldap2-dev libsasl2-dev slapd ldap-utils tox \ lcov valgrind .. note:: On older releases ``tox`` was called ``python-tox``. Fedora ------ Packages for building and testing:: # dnf install "@C Development Tools and Libraries" openldap-devel \ python3-devel python3-tox \ lcov clang-analyzer valgrind .. note:: ``openldap-2.4.45-2`` (Fedora 26), ``openldap-2.4.45-4`` (Fedora 27) or newer are required. ``setup.cfg`` ============= The file ``setup.cfg`` allows to set some build and installation parameters for reflecting the local installation of required software packages. Only section ``[_ldap]`` is described here. More information about other sections can be found in :ref:`Setuptools documentation `. .. data:: library_dirs Specifies in which directories to search for required libraries. .. data:: include_dirs Specifies in which directories to search for include files of required libraries. .. data:: libs A space-separated list of library names to link to (see :ref:`libs-used-label`). .. data:: extra_compile_args Compiler options. .. data:: extra_objects .. _libs-used-label: Libraries used --------------- .. data:: ldap :noindex: .. data:: ldap_r :noindex: The LDAP protocol library of OpenLDAP. ``ldap_r`` is the reentrant version and should be preferred. .. data:: lber :noindex: The BER encoder/decoder library of OpenLDAP. .. data:: sasl2 :noindex: The Cyrus-SASL library (optional) .. data:: ssl :noindex: The SSL/TLS library of OpenSSL (optional) .. data:: crypto :noindex: The basic cryptographic library of OpenSSL (optional) Example ------- The following example is for a full-featured build (including SSL and SASL support) of python-ldap with OpenLDAP installed in a different prefix directory (here ``/opt/openldap-2.4``) and SASL header files found in /usr/include/sasl. Debugging symbols are preserved with compile option ``-g``. :: [_ldap] library_dirs = /opt/openldap-2.4/lib include_dirs = /opt/openldap-2.4/include /usr/include/sasl extra_compile_args = -g extra_objects = libs = ldap_r lber sasl2 ssl crypto ././@PaxHeader0000000000000000000000000000003400000000000010212 xustar0028 mtime=1700253999.7732356 python-ldap-3.4.4/Doc/reference/0000755000175000017500000000000014525750460016704 5ustar00spichugispichugi././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/reference/index.rst0000644000175000017500000000106114521037673020543 0ustar00spichugispichugipython-ldap Reference Documentation =================================== This document describes the package python-ldap with its various modules. Depending on what you want to do this manual assumes basic to expert knowledge about the Python language and the LDAP standard (LDAPv3). .. toctree:: :maxdepth: 3 ldap.rst ldap-async.rst ldap-controls.rst ldap-dn.rst ldap-extop.rst ldap-filter.rst ldap-modlist.rst ldap-resiter.rst ldap-schema.rst ldap-syncrepl.rst ldap-sasl.rst ldif.rst ldapurl.rst slapdtest.rst ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/reference/ldap-async.rst0000644000175000017500000000541014521037673021471 0ustar00spichugispichugi******************************************************************** :py:mod:`ldap.asyncsearch` Stream-processing of large search results ******************************************************************** .. py:module:: ldap.asyncsearch :synopsis: Framework for stream-processing of large search results. With newer Python versions one might want to consider using :py:mod:`ldap.resiter` instead. .. versionchanged:: 3.0 In Python 3.7 ``async`` is a reserved keyword. The module :py:mod:`ldap.async` has been renamed to :py:mod:`ldap.asyncsearch`. The old name :py:mod:`ldap.async` is still available for backwards compatibility. .. deprecated:: 3.0 The old name :py:mod:`ldap.async` is deprecated, but will not be removed until Python 3.6 reaches end-of-life. Classes ======= .. autoclass:: ldap.asyncsearch.AsyncSearchHandler :members: .. autoclass:: ldap.asyncsearch.List :members: .. autoclass:: ldap.asyncsearch.Dict :members: .. autoclass:: ldap.asyncsearch.IndexedDict :members: .. autoclass:: ldap.asyncsearch.LDIFWriter :members: .. _ldap.asyncsearch-example: Examples ======== .. _ldap.asyncsearch-example.List: Using ldap.asyncsearch.List ^^^^^^^^^^^^^^^^^^^^^^^^^^^ This example demonstrates how to use class ldap.asyncsearch.List for retrieving partial search results even though the exception :exc:`ldap.SIZELIMIT_EXCEEDED` was raised because a server side limit was hit. :: import sys,ldap,ldap.asyncsearch s = ldap.asyncsearch.List( ldap.initialize('ldap://localhost'), ) s.startSearch( 'dc=stroeder,dc=com', ldap.SCOPE_SUBTREE, '(objectClass=*)', ) try: partial = s.processResults() except ldap.SIZELIMIT_EXCEEDED: sys.stderr.write('Warning: Server-side size limit exceeded.\n') else: if partial: sys.stderr.write('Warning: Only partial results received.\n') sys.stdout.write( '%d results received.\n' % ( len(s.allResults) ) ) .. _ldap.asyncsearch-example.LDIFWriter: Using ldap.asyncsearch.LDIFWriter ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This example demonstrates how to use class ldap.asyncsearch.LDIFWriter for writing search results as LDIF to stdout. :: import sys,ldap,ldap.asyncsearch s = ldap.asyncsearch.LDIFWriter( ldap.initialize('ldap://localhost:1390'), sys.stdout ) s.startSearch( 'dc=stroeder,dc=com', ldap.SCOPE_SUBTREE, '(objectClass=*)', ) try: partial = s.processResults() except ldap.SIZELIMIT_EXCEEDED: sys.stderr.write('Warning: Server-side size limit exceeded.\n') else: if partial: sys.stderr.write('Warning: Only partial results received.\n') sys.stderr.write( '%d results received.\n' % ( s.endResultBreak-s.beginResultsDropped ) ) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/reference/ldap-controls.rst0000644000175000017500000001413714521037673022225 0ustar00spichugispichugi********************************************************************* :py:mod:`ldap.controls` High-level access to LDAPv3 extended controls ********************************************************************* .. py:module:: ldap.controls :synopsis: High-level access to LDAPv3 extended controls. .. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) Variables ========= .. py:data:: KNOWN_RESPONSE_CONTROLS Dictionary mapping the OIDs of known response controls to the accompanying :py:class:`ResponseControl` classes. This is used by :py:func:`DecodeControlTuples` to automatically decode control values. Calling application can also register their custom :py:class:`ResponseControl` classes in this dictionary possibly overriding pre-registered classes. Classes ======= This module defines the following classes: .. autoclass:: ldap.controls.RequestControl :members: .. autoclass:: ldap.controls.ResponseControl :members: .. autoclass:: ldap.controls.LDAPControl :members: Functions ========= This module defines the following functions: .. autofunction:: ldap.controls.RequestControlTuples .. autofunction:: ldap.controls.DecodeControlTuples Sub-modules =========== Various sub-modules implement specific LDAPv3 extended controls. The classes therein are derived from the base-classes :py:class:`ldap.controls.RequestControl`, :py:class:`ldap.controls.ResponseControl` or :py:class:`ldap.controls.LDAPControl`. Some of them require :py:mod:`pyasn1` and :py:mod:`pyasn1_modules` to be installed: Usually the names of the method arguments and the class attributes match the ASN.1 identifiers used in the specification. So looking at the referenced RFC or Internet-Draft is very helpful to understand the API. :py:mod:`ldap.controls.simple` Very simple controls ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. py:module:: ldap.controls.simple :synopsis: simple request and response controls implemented in pure Python .. autoclass:: ldap.controls.simple.ValueLessRequestControl :members: .. autoclass:: ldap.controls.simple.OctetStringInteger :members: .. autoclass:: ldap.controls.simple.BooleanControl :members: .. autoclass:: ldap.controls.simple.ManageDSAITControl :members: .. seealso:: :rfc:`3296` - Named Subordinate References in Lightweight Directory Access Protocol (LDAP) Directories .. autoclass:: ldap.controls.simple.RelaxRulesControl :members: .. seealso:: `draft-zeilenga-ldap-relax `_ .. autoclass:: ldap.controls.simple.ProxyAuthzControl :members: .. seealso:: :rfc:`4370` - Lightweight Directory Access Protocol (LDAP): Proxied Authorization Control .. autoclass:: ldap.controls.simple.AuthorizationIdentityRequestControl :members: .. seealso:: :rfc:`3829` - Lightweight Directory Access Protocol (LDAP): Authorization Identity Request and Response Controls .. autoclass:: ldap.controls.simple.AuthorizationIdentityResponseControl :members: .. seealso:: :rfc:`3829` - Lightweight Directory Access Protocol (LDAP): Authorization Identity Request and Response Controls .. autoclass:: ldap.controls.simple.GetEffectiveRightsControl :members: :py:mod:`ldap.controls.libldap` Various controls implemented in OpenLDAP libs ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. py:module:: ldap.controls.libldap :synopsis: request and response controls implemented by OpenLDAP libs This module wraps C functions in OpenLDAP client libs which implement various request and response controls into Python classes. .. autoclass:: ldap.controls.libldap.AssertionControl :members: .. seealso:: :rfc:`4528` - Lightweight Directory Access Protocol (LDAP) Assertion Control .. autoclass:: ldap.controls.libldap.MatchedValuesControl :members: .. seealso:: :rfc:`3876` - Returning Matched Values with the Lightweight Directory Access Protocol version 3 (LDAPv3) .. autoclass:: ldap.controls.libldap.SimplePagedResultsControl :members: .. seealso:: :rfc:`2696` - LDAP Control Extension for Simple Paged Results Manipulation :py:mod:`ldap.controls.psearch` LDAP Persistent Search ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. py:module:: ldap.controls.psearch :synopsis: request and response controls for LDAP persistent search This module implements request and response controls for LDAP persistent search. .. seealso:: `draft-ietf-ldapext-psearch `_ .. autoclass:: ldap.controls.psearch.PersistentSearchControl :members: .. autoclass:: ldap.controls.psearch.EntryChangeNotificationControl :members: .. |ASN.1| replace:: Asn1Type :py:mod:`ldap.controls.sessiontrack` Session tracking control ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. py:module:: ldap.controls.sessiontrack :synopsis: request control for session tracking .. seealso:: `draft-wahl-ldap-session `_ .. autoclass:: ldap.controls.sessiontrack.SessionTrackingControl :members: :py:mod:`ldap.controls.readentry` Read entry control ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. py:module:: ldap.controls.readentry :synopsis: read entryrequest and response controls .. seealso:: :rfc:`4527` - Lightweight Directory Access Protocol (LDAP): Read Entry Controls .. versionchanged:: 4.0 The attribute values of the entry now consists of `bytes` instead of ISO8859-1 decoded `str`. .. autoclass:: ldap.controls.readentry.ReadEntryControl :members: .. autoclass:: ldap.controls.readentry.PreReadControl :members: .. autoclass:: ldap.controls.readentry.PostReadControl :members: :py:mod:`ldap.controls.ppolicy` Password Policy Control ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. seealso:: `draft-behera-ldap-password-policy `_ .. py:module:: ldap.controls.ppolicy :synopsis: passworld policies .. autoclass:: ldap.controls.ppolicy.PasswordPolicyControl :members: ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/reference/ldap-dn.rst0000644000175000017500000000773314521037673020767 0ustar00spichugispichugi:py:mod:`ldap.dn` LDAP Distinguished Name handling ==================================================== .. py:module:: ldap.dn :synopsis: LDAP Distinguished Name handling. .. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) .. % Author of the module code; .. seealso:: For LDAPv3 DN syntax see: :rfc:`4514` - Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names .. seealso:: For deprecated LDAPv2 DN syntax (obsoleted by LDAPv3) see: :rfc:`1779` - A String Representation of Distinguished Names The :mod:`ldap.dn` module defines the following functions: .. function:: escape_dn_chars(s) -> string This function escapes characters in string *s* which are special in LDAP distinguished names. You should use this function when building LDAP DN strings from arbitrary input. .. function:: str2dn(s [, flags=0]) -> list This function takes *s* and breaks it up into its component parts down to AVA level. The optional parameter *flags* describes the DN format of s (see :ref:`ldap-dn-flags`). Note that hex-encoded non-ASCII chars are decoded to the raw bytes. Internally this function is implemented by calling OpenLDAP C function `ldap_str2dn(3) `_. .. function:: dn2str(dn) -> string This function takes a decomposed DN in *dn* and returns a single string. It's the inverse to :func:`str2dn`. Special characters are escaped with the help of function :func:`escape_dn_chars`. .. function:: explode_dn(dn [, notypes=False[, flags=0]]) -> list This function takes *dn* and breaks it up into its component parts. Each part is known as an RDN (Relative Distinguished Name). The optional *notypes* parameter is used to specify that only the RDN values be returned and not their types. The optional parameter *flags* describes the DN format of s (see :ref:`ldap-dn-flags`). This function is emulated by function :func:`str2dn` since the function ldap_explode_dn() in the C library is deprecated. .. function:: explode_rdn(rdn [, notypes=False[, flags=0]]) -> list This function takes a (multi-valued) *rdn* and breaks it up into a list of characteristic attributes. The optional *notypes* parameter is used to specify that only the RDN values be returned and not their types. The optional *flags* parameter describes the DN format of s (see :ref:`ldap-dn-flags`). This function is emulated by function :func:`str2dn` since the function ldap_explode_rdn() in the C library is deprecated. .. function:: is_dn(dn[, flags=0]) -> boolean This function checks whether *dn* is a valid LDAP distinguished name by passing it to function :func:`str2dn`. .. _ldap-dn-example: Examples ^^^^^^^^^ Splitting a LDAPv3 DN to AVA level. Note that both examples have the same result but in the first example the non-ASCII chars are passed as is (byte buffer string) whereas in the second example the hex-encoded DN representation are passed to the function. >>> ldap.dn.str2dn('cn=Michael Str\xc3\xb6der,dc=example,dc=com',flags=ldap.DN_FORMAT_LDAPV3) [[('cn', 'Michael Str\xc3\xb6der', 4)], [('dc', 'example', 1)], [('dc', 'com', 1)]] >>> ldap.dn.str2dn('cn=Michael Str\C3\B6der,dc=example,dc=com',flags=ldap.DN_FORMAT_LDAPV3) [[('cn', 'Michael Str\xc3\xb6der', 4)], [('dc', 'example', 1)], [('dc', 'com', 1)]] Splitting a LDAPv2 DN into RDN parts: >>> ldap.dn.explode_dn('cn=John Doe;dc=example;dc=com',flags=ldap.DN_FORMAT_LDAPV2) ['cn=John Doe', 'dc=example', 'dc=com'] Splitting a multi-valued RDN: >>> ldap.dn.explode_rdn('cn=John Doe+mail=john.doe@example.com',flags=ldap.DN_FORMAT_LDAPV2) ['cn=John Doe', 'mail=john.doe@example.com'] Splitting a LDAPv3 DN with a multi-valued RDN into its AVA parts: >>> ldap.dn.str2dn('cn=John Doe+mail=john.doe@example.com,dc=example,dc=com') [[('cn', 'John Doe', 1), ('mail', 'john.doe@example.com', 1)], [('dc', 'example', 1)], [('dc', 'com', 1)]] ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/reference/ldap-extop.rst0000644000175000017500000000204614521037673021515 0ustar00spichugispichugi******************************************************************** :py:mod:`ldap.extop` High-level access to LDAPv3 extended operations ******************************************************************** .. py:module:: ldap.extop :synopsis: High-level access to LDAPv3 extended operations. Classes ======= This module defines the following classes: .. autoclass:: ldap.extop.ExtendedRequest :members: .. autoclass:: ldap.extop.ExtendedResponse :members: :py:mod:`ldap.extop.dds` Classes for Dynamic Entries extended operations ======================================================================== .. py:module:: ldap.extop.dds :synopsis: Classes for Dynamic Entries extended operations This requires :py:mod:`pyasn1` and :py:mod:`pyasn1_modules` to be installed. .. seealso:: :rfc:`2589` - Lightweight Directory Access Protocol (v3): Extensions for Dynamic Directory Services .. autoclass:: ldap.extop.dds.RefreshRequest :members: .. autoclass:: ldap.extop.dds.RefreshResponse :members: .. |ASN.1| replace:: Asn1Type ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/reference/ldap-filter.rst0000644000175000017500000000233714521037673021646 0ustar00spichugispichugi:py:mod:`ldap.filter` LDAP filter handling ============================================ .. py:module:: ldap.filter :synopsis: LDAP filter handling. .. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) .. % Author of the module code; .. seealso:: :rfc:`4515` - Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters. The :mod:`ldap.filter` module defines the following functions: .. function:: escape_filter_chars(assertion_value[, escape_mode=0]) This function escapes characters in *assertion_value* which are special in LDAP filters. You should use this function when building LDAP filter strings from arbitrary input. *escape_mode* means: If :const:`0` only special chars mentioned in RFC 4515 are escaped. If :const:`1` all NON-ASCII chars are escaped. If :const:`2` all chars are escaped. .. % -> string .. function:: filter_format(filter_template, assertion_values) This function applies :func:`escape_filter_chars` to each of the strings in list *assertion_values*. After that *filter_template* containing as many :const:`%s` placeholders as count of assertion values is used to build the whole filter string. .. % -> string ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/reference/ldap-modlist.rst0000644000175000017500000000527214521037673022035 0ustar00spichugispichugi:py:mod:`ldap.modlist` Generate modify lists ============================================== .. py:module:: ldap.modlist The :mod:`ldap.modlist` module defines the following functions: .. function:: addModlist(entry [, ignore_attr_types=[]]) -> list This function builds a list suitable for passing it directly as argument *modlist* to method :py:meth:`ldap.ldapobject.LDAPObject.add` or its synchronous counterpart :py:meth:`ldap.ldapobject.LDAPObject.add_s`. *entry* is a dictionary like returned when receiving search results. *ignore_attr_types* is a list of attribute type names which shall be ignored completely. Attributes of these types will not appear in the result at all. .. function:: modifyModlist( old_entry, new_entry [, ignore_attr_types=[] [, ignore_oldexistent=0 [, case_ignore_attr_types=None]]]) -> list This function builds a list suitable for passing it directly as argument *modlist* to method :py:meth:`ldap.ldapobject.LDAPObject.modify` or its synchronous counterpart :py:meth:`ldap.ldapobject.LDAPObject.modify_s`. Roughly when applying the resulting modify list to an entry holding the data *old_entry* it will be modified in such a way that the entry holds *new_entry* after the modify operation. It is handy in situations when it is impossible to track user changes to an entry's data or for synchronizing operations. *old_entry* and *new_entry* are dictionaries like returned when receiving search results. *ignore_attr_types* is a list of attribute type names which shall be ignored completely. These attribute types will not appear in the result at all. If *ignore_oldexistent* is non-zero attribute type names which are in *old_entry* but are not found in *new_entry* at all are not deleted. This is handy for situations where your application sets attribute value to an empty string for deleting an attribute. In most cases leave zero. If *case_ignore_attr_types* is a list of attribute type names for which the comparison will be conducted case-insensitive. It is useful in situations where a LDAP server normalizes values and one wants to avoid unnecessary changes (e.g. case of attribute type names in DNs). .. note:: Replacing attribute values is always done with a :py:const:`ldap.MOD_DELETE`/:py:const:`ldap.MOD_ADD` pair instead of :py:const:`ldap.MOD_REPLACE` to work-around potential issues with attributes for which no EQUALITY matching rule are defined in the server's subschema. This works correctly in most situations but rarely fails with some LDAP servers implementing (schema) checks on transient state entry during processing the modify operation. ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/reference/ldap-resiter.rst0000644000175000017500000000253414521037673022035 0ustar00spichugispichugi:py:mod:`ldap.resiter` Generator for stream-processing of large search results ============================================================================== .. py:module:: ldap.resiter :synopsis: Generator for stream-processing of large search results. .. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) .. _ldap.resiter-classes: .. py:class:: ResultProcessor This is a mix-in class to be used with class :py:class:`ldap.LDAPObject` or derived classes which has these methods: .. automethod:: ldap.resiter.ResultProcessor.allresults .. _ldap.resiter-example: Examples -------- .. _ldap.resiter.ResultProcessor-example: Using ldap.resiter.ResultProcessor ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This example demonstrates how to use mix-in class ldap.resiter.ResultProcessor for retrieving results formerly requested with :py:meth:`ldap.LDAPObject.search()` and processing them in a for-loop. :: import sys,ldap,ldap.resiter class MyLDAPObject(ldap.ldapobject.LDAPObject,ldap.resiter.ResultProcessor): pass l = MyLDAPObject('ldap://localhost') # Asynchronous search method msg_id = l.search('dc=stroeder,dc=com',ldap.SCOPE_SUBTREE,'(objectClass=*)') for res_type,res_data,res_msgid,res_controls in l.allresults(msg_id): for dn,entry in res_data: # process dn and entry print(dn,entry['objectClass']) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/reference/ldap-sasl.rst0000644000175000017500000000340414521037673021317 0ustar00spichugispichugi*********************************************** :py:mod:`ldap.sasl` SASL Authentication Methods *********************************************** .. py:module:: ldap.sasl This module implements various authentication methods for SASL bind. .. seealso:: :rfc:`4422` - Simple Authentication and Security Layer (SASL) :rfc:`4513` - Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms Constants ========= .. py:data:: CB_USER .. py:data:: CB_AUTHNAME .. py:data:: CB_LANGUAGE .. py:data:: CB_PASS .. py:data:: CB_ECHOPROMPT .. py:data:: CB_NOECHOPROMPT .. py:data:: CB_GETREALM Classes ======= .. autoclass:: ldap.sasl.sasl :members: This class is used with :py:meth:`ldap.LDAPObject.sasl_interactive_bind_s()`. .. autoclass:: ldap.sasl.cram_md5 :members: .. autoclass:: ldap.sasl.digest_md5 :members: .. autoclass:: ldap.sasl.gssapi :members: You might consider using convenience method :py:meth:`ldap.LDAPObject.sasl_gssapi_bind_s()`. .. autoclass:: ldap.sasl.external :members: You might consider using convenience method :py:meth:`ldap.LDAPObject.sasl_external_bind_s()`. .. _ldap.sasl-example: Examples for ldap.sasl ^^^^^^^^^^^^^^^^^^^^^^^^ This example connects to an OpenLDAP server via LDAP over IPC (see `draft-chu-ldap-ldapi `_) and sends a SASL external bind request. :: import ldap, ldap.sasl, urllib ldapi_path = '/tmp/openldap-socket' ldap_conn = ldap.initialize( 'ldapi://%s' % ( urllib.quote_plus(ldapi_path) ) ) # Send SASL bind request for mechanism EXTERNAL ldap_conn.sasl_non_interactive_bind_s('EXTERNAL') # Find out the SASL Authorization Identity print ldap_conn.whoami_s() ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/reference/ldap-schema.rst0000644000175000017500000000357414521037673021625 0ustar00spichugispichugi******************************************** :py:mod:`ldap.schema` Handling LDAPv3 schema ******************************************** .. py:module:: ldap.schema This module deals with schema information usually retrieved from a special subschema subentry provided by the server. It is closely modeled along the directory information model described in the following RFC with which you should make yourself familiar when trying to use this module: .. seealso:: :rfc:`4512` - Lightweight Directory Access Protocol (LDAP): Directory Information Models :py:mod:`ldap.schema.subentry` Processing LDAPv3 subschema subentry ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. py:module:: ldap.schema.subentry .. py:data:: NOT_HUMAN_READABLE_LDAP_SYNTAXES Dictionary where the keys are the OIDs of LDAP syntaxes known to be not human-readable when displayed to a console without conversion and which cannot be decoded to a :py:data:`types.UnicodeType`. Functions ========= .. autofunction:: ldap.schema.subentry.urlfetch Classes ======= .. autoclass:: ldap.schema.subentry.SubSchema :members: :py:mod:`ldap.schema.models` Schema elements ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. py:module:: ldap.schema.models .. autoclass:: ldap.schema.models.Entry :members: .. autoclass:: ldap.schema.models.SchemaElement :members: .. autoclass:: ldap.schema.models.AttributeType :members: .. autoclass:: ldap.schema.models.ObjectClass :members: .. autoclass:: ldap.schema.models.MatchingRule :members: .. autoclass:: ldap.schema.models.MatchingRuleUse :members: .. autoclass:: ldap.schema.models.DITContentRule :members: .. autoclass:: ldap.schema.models.NameForm :members: .. autoclass:: ldap.schema.models.DITStructureRule :members: .. _ldap.schema-example: Examples for ldap.schema ^^^^^^^^^^^^^^^^^^^^^^^^ :: import ldap.schema ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/reference/ldap-syncrepl.rst0000644000175000017500000000112114521037673022206 0ustar00spichugispichugi******************************************************************** :py:mod:`ldap.syncrepl` Implementation of a syncrepl consumer ******************************************************************** .. py:module:: ldap.syncrepl :synopsis: Implementation of a syncrepl consumer .. seealso:: :rfc:`4533` - Lightweight Directory Access Protocol (v3): Content Synchronization Operation This requires :py:mod:`pyasn1` and :py:mod:`pyasn1_modules` to be installed. Classes ======= This module defines the following classes: .. autoclass:: ldap.syncrepl.SyncreplConsumer :members: ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/reference/ldap.rst0000644000175000017500000014147214521037673020367 0ustar00spichugispichugi******************************************** :py:mod:`ldap` LDAP library interface module ******************************************** .. py:module:: ldap :platform: Posix, Windows :synopsis: Access to an underlying LDAP C library. .. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) This module provides access to the LDAP (Lightweight Directory Access Protocol) C API implemented in OpenLDAP. It is similar to the C API, with the notable differences that lists are manipulated via Python list operations and errors appear as exceptions. .. seealso:: For more detailed information on the C interface, please see the (expired) `draft-ietf-ldapext-ldap-c-api `_ This documentation is current for the Python LDAP module, version |release|. Source and binaries are available from https://www.python-ldap.org/. Functions ========= This module defines the following functions: .. py:function:: initialize(uri [, trace_level=0 [, trace_file=sys.stdout [, trace_stack_limit=None, [fileno=None]]]]) -> LDAPObject object Initializes a new connection object for accessing the given LDAP server, and return an :class:`~ldap.ldapobject.LDAPObject` used to perform operations on that server. The *uri* parameter may be a comma- or whitespace-separated list of URIs containing only the schema, the host, and the port fields. Note that when using multiple URIs you cannot determine to which URI your client gets connected. If *fileno* parameter is given then the file descriptor will be used to connect to an LDAP server. The *fileno* must either be a socket file descriptor as :class:`int` or a file-like object with a *fileno()* method that returns a socket file descriptor. The socket file descriptor must already be connected. :class:`~ldap.ldapobject.LDAPObject` does not take ownership of the file descriptor. It must be kept open during operations and explicitly closed after the :class:`~ldap.ldapobject.LDAPObject` is unbound. The internal connection type is determined from the URI, ``TCP`` for ``ldap://`` / ``ldaps://``, ``IPC`` (``AF_UNIX``) for ``ldapi://``. The parameter is not available on macOS when python-ldap is compiled with system libldap, see :py:const:`INIT_FD_AVAIL`. Note that internally the OpenLDAP function `ldap_initialize(3) `_ is called which just initializes the LDAP connection struct in the C API - nothing else. Therefore the first call to an operation method (bind, search etc.) then really opens the connection (lazy connect). Before that nothing is sent on the wire. The error handling in the calling application has to correctly handle this behaviour. Three optional arguments are for generating debug log information: *trace_level* specifies the amount of information being logged, *trace_file* specifies a file-like object as target of the debug log and *trace_stack_limit* specifies the stack limit of tracebacks in debug log. Possible values for *trace_level* are :py:const:`0` for no logging, :py:const:`1` for only logging the method calls with arguments, :py:const:`2` for logging the method calls with arguments and the complete results and :py:const:`9` for also logging the traceback of method calls. This function is a thin wrapper around instantiating :class:`~ldap.ldapobject.LDAPObject`. Any additional keyword arguments are passed to ``LDAPObject``. It is also fine to instantiate a ``LDAPObject`` (or a subclass) directly. The function additionally takes *bytes_mode* and *bytes_strictness* keyword arguments, which are deprecated and ignored. See :ref:`bytes_mode` for details. .. seealso:: :rfc:`4516` - Lightweight Directory Access Protocol (LDAP): Uniform Resource Locator .. versionadded:: 3.3 The *fileno* argument was added. .. deprecated:: 3.4 *bytes_mode* and *bytes_strictness* arguments are deprecated. .. py:function:: get_option(option) -> int|string This function returns the value of the global option specified by *option*. .. py:function:: set_option(option, invalue) -> None This function sets the value of the global option specified by *option* to *invalue*. .. note:: Most global settings do not affect existing :py:class:`LDAPObject` connections. Applications should call :py:func:`set_option()` before they establish connections with :py:func:`initialize`. .. versionchanged:: 3.1 The deprecated functions ``ldap.init()`` and ``ldap.open()`` were removed. .. _ldap-constants: Constants ========= The module defines various constants. Note that some constants depend on the build options and which underlying libs were used or even on the version of the libs. So before using those constants the application has to explicitly check whether they are available. General ------- .. py:data:: PORT The assigned TCP port number (389) that LDAP servers listen on. .. py:data:: SASL_AVAIL Integer where a non-zero value indicates that python-ldap was built with support for SASL (Cyrus-SASL). .. py:data:: TLS_AVAIL Integer where a non-zero value indicates that python-ldap was built with support for SSL/TLS (OpenSSL or similar libs). .. py:data:: INIT_FD_AVAIL Integer where a non-zero value indicates that python-ldap supports :py:func:`initialize` from a file descriptor. The feature is generally available except on macOS when python-ldap is compiled with system libldap. .. _ldap-options: Options ------- .. seealso:: :manpage:`ldap.conf(5)` and :manpage:`ldap_get_option(3)` For use with functions :py:func:`set_option` and :py:func:`get_option` and methods :py:meth:`LDAPObject.set_option` and :py:meth:`LDAPObject.get_option` the following option identifiers are defined as constants: .. py:data:: OPT_API_FEATURE_INFO .. py:data:: OPT_API_INFO .. py:data:: OPT_CLIENT_CONTROLS .. py:data:: OPT_DEBUG_LEVEL Sets the debug level within the underlying OpenLDAP C lib (libldap). libldap sends the log messages to stderr. .. py:data:: OPT_DEFBASE .. py:data:: OPT_DEREF Specifies how alias dereferencing is done within the underlying LDAP C lib. .. py:data:: OPT_ERROR_STRING .. py:data:: OPT_DIAGNOSTIC_MESSAGE .. py:data:: OPT_HOST_NAME .. py:data:: OPT_MATCHED_DN .. py:data:: OPT_NETWORK_TIMEOUT .. versionchanged:: 3.0 A timeout of ``-1`` or ``None`` resets timeout to infinity. .. py:data:: OPT_PROTOCOL_VERSION Sets the LDAP protocol version used for a connection. This is mapped to object attribute `ldap.LDAPObject.protocol_version` .. py:data:: OPT_REFERRALS int specifying whether referrals should be automatically chased within the underlying LDAP C lib. .. py:data:: OPT_REFHOPLIMIT .. py:data:: OPT_RESTART .. py:data:: OPT_SERVER_CONTROLS .. py:data:: OPT_SIZELIMIT .. py:data:: OPT_SUCCESS .. py:data:: OPT_TIMELIMIT .. py:data:: OPT_TIMEOUT .. versionchanged:: 3.0 A timeout of ``-1`` or ``None`` resets timeout to infinity. .. py:data:: OPT_URI .. _ldap-sasl-options: SASL options :::::::::::: Unlike most other options, SASL options must be set on an :py:class:`LDAPObject` instance. .. py:data:: OPT_X_SASL_AUTHCID .. py:data:: OPT_X_SASL_AUTHZID .. py:data:: OPT_X_SASL_MECH .. py:data:: OPT_X_SASL_NOCANON If set to zero, SASL host name canonicalization is disabled. .. py:data:: OPT_X_SASL_REALM .. py:data:: OPT_X_SASL_SECPROPS .. py:data:: OPT_X_SASL_SSF .. py:data:: OPT_X_SASL_SSF_EXTERNAL .. py:data:: OPT_X_SASL_SSF_MAX .. py:data:: OPT_X_SASL_SSF_MIN .. _ldap-tls-options: TLS options ::::::::::: .. warning:: libldap does not materialize all TLS settings immediately. You must use :py:const:`OPT_X_TLS_NEWCTX` with value ``0`` to instruct libldap to apply pending TLS settings and create a new internal TLS context:: conn = ldap.initialize("ldap://ldap.example") conn.set_option(ldap.OPT_X_TLS_CACERTFILE, '/path/to/ca.pem') conn.set_option(ldap.OPT_X_TLS_NEWCTX, 0) conn.start_tls_s() conn.simple_bind_s(dn, password) .. py:data:: OPT_X_TLS_NEWCTX set and apply TLS settings to internal TLS context. Value ``0`` creates a new client-side context. .. py:data:: OPT_X_TLS_PACKAGE Get TLS implementation, known values are * ``GnuTLS`` * ``MozNSS`` (Mozilla NSS) * ``OpenSSL`` .. py:data:: OPT_X_TLS_CACERTDIR get/set path to directory with CA certs .. py:data:: OPT_X_TLS_CACERTFILE get/set path to PEM file with CA certs .. py:data:: OPT_X_TLS_CERTFILE get/set path to file with PEM encoded cert for client cert authentication, requires :py:const:`OPT_X_TLS_KEYFILE`. .. py:data:: OPT_X_TLS_KEYFILE get/set path to file with PEM encoded key for client cert authentication, requires :py:const:`OPT_X_TLS_CERTFILE`. .. py:data:: OPT_X_TLS_CRLCHECK get/set certificate revocation list (CRL) check mode. CRL validation requires :py:const:`OPT_X_TLS_CRLFILE`. :py:const:`OPT_X_TLS_CRL_NONE` Don't perform CRL checks :py:const:`OPT_X_TLS_CRL_PEER` Perform CRL check for peer's end entity cert. :py:const:`OPT_X_TLS_CRL_ALL` Perform CRL checks for the whole cert chain .. py:data:: OPT_X_TLS_CRLFILE get/set path to CRL file .. py:data:: OPT_X_TLS_CRL_ALL value for :py:const:`OPT_X_TLS_CRLCHECK` .. py:data:: OPT_X_TLS_CRL_NONE value for :py:const:`OPT_X_TLS_CRLCHECK` .. py:data:: OPT_X_TLS_CRL_PEER value for :py:const:`OPT_X_TLS_CRLCHECK` .. py:data:: OPT_X_TLS_REQUIRE_CERT get/set validation strategy for server cert. :py:const:`OPT_X_TLS_NEVER` Don't check server cert and host name :py:const:`OPT_X_TLS_ALLOW` Used internally by slapd server. :py:const:`OPT_X_TLS_DEMAND` Validate peer cert chain and host name :py:const:`OPT_X_TLS_HARD` Same as :py:const:`OPT_X_TLS_DEMAND` .. py:data:: OPT_X_TLS_REQUIRE_SAN get/set how OpenLDAP validates subject alternative name extension, available in OpenLDAP 2.4.52 and newer. :py:const:`OPT_X_TLS_NEVER` Don't check SAN :py:const:`OPT_X_TLS_ALLOW` Check SAN first, always fall back to subject common name (default) :py:const:`OPT_X_TLS_TRY` Check SAN first, only fall back to subject common name, when no SAN extension is present (:rfc:`6125` conform validation) :py:const:`OPT_X_TLS_DEMAND` Validate peer cert chain and host name :py:const:`OPT_X_TLS_HARD` Require SAN, don't fall back to subject common name .. versionadded:: 3.4.0 .. py:data:: OPT_X_TLS_ALLOW Value for :py:const:`OPT_X_TLS_REQUIRE_CERT` and :py:const:`OPT_X_TLS_REQUIRE_SAN` .. py:data:: OPT_X_TLS_DEMAND Value for :py:const:`OPT_X_TLS_REQUIRE_CERT` and :py:const:`OPT_X_TLS_REQUIRE_SAN` .. py:data:: OPT_X_TLS_HARD Value for :py:const:`OPT_X_TLS_REQUIRE_CERT` and :py:const:`OPT_X_TLS_REQUIRE_SAN` .. py:data:: OPT_X_TLS_NEVER Value for :py:const:`OPT_X_TLS_REQUIRE_CERT` and :py:const:`OPT_X_TLS_REQUIRE_SAN` .. py:data:: OPT_X_TLS_TRY Value for :py:const:`OPT_X_TLS_REQUIRE_CERT` .. deprecated:: 3.3.0 This value is only used by slapd server internally. It will be removed in the future. .. py:data:: OPT_X_TLS_CIPHER get cipher suite name from TLS session .. py:data:: OPT_X_TLS_CIPHER_SUITE get/set allowed cipher suites .. py:data:: OPT_X_TLS_CTX get address of internal memory address of TLS context (**DO NOT USE**) .. py:data:: OPT_X_TLS_PEERCERT Get peer's certificate as binary ASN.1 data structure (DER) .. versionadded:: 3.4.1 .. note:: The option leaks memory with OpenLDAP < 2.5.8. .. py:data:: OPT_X_TLS_PROTOCOL_MIN get/set minimum protocol version (wire protocol version as int) .. py:data:: OPT_X_TLS_PROTOCOL_MAX get/set maximum protocol version (wire protocol version as int), available in OpenLDAP 2.5 and newer. .. versionadded:: 3.4.1 .. py:data:: OPT_X_TLS_PROTOCOL_SSL3 Value for :py:const:`OPT_X_TLS_PROTOCOL_MIN` and :py:const:`OPT_X_TLS_PROTOCOL_MAX`, represents SSL 3 .. versionadded:: 3.4.1 .. py:data:: OPT_X_TLS_PROTOCOL_TLS1_0 Value for :py:const:`OPT_X_TLS_PROTOCOL_MIN` and :py:const:`OPT_X_TLS_PROTOCOL_MAX`, represents TLS 1.0 .. versionadded:: 3.4.1 .. py:data:: OPT_X_TLS_PROTOCOL_TLS1_1 Value for :py:const:`OPT_X_TLS_PROTOCOL_MIN` and :py:const:`OPT_X_TLS_PROTOCOL_MAX`, represents TLS 1.1 .. versionadded:: 3.4.1 .. py:data:: OPT_X_TLS_PROTOCOL_TLS1_2 Value for :py:const:`OPT_X_TLS_PROTOCOL_MIN` and :py:const:`OPT_X_TLS_PROTOCOL_MAX`, represents TLS 1.2 .. versionadded:: 3.4.1 .. py:data:: OPT_X_TLS_PROTOCOL_TLS1_3 Value for :py:const:`OPT_X_TLS_PROTOCOL_MIN` and :py:const:`OPT_X_TLS_PROTOCOL_MAX`, represents TLS 1.3 .. versionadded:: 3.4.1 .. py:data:: OPT_X_TLS_VERSION Get negotiated TLS protocol version as string .. py:data:: OPT_X_TLS_RANDOM_FILE get/set path to /dev/urandom (**DO NOT USE**) .. py:data:: OPT_X_TLS .. deprecated:: 3.3.0 The option is deprecated in OpenLDAP and should no longer be used. It will be removed in the future. .. note:: OpenLDAP supports several TLS/SSL libraries. OpenSSL is the most common backend. Some options may not be available when libldap uses NSS, GnuTLS, or Apple's Secure Transport backend. .. _ldap-keepalive-options: Keepalive options ::::::::::::::::: .. py:data:: OPT_X_KEEPALIVE_IDLE .. py:data:: OPT_X_KEEPALIVE_PROBES .. py:data:: OPT_X_KEEPALIVE_INTERVAL .. _ldap-dn-flags: DN format flags ---------------- This constants are used for DN-parsing functions found in sub-module :py:mod:`ldap.dn`. .. seealso:: `ldap_str2dn(3) `_ .. py:data:: DN_FORMAT_LDAP .. py:data:: DN_FORMAT_LDAPV3 .. py:data:: DN_FORMAT_LDAPV2 .. py:data:: DN_FORMAT_DCE .. py:data:: DN_FORMAT_UFN .. py:data:: DN_FORMAT_AD_CANONICAL .. py:data:: DN_FORMAT_MASK .. py:data:: DN_PRETTY .. py:data:: DN_SKIP .. py:data:: DN_P_NOLEADTRAILSPACES .. py:data:: DN_P_NOSPACEAFTERRDN .. py:data:: DN_PEDANTIC .. _ldap-exceptions: Exceptions ========== The module defines the following exceptions: .. py:exception:: LDAPError This is the base class of all exceptions raised by the module :py:mod:`ldap`. Unlike the C interface, errors are not returned as result codes, but are instead turned into exceptions, raised as soon an the error condition is detected. The exceptions are accompanied by a dictionary with additional information. All fields are optional and more fields may be added in the future. Currently, ``python-ldap`` may set the following fields: * ``'result'``: a numeric code of the error class. * ``'desc'``: string giving a description of the error class, as provided by calling OpenLDAP's ``ldap_err2string`` on the ``result``. * ``'info'``: string containing more information that the server may have sent. The value is server-specific: for example, the OpenLDAP server may send different info messages than Active Directory or 389-DS. * ``'matched'``: truncated form of the name provided or alias. dereferenced for the lowest entry (object or alias) that was matched. * ``'msgid'``: ID of the matching asynchronous request. This can be used in asynchronous code where :py:meth:`result()` raises the result of an operation as an exception. For example, this is the case for :py:meth:`~LDAPObject.compare()`, always raises the boolean result as an exception (:py:exc:`COMPARE_TRUE` or :py:exc:`COMPARE_FALSE`). * ``'ctrls'``: list of :py:class:`ldap.controls.LDAPControl` instances attached to the error. * ``'errno'``: the C ``errno``, usually set by system calls or ``libc`` rather than the LDAP libraries. .. py:exception:: ADMINLIMIT_EXCEEDED .. py:exception:: AFFECTS_MULTIPLE_DSAS .. py:exception:: ALIAS_DEREF_PROBLEM A problem was encountered when dereferencing an alias. (Sets the :py:const:`matched` field.) .. py:exception:: ALIAS_PROBLEM An alias in the directory points to a nonexistent entry. (Sets the :py:const:`matched` field.) .. py:exception:: ALREADY_EXISTS The entry already exists. E.g. the *dn* specified with :py:meth:`add()` already exists in the DIT. .. py:exception:: AUTH_UNKNOWN The authentication method specified to :py:meth:`bind()` is not known. .. py:exception:: BUSY The DSA is busy. .. py:exception:: CLIENT_LOOP .. py:exception:: COMPARE_FALSE A compare operation returned false. (This exception should only be seen asynchronous operations, because :py:meth:`~LDAPObject.compare_s()` returns a boolean result.) .. py:exception:: COMPARE_TRUE A compare operation returned true. (This exception should only be seen asynchronous operations, because :py:meth:`~LDAPObject.compare_s()` returns a boolean result.) .. py:exception:: CONFIDENTIALITY_REQUIRED Indicates that the session is not protected by a protocol such as Transport Layer Security (TLS), which provides session confidentiality. .. py:exception:: CONNECT_ERROR .. py:exception:: CONSTRAINT_VIOLATION An attribute value specified or an operation started violates some server-side constraint (e.g., a postalAddress has too many lines or a line that is too long or a password is expired). .. py:exception:: CONTROL_NOT_FOUND .. py:exception:: DECODING_ERROR An error was encountered decoding a result from the LDAP server. .. py:exception:: ENCODING_ERROR An error was encountered encoding parameters to send to the LDAP server. .. py:exception:: FILTER_ERROR An invalid filter was supplied to :py:meth:`search()` (e.g. unbalanced parentheses). .. py:exception:: INAPPROPRIATE_AUTH Inappropriate authentication was specified (e.g. :py:const:`AUTH_SIMPLE` was specified and the entry does not have a userPassword attribute). .. py:exception:: INAPPROPRIATE_MATCHING Filter type not supported for the specified attribute. .. py:exception:: INSUFFICIENT_ACCESS The user has insufficient access to perform the operation. .. py:exception:: INVALID_CREDENTIALS Invalid credentials were presented during :py:meth:`bind()` or :py:meth:`simple_bind()`. (e.g., the wrong password). .. py:exception:: INVALID_DN_SYNTAX A syntactically invalid DN was specified. (Sets the :py:const:`matched` field.) .. py:exception:: INVALID_SYNTAX An attribute value specified by the client did not comply to the syntax defined in the server-side schema. .. py:exception:: IS_LEAF The object specified is a leaf of the directory tree. Sets the :py:const:`matched` field of the exception dictionary value. .. py:exception:: LOCAL_ERROR Some local error occurred. This is usually due to failed memory allocation. .. py:exception:: LOOP_DETECT A loop was detected. .. py:exception:: MORE_RESULTS_TO_RETURN .. py:exception:: NAMING_VIOLATION A naming violation occurred. This is raised e.g. if the LDAP server has constraints about the tree naming. .. py:exception:: NO_OBJECT_CLASS_MODS Modifying the objectClass attribute as requested is not allowed (e.g. modifying structural object class of existing entry). .. py:exception:: NOT_ALLOWED_ON_NONLEAF The operation is not allowed on a non-leaf object. .. py:exception:: NOT_ALLOWED_ON_RDN The operation is not allowed on an RDN. .. py:exception:: NOT_SUPPORTED .. py:exception:: NO_MEMORY .. py:exception:: NO_RESULTS_RETURNED .. py:exception:: NO_SUCH_ATTRIBUTE The attribute type specified does not exist in the entry. .. py:exception:: NO_SUCH_OBJECT The specified object does not exist in the directory. Sets the :py:const:`matched` field of the exception dictionary value. .. py:exception:: OBJECT_CLASS_VIOLATION An object class violation occurred when the LDAP server checked the data sent by the client against the server-side schema (e.g. a "must" attribute was missing in the entry data). .. py:exception:: OPERATIONS_ERROR An operations error occurred. .. py:exception:: OTHER An unclassified error occurred. .. py:exception:: PARAM_ERROR An ldap routine was called with a bad parameter. .. py:exception:: PARTIAL_RESULTS Partial results only returned. This exception is raised if a referral is received when using LDAPv2. (This exception should never be seen with LDAPv3.) .. py:exception:: PROTOCOL_ERROR A violation of the LDAP protocol was detected. .. py:exception:: RESULTS_TOO_LARGE The result does not fit into a UDP packet. This happens only when using UDP-based CLDAP (connection-less LDAP) which is not supported anyway. .. py:exception:: SASL_BIND_IN_PROGRESS .. py:exception:: SERVER_DOWN The LDAP library can't contact the LDAP server. .. py:exception:: SIZELIMIT_EXCEEDED An LDAP size limit was exceeded. This could be due to a ``sizelimit`` configuration on the LDAP server. .. py:exception:: STRONG_AUTH_NOT_SUPPORTED The LDAP server does not support strong authentication. .. py:exception:: STRONG_AUTH_REQUIRED Strong authentication is required for the operation. .. py:exception:: TIMELIMIT_EXCEEDED An LDAP time limit was exceeded. .. py:exception:: TIMEOUT A timelimit was exceeded while waiting for a result from the server. .. py:exception:: TYPE_OR_VALUE_EXISTS An attribute type or attribute value specified already exists in the entry. .. py:exception:: UNAVAILABLE The DSA is unavailable. .. py:exception:: UNAVAILABLE_CRITICAL_EXTENSION Indicates that the LDAP server was unable to satisfy a request because one or more critical extensions were not available. Either the server does not support the control or the control is not appropriate for the operation type. .. py:exception:: UNDEFINED_TYPE An attribute type used is not defined in the server-side schema. .. py:exception:: UNWILLING_TO_PERFORM The DSA is unwilling to perform the operation. .. py:exception:: USER_CANCELLED The operation was cancelled via the :py:meth:`abandon()` method. The above exceptions are raised when a result code from an underlying API call does not indicate success. .. _ldap-warnings: Warnings ======== .. py:class:: LDAPBytesWarning This warning is deprecated. python-ldap no longer raises it. It used to be raised under Python 2 when bytes/text mismatch in non-strict bytes mode. See :ref:`bytes_mode` for details. .. versionadded:: 3.0.0 .. versionchanged:: 3.4.0 Deprecated. .. _ldap-objects: LDAPObject classes ================== .. py:class:: ldap.ldapobject.LDAPObject Instances of :py:class:`LDAPObject` are returned by :py:func:`initialize()`. The connection is automatically unbound and closed when the LDAP object is deleted. :py:class:`LDAPObject` is an alias of :py:class:`~ldap.ldapobject.SimpleLDAPObject`, the default connection class. If you wish to use a different class, instantiate it directly instead of calling :func:`initialize()`. (It is also possible, but not recommended, to change the default by setting ``ldap.ldapobject.LDAPObject`` to a different class.) .. autoclass:: ldap.ldapobject.SimpleLDAPObject .. autoclass:: ldap.ldapobject.ReconnectLDAPObject .. _ldap-controls: Arguments for LDAPv3 controls ----------------------------- The :py:mod:`ldap.controls` module can be used for constructing and decoding LDAPv3 controls. These arguments are available in the methods with names ending in :py:const:`_ext` or :py:const:`_ext_s`: *serverctrls* is a list of :py:class:`ldap.controls.LDAPControl` instances sent to the server along with the LDAP request (see module :py:mod:`ldap.controls`). These are controls which alter the behaviour of the server when processing the request if the control is supported by the server. The effect of controls might differ depending on the type of LDAP request or controls might not be applicable with certain LDAP requests at all. *clientctrls* is a list of :py:class:`ldap.controls.LDAPControl` instances passed to the client API and alter the behaviour of the client when processing the request. .. _sending-ldap-requests: Sending LDAP requests --------------------- Most methods on LDAP objects initiate an asynchronous request to the LDAP server and return a message id that can be used later to retrieve the result with :py:meth:`result()`. Methods with names ending in :py:const:`_s` are the synchronous form and wait for and return with the server's result, or with :py:const:`None` if no data is expected. :class:`LDAPObject` instances have the following methods: .. py:method:: LDAPObject.abandon(msgid) -> None .. py:method:: LDAPObject.abandon_ext(msgid [, serverctrls=None [, clientctrls=None]]) -> None Abandons an LDAP operation in progress without waiting for a LDAP response. The *msgid* argument should be the message ID of an outstanding LDAP operation as returned by the asynchronous methods :py:meth:`search()`, :py:meth:`modify()`, etc. The caller can expect that the result of an abandoned operation will not be returned from a future call to :py:meth:`result()`. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. .. py:method:: LDAPObject.add(dn, modlist) -> int .. py:method:: LDAPObject.add_s(dn, modlist) -> None .. py:method:: LDAPObject.add_ext(dn, modlist [, serverctrls=None [, clientctrls=None]]) -> int .. py:method:: LDAPObject.add_ext_s(dn, modlist [, serverctrls=None [, clientctrls=None]]) -> tuple Performs an LDAP add operation. The *dn* argument is the distinguished name (DN) of the entry to add, and *modlist* is a list of attributes to be added. The modlist is similar the one passed to :py:meth:`modify()`, except that the operation integer is omitted from the tuples in modlist. You might want to look into sub-module \refmodule{ldap.modlist} for generating the modlist. The asynchronous methods :py:meth:`add()` and :py:meth:`add_ext()` return the message ID of the initiated request. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. The *dn* argument, and mod_type (second item) of *modlist* are text strings; see :ref:`bytes_mode`. .. py:method:: LDAPObject.bind(who, cred, method) -> int .. py:method:: LDAPObject.bind_s(who, cred, method) -> None .. py:method:: LDAPObject.cancel( cancelid, [, serverctrls=None [, clientctrls=None]]) -> None Send cancels extended operation for an LDAP operation specified by *cancelid*. The *cancelid* should be the message id of an outstanding LDAP operation as returned by the asynchronous methods search(), modify() etc. The caller can expect that the result of an abandoned operation will not be returned from a future call to :py:meth:`result()`. In opposite to :py:meth:`abandon()` this extended operation gets an result from the server and thus should be preferred if the server supports it. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. :rfc:`3909` - Lightweight Directory Access Protocol (LDAP): Cancel Operation .. py:method:: LDAPObject.compare(dn, attr, value) -> int .. py:method:: LDAPObject.compare_s(dn, attr, value) -> bool .. py:method:: LDAPObject.compare_ext(dn, attr, value [, serverctrls=None [, clientctrls=None]]) -> int .. py:method:: LDAPObject.compare_ext_s(dn, attr, value [, serverctrls=None [, clientctrls=None]]) -> bool Perform an LDAP comparison between the attribute named *attr* of entry *dn*, and the value *value*. The synchronous forms returns ``True`` or ``False``. The asynchronous forms returns the message ID of the initiated request, and the result of the asynchronous compare can be obtained using :py:meth:`result()`. The operation can fail with an exception, e.g. :py:exc:`ldap.NO_SUCH_OBJECT` when *dn* does not exist or :py:exc:`ldap.UNDEFINED_TYPE` for an invalid attribute. Note that the asynchronous technique yields the answer by raising the exception objects :py:exc:`ldap.COMPARE_TRUE` or :py:exc:`ldap.COMPARE_FALSE`. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. The *dn* and *attr* arguments are text strings; see :ref:`bytes_mode`. .. py:method:: LDAPObject.delete(dn) -> int .. py:method:: LDAPObject.delete_s(dn) -> None .. py:method:: LDAPObject.delete_ext(dn [, serverctrls=None [, clientctrls=None]]) -> int .. py:method:: LDAPObject.delete_ext_s(dn [, serverctrls=None [, clientctrls=None]]) -> tuple Performs an LDAP delete operation on *dn*. The asynchronous form returns the message id of the initiated request, and the result can be obtained from a subsequent call to :py:meth:`result()`. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. The *dn* argument is text string; see :ref:`bytes_mode`. .. py:method:: LDAPObject.extop(extreq[,serverctrls=None[,clientctrls=None]]]) -> int .. py:method:: LDAPObject.extop_s(extreq[,serverctrls=None[,clientctrls=None[,extop_resp_class=None]]]]) -> (respoid,respvalue) Performs an LDAP extended operation. The asynchronous form returns the message id of the initiated request, and the result can be obtained from a subsequent call to :py:meth:`extop_result()`. The *extreq* is an instance of class :py:class:`ldap.extop.ExtendedRequest` containing the parameters for the extended operation request. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. If argument *extop_resp_class* is set to a sub-class of :py:class:`ldap.extop.ExtendedResponse` this class is used to return an object of this class instead of a raw BER value in respvalue. .. py:method:: LDAPObject.extop_result(self,msgid=ldap.RES_ANY,all=1,timeout=None) -> (respoid,respvalue) Wrapper method around :py:meth:`result4()` just for retrieving the result of an extended operation sent before. .. py:method:: LDAPObject.modify(dn, modlist) -> int .. py:method:: LDAPObject.modify_s(dn, modlist) -> None .. py:method:: LDAPObject.modify_ext(dn, modlist [, serverctrls=None [, clientctrls=None]]) -> int .. py:method:: LDAPObject.modify_ext_s(dn, modlist [, serverctrls=None [, clientctrls=None]]) -> tuple Performs an LDAP modify operation on an entry's attributes. The *dn* argument is the distinguished name (DN) of the entry to modify, and *modlist* is a list of modifications to make to that entry. Each element in the list *modlist* should be a tuple of the form *(mod_op,mod_type,mod_vals)*, where *mod_op* indicates the operation (one of :py:const:`ldap.MOD_ADD`, :py:const:`ldap.MOD_DELETE`, or :py:const:`ldap.MOD_REPLACE`), *mod_type* is a string indicating the attribute type name, and *mod_vals* is either a string value or a list of string values to add, delete or replace respectively. For the delete operation, *mod_vals* may be :py:const:`None` indicating that all attributes are to be deleted. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. The asynchronous methods :py:meth:`modify()` and :py:meth:`modify_ext()` return the message ID of the initiated request. You might want to look into sub-module :py:mod:`ldap.modlist` for generating *modlist*. The *dn* argument, and mod_type (second item) of *modlist* are text strings; see :ref:`bytes_mode`. .. py:method:: LDAPObject.modrdn(dn, newrdn [, delold=1]) -> int .. py:method:: LDAPObject.modrdn_s(dn, newrdn [, delold=1]) -> None Perform a ``modify RDN`` operation, (i.e. a renaming operation). These routines take *dn* (the DN of the entry whose RDN is to be changed, and *newrdn*, the new RDN to give to the entry. The optional parameter *delold* is used to specify whether the old RDN should be kept as an attribute of the entry or not. The asynchronous version returns the initiated message id. This operation is emulated by :py:meth:`rename()` and :py:meth:`rename_s()` methods since the modrdn2* routines in the C library are deprecated. The *dn* and *newrdn* arguments are text strings; see :ref:`bytes_mode`. .. py:method:: LDAPObject.passwd(user, oldpw, newpw [, serverctrls=None [, clientctrls=None]]) -> int .. py:method:: LDAPObject.passwd_s(user, oldpw, newpw [, serverctrls=None [, clientctrls=None] [, extract_newpw=False]]]) -> (respoid, respvalue) Perform a ``LDAP Password Modify Extended Operation`` operation on the entry specified by *user*. The old password in *oldpw* is replaced with the new password in *newpw* by a LDAP server supporting this operation. If *oldpw* is not :py:const:`None` it has to match the old password of the specified *user* which is sometimes used when a user changes his own password. *respoid* is always :py:const:`None`. *respvalue* is also :py:const:`None` unless *newpw* was :py:const:`None`. This requests that the server generate a new random password. If *extract_newpw* is :py:const:`True`, this password is a bytes object available through ``respvalue.genPasswd``, otherwise *respvalue* is the raw ASN.1 response (this is deprecated and only for backwards compatibility). *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. The asynchronous version returns the initiated message id. The *user*, *oldpw* and *newpw* arguments are text strings; see :ref:`bytes_mode`. .. seealso:: :rfc:`3062` - LDAP Password Modify Extended Operation :py:mod:`ldap.extop.passwd` .. py:method:: LDAPObject.rename(dn, newrdn [, newsuperior=None [, delold=1 [, serverctrls=None [, clientctrls=None]]]]) -> int .. py:method:: LDAPObject.rename_s(dn, newrdn [, newsuperior=None [, delold=1 [, serverctrls=None [, clientctrls=None]]]]) -> None Perform a ``Rename`` operation, (i.e. a renaming operation). These routines take *dn* (the DN of the entry whose RDN is to be changed, and *newrdn*, the new RDN to give to the entry. The optional parameter *newsuperior* is used to specify a new parent DN for moving an entry in the tree (not all LDAP servers support this). The optional parameter *delold* is used to specify whether the old RDN should be kept as an attribute of the entry or not. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. The *dn* and *newdn* arguments are text strings; see :ref:`bytes_mode`. .. py:method:: LDAPObject.result([msgid=RES_ANY [, all=1 [, timeout=None]]]) -> 2-tuple This method is used to wait for and return the result of an operation previously initiated by one of the LDAP *asynchronous* operations (e.g. :py:meth:`search()`, :py:meth:`modify()`, etc.) The *msgid* parameter is the integer identifier returned by that method. The identifier is guaranteed to be unique across an LDAP session, and tells the :py:meth:`result()` method to request the result of that specific operation. If a result is desired from any one of the in-progress operations, *msgid* should be specified as the constant :py:const:`RES_ANY` and the method :py:meth:`result2()` should be used instead. The *all* parameter only has meaning for :py:meth:`search()` responses and is used to select whether a single entry of the search response should be returned, or to wait for all the results of the search before returning. A search response is made up of zero or more search entries followed by a search result. If *all* is 0, search entries will be returned one at a time as they come in, via separate calls to :py:meth:`result()`. If all is 1, the search response will be returned in its entirety, i.e. after all entries and the final search result have been received. For *all* set to 0, result tuples trickle in (with the same message id), and with the result types :py:const:`RES_SEARCH_ENTRY` and :py:const:`RES_SEARCH_REFERENCE`, until the final result which has a result type of :py:const:`RES_SEARCH_RESULT` and a (usually) empty data field. When all is set to 1, only one result is returned, with a result type of RES_SEARCH_RESULT, and all the result tuples listed in the data field. The *timeout* parameter is a limit on the number of seconds that the method will wait for a response from the server. If *timeout* is negative (which is the default), the method will wait indefinitely for a response. The timeout can be expressed as a floating-point value, and a value of :py:const:`0` effects a poll. If a timeout does occur, a :py:exc:`ldap.TIMEOUT` exception is raised, unless polling, in which case ``(None, None)`` is returned. The :py:meth:`result()` method returns a tuple of the form ``(result-type, result-data)``. The first element, ``result-type`` is a string, being one of these module constants: :py:const:`RES_BIND`, :py:const:`RES_SEARCH_ENTRY`, :py:const:`RES_SEARCH_REFERENCE`, :py:const:`RES_SEARCH_RESULT`, :py:const:`RES_MODIFY`, :py:const:`RES_ADD`, :py:const:`RES_DELETE`, :py:const:`RES_MODRDN`, or :py:const:`RES_COMPARE`. If *all* is :py:const:`0`, one response at a time is returned on each call to :py:meth:`result()`, with termination indicated by ``result-data`` being an empty list. See :py:meth:`search()` for a description of the search result's ``result-data``, otherwise the ``result-data`` is normally meaningless. .. py:method:: LDAPObject.result2([msgid=RES_ANY [, all=1 [, timeout=None]]]) -> 3-tuple This method behaves almost exactly like :py:meth:`result()`. But it returns a 3-tuple also containing the message id of the outstanding LDAP operation a particular result message belongs to. This is especially handy if one needs to dispatch results obtained with ``msgid=``:py:const:`RES_ANY` to several consumer threads which invoked a particular LDAP operation. .. py:method:: LDAPObject.result3([msgid=RES_ANY [, all=1 [, timeout=None]]]) -> 4-tuple This method behaves almost exactly like :py:meth:`result2()`. But it returns an extra item in the tuple, the decoded server controls. .. py:method:: LDAPObject.result4([msgid=RES_ANY [, all=1 [, timeout=None [, add_ctrls=0 [, add_intermediates=0 [, add_extop=0 [, resp_ctrl_classes=None]]]]]]]) -> 6-tuple This method behaves almost exactly like :py:meth:`result3()`. But it returns an extra items in the tuple, the decoded results of an extended response. The additional arguments are: *add_ctrls* (integer flag) specifies whether response controls are returned. add_intermediates (integer flag) specifies whether response controls of intermediate search results are returned. *add_extop* (integer flag) specifies whether the response of an extended operation is returned. If using extended operations you should consider using the method :py:meth:`extop_result()` or :py:meth:`extop_s()` instead. *resp_ctrl_classes* is a dictionary mapping the OID of a response controls to a :py:class:`ldap.controls.ResponseControl` class of response controls known by the application. So the response control value will be automatically decoded. If :py:const:`None` the global dictionary :py:data:`ldap.controls.KNOWN_RESPONSE_CONTROLS` is used instead. .. py:method:: LDAPObject.sasl_interactive_bind_s(who, auth[, serverctrls=None [, clientctrls=None [, sasl_flags=ldap.SASL_QUIET]]]) -> None This call is used to bind to the directory with a SASL bind request. *auth* is an :py:class:`ldap.sasl.sasl()` instance. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. .. py:method:: LDAPObject.sasl_non_interactive_bind_s(sasl_mech[, serverctrls=None [, clientctrls=None [, sasl_flags=ldap.SASL_QUIET [, authz_id='']]]]) -> None This call is used to bind to the directory with a SASL bind request with non-interactive SASL mechanism defined with argument *sasl_mech* and internally calls :py:meth:`sasl_interactive_bind_s()`. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. .. py:method:: LDAPObject.sasl_external_bind_s([serverctrls=None [, clientctrls=None [, sasl_flags=ldap.SASL_QUIET [, authz_id='']]]]) -> None This call is used to bind to the directory with a SASL bind request with mechanism EXTERNAL and internally calls :py:meth:`sasl_non_interactive_bind_s()`. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. .. py:method:: LDAPObject.sasl_gssapi_bind_s([serverctrls=None [, clientctrls=None [, sasl_flags=ldap.SASL_QUIET [, authz_id='']]]]) -> None This call is used to bind to the directory with a SASL bind request with mechanism GSSAPI and internally calls :py:meth:`sasl_non_interactive_bind_s()`. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. .. py:method:: LDAPObject.simple_bind([who=None [, cred=None [, serverctrls=None [, clientctrls=None]]]]) -> int .. py:method:: LDAPObject.simple_bind_s([who=None [, cred=None [, serverctrls=None [, clientctrls=None]]]]) -> None After an LDAP object is created, and before any other operations can be attempted over the connection, a bind operation must be performed. This method attempts to bind with the LDAP server using either simple authentication, or Kerberos (if available). The first and most general method, :py:meth:`bind()`, takes a third parameter, *method* which can currently solely be :py:const:`AUTH_SIMPLE`. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. The *who* and *cred* arguments are text strings; see :ref:`bytes_mode`. .. versionchanged:: 3.0 :meth:`~LDAPObject.simple_bind` and :meth:`~LDAPObject.simple_bind_s` now accept ``None`` for *who* and *cred*, too. .. py:method:: LDAPObject.search(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, attrsonly=0]]]) ->int .. py:method:: LDAPObject.search_s(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, attrsonly=0]]]) ->list|None .. py:method:: LDAPObject.search_st(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, attrsonly=0 [, timeout=-1]]]]) -> list|None .. py:method:: LDAPObject.search_ext(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, attrsonly=0 [, serverctrls=None [, clientctrls=None [, timeout=-1 [, sizelimit=0]]]]]]]) -> int .. py:method:: LDAPObject.search_ext_s(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, attrsonly=0 [, serverctrls=None [, clientctrls=None [, timeout=-1 [, sizelimit=0]]]]]]]) -> list|None Perform an LDAP search operation, with *base* as the DN of the entry at which to start the search, *scope* being one of :py:const:`SCOPE_BASE` (to search the object itself), :py:const:`SCOPE_ONELEVEL` (to search the object's immediate children), or :py:const:`SCOPE_SUBTREE` (to search the object and all its descendants). The *filterstr* argument is a string representation of the filter to apply in the search. .. seealso:: :rfc:`4515` - Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters. Each result tuple is of the form ``(dn, attrs)``, where *dn* is a string containing the DN (distinguished name) of the entry, and *attrs* is a dictionary containing the attributes associated with the entry. The keys of *attrs* are strings, and the associated values are lists of strings. The DN in *dn* is automatically extracted using the underlying libldap function :c:func:`ldap_get_dn()`, which may raise an exception if the DN is malformed. If *attrsonly* is non-zero, the values of *attrs* will be meaningless (they are not transmitted in the result). The retrieved attributes can be limited with the *attrlist* parameter. If *attrlist* is :py:const:`None`, all the attributes of each entry are returned. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. The synchronous form with timeout, :py:meth:`search_st()` or :py:meth:`search_ext_s()`, will block for at most *timeout* seconds (or indefinitely if *timeout* is negative). A :py:exc:`ldap.TIMEOUT` exception is raised if no result is received within the specified time. The amount of search results retrieved can be limited with the *sizelimit* parameter when using :py:meth:`search_ext()` or :py:meth:`search_ext_s()` (client-side search limit). If non-zero not more than *sizelimit* results are returned by the server. The *base* and *filterstr* arguments, and *attrlist* contents, are text strings; see :ref:`bytes_mode`. .. versionchanged:: 3.0 ``filterstr=None`` is equivalent to ``filterstr='(objectClass=*)'``. .. py:method:: LDAPObject.start_tls_s() -> None Negotiate TLS with server. The ``version`` attribute must have been set to :py:const:`VERSION3` (which it is by default) before calling this method. If TLS could not be started an exception will be raised. .. seealso:: :rfc:`2830` - Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security .. py:method:: LDAPObject.unbind() -> int .. py:method:: LDAPObject.unbind_s() -> None .. py:method:: LDAPObject.unbind_ext([, serverctrls=None [, clientctrls=None]]) -> int .. py:method:: LDAPObject.unbind_ext_s([, serverctrls=None [, clientctrls=None]]) -> None This call is used to unbind from the directory, terminate the current association, and free resources. Once called, the connection to the LDAP server is closed and the LDAP object is marked invalid. Further invocation of methods on the object will yield exceptions. *serverctrls* and *clientctrls* like described in section :ref:`ldap-controls`. These methods are all synchronous in nature. .. py:method:: LDAPObject.whoami_s() -> string This synchronous method implements the LDAP "Who Am I?" extended operation. It is useful for finding out to find out which identity is assumed by the LDAP server after a SASL bind. .. seealso:: :rfc:`4532` - Lightweight Directory Access Protocol (LDAP) "Who am I?" Operation Connection-specific LDAP options -------------------------------- .. py:method:: LDAPObject.get_option(option) -> int|string This method returns the value of the LDAPObject option specified by *option*. .. py:method:: LDAPObject.set_option(option, invalue) -> None This method sets the value of the LDAPObject option specified by *option* to *invalue*. Object attributes ----------------- If the underlying library provides enough information, each LDAP object will also have the following attributes. These attributes are mutable unless described as read-only. .. py:attribute:: LDAPObject.deref -> int Controls whether aliases are automatically dereferenced. This must be one of :py:const:`DEREF_NEVER`, :py:const:`DEREF_SEARCHING`, :py:const:`DEREF_FINDING` or :py:const:`DEREF_ALWAYS`. This option is mapped to option constant :py:const:`OPT_DEREF` and used in the underlying OpenLDAP client lib. .. py:attribute:: LDAPObject.network_timeout -> int Limit on waiting for a network response, in seconds. Defaults to :py:const:`NO_LIMIT`. This option is mapped to option constant :py:const:`OPT_NETWORK_TIMEOUT` and used in the underlying OpenLDAP client lib. .. versionchanged:: 3.0.0 A timeout of ``-1`` or ``None`` resets timeout to infinity. .. py:attribute:: LDAPObject.protocol_version -> int Version of LDAP in use (either :py:const:`VERSION2` for LDAPv2 or :py:const:`VERSION3` for LDAPv3). This option is mapped to option constant :py:const:`OPT_PROTOCOL_VERSION` and used in the underlying OpenLDAP client lib. .. note:: It is highly recommended to set the protocol version after establishing a LDAP connection with :py:func:`ldap.initialize()` and before submitting the first request. .. py:attribute:: LDAPObject.sizelimit -> int Limit on size of message to receive from server. Defaults to :py:const:`NO_LIMIT`. This option is mapped to option constant :py:const:`OPT_SIZELIMIT` and used in the underlying OpenLDAP client lib. Its use is deprecated in favour of *sizelimit* parameter when using :py:meth:`search_ext()`. .. py:attribute:: LDAPObject.timelimit -> int Limit on waiting for any response, in seconds. Defaults to :py:const:`NO_LIMIT`. This option is mapped to option constant :py:const:`OPT_TIMELIMIT` and used in the underlying OpenLDAP client lib. Its use is deprecated in favour of using :py:attr:`timeout`. .. py:attribute:: LDAPObject.timeout -> int Limit on waiting for any response, in seconds. Defaults to :py:const:`NO_LIMIT`. This option is used in the wrapper module. .. _ldap-example: Example ======= The following example demonstrates how to open a connection to an LDAP server using the :py:mod:`ldap` module and invoke a synchronous subtree search. >>> import ldap >>> l = ldap.initialize('ldap://localhost:1390') >>> l.search_s('ou=Testing,dc=stroeder,dc=de',ldap.SCOPE_SUBTREE,'(cn=fred*)',['cn','mail']) [('cn=Fred Feuerstein,ou=Testing,dc=stroeder,dc=de', {'cn': ['Fred Feuerstein']})] >>> r = l.search_s('ou=Testing,dc=stroeder,dc=de',ldap.SCOPE_SUBTREE,'(objectClass=*)',['cn','mail']) >>> for dn,entry in r: >>> print('Processing',repr(dn)) >>> handle_ldap_entry(entry) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/reference/ldapurl.rst0000644000175000017500000000577314521037673021115 0ustar00spichugispichugi################################### :py:mod:`ldapurl` LDAP URL handling ################################### .. py:module:: ldapurl :synopsis: Parses and generates LDAP URLs .. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) This module parses and generates LDAP URLs. It is implemented in pure Python and does not rely on any non-standard modules. Therefore it can be used stand- alone without the rest of the python-ldap package. .. seealso:: :rfc:`4516` - The LDAP URL Format Constants ========= The :mod:`ldapurl` module exports the following constants: .. py:data:: SEARCH_SCOPE This dictionary maps a search scope string identifier to the corresponding integer value used with search operations in :mod:`ldap`. .. py:data:: SEARCH_SCOPE_STR This dictionary is the inverse to :const:`SEARCH_SCOPE`. It maps a search scope integer value to the corresponding string identifier used in a LDAP URL string representation. .. py:data:: LDAP_SCOPE_BASE .. py:data:: LDAP_SCOPE_ONELEVEL .. py:data:: LDAP_SCOPE_SUBTREE Functions ========= .. autofunction:: ldapurl.isLDAPUrl .. autofunction:: ldapurl.ldapUrlEscape Classes ======= .. _ldapurl-ldapurl: LDAP URLs ^^^^^^^^^ A :py:class:`LDAPUrl` object represents a complete LDAP URL. .. autoclass:: ldapurl.LDAPUrl :members: .. versionchanged:: 3.4.0 The urlscheme is now case insensitive and always converted to lower case. ``LDAP://localhost`` is equivalent to ``ldap://localhost``. LDAP URL extensions ^^^^^^^^^^^^^^^^^^^ A :py:class:`LDAPUrlExtension` object represents a single LDAP URL extension whereas :py:class:`LDAPUrlExtensions` represents a list of LDAP URL extensions. .. _ldapurl-ldapurlextension: .. autoclass:: ldapurl.LDAPUrlExtension :members: .. _ldapurl-ldapurlextensions: .. autoclass:: ldapurl.LDAPUrlExtensions :members: .. _ldapurl-example: Example ^^^^^^^ Important security advice: For security reasons you should not specify passwords in LDAP URLs unless you really know what you are doing. The following example demonstrates how to parse a LDAP URL with :mod:`ldapurl` module. >>> import ldapurl >>> ldap_url = ldapurl.LDAPUrl('ldap://localhost:1389/dc=stroeder,dc=com?cn,mail???bindname=cn=Michael%2cdc=stroeder%2cdc=com,X-BINDPW=secret') >>> # Using the parsed LDAP URL by reading the class attributes >>> ldap_url.dn 'dc=stroeder,dc=com' >>> ldap_url.hostport 'localhost:1389' >>> ldap_url.attrs ['cn','mail'] >>> ldap_url.filterstr '(objectclass=*)' >>> ldap_url.who 'cn=Michael,dc=stroeder,dc=com' >>> ldap_url.cred 'secret' >>> ldap_url.scope 0 The following example demonstrates how to generate a LDAP URL with \module{ldapurl} module. >>> import ldapurl >>> ldap_url = ldapurl.LDAPUrl(hostport='localhost:1389',dn='dc=stroeder,dc=com',attrs=['cn','mail'],who='cn=Michael,dc=stroeder,dc=com',cred='secret') >>> ldap_url.unparse() 'ldap://localhost:1389/dc=stroeder,dc=com?cn,mail?base?(objectclass=*)?bindname=cn=Michael%2Cdc=stroeder%2Cdc=com,X-BINDPW=secret' ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/reference/ldif.rst0000644000175000017500000000452514521037673020362 0ustar00spichugispichugi##################################### :mod:`ldif` LDIF parser and generator ##################################### .. py:module:: ldif :synopsis: Parses and generates LDIF files .. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) This module parses and generates LDAP data in the format LDIF. It is implemented in pure Python and does not rely on any non-standard modules. Therefore it can be used stand-alone without the rest of the python-ldap package. .. seealso:: :rfc:`2849` - The LDAP Data Interchange Format (LDIF) - Technical Specification Functions ^^^^^^^^^ .. autofunction:: ldif.CreateLDIF .. deprecated:: 3.0 ``ldif.CreateLDIF()`` is deprecated. It will be removed in version 3.1. Use :meth:`ldif.LDIFWriter.unparse` with a file or ``io.StringIO`` instead. .. autofunction:: ldif.ParseLDIF .. deprecated:: 3.0 ``ldif.ParseLDIF()`` is deprecated. It will be removed in version 3.1. Use the ``all_records`` attribute of the returned value of ``ldif.LDIFRecordList.parse()`` instead. Classes ^^^^^^^ .. autoclass:: ldif.LDIFWriter :members: .. autoclass:: ldif.LDIFParser :members: .. autoclass:: LDIFRecordList :members: .. autoclass:: LDIFCopy :members: .. _ldif-example: Example ^^^^^^^ The following example demonstrates how to write LDIF output of an LDAP entry with :mod:`ldif` module. >>> import sys, ldif >>> entry={'objectClass': [b'top', b'person'], 'cn': [b'Michael Stroeder'], 'sn': [b'Stroeder']} >>> dn='cn=Michael Stroeder,ou=Test' >>> ldif_writer=ldif.LDIFWriter(sys.stdout) >>> ldif_writer.unparse(dn, entry) dn: cn=Michael Stroeder,ou=Test cn: Michael Stroeder objectClass: top objectClass: person sn: Stroeder The following example demonstrates how to parse an LDIF file with :mod:`ldif` module, skip some entries and write the result to stdout. :: import sys from ldif import LDIFParser,LDIFWriter SKIP_DN = ["uid=foo,ou=People,dc=example,dc=com", "uid=bar,ou=People,dc=example,dc=com"] class MyLDIF(LDIFParser): def __init__(self,input,output): LDIFParser.__init__(self,input) self.writer = LDIFWriter(output) def handle(self,dn,entry): if dn in SKIP_DN: return self.writer.unparse(dn,entry) parser = MyLDIF(open("input.ldif", 'rb'), sys.stdout) parser.parse() ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/reference/slapdtest.rst0000644000175000017500000000170214521037673021441 0ustar00spichugispichugi################################################################### :mod:`slapdtest` Spawning test instances of OpenLDAP's slapd server ################################################################### .. py:module:: slapdtest :synopsis: Spawning test instances of OpenLDAP's slapd server .. moduleauthor:: python-ldap project (see https://www.python-ldap.org/) The module is used for testing python-ldap itself but can be used for automatically testing any OpenLDAP-based configuration setup. This module is pure Python and does not rely on any non-standard modules. Therefore it can be used stand-alone without the rest of the python-ldap package. Test fixtures for the popular `pytest` framework are developed in an external project, `pytest-ldap`_. Functions ^^^^^^^^^ Classes ^^^^^^^ .. autoclass:: slapdtest.SlapdObject :members: .. autoclass:: slapdtest.SlapdTestCase :members: .. _pytest-ldap: https://pypi.org/project/pytest-ldap/ ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/resources.rst0000644000175000017500000000417514521037673017521 0ustar00spichugispichugiThird-party documentation ========================= The following documents referenced are not written by python-ldap project members. Therefore some information might be outdated or links might be broken. *Python LDAP Applications* articles by Matt Butcher --------------------------------------------------- * `Part 1 - Installing and Configuring the Python-LDAP Library and Binding to an LDAP Directory `_ This also covers SASL. * `Part 2 - LDAP Operations `_ * `Part 3 - More LDAP Operations and the LDAP URL Library `_ * `Part 4 - LDAP Schema `_ Gee, someone waded through the badly documented mysteries of module :mod:`ldap.schema`. `LDAP Programming in Python `_ ------------------------------------------------------------------------- Another article for getting started with python-ldap. `RFC 1823 `_ ------------------------------------------------- The LDAP Application Program Interface, mainly for LDAPv2. `LDAPEXT draft `_ ---------------------------------------------------------------------------- The Internet draft of the discontinued IETF working group LDAPEXT is of interest here since the OpenLDAP 2 libs implement this (expired) draft. `OpenLDAP `_ --------------------------------------- It's worth to have a look at the `manual pages `_ and the `Developer's FAQ `_. `VSLDAP `_ ---------------------------------------------------------------------------------------- VSLDAP Interoperability Test Suite. ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/sample_workflow.rst0000644000175000017500000000473114521037673020720 0ustar00spichugispichugi.. _sample workflow: Sample workflow for python-ldap development ------------------------------------------- This document will guide you through the process of contributing a change to python-ldap. We assume that, as a user of python-ldap, you're not new to software development in general, so these instructions are terse. If you need additional detail, please do ask on the mailing list. .. note:: The following instructions are for Linux. If you can translate them to another system, please contribute your translation! Install `Git`_, `tox`_ and the :ref:`build prerequisites`. .. _tox: https://tox.readthedocs.io/en/latest/ Clone the repository:: $ git clone https://github.com/python-ldap/python-ldap $ cd python-ldap Create a :mod:`virtual environment ` to ensure you in-development python-ldap won't affect the rest of your system:: $ python3 -m venv __venv__ .. _git: https://git-scm.com/ .. _virtualenv: https://virtualenv.pypa.io/en/stable/ Activate the virtual environment:: $ source __venv__/bin/activate Install python-ldap to it in `editable mode`_:: (__venv__)$ python -m pip install -e . This way, importing a Python module from python-ldap will directly use the code from your source tree. If you change C code, you will still need to recompile (using the ``pip install`` command again). .. _editable mode: https://pip.pypa.io/en/stable/reference/pip_install/#editable-installs Change the code as desired. To run tests, install and run `tox`_:: (__venv__)$ python -m pip install tox (__venv__)$ tox --skip-missing-interpreters This will run tests on all supported versions of Python that you have installed, skipping the ones you don't. To run a subset of test environments, run for example:: (__venv__)$ tox -e py36,py39 In addition to ``pyXY`` environments, we have extra environments for checking things independent of the Python version: * ``doc`` checks syntax and spelling of the documentation * ``coverage-report`` generates a test coverage report for Python code. It must be used last, e.g. ``tox -e py36,py39,coverage-report``. * ``py3-nosasltls`` check functionality without SASL and TLS bindings compiled in. When your change is ready, commit to Git, and submit a pull request on GitHub. You can take a look at the :ref:`committer instructions` to see what we are looking for in a pull request. If you don't want to open a GitHub account, please send patches as attachments to the python-ldap mailing list. ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Doc/spelling_wordlist.txt0000644000175000017500000000302714521037673021255 0ustar00spichugispichugiargs async asyncsearch attr attrlist attrList attrs attrsonly attrsOnly attrtype authzId automagically backend behaviour BER bindname boolean booleanValue Bytestrings cancelled canonicalization cb cfg changeNumber changesOnly changeType changeTypes cidict clientctrls conf controlType controlValue committers CPython criticality cryptographic Cyrus defresult dereferenced dereferencing desc dev directoryOperation distinguished distributedOperation dit dn DN dSAOperation encodedControlValue encodedResponseValue extype exvalue favour filterstr filterStr formatOID func GPG Heimdal hostport hrefTarget hrefText ignoreResultsNumber integerValue Interoperability isn Keepalive Kerberos keyerror knownLDAPControls kwarg ldap ldapadd ldapControls ldapControlTuples ldapdelete ldapi LDAPObject ldaps ldapurl ldapwhoami ldif LDIFWriter libldap libs Libs macOS modlist modrdn msgid multi nameoroid nots Novell objectClass oc oid oids OpenLDAP Pagure postalAddress pre previousDN processResultsCount Proxied py pytest rdn readthedocs reentrant refmodule refreshAndPersist refreshDeletes refreshOnly requestName requestValue resiter respvalue ResultProcessor returnECs ruleid rundir sasl searchRoot searchScope sed serverctrls sessionSourceIp sessionSourceName sessionTrackingIdentifier slapadd sizelimit slapd startup stderr stdout str Subclasses subentry subschema substr subtree syncrepl syntaxes timelimit TLS tracebacks tuple tuples UDP Umich unparsing unsigend urandom uri urlPrefix urlscheme userApplications userPassword usr uuids Valgrind whitespace workflow ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/INSTALL0000644000175000017500000000042214521037673015270 0ustar00spichugispichugiQuick build instructions: edit setup.cfg (see Build/ for platform-specific examples) python setup.py build python setup.py install Detailed instructions are in Doc/installing.rst, or online at: https://python-ldap.readthedocs.io/en/latest/installing.html ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/LICENCE0000644000175000017500000000104714521037673015230 0ustar00spichugispichugi The python-ldap package is distributed under Python-style license. Standard disclaimer: This software is made available by the author(s) to the public for free and "as is". All users of this free software are solely and entirely responsible for their own choice and use of this software for their own purposes. By using this software, each user agrees that the author(s) shall not be liable for damages of any kind in relation to its use or performance. The author(s) do not warrant that this software is fit for any purpose. ././@PaxHeader0000000000000000000000000000003400000000000010212 xustar0028 mtime=1700253999.7732356 python-ldap-3.4.4/Lib/0000755000175000017500000000000014525750460014747 5ustar00spichugispichugi././@PaxHeader0000000000000000000000000000003400000000000010212 xustar0028 mtime=1700253999.7752357 python-ldap-3.4.4/Lib/ldap/0000755000175000017500000000000014525750460015667 5ustar00spichugispichugi././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/__init__.py0000644000175000017500000000576414521037673020014 0ustar00spichugispichugi""" ldap - base module See https://www.python-ldap.org/ for details. """ # This is also the overall release version number from ldap.pkginfo import __version__, __author__, __license__ import os import sys if __debug__: # Tracing is only supported in debugging mode import atexit import traceback _trace_level = int(os.environ.get("PYTHON_LDAP_TRACE_LEVEL", 0)) _trace_file = os.environ.get("PYTHON_LDAP_TRACE_FILE") if _trace_file is None: _trace_file = sys.stderr else: _trace_file = open(_trace_file, 'a') atexit.register(_trace_file.close) _trace_stack_limit = None else: # Any use of the _trace attributes should be guarded by `if __debug__`, # so they should not be needed here. # But, providing different API for debug mode is unnecessarily fragile. _trace_level = 0 _trace_file = sys.stderr _trace_stack_limit = None import _ldap assert _ldap.__version__==__version__, \ ImportError(f'ldap {__version__} and _ldap {_ldap.__version__} version mismatch!') from _ldap import * # call into libldap to initialize it right now LIBLDAP_API_INFO = _ldap.get_option(_ldap.OPT_API_INFO) OPT_NAMES_DICT = {} for k,v in vars(_ldap).items(): if k.startswith('OPT_'): OPT_NAMES_DICT[v]=k class DummyLock: """Define dummy class with methods compatible to threading.Lock""" def __init__(self): pass def acquire(self): pass def release(self): pass try: # Check if Python installation was build with thread support import threading except ImportError: LDAPLockBaseClass = DummyLock else: LDAPLockBaseClass = threading.Lock class LDAPLock: """ Mainly a wrapper class to log all locking events. Note that this cumbersome approach with _lock attribute was taken since threading.Lock is not suitable for sub-classing. """ _min_trace_level = 3 def __init__(self,lock_class=None,desc=''): """ lock_class Class compatible to threading.Lock desc Description shown in debug log messages """ self._desc = desc self._lock = (lock_class or LDAPLockBaseClass)() def acquire(self): if __debug__: global _trace_level if _trace_level>=self._min_trace_level: _trace_file.write('***{}.acquire() {} {}\n'.format(self.__class__.__name__,repr(self),self._desc)) return self._lock.acquire() def release(self): if __debug__: global _trace_level if _trace_level>=self._min_trace_level: _trace_file.write('***{}.release() {} {}\n'.format(self.__class__.__name__,repr(self),self._desc)) return self._lock.release() # Create module-wide lock for serializing all calls into underlying LDAP lib _ldap_module_lock = LDAPLock(desc='Module wide') from ldap.functions import initialize,get_option,set_option,escape_str,strf_secs,strp_secs from ldap.ldapobject import NO_UNIQUE_ENTRY, LDAPBytesWarning from ldap.dn import explode_dn,explode_rdn,str2dn,dn2str del str2dn del dn2str # More constants # For compatibility of 2.3 and 2.4 OpenLDAP API OPT_DIAGNOSTIC_MESSAGE = OPT_ERROR_STRING ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/async.py0000644000175000017500000000051714521037673017361 0ustar00spichugispichugi""" ldap.asyncsearch - handle async LDAP search operations See https://www.python-ldap.org/ for details. """ import warnings from ldap.asyncsearch import * from ldap.asyncsearch import __version__ warnings.warn( "'ldap.async module' is deprecated, import 'ldap.asyncsearch' instead.", DeprecationWarning, stacklevel=2 ) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/asyncsearch.py0000644000175000017500000001673014521037673020553 0ustar00spichugispichugi""" ldap.asyncsearch - handle async LDAP search operations See https://www.python-ldap.org/ for details. """ import ldap from ldap import __version__ import ldif SEARCH_RESULT_TYPES = { ldap.RES_SEARCH_ENTRY, ldap.RES_SEARCH_RESULT, ldap.RES_SEARCH_REFERENCE, } ENTRY_RESULT_TYPES = { ldap.RES_SEARCH_ENTRY, ldap.RES_SEARCH_RESULT, } class WrongResultType(Exception): def __init__(self,receivedResultType,expectedResultTypes): self.receivedResultType = receivedResultType self.expectedResultTypes = expectedResultTypes Exception.__init__(self) def __str__(self): return 'Received wrong result type {} (expected one of {}).'.format( self.receivedResultType, ', '.join(self.expectedResultTypes), ) class AsyncSearchHandler: """ Class for stream-processing LDAP search results Arguments: l LDAPObject instance """ def __init__(self,l): self._l = l self._msgId = None self._afterFirstResult = 1 def startSearch( self, searchRoot, searchScope, filterStr, attrList=None, attrsOnly=0, timeout=-1, sizelimit=0, serverctrls=None, clientctrls=None ): """ searchRoot See parameter base of method LDAPObject.search() searchScope See parameter scope of method LDAPObject.search() filterStr See parameter filter of method LDAPObject.search() attrList=None See parameter attrlist of method LDAPObject.search() attrsOnly See parameter attrsonly of method LDAPObject.search() timeout Maximum time the server shall use for search operation sizelimit Maximum number of entries a server should return (request client-side limit) serverctrls list of server-side LDAP controls clientctrls list of client-side LDAP controls """ self._msgId = self._l.search_ext( searchRoot,searchScope,filterStr, attrList,attrsOnly,serverctrls,clientctrls,timeout,sizelimit ) self._afterFirstResult = 1 return # startSearch() def preProcessing(self): """ Do anything you want after starting search but before receiving and processing results """ def afterFirstResult(self): """ Do anything you want right after successfully receiving but before processing first result """ def postProcessing(self): """ Do anything you want after receiving and processing all results """ def processResults(self,ignoreResultsNumber=0,processResultsCount=0,timeout=-1): """ ignoreResultsNumber Don't process the first ignoreResultsNumber results. processResultsCount If non-zero this parameters indicates the number of results processed is limited to processResultsCount. timeout See parameter timeout of ldap.LDAPObject.result() """ self.preProcessing() result_counter = 0 end_result_counter = ignoreResultsNumber+processResultsCount go_ahead = 1 partial = 0 self.beginResultsDropped = 0 self.endResultBreak = result_counter try: result_type,result_list = None,None while go_ahead: while result_type is None and not result_list: result_type,result_list,result_msgid,result_serverctrls = self._l.result3(self._msgId,0,timeout) if self._afterFirstResult: self.afterFirstResult() self._afterFirstResult = 0 if not result_list: break if result_type not in SEARCH_RESULT_TYPES: raise WrongResultType(result_type,SEARCH_RESULT_TYPES) # Loop over list of search results for result_item in result_list: if result_counter might cause # backward compatibility problems TLSInt('OPT_X_TLS_CRLCHECK', optional=True), TLSInt('OPT_X_TLS_CRLFILE', optional=True), TLSInt('OPT_X_TLS_CRL_NONE'), TLSInt('OPT_X_TLS_CRL_PEER'), TLSInt('OPT_X_TLS_CRL_ALL'), TLSInt('OPT_X_TLS_NEWCTX', optional=True), TLSInt('OPT_X_TLS_PROTOCOL_MIN', optional=True), TLSInt('OPT_X_TLS_PACKAGE', optional=True), # Added in OpenLDAP 2.4.52 TLSInt('OPT_X_TLS_ECNAME', optional=True), TLSInt('OPT_X_TLS_REQUIRE_SAN', optional=True), # Added in OpenLDAP 2.5 TLSInt('OPT_X_TLS_PEERCERT', optional=True), TLSInt('OPT_X_TLS_PROTOCOL_MAX', optional=True), TLSInt('OPT_X_TLS_PROTOCOL_SSL3', optional=True), TLSInt('OPT_X_TLS_PROTOCOL_TLS1_0', optional=True), TLSInt('OPT_X_TLS_PROTOCOL_TLS1_1', optional=True), TLSInt('OPT_X_TLS_PROTOCOL_TLS1_2', optional=True), TLSInt('OPT_X_TLS_PROTOCOL_TLS1_3', optional=True), Int('OPT_X_SASL_MECH'), Int('OPT_X_SASL_REALM'), Int('OPT_X_SASL_AUTHCID'), Int('OPT_X_SASL_AUTHZID'), Int('OPT_X_SASL_SSF'), Int('OPT_X_SASL_SSF_EXTERNAL'), Int('OPT_X_SASL_SECPROPS'), Int('OPT_X_SASL_SSF_MIN'), Int('OPT_X_SASL_SSF_MAX'), Int('OPT_X_SASL_NOCANON', optional=True), Int('OPT_X_SASL_USERNAME', optional=True), Int('OPT_CONNECT_ASYNC', optional=True), Int('OPT_X_KEEPALIVE_IDLE', optional=True), Int('OPT_X_KEEPALIVE_PROBES', optional=True), Int('OPT_X_KEEPALIVE_INTERVAL', optional=True), Int('DN_FORMAT_LDAP'), Int('DN_FORMAT_LDAPV3'), Int('DN_FORMAT_LDAPV2'), Int('DN_FORMAT_DCE'), Int('DN_FORMAT_UFN'), Int('DN_FORMAT_AD_CANONICAL'), # Int('DN_FORMAT_LBER'), # for testing only Int('DN_FORMAT_MASK'), Int('DN_PRETTY'), Int('DN_SKIP'), Int('DN_P_NOLEADTRAILSPACES'), Int('DN_P_NOSPACEAFTERRDN'), Int('DN_PEDANTIC'), Int('AVA_NULL'), Int('AVA_STRING'), Int('AVA_BINARY'), Int('AVA_NONPRINTABLE'), Int('OPT_SUCCESS'), # XXX - these should be errors Int('URL_ERR_BADSCOPE'), Int('URL_ERR_MEM'), Feature('SASL_AVAIL', 'HAVE_SASL'), Feature('TLS_AVAIL', 'HAVE_TLS'), Feature('INIT_FD_AVAIL', 'HAVE_LDAP_INIT_FD'), Str("CONTROL_MANAGEDSAIT"), Str("CONTROL_PROXY_AUTHZ"), Str("CONTROL_SUBENTRIES"), Str("CONTROL_VALUESRETURNFILTER"), Str("CONTROL_ASSERT"), Str("CONTROL_PRE_READ"), Str("CONTROL_POST_READ"), Str("CONTROL_SORTREQUEST"), Str("CONTROL_SORTRESPONSE"), Str("CONTROL_PAGEDRESULTS"), Str("CONTROL_SYNC"), Str("CONTROL_SYNC_STATE"), Str("CONTROL_SYNC_DONE"), Str("SYNC_INFO"), Str("CONTROL_PASSWORDPOLICYREQUEST"), Str("CONTROL_PASSWORDPOLICYRESPONSE"), Str("CONTROL_RELAX"), ) def print_header(): # pragma: no cover """Print the C header file to standard output""" print('/*') print(' * Generated with:') print(' * python Lib/ldap/constants.py > Modules/constants_generated.h') print(' *') print(' * Please do any modifications there, then re-generate this file') print(' */') print('') current_requirements = [] def pop_requirement(): popped = current_requirements.pop() print('#endif') print() for definition in CONSTANTS: while not set(current_requirements).issubset(definition.requirements): pop_requirement() for requirement in definition.requirements: if requirement not in current_requirements: current_requirements.append(requirement) print() print(f'#if {requirement}') print(definition.c_template.format(self=definition)) while current_requirements: pop_requirement() if __name__ == '__main__': print_header() ././@PaxHeader0000000000000000000000000000003400000000000010212 xustar0028 mtime=1700253999.7762356 python-ldap-3.4.4/Lib/ldap/controls/0000755000175000017500000000000014525750460017532 5ustar00spichugispichugi././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/controls/__init__.py0000644000175000017500000001034114521037673021642 0ustar00spichugispichugi""" controls.py - support classes for LDAP controls See https://www.python-ldap.org/ for details. Description: The ldap.controls module provides LDAPControl classes. Each class provides support for a certain control. """ from ldap.pkginfo import __version__ import _ldap assert _ldap.__version__==__version__, \ ImportError(f'ldap {__version__} and _ldap {_ldap.__version__} version mismatch!') import ldap from pyasn1.error import PyAsn1Error __all__ = [ 'KNOWN_RESPONSE_CONTROLS', # Classes 'AssertionControl', 'BooleanControl', 'LDAPControl', 'ManageDSAITControl', 'MatchedValuesControl', 'RelaxRulesControl', 'RequestControl', 'ResponseControl', 'SimplePagedResultsControl', 'ValueLessRequestControl', # Functions 'RequestControlTuples', 'DecodeControlTuples', ] # response control OID to class registry KNOWN_RESPONSE_CONTROLS = {} class RequestControl: """ Base class for all request controls controlType OID as string of the LDAPv3 extended request control criticality sets the criticality of the control (boolean) encodedControlValue control value of the LDAPv3 extended request control (here it is the BER-encoded ASN.1 control value) """ def __init__(self,controlType=None,criticality=False,encodedControlValue=None): self.controlType = controlType self.criticality = criticality self.encodedControlValue = encodedControlValue def encodeControlValue(self): """ sets class attribute encodedControlValue to the BER-encoded ASN.1 control value composed by class attributes set before """ return self.encodedControlValue class ResponseControl: """ Base class for all response controls controlType OID as string of the LDAPv3 extended response control criticality sets the criticality of the received control (boolean) """ def __init__(self,controlType=None,criticality=False): self.controlType = controlType self.criticality = criticality def decodeControlValue(self,encodedControlValue): """ decodes the BER-encoded ASN.1 control value and sets the appropriate class attributes """ self.encodedControlValue = encodedControlValue class LDAPControl(RequestControl,ResponseControl): """ Base class for combined request/response controls mainly for backward-compatibility to python-ldap 2.3.x """ def __init__(self,controlType=None,criticality=False,controlValue=None,encodedControlValue=None): self.controlType = controlType self.criticality = criticality self.controlValue = controlValue self.encodedControlValue = encodedControlValue def RequestControlTuples(ldapControls): """ Return list of readily encoded 3-tuples which can be directly passed to C module _ldap ldapControls sequence-type of RequestControl objects """ if ldapControls is None: return None else: result = [ (c.controlType,c.criticality,c.encodeControlValue()) for c in ldapControls ] return result def DecodeControlTuples(ldapControlTuples,knownLDAPControls=None): """ Returns list of readily decoded ResponseControl objects ldapControlTuples Sequence-type of 3-tuples returned by _ldap.result4() containing the encoded ASN.1 control values of response controls. knownLDAPControls Dictionary mapping extended control's OID to ResponseControl class of response controls known by the application. If None ldap.controls.KNOWN_RESPONSE_CONTROLS is used here. """ knownLDAPControls = knownLDAPControls or KNOWN_RESPONSE_CONTROLS result = [] for controlType,criticality,encodedControlValue in ldapControlTuples or []: try: control = knownLDAPControls[controlType]() except KeyError: if criticality: raise ldap.UNAVAILABLE_CRITICAL_EXTENSION('Received unexpected critical response control with controlType %s' % (repr(controlType))) else: control.controlType,control.criticality = controlType,criticality try: control.decodeControlValue(encodedControlValue) except PyAsn1Error: if criticality: raise else: result.append(control) return result # Import the standard sub-modules from ldap.controls.simple import * from ldap.controls.libldap import * ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/controls/deref.py0000644000175000017500000000666514521037673021206 0ustar00spichugispichugi""" ldap.controls.deref - classes for (see https://tools.ietf.org/html/draft-masarati-ldap-deref) See https://www.python-ldap.org/ for project details. """ __all__ = [ 'DEREF_CONTROL_OID', 'DereferenceControl', ] import ldap.controls from ldap.controls import LDAPControl,KNOWN_RESPONSE_CONTROLS import pyasn1_modules.rfc2251 from pyasn1.type import namedtype,univ,tag from pyasn1.codec.ber import encoder,decoder from pyasn1_modules.rfc2251 import LDAPDN,AttributeDescription,AttributeDescriptionList,AttributeValue DEREF_CONTROL_OID = '1.3.6.1.4.1.4203.666.5.16' # Request types #--------------------------------------------------------------------------- # For compatibility with ASN.1 declaration in I-D AttributeList = AttributeDescriptionList class DerefSpec(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType( 'derefAttr', AttributeDescription() ), namedtype.NamedType( 'attributes', AttributeList() ), ) class DerefSpecs(univ.SequenceOf): componentType = DerefSpec() # Response types #--------------------------------------------------------------------------- class AttributeValues(univ.SetOf): componentType = AttributeValue() class PartialAttribute(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('type', AttributeDescription()), namedtype.NamedType('vals', AttributeValues()), ) class PartialAttributeList(univ.SequenceOf): componentType = PartialAttribute() tagSet = univ.Sequence.tagSet.tagImplicitly( tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,0) ) class DerefRes(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('derefAttr', AttributeDescription()), namedtype.NamedType('derefVal', LDAPDN()), namedtype.OptionalNamedType('attrVals', PartialAttributeList()), ) class DerefResultControlValue(univ.SequenceOf): componentType = DerefRes() class DereferenceControl(LDAPControl): controlType = DEREF_CONTROL_OID def __init__(self,criticality=False,derefSpecs=None): LDAPControl.__init__(self,self.controlType,criticality) self.derefSpecs = derefSpecs or {} def _derefSpecs(self): deref_specs = DerefSpecs() i = 0 for deref_attr,deref_attribute_names in self.derefSpecs.items(): deref_spec = DerefSpec() deref_attributes = AttributeList() for j in range(len(deref_attribute_names)): deref_attributes.setComponentByPosition(j,deref_attribute_names[j]) deref_spec.setComponentByName('derefAttr',AttributeDescription(deref_attr)) deref_spec.setComponentByName('attributes',deref_attributes) deref_specs.setComponentByPosition(i,deref_spec) i += 1 return deref_specs def encodeControlValue(self): return encoder.encode(self._derefSpecs()) def decodeControlValue(self,encodedControlValue): decodedValue,_ = decoder.decode(encodedControlValue,asn1Spec=DerefResultControlValue()) self.derefRes = {} for deref_res in decodedValue: deref_attr,deref_val,deref_vals = deref_res[0],deref_res[1],deref_res[2] partial_attrs_dict = { str(tv[0]): [str(v) for v in tv[1]] for tv in deref_vals or [] } try: self.derefRes[str(deref_attr)].append((str(deref_val),partial_attrs_dict)) except KeyError: self.derefRes[str(deref_attr)] = [(str(deref_val),partial_attrs_dict)] KNOWN_RESPONSE_CONTROLS[DereferenceControl.controlType] = DereferenceControl ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/controls/libldap.py0000644000175000017500000000433514521037673021520 0ustar00spichugispichugi""" controls.libldap - LDAP controls wrapper classes with en-/decoding done by OpenLDAP functions See https://www.python-ldap.org/ for details. """ from ldap.pkginfo import __version__ import _ldap assert _ldap.__version__==__version__, \ ImportError(f'ldap {__version__} and _ldap {_ldap.__version__} version mismatch!') import ldap from ldap.controls import RequestControl,LDAPControl,KNOWN_RESPONSE_CONTROLS class AssertionControl(RequestControl): """ LDAP Assertion control, as defined in RFC 4528 filterstr LDAP filter string specifying which assertions have to match so that the server processes the operation """ controlType = ldap.CONTROL_ASSERT def __init__(self,criticality=True,filterstr='(objectClass=*)'): self.criticality = criticality self.filterstr = filterstr def encodeControlValue(self): return _ldap.encode_assertion_control(self.filterstr) KNOWN_RESPONSE_CONTROLS[ldap.CONTROL_ASSERT] = AssertionControl class MatchedValuesControl(RequestControl): """ LDAP Matched Values control, as defined in RFC 3876 filterstr LDAP filter string specifying which attribute values should be returned """ controlType = ldap.CONTROL_VALUESRETURNFILTER def __init__(self,criticality=False,filterstr='(objectClass=*)'): self.criticality = criticality self.filterstr = filterstr def encodeControlValue(self): return _ldap.encode_valuesreturnfilter_control(self.filterstr) KNOWN_RESPONSE_CONTROLS[ldap.CONTROL_VALUESRETURNFILTER] = MatchedValuesControl class SimplePagedResultsControl(LDAPControl): """ LDAP Control Extension for Simple Paged Results Manipulation size Page size requested (number of entries to be returned) cookie Cookie string received with last page """ controlType = ldap.CONTROL_PAGEDRESULTS def __init__(self,criticality=False,size=None,cookie=None): self.criticality = criticality self.size,self.cookie = size,cookie def encodeControlValue(self): return _ldap.encode_page_control(self.size,self.cookie) def decodeControlValue(self,encodedControlValue): self.size,self.cookie = _ldap.decode_page_control(encodedControlValue) KNOWN_RESPONSE_CONTROLS[ldap.CONTROL_PAGEDRESULTS] = SimplePagedResultsControl ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/controls/openldap.py0000644000175000017500000000424514521037673021713 0ustar00spichugispichugi""" ldap.controls.openldap - classes for OpenLDAP-specific controls See https://www.python-ldap.org/ for project details. """ import ldap.controls from ldap.controls import ValueLessRequestControl,ResponseControl from pyasn1.type import univ from pyasn1.codec.ber import decoder __all__ = [ 'SearchNoOpControl', 'SearchNoOpMixIn', ] class SearchNoOpControl(ValueLessRequestControl,ResponseControl): """ No-op control attached to search operations implementing sort of a count operation see https://www.openldap.org/its/index.cgi?findid=6598 """ controlType = '1.3.6.1.4.1.4203.666.5.18' def __init__(self,criticality=False): self.criticality = criticality class SearchNoOpControlValue(univ.Sequence): pass def decodeControlValue(self,encodedControlValue): decodedValue,_ = decoder.decode(encodedControlValue,asn1Spec=self.SearchNoOpControlValue()) self.resultCode = int(decodedValue[0]) self.numSearchResults = int(decodedValue[1]) self.numSearchContinuations = int(decodedValue[2]) ldap.controls.KNOWN_RESPONSE_CONTROLS[SearchNoOpControl.controlType] = SearchNoOpControl class SearchNoOpMixIn: """ Mix-in class to be used with class LDAPObject and friends. It adds a convenience method noop_search_st() to LDAPObject for easily using the no-op search control. """ def noop_search_st(self,base,scope=ldap.SCOPE_SUBTREE,filterstr='(objectClass=*)',timeout=-1): try: msg_id = self.search_ext( base, scope, filterstr=filterstr, attrlist=['1.1'], timeout=timeout, serverctrls=[SearchNoOpControl(criticality=True)], ) _,_,_,search_response_ctrls = self.result3(msg_id,all=1,timeout=timeout) except ( ldap.TIMEOUT, ldap.TIMELIMIT_EXCEEDED, ldap.SIZELIMIT_EXCEEDED, ldap.ADMINLIMIT_EXCEEDED ) as e: self.abandon(msg_id) raise e else: noop_srch_ctrl = [ c for c in search_response_ctrls if c.controlType==SearchNoOpControl.controlType ] if noop_srch_ctrl: return noop_srch_ctrl[0].numSearchResults,noop_srch_ctrl[0].numSearchContinuations else: return (None,None) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/controls/pagedresults.py0000644000175000017500000000274414521037673022615 0ustar00spichugispichugi""" ldap.controls.paged - classes for Simple Paged control (see RFC 2696) See https://www.python-ldap.org/ for project details. """ __all__ = [ 'SimplePagedResultsControl' ] # Imports from python-ldap 2.4+ import ldap.controls from ldap.controls import RequestControl,ResponseControl,KNOWN_RESPONSE_CONTROLS # Imports from pyasn1 from pyasn1.type import tag,namedtype,univ,constraint from pyasn1.codec.ber import encoder,decoder from pyasn1_modules.rfc2251 import LDAPString class PagedResultsControlValue(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('size',univ.Integer()), namedtype.NamedType('cookie',LDAPString()), ) class SimplePagedResultsControl(RequestControl,ResponseControl): controlType = '1.2.840.113556.1.4.319' def __init__(self,criticality=False,size=10,cookie=''): self.criticality = criticality self.size = size self.cookie = cookie or '' def encodeControlValue(self): pc = PagedResultsControlValue() pc.setComponentByName('size',univ.Integer(self.size)) pc.setComponentByName('cookie',LDAPString(self.cookie)) return encoder.encode(pc) def decodeControlValue(self,encodedControlValue): decodedValue,_ = decoder.decode(encodedControlValue,asn1Spec=PagedResultsControlValue()) self.size = int(decodedValue.getComponentByName('size')) self.cookie = bytes(decodedValue.getComponentByName('cookie')) KNOWN_RESPONSE_CONTROLS[SimplePagedResultsControl.controlType] = SimplePagedResultsControl ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/controls/ppolicy.py0000644000175000017500000000606014521037673021565 0ustar00spichugispichugi""" ldap.controls.ppolicy - classes for Password Policy controls (see https://tools.ietf.org/html/draft-behera-ldap-password-policy) See https://www.python-ldap.org/ for project details. """ __all__ = [ 'PasswordPolicyControl' ] # Imports from python-ldap 2.4+ from ldap.controls import ( ResponseControl, ValueLessRequestControl, KNOWN_RESPONSE_CONTROLS ) # Imports from pyasn1 from pyasn1.type import tag,namedtype,namedval,univ,constraint from pyasn1.codec.der import decoder class PasswordPolicyWarning(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('timeBeforeExpiration',univ.Integer().subtype( implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,0) )), namedtype.NamedType('graceAuthNsRemaining',univ.Integer().subtype( implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,1) )), ) class PasswordPolicyError(univ.Enumerated): namedValues = namedval.NamedValues( ('passwordExpired',0), ('accountLocked',1), ('changeAfterReset',2), ('passwordModNotAllowed',3), ('mustSupplyOldPassword',4), ('insufficientPasswordQuality',5), ('passwordTooShort',6), ('passwordTooYoung',7), ('passwordInHistory',8), ('passwordTooLong',9), ) subtypeSpec = univ.Enumerated.subtypeSpec + constraint.SingleValueConstraint(0,1,2,3,4,5,6,7,8,9) class PasswordPolicyResponseValue(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType( 'warning', PasswordPolicyWarning().subtype( implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,0) ), ), namedtype.OptionalNamedType( 'error',PasswordPolicyError().subtype( implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,1) ) ), ) class PasswordPolicyControl(ValueLessRequestControl,ResponseControl): """ Indicates the errors and warnings about the password policy. Attributes ---------- timeBeforeExpiration : int The time before the password expires. graceAuthNsRemaining : int The number of grace authentications remaining. error: int The password and authentication errors. """ controlType = '1.3.6.1.4.1.42.2.27.8.5.1' def __init__(self,criticality=False): self.criticality = criticality self.timeBeforeExpiration = None self.graceAuthNsRemaining = None self.error = None def decodeControlValue(self,encodedControlValue): ppolicyValue,_ = decoder.decode(encodedControlValue,asn1Spec=PasswordPolicyResponseValue()) warning = ppolicyValue.getComponentByName('warning') if warning.hasValue(): if 'timeBeforeExpiration' in warning: self.timeBeforeExpiration = int( warning.getComponentByName('timeBeforeExpiration')) if 'graceAuthNsRemaining' in warning: self.graceAuthNsRemaining = int( warning.getComponentByName('graceAuthNsRemaining')) error = ppolicyValue.getComponentByName('error') if error.hasValue(): self.error = int(error) KNOWN_RESPONSE_CONTROLS[PasswordPolicyControl.controlType] = PasswordPolicyControl ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/controls/psearch.py0000644000175000017500000001031314521037673021527 0ustar00spichugispichugi""" ldap.controls.psearch - classes for Persistent Search Control (see https://tools.ietf.org/html/draft-ietf-ldapext-psearch) See https://www.python-ldap.org/ for project details. """ __all__ = [ 'PersistentSearchControl', 'EntryChangeNotificationControl', 'CHANGE_TYPES_INT', 'CHANGE_TYPES_STR', ] # Imports from python-ldap 2.4+ import ldap.controls from ldap.controls import RequestControl,ResponseControl,KNOWN_RESPONSE_CONTROLS # Imports from pyasn1 from pyasn1.type import namedtype,namedval,univ,constraint from pyasn1.codec.ber import encoder,decoder from pyasn1_modules.rfc2251 import LDAPDN #--------------------------------------------------------------------------- # Constants and classes for Persistent Search Control #--------------------------------------------------------------------------- CHANGE_TYPES_INT = { 'add':1, 'delete':2, 'modify':4, 'modDN':8, } CHANGE_TYPES_STR = {v: k for k,v in CHANGE_TYPES_INT.items()} class PersistentSearchControl(RequestControl): """ Implements the request control for persistent search. changeTypes List of strings specifying the types of changes returned by the server. Setting to None requests all changes. changesOnly Boolean which indicates whether only changes are returned by the server. returnECs Boolean which indicates whether the server should return an Entry Change Notification response control """ class PersistentSearchControlValue(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('changeTypes',univ.Integer()), namedtype.NamedType('changesOnly',univ.Boolean()), namedtype.NamedType('returnECs',univ.Boolean()), ) controlType = "2.16.840.1.113730.3.4.3" def __init__(self,criticality=True,changeTypes=None,changesOnly=False,returnECs=True): self.criticality,self.changesOnly,self.returnECs = \ criticality,changesOnly,returnECs self.changeTypes = changeTypes or CHANGE_TYPES_INT.values() def encodeControlValue(self): if not type(self.changeTypes)==type(0): # Assume a sequence type of integers to be OR-ed changeTypes_int = 0 for ct in self.changeTypes: changeTypes_int = changeTypes_int|CHANGE_TYPES_INT.get(ct,ct) self.changeTypes = changeTypes_int p = self.PersistentSearchControlValue() p.setComponentByName('changeTypes',univ.Integer(self.changeTypes)) p.setComponentByName('changesOnly',univ.Boolean(self.changesOnly)) p.setComponentByName('returnECs',univ.Boolean(self.returnECs)) return encoder.encode(p) class ChangeType(univ.Enumerated): namedValues = namedval.NamedValues( ('add',1), ('delete',2), ('modify',4), ('modDN',8), ) subtypeSpec = univ.Enumerated.subtypeSpec + constraint.SingleValueConstraint(1,2,4,8) class EntryChangeNotificationValue(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('changeType',ChangeType()), namedtype.OptionalNamedType('previousDN', LDAPDN()), namedtype.OptionalNamedType('changeNumber',univ.Integer()), ) class EntryChangeNotificationControl(ResponseControl): """ Implements the response control for persistent search. Class attributes with values extracted from the response control: changeType String indicating the type of change causing this result to be returned by the server previousDN Old DN of the entry in case of a modrdn change changeNumber A change serial number returned by the server (optional). """ controlType = "2.16.840.1.113730.3.4.7" def decodeControlValue(self,encodedControlValue): ecncValue,_ = decoder.decode(encodedControlValue,asn1Spec=EntryChangeNotificationValue()) self.changeType = int(ecncValue.getComponentByName('changeType')) previousDN = ecncValue.getComponentByName('previousDN') if previousDN.hasValue(): self.previousDN = str(previousDN) else: self.previousDN = None changeNumber = ecncValue.getComponentByName('changeNumber') if changeNumber.hasValue(): self.changeNumber = int(changeNumber) else: self.changeNumber = None return (self.changeType,self.previousDN,self.changeNumber) KNOWN_RESPONSE_CONTROLS[EntryChangeNotificationControl.controlType] = EntryChangeNotificationControl ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/controls/pwdpolicy.py0000644000175000017500000000211014521037673022110 0ustar00spichugispichugi""" ldap.controls.pwdpolicy - classes for Password Policy controls (see https://tools.ietf.org/html/draft-vchu-ldap-pwd-policy) See https://www.python-ldap.org/ for project details. """ __all__ = [ 'PasswordExpiringControl', 'PasswordExpiredControl', ] # Imports from python-ldap 2.4+ import ldap.controls from ldap.controls import RequestControl,ResponseControl,ValueLessRequestControl,KNOWN_RESPONSE_CONTROLS class PasswordExpiringControl(ResponseControl): """ Indicates time in seconds when password will expire """ controlType = '2.16.840.1.113730.3.4.5' def decodeControlValue(self,encodedControlValue): self.gracePeriod = int(encodedControlValue) KNOWN_RESPONSE_CONTROLS[PasswordExpiringControl.controlType] = PasswordExpiringControl class PasswordExpiredControl(ResponseControl): """ Indicates that password is expired """ controlType = '2.16.840.1.113730.3.4.4' def decodeControlValue(self,encodedControlValue): self.passwordExpired = encodedControlValue=='0' KNOWN_RESPONSE_CONTROLS[PasswordExpiredControl.controlType] = PasswordExpiredControl ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/controls/readentry.py0000644000175000017500000000466614521037673022115 0ustar00spichugispichugi""" ldap.controls.readentry - classes for the Read Entry controls (see RFC 4527) See https://www.python-ldap.org/ for project details. """ import ldap from pyasn1.codec.ber import encoder,decoder from ldap.controls import LDAPControl,KNOWN_RESPONSE_CONTROLS from pyasn1_modules.rfc2251 import AttributeDescriptionList,SearchResultEntry class ReadEntryControl(LDAPControl): """ Base class for read entry control described in RFC 4527 attrList list of attribute type names requested Class attributes with values extracted from the response control: dn string holding the distinguished name of the LDAP entry entry dictionary holding the LDAP entry """ def __init__(self,criticality=False,attrList=None): self.criticality,self.attrList,self.entry = criticality,attrList or [],None def encodeControlValue(self): attributeSelection = AttributeDescriptionList() for i in range(len(self.attrList)): attributeSelection.setComponentByPosition(i,self.attrList[i]) return encoder.encode(attributeSelection) def decodeControlValue(self,encodedControlValue): decodedEntry,_ = decoder.decode(encodedControlValue,asn1Spec=SearchResultEntry()) self.dn = str(decodedEntry[0]) self.entry = {} for attr in decodedEntry[1]: self.entry[str(attr[0])] = [ bytes(attr_value) for attr_value in attr[1] ] class PreReadControl(ReadEntryControl): """ Class for pre-read control described in RFC 4527 attrList list of attribute type names requested Class attributes with values extracted from the response control: dn string holding the distinguished name of the LDAP entry before the operation was done by the server entry dictionary holding the LDAP entry before the operation was done by the server """ controlType = ldap.CONTROL_PRE_READ KNOWN_RESPONSE_CONTROLS[PreReadControl.controlType] = PreReadControl class PostReadControl(ReadEntryControl): """ Class for post-read control described in RFC 4527 attrList list of attribute type names requested Class attributes with values extracted from the response control: dn string holding the distinguished name of the LDAP entry after the operation was done by the server entry dictionary holding the LDAP entry after the operation was done by the server """ controlType = ldap.CONTROL_POST_READ KNOWN_RESPONSE_CONTROLS[PostReadControl.controlType] = PostReadControl ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/controls/sessiontrack.py0000644000175000017500000000432614521037673022621 0ustar00spichugispichugi""" ldap.controls.sessiontrack - class for session tracking control (see draft-wahl-ldap-session) See https://www.python-ldap.org/ for project details. """ from ldap.controls import RequestControl from pyasn1.type import namedtype,univ from pyasn1.codec.ber import encoder from pyasn1_modules.rfc2251 import LDAPString,LDAPOID # OID constants SESSION_TRACKING_CONTROL_OID = "1.3.6.1.4.1.21008.108.63.1" SESSION_TRACKING_FORMAT_OID_RADIUS_ACCT_SESSION_ID = SESSION_TRACKING_CONTROL_OID+".1" SESSION_TRACKING_FORMAT_OID_RADIUS_ACCT_MULTI_SESSION_ID = SESSION_TRACKING_CONTROL_OID+".2" SESSION_TRACKING_FORMAT_OID_USERNAME = SESSION_TRACKING_CONTROL_OID+".3" class SessionTrackingControl(RequestControl): """ Class for Session Tracking Control Because criticality MUST be false for this control it cannot be set from the application. sessionSourceIp IP address of the request source as string sessionSourceName Name of the request source as string formatOID OID as string specifying the format sessionTrackingIdentifier String containing a specific tracking ID """ class SessionIdentifierControlValue(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('sessionSourceIp',LDAPString()), namedtype.NamedType('sessionSourceName',LDAPString()), namedtype.NamedType('formatOID',LDAPOID()), namedtype.NamedType('sessionTrackingIdentifier',LDAPString()), ) controlType = SESSION_TRACKING_CONTROL_OID def __init__(self,sessionSourceIp,sessionSourceName,formatOID,sessionTrackingIdentifier): # criticality MUST be false for this control self.criticality = False self.sessionSourceIp,self.sessionSourceName,self.formatOID,self.sessionTrackingIdentifier = \ sessionSourceIp,sessionSourceName,formatOID,sessionTrackingIdentifier def encodeControlValue(self): s = self.SessionIdentifierControlValue() s.setComponentByName('sessionSourceIp',LDAPString(self.sessionSourceIp)) s.setComponentByName('sessionSourceName',LDAPString(self.sessionSourceName)) s.setComponentByName('formatOID',LDAPOID(self.formatOID)) s.setComponentByName('sessionTrackingIdentifier',LDAPString(self.sessionTrackingIdentifier)) return encoder.encode(s) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/controls/simple.py0000644000175000017500000000756714521037673021414 0ustar00spichugispichugi""" ldap.controls.simple - classes for some very simple LDAP controls See https://www.python-ldap.org/ for details. """ import struct,ldap from ldap.controls import RequestControl,ResponseControl,LDAPControl,KNOWN_RESPONSE_CONTROLS from pyasn1.type import univ from pyasn1.codec.ber import encoder,decoder class ValueLessRequestControl(RequestControl): """ Base class for controls without a controlValue. The presence of the control in a LDAPv3 request changes the server's behaviour when processing the request simply based on the controlType. controlType OID of the request control criticality criticality request control """ def __init__(self,controlType=None,criticality=False): self.controlType = controlType self.criticality = criticality def encodeControlValue(self): return None class OctetStringInteger(LDAPControl): """ Base class with controlValue being unsigend integer values integerValue Integer to be sent as OctetString """ def __init__(self,controlType=None,criticality=False,integerValue=None): self.controlType = controlType self.criticality = criticality self.integerValue = integerValue def encodeControlValue(self): return struct.pack('!Q',self.integerValue) def decodeControlValue(self,encodedControlValue): self.integerValue = struct.unpack('!Q',encodedControlValue)[0] class BooleanControl(LDAPControl): """ Base class for simple request controls with boolean control value. Constructor argument and class attribute: booleanValue Boolean (True/False or 1/0) which is the boolean controlValue. """ def __init__(self,controlType=None,criticality=False,booleanValue=False): self.controlType = controlType self.criticality = criticality self.booleanValue = booleanValue def encodeControlValue(self): return encoder.encode(self.booleanValue,asn1Spec=univ.Boolean()) def decodeControlValue(self,encodedControlValue): decodedValue,_ = decoder.decode(encodedControlValue,asn1Spec=univ.Boolean()) self.booleanValue = bool(int(decodedValue)) class ManageDSAITControl(ValueLessRequestControl): """ Manage DSA IT Control """ def __init__(self,criticality=False): ValueLessRequestControl.__init__(self,ldap.CONTROL_MANAGEDSAIT,criticality=False) KNOWN_RESPONSE_CONTROLS[ldap.CONTROL_MANAGEDSAIT] = ManageDSAITControl class RelaxRulesControl(ValueLessRequestControl): """ Relax Rules Control """ def __init__(self,criticality=False): ValueLessRequestControl.__init__(self,ldap.CONTROL_RELAX,criticality=False) KNOWN_RESPONSE_CONTROLS[ldap.CONTROL_RELAX] = RelaxRulesControl class ProxyAuthzControl(RequestControl): """ Proxy Authorization Control authzId string containing the authorization ID indicating the identity on behalf which the server should process the request """ def __init__(self,criticality,authzId): RequestControl.__init__(self,ldap.CONTROL_PROXY_AUTHZ,criticality,authzId) class AuthorizationIdentityRequestControl(ValueLessRequestControl): """ Authorization Identity Request and Response Controls """ controlType = '2.16.840.1.113730.3.4.16' def __init__(self,criticality): ValueLessRequestControl.__init__(self,self.controlType,criticality) class AuthorizationIdentityResponseControl(ResponseControl): """ Authorization Identity Request and Response Controls Class attributes: authzId decoded authorization identity """ controlType = '2.16.840.1.113730.3.4.15' def decodeControlValue(self,encodedControlValue): self.authzId = encodedControlValue KNOWN_RESPONSE_CONTROLS[AuthorizationIdentityResponseControl.controlType] = AuthorizationIdentityResponseControl class GetEffectiveRightsControl(RequestControl): """ Get Effective Rights Control """ def __init__(self,criticality,authzId=None): RequestControl.__init__(self,'1.3.6.1.4.1.42.2.27.9.5.2',criticality,authzId) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/controls/sss.py0000644000175000017500000001132214521037673020713 0ustar00spichugispichugi""" ldap.controls.sss - classes for Server Side Sorting (see RFC 2891) See https://www.python-ldap.org/ for project details. """ __all__ = [ 'SSSRequestControl', 'SSSResponseControl', ] import sys import ldap from ldap.ldapobject import LDAPObject from ldap.controls import (RequestControl, ResponseControl, KNOWN_RESPONSE_CONTROLS, DecodeControlTuples) from pyasn1.type import univ, namedtype, tag, namedval, constraint from pyasn1.codec.ber import encoder, decoder # SortKeyList ::= SEQUENCE OF SEQUENCE { # attributeType AttributeDescription, # orderingRule [0] MatchingRuleId OPTIONAL, # reverseOrder [1] BOOLEAN DEFAULT FALSE } class SortKeyType(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('attributeType', univ.OctetString()), namedtype.OptionalNamedType('orderingRule', univ.OctetString().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0) ) ), namedtype.DefaultedNamedType('reverseOrder', univ.Boolean(False).subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))) class SortKeyListType(univ.SequenceOf): componentType = SortKeyType() class SSSRequestControl(RequestControl): '''Order result server side >>> s = SSSRequestControl(ordering_rules=['-cn']) ''' controlType = '1.2.840.113556.1.4.473' def __init__( self, criticality=False, ordering_rules=None, ): RequestControl.__init__(self,self.controlType,criticality) self.ordering_rules = ordering_rules if isinstance(ordering_rules, str): ordering_rules = [ordering_rules] for rule in ordering_rules: rule = rule.split(':') assert len(rule) < 3, 'syntax for ordering rule: [-][:ordering-rule]' def asn1(self): p = SortKeyListType() for i, rule in enumerate(self.ordering_rules): q = SortKeyType() reverse_order = rule.startswith('-') if reverse_order: rule = rule[1:] if ':' in rule: attribute_type, ordering_rule = rule.split(':') else: attribute_type, ordering_rule = rule, None q.setComponentByName('attributeType', attribute_type) if ordering_rule: q.setComponentByName('orderingRule', ordering_rule) if reverse_order: q.setComponentByName('reverseOrder', 1) p.setComponentByPosition(i, q) return p def encodeControlValue(self): return encoder.encode(self.asn1()) class SortResultType(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('sortResult', univ.Enumerated().subtype( namedValues=namedval.NamedValues( ('success', 0), ('operationsError', 1), ('timeLimitExceeded', 3), ('strongAuthRequired', 8), ('adminLimitExceeded', 11), ('noSuchAttribute', 16), ('inappropriateMatching', 18), ('insufficientAccessRights', 50), ('busy', 51), ('unwillingToPerform', 53), ('other', 80)), subtypeSpec=univ.Enumerated.subtypeSpec + constraint.SingleValueConstraint( 0, 1, 3, 8, 11, 16, 18, 50, 51, 53, 80))), namedtype.OptionalNamedType('attributeType', univ.OctetString().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0) ) )) class SSSResponseControl(ResponseControl): controlType = '1.2.840.113556.1.4.474' def __init__(self,criticality=False): ResponseControl.__init__(self,self.controlType,criticality) def decodeControlValue(self, encoded): p, rest = decoder.decode(encoded, asn1Spec=SortResultType()) assert not rest, 'all data could not be decoded' sort_result = p.getComponentByName('sortResult') self.sortResult = int(sort_result) attribute_type = p.getComponentByName('attributeType') if attribute_type.hasValue(): self.attributeType = attribute_type else: self.attributeType = None # backward compatibility class attributes self.result = self.sortResult self.attribute_type_error = self.attributeType KNOWN_RESPONSE_CONTROLS[SSSResponseControl.controlType] = SSSResponseControl ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/controls/vlv.py0000644000175000017500000001237414521037673020722 0ustar00spichugispichugi""" ldap.controls.vlv - classes for Virtual List View (see draft-ietf-ldapext-ldapv3-vlv) See https://www.python-ldap.org/ for project details. """ __all__ = [ 'VLVRequestControl', 'VLVResponseControl', ] import ldap from ldap.ldapobject import LDAPObject from ldap.controls import (RequestControl, ResponseControl, KNOWN_RESPONSE_CONTROLS, DecodeControlTuples) from pyasn1.type import univ, namedtype, tag, namedval, constraint from pyasn1.codec.ber import encoder, decoder class ByOffsetType(univ.Sequence): tagSet = univ.Sequence.tagSet.tagImplicitly( tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)) componentType = namedtype.NamedTypes( namedtype.NamedType('offset', univ.Integer()), namedtype.NamedType('contentCount', univ.Integer())) class TargetType(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('byOffset', ByOffsetType()), namedtype.NamedType('greaterThanOrEqual', univ.OctetString().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))) class VirtualListViewRequestType(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('beforeCount', univ.Integer()), namedtype.NamedType('afterCount', univ.Integer()), namedtype.NamedType('target', TargetType()), namedtype.OptionalNamedType('contextID', univ.OctetString())) class VLVRequestControl(RequestControl): controlType = '2.16.840.1.113730.3.4.9' def __init__( self, criticality=False, before_count=0, after_count=0, offset=None, content_count=None, greater_than_or_equal=None, context_id=None, ): RequestControl.__init__(self,self.controlType,criticality) assert (offset is not None and content_count is not None) or \ greater_than_or_equal, \ ValueError( 'offset and content_count must be set together or greater_than_or_equal must be used' ) self.before_count = before_count self.after_count = after_count self.offset = offset self.content_count = content_count self.greater_than_or_equal = greater_than_or_equal self.context_id = context_id def encodeControlValue(self): p = VirtualListViewRequestType() p.setComponentByName('beforeCount', self.before_count) p.setComponentByName('afterCount', self.after_count) if self.offset is not None and self.content_count is not None: by_offset = ByOffsetType() by_offset.setComponentByName('offset', self.offset) by_offset.setComponentByName('contentCount', self.content_count) target = TargetType() target.setComponentByName('byOffset', by_offset) elif self.greater_than_or_equal: target = TargetType() target.setComponentByName('greaterThanOrEqual', self.greater_than_or_equal) else: raise NotImplementedError p.setComponentByName('target', target) return encoder.encode(p) KNOWN_RESPONSE_CONTROLS[VLVRequestControl.controlType] = VLVRequestControl class VirtualListViewResultType(univ.Enumerated): namedValues = namedval.NamedValues( ('success', 0), ('operationsError', 1), ('protocolError', 3), ('unwillingToPerform', 53), ('insufficientAccessRights', 50), ('adminLimitExceeded', 11), ('innapropriateMatching', 18), ('sortControlMissing', 60), ('offsetRangeError', 61), ('other', 80), ) class VirtualListViewResponseType(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('targetPosition', univ.Integer()), namedtype.NamedType('contentCount', univ.Integer()), namedtype.NamedType('virtualListViewResult', VirtualListViewResultType()), namedtype.OptionalNamedType('contextID', univ.OctetString())) class VLVResponseControl(ResponseControl): controlType = '2.16.840.1.113730.3.4.10' def __init__(self,criticality=False): ResponseControl.__init__(self,self.controlType,criticality) def decodeControlValue(self,encoded): p, rest = decoder.decode(encoded, asn1Spec=VirtualListViewResponseType()) assert not rest, 'all data could not be decoded' self.targetPosition = int(p.getComponentByName('targetPosition')) self.contentCount = int(p.getComponentByName('contentCount')) virtual_list_view_result = p.getComponentByName('virtualListViewResult') self.virtualListViewResult = int(virtual_list_view_result) context_id = p.getComponentByName('contextID') if context_id.hasValue(): self.contextID = str(context_id) else: self.contextID = None # backward compatibility class attributes self.target_position = self.targetPosition self.content_count = self.contentCount self.result = self.virtualListViewResult self.context_id = self.contextID KNOWN_RESPONSE_CONTROLS[VLVResponseControl.controlType] = VLVResponseControl ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/dn.py0000644000175000017500000000605014521037673016643 0ustar00spichugispichugi""" dn.py - misc stuff for handling distinguished names (see RFC 4514) See https://www.python-ldap.org/ for details. """ from ldap.pkginfo import __version__ import _ldap assert _ldap.__version__==__version__, \ ImportError(f'ldap {__version__} and _ldap {_ldap.__version__} version mismatch!') import ldap.functions def escape_dn_chars(s): """ Escape all DN special characters found in s with a back-slash (see RFC 4514, section 2.4) """ if s: s = s.replace('\\','\\\\') s = s.replace(',' ,'\\,') s = s.replace('+' ,'\\+') s = s.replace('"' ,'\\"') s = s.replace('<' ,'\\<') s = s.replace('>' ,'\\>') s = s.replace(';' ,'\\;') s = s.replace('=' ,'\\=') s = s.replace('\000' ,'\\\000') if s[-1]==' ': s = ''.join((s[:-1],'\\ ')) if s[0]=='#' or s[0]==' ': s = ''.join(('\\',s)) return s def str2dn(dn,flags=0): """ This function takes a DN as string as parameter and returns a decomposed DN. It's the inverse to dn2str(). flags describes the format of the dn See also the OpenLDAP man-page ldap_str2dn(3) """ if not dn: return [] return ldap.functions._ldap_function_call(None,_ldap.str2dn,dn,flags) def dn2str(dn): """ This function takes a decomposed DN as parameter and returns a single string. It's the inverse to str2dn() but will always return a DN in LDAPv3 format compliant to RFC 4514. """ return ','.join([ '+'.join([ '='.join((atype,escape_dn_chars(avalue or ''))) for atype,avalue,dummy in rdn]) for rdn in dn ]) def explode_dn(dn, notypes=False, flags=0): """ explode_dn(dn [, notypes=False [, flags=0]]) -> list This function takes a DN and breaks it up into its component parts. The notypes parameter is used to specify that only the component's attribute values be returned and not the attribute types. """ if not dn: return [] dn_decomp = str2dn(dn,flags) rdn_list = [] for rdn in dn_decomp: if notypes: rdn_list.append('+'.join([ escape_dn_chars(avalue or '') for atype,avalue,dummy in rdn ])) else: rdn_list.append('+'.join([ '='.join((atype,escape_dn_chars(avalue or ''))) for atype,avalue,dummy in rdn ])) return rdn_list def explode_rdn(rdn, notypes=False, flags=0): """ explode_rdn(rdn [, notypes=0 [, flags=0]]) -> list This function takes a RDN and breaks it up into its component parts if it is a multi-valued RDN. The notypes parameter is used to specify that only the component's attribute values be returned and not the attribute types. """ if not rdn: return [] rdn_decomp = str2dn(rdn,flags)[0] if notypes: return [avalue or '' for atype,avalue,dummy in rdn_decomp] else: return ['='.join((atype,escape_dn_chars(avalue or ''))) for atype,avalue,dummy in rdn_decomp] def is_dn(s,flags=0): """ Returns True if `s' can be parsed by ldap.dn.str2dn() as a distinguished host_name (DN), otherwise False is returned. """ try: str2dn(s,flags) except Exception: return False else: return True ././@PaxHeader0000000000000000000000000000003400000000000010212 xustar0028 mtime=1700253999.7772355 python-ldap-3.4.4/Lib/ldap/extop/0000755000175000017500000000000014525750460017026 5ustar00spichugispichugi././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/extop/__init__.py0000644000175000017500000000346514521037673021147 0ustar00spichugispichugi""" controls.py - support classes for LDAPv3 extended operations See https://www.python-ldap.org/ for details. Description: The ldap.extop module provides base classes for LDAPv3 extended operations. Each class provides support for a certain extended operation request and response. """ from ldap import __version__ class ExtendedRequest: """ Generic base class for a LDAPv3 extended operation request requestName OID as string of the LDAPv3 extended operation request requestValue value of the LDAPv3 extended operation request (here it is the BER-encoded ASN.1 request value) """ def __init__(self,requestName,requestValue): self.requestName = requestName self.requestValue = requestValue def __repr__(self): return f'{self.__class__.__name__}({self.requestName},{self.requestValue})' def encodedRequestValue(self): """ returns the BER-encoded ASN.1 request value composed by class attributes set before """ return self.requestValue class ExtendedResponse: """ Generic base class for a LDAPv3 extended operation response requestName OID as string of the LDAPv3 extended operation response encodedResponseValue BER-encoded ASN.1 value of the LDAPv3 extended operation response """ def __init__(self,responseName,encodedResponseValue): self.responseName = responseName self.responseValue = self.decodeResponseValue(encodedResponseValue) def __repr__(self): return f'{self.__class__.__name__}({self.responseName},{self.responseValue})' def decodeResponseValue(self,value): """ decodes the BER-encoded ASN.1 extended operation response value and sets the appropriate class attributes """ return value # Import sub-modules from ldap.extop.dds import * from ldap.extop.passwd import PasswordModifyResponse ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/extop/dds.py0000644000175000017500000000402514521037673020153 0ustar00spichugispichugi""" ldap.extop.dds - Classes for Dynamic Entries extended operations (see RFC 2589) See https://www.python-ldap.org/ for details. """ from ldap.extop import ExtendedRequest,ExtendedResponse # Imports from pyasn1 from pyasn1.type import namedtype,univ,tag from pyasn1.codec.der import encoder,decoder from pyasn1_modules.rfc2251 import LDAPDN class RefreshRequest(ExtendedRequest): requestName = '1.3.6.1.4.1.1466.101.119.1' defaultRequestTtl = 86400 class RefreshRequestValue(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType( 'entryName', LDAPDN().subtype( implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,0) ) ), namedtype.NamedType( 'requestTtl', univ.Integer().subtype( implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,1) ) ), ) def __init__(self,requestName=None,entryName=None,requestTtl=None): self.entryName = entryName self.requestTtl = requestTtl or self.defaultRequestTtl def encodedRequestValue(self): p = self.RefreshRequestValue() p.setComponentByName( 'entryName', LDAPDN(self.entryName).subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple,0) ) ) p.setComponentByName( 'requestTtl', univ.Integer(self.requestTtl).subtype( implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,1) ) ) return encoder.encode(p) class RefreshResponse(ExtendedResponse): responseName = '1.3.6.1.4.1.1466.101.119.1' class RefreshResponseValue(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType( 'responseTtl', univ.Integer().subtype( implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,1) ) ) ) def decodeResponseValue(self,value): respValue,_ = decoder.decode(value,asn1Spec=self.RefreshResponseValue()) self.responseTtl = int(respValue.getComponentByName('responseTtl')) return self.responseTtl ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/extop/passwd.py0000644000175000017500000000172014521037673020701 0ustar00spichugispichugi""" ldap.extop.passwd - Classes for Password Modify extended operation (see RFC 3062) See https://www.python-ldap.org/ for details. """ from ldap.extop import ExtendedResponse # Imports from pyasn1 from pyasn1.type import namedtype, univ, tag from pyasn1.codec.der import decoder class PasswordModifyResponse(ExtendedResponse): responseName = None class PasswordModifyResponseValue(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType( 'genPasswd', univ.OctetString().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0) ) ) ) def decodeResponseValue(self, value): respValue, _ = decoder.decode(value, asn1Spec=self.PasswordModifyResponseValue()) self.genPasswd = bytes(respValue.getComponentByName('genPasswd')) return self.genPasswd ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/filter.py0000644000175000017500000000455214521037673017534 0ustar00spichugispichugi""" filters.py - misc stuff for handling LDAP filter strings (see RFC2254) See https://www.python-ldap.org/ for details. Compatibility: - Tested with Python 2.0+ """ from ldap import __version__ from ldap.functions import strf_secs import time def escape_filter_chars(assertion_value,escape_mode=0): """ Replace all special characters found in assertion_value by quoted notation. escape_mode If 0 only special chars mentioned in RFC 4515 are escaped. If 1 all NON-ASCII chars are escaped. If 2 all chars are escaped. """ if escape_mode: r = [] if escape_mode==1: for c in assertion_value: if c < '0' or c > 'z' or c in "\\*()": c = "\\%02x" % ord(c) r.append(c) elif escape_mode==2: for c in assertion_value: r.append("\\%02x" % ord(c)) else: raise ValueError('escape_mode must be 0, 1 or 2.') s = ''.join(r) else: s = assertion_value.replace('\\', r'\5c') s = s.replace(r'*', r'\2a') s = s.replace(r'(', r'\28') s = s.replace(r')', r'\29') s = s.replace('\x00', r'\00') return s def filter_format(filter_template,assertion_values): """ filter_template String containing %s as placeholder for assertion values. assertion_values List or tuple of assertion values. Length must match count of %s in filter_template. """ return filter_template % tuple(escape_filter_chars(v) for v in assertion_values) def time_span_filter( filterstr='', from_timestamp=0, until_timestamp=None, delta_attr='modifyTimestamp', ): """ If last_run_timestr is non-zero filterstr will be extended """ if until_timestamp is None: until_timestamp = time.time() if from_timestamp < 0: from_timestamp = until_timestamp + from_timestamp if from_timestamp > until_timestamp: raise ValueError('from_timestamp {!r} must not be greater than until_timestamp {!r}'.format( from_timestamp, until_timestamp )) return ( '(&' '{filterstr}' '({delta_attr}>={from_timestr})' '(!({delta_attr}>={until_timestr}))' ')' ).format( filterstr=filterstr, delta_attr=delta_attr, from_timestr=strf_secs(from_timestamp), until_timestr=strf_secs(until_timestamp), ) # end of time_span_filter() ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/functions.py0000644000175000017500000000641514521037673020257 0ustar00spichugispichugi""" functions.py - wraps functions of module _ldap See https://www.python-ldap.org/ for details. """ from ldap import __version__ __all__ = [ 'open','initialize','init', 'explode_dn','explode_rdn', 'get_option','set_option', 'escape_str', 'strf_secs','strp_secs', ] import sys,pprint,time,_ldap,ldap from calendar import timegm from ldap import LDAPError from ldap.dn import explode_dn,explode_rdn from ldap.ldapobject import LDAPObject if __debug__: # Tracing is only supported in debugging mode import traceback def _ldap_function_call(lock,func,*args,**kwargs): """ Wrapper function which locks and logs calls to function lock Instance of threading.Lock or compatible func Function to call with arguments passed in via *args and **kwargs """ if lock: lock.acquire() if __debug__: if ldap._trace_level>=1: ldap._trace_file.write('*** {}.{} {}\n'.format( '_ldap',func.__name__, pprint.pformat((args,kwargs)) )) if ldap._trace_level>=9: traceback.print_stack(limit=ldap._trace_stack_limit,file=ldap._trace_file) try: try: result = func(*args,**kwargs) finally: if lock: lock.release() except LDAPError as e: if __debug__ and ldap._trace_level>=2: ldap._trace_file.write('=> LDAPError: %s\n' % (str(e))) raise if __debug__ and ldap._trace_level>=2: ldap._trace_file.write('=> result:\n%s\n' % (pprint.pformat(result))) return result def initialize( uri, trace_level=0, trace_file=sys.stdout, trace_stack_limit=None, bytes_mode=None, fileno=None, **kwargs ): """ Return LDAPObject instance by opening LDAP connection to LDAP host specified by LDAP URL Parameters: uri LDAP URL containing at least connection scheme and hostport, e.g. ldap://localhost:389 trace_level If non-zero a trace output of LDAP calls is generated. trace_file File object where to write the trace output to. Default is to use stdout. bytes_mode Whether to enable :ref:`bytes_mode` for backwards compatibility under Py2. fileno If not None the socket file descriptor is used to connect to an LDAP server. Additional keyword arguments (such as ``bytes_strictness``) are passed to ``LDAPObject``. """ return LDAPObject( uri, trace_level, trace_file, trace_stack_limit, bytes_mode, fileno=fileno, **kwargs ) def get_option(option): """ get_option(name) -> value Get the value of an LDAP global option. """ return _ldap_function_call(None,_ldap.get_option,option) def set_option(option,invalue): """ set_option(name, value) Set the value of an LDAP global option. """ return _ldap_function_call(None,_ldap.set_option,option,invalue) def escape_str(escape_func,s,*args): """ Applies escape_func() to all items of `args' and returns a string based on format string `s'. """ return s % tuple(escape_func(v) for v in args) def strf_secs(secs): """ Convert seconds since epoch to a string compliant to LDAP syntax GeneralizedTime """ return time.strftime('%Y%m%d%H%M%SZ', time.gmtime(secs)) def strp_secs(dt_str): """ Convert LDAP syntax GeneralizedTime to seconds since epoch """ return timegm(time.strptime(dt_str, '%Y%m%d%H%M%SZ')) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/ldapobject.py0000644000175000017500000012032114521037673020347 0ustar00spichugispichugi""" ldapobject.py - wraps class _ldap.LDAPObject See https://www.python-ldap.org/ for details. """ from os import strerror from ldap.pkginfo import __version__, __author__, __license__ __all__ = [ 'LDAPObject', 'SimpleLDAPObject', 'ReconnectLDAPObject', 'LDAPBytesWarning' ] if __debug__: # Tracing is only supported in debugging mode import traceback import sys,time,pprint,_ldap,ldap,ldap.sasl,ldap.functions import warnings from ldap.schema import SCHEMA_ATTRS from ldap.controls import LDAPControl,DecodeControlTuples,RequestControlTuples from ldap.extop import ExtendedRequest,ExtendedResponse,PasswordModifyResponse from ldap import LDAPError class LDAPBytesWarning(BytesWarning): """Python 2 bytes mode warning""" def __init__(self, *args, **kwargs): warnings.warn( "LDAPBytesWarning is deprecated and will be removed in the future", DeprecationWarning, ) super().__init__(*args, **kwargs) class NO_UNIQUE_ENTRY(ldap.NO_SUCH_OBJECT): """ Exception raised if a LDAP search returned more than entry entry although assumed to return a unique single search result. """ class SimpleLDAPObject: """ This basic class wraps all methods of the underlying C API object. The arguments are same as for the :func:`~ldap.initialize()` function. """ CLASSATTR_OPTION_MAPPING = { "protocol_version": ldap.OPT_PROTOCOL_VERSION, "deref": ldap.OPT_DEREF, "referrals": ldap.OPT_REFERRALS, "timelimit": ldap.OPT_TIMELIMIT, "sizelimit": ldap.OPT_SIZELIMIT, "network_timeout": ldap.OPT_NETWORK_TIMEOUT, "error_number":ldap.OPT_ERROR_NUMBER, "error_string":ldap.OPT_ERROR_STRING, "matched_dn":ldap.OPT_MATCHED_DN, } def __init__( self,uri, trace_level=0,trace_file=None,trace_stack_limit=5,bytes_mode=None, bytes_strictness=None, fileno=None ): self._trace_level = trace_level or ldap._trace_level self._trace_file = trace_file or ldap._trace_file self._trace_stack_limit = trace_stack_limit self._uri = uri self._ldap_object_lock = self._ldap_lock('opcall') if fileno is not None: if not hasattr(_ldap, "initialize_fd"): raise ValueError("libldap does not support initialize_fd") if hasattr(fileno, "fileno"): fileno = fileno.fileno() self._l = ldap.functions._ldap_function_call( ldap._ldap_module_lock, _ldap.initialize_fd, fileno, uri ) else: self._l = ldap.functions._ldap_function_call(ldap._ldap_module_lock,_ldap.initialize,uri) self.timeout = -1 self.protocol_version = ldap.VERSION3 if bytes_mode: raise ValueError("bytes_mode is *not* supported under Python 3.") @property def bytes_mode(self): return False @property def bytes_strictness(self): return 'error' def _ldap_lock(self,desc=''): if ldap.LIBLDAP_R: return ldap.LDAPLock(desc='%s within %s' %(desc,repr(self))) else: return ldap._ldap_module_lock def _ldap_call(self,func,*args,**kwargs): """ Wrapper method mainly for serializing calls into OpenLDAP libs and trace logs """ self._ldap_object_lock.acquire() if __debug__: if self._trace_level>=1: self._trace_file.write('*** {} {} - {}\n{}\n'.format( repr(self), self._uri, '.'.join((self.__class__.__name__,func.__name__)), pprint.pformat((args,kwargs)) )) if self._trace_level>=9: traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file) diagnostic_message_success = None try: try: result = func(*args,**kwargs) if __debug__ and self._trace_level>=2: if func.__name__!="unbind_ext": diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE) finally: self._ldap_object_lock.release() except LDAPError as e: try: if 'info' not in e.args[0] and 'errno' in e.args[0]: e.args[0]['info'] = strerror(e.args[0]['errno']) except IndexError: pass if __debug__ and self._trace_level>=2: self._trace_file.write('=> LDAPError - {}: {}\n'.format(e.__class__.__name__,str(e))) raise else: if __debug__ and self._trace_level>=2: if not diagnostic_message_success is None: self._trace_file.write('=> diagnosticMessage: %s\n' % (repr(diagnostic_message_success))) self._trace_file.write('=> result:\n%s\n' % (pprint.pformat(result))) return result def __setattr__(self,name,value): if name in self.CLASSATTR_OPTION_MAPPING: self.set_option(self.CLASSATTR_OPTION_MAPPING[name],value) else: self.__dict__[name] = value def __getattr__(self,name): if name in self.CLASSATTR_OPTION_MAPPING: return self.get_option(self.CLASSATTR_OPTION_MAPPING[name]) elif name in self.__dict__: return self.__dict__[name] else: raise AttributeError('{} has no attribute {}'.format( self.__class__.__name__,repr(name) )) def fileno(self): """ Returns file description of LDAP connection. Just a convenience wrapper for LDAPObject.get_option(ldap.OPT_DESC) """ return self.get_option(ldap.OPT_DESC) def abandon_ext(self,msgid,serverctrls=None,clientctrls=None): """ abandon_ext(msgid[,serverctrls=None[,clientctrls=None]]) -> None abandon(msgid) -> None Abandons or cancels an LDAP operation in progress. The msgid should be the message id of an outstanding LDAP operation as returned by the asynchronous methods search(), modify() etc. The caller can expect that the result of an abandoned operation will not be returned from a future call to result(). """ return self._ldap_call(self._l.abandon_ext,msgid,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) def abandon(self,msgid): return self.abandon_ext(msgid,None,None) def cancel(self,cancelid,serverctrls=None,clientctrls=None): """ cancel(cancelid[,serverctrls=None[,clientctrls=None]]) -> int Send cancels extended operation for an LDAP operation specified by cancelid. The cancelid should be the message id of an outstanding LDAP operation as returned by the asynchronous methods search(), modify() etc. The caller can expect that the result of an abandoned operation will not be returned from a future call to result(). In opposite to abandon() this extended operation gets an result from the server and thus should be preferred if the server supports it. """ return self._ldap_call(self._l.cancel,cancelid,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) def cancel_s(self,cancelid,serverctrls=None,clientctrls=None): msgid = self.cancel(cancelid,serverctrls,clientctrls) try: res = self.result(msgid,all=1,timeout=self.timeout) except (ldap.CANCELLED,ldap.SUCCESS): res = None return res def add_ext(self,dn,modlist,serverctrls=None,clientctrls=None): """ add_ext(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> int This function adds a new entry with a distinguished name specified by dn which means it must not already exist. The parameter modlist is similar to the one passed to modify(), except that no operation integer need be included in the tuples. """ return self._ldap_call(self._l.add_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) def add_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None): msgid = self.add_ext(dn,modlist,serverctrls,clientctrls) resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) return resp_type, resp_data, resp_msgid, resp_ctrls def add(self,dn,modlist): """ add(dn, modlist) -> int This function adds a new entry with a distinguished name specified by dn which means it must not already exist. The parameter modlist is similar to the one passed to modify(), except that no operation integer need be included in the tuples. """ return self.add_ext(dn,modlist,None,None) def add_s(self,dn,modlist): return self.add_ext_s(dn,modlist,None,None) def simple_bind(self,who=None,cred=None,serverctrls=None,clientctrls=None): """ simple_bind([who='' [,cred='']]) -> int """ return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) def simple_bind_s(self,who=None,cred=None,serverctrls=None,clientctrls=None): """ simple_bind_s([who='' [,cred='']]) -> 4-tuple """ msgid = self.simple_bind(who,cred,serverctrls,clientctrls) resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) return resp_type, resp_data, resp_msgid, resp_ctrls def bind(self,who,cred,method=ldap.AUTH_SIMPLE): """ bind(who, cred, method) -> int """ assert method==ldap.AUTH_SIMPLE,'Only simple bind supported in LDAPObject.bind()' return self.simple_bind(who,cred) def bind_s(self,who,cred,method=ldap.AUTH_SIMPLE): """ bind_s(who, cred, method) -> None """ msgid = self.bind(who,cred,method) return self.result(msgid,all=1,timeout=self.timeout) def sasl_interactive_bind_s(self,who,auth,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET): """ sasl_interactive_bind_s(who, auth [,serverctrls=None[,clientctrls=None[,sasl_flags=ldap.SASL_QUIET]]]) -> None """ return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags) def sasl_non_interactive_bind_s(self,sasl_mech,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET,authz_id=''): """ Send a SASL bind request using a non-interactive SASL method (e.g. GSSAPI, EXTERNAL) """ auth = ldap.sasl.sasl( {ldap.sasl.CB_USER:authz_id}, sasl_mech ) self.sasl_interactive_bind_s('',auth,serverctrls,clientctrls,sasl_flags) def sasl_external_bind_s(self,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET,authz_id=''): """ Send SASL bind request using SASL mech EXTERNAL """ self.sasl_non_interactive_bind_s('EXTERNAL',serverctrls,clientctrls,sasl_flags,authz_id) def sasl_gssapi_bind_s(self,serverctrls=None,clientctrls=None,sasl_flags=ldap.SASL_QUIET,authz_id=''): """ Send SASL bind request using SASL mech GSSAPI """ self.sasl_non_interactive_bind_s('GSSAPI',serverctrls,clientctrls,sasl_flags,authz_id) def sasl_bind_s(self,dn,mechanism,cred,serverctrls=None,clientctrls=None): """ sasl_bind_s(dn, mechanism, cred [,serverctrls=None[,clientctrls=None]]) -> int|str """ return self._ldap_call(self._l.sasl_bind_s,dn,mechanism,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) def compare_ext(self,dn,attr,value,serverctrls=None,clientctrls=None): """ compare_ext(dn, attr, value [,serverctrls=None[,clientctrls=None]]) -> int compare_ext_s(dn, attr, value [,serverctrls=None[,clientctrls=None]]) -> bool compare(dn, attr, value) -> int compare_s(dn, attr, value) -> bool Perform an LDAP comparison between the attribute named attr of entry dn, and the value value. The synchronous form returns True or False. The asynchronous form returns the message id of the initiates request, and the result of the asynchronous compare can be obtained using result(). Note that this latter technique yields the answer by raising the exception objects COMPARE_TRUE or COMPARE_FALSE. A design bug in the library prevents value from containing nul characters. """ return self._ldap_call(self._l.compare_ext,dn,attr,value,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) def compare_ext_s(self,dn,attr,value,serverctrls=None,clientctrls=None): msgid = self.compare_ext(dn,attr,value,serverctrls,clientctrls) try: ldap_res = self.result3(msgid,all=1,timeout=self.timeout) except ldap.COMPARE_TRUE: return True except ldap.COMPARE_FALSE: return False raise ldap.PROTOCOL_ERROR( f'Compare operation returned wrong result: {ldap_res!r}' ) def compare(self,dn,attr,value): return self.compare_ext(dn,attr,value,None,None) def compare_s(self,dn,attr,value): return self.compare_ext_s(dn,attr,value,None,None) def delete_ext(self,dn,serverctrls=None,clientctrls=None): """ delete(dn) -> int delete_s(dn) -> None delete_ext(dn[,serverctrls=None[,clientctrls=None]]) -> int delete_ext_s(dn[,serverctrls=None[,clientctrls=None]]) -> tuple Performs an LDAP delete operation on dn. The asynchronous form returns the message id of the initiated request, and the result can be obtained from a subsequent call to result(). """ return self._ldap_call(self._l.delete_ext,dn,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) def delete_ext_s(self,dn,serverctrls=None,clientctrls=None): msgid = self.delete_ext(dn,serverctrls,clientctrls) resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) return resp_type, resp_data, resp_msgid, resp_ctrls def delete(self,dn): return self.delete_ext(dn,None,None) def delete_s(self,dn): return self.delete_ext_s(dn,None,None) def extop(self,extreq,serverctrls=None,clientctrls=None): """ extop(extreq[,serverctrls=None[,clientctrls=None]]]) -> int extop_s(extreq[,serverctrls=None[,clientctrls=None[,extop_resp_class=None]]]]) -> (respoid,respvalue) Performs an LDAP extended operation. The asynchronous form returns the message id of the initiated request, and the result can be obtained from a subsequent call to extop_result(). The extreq is an instance of class ldap.extop.ExtendedRequest. If argument extop_resp_class is set to a sub-class of ldap.extop.ExtendedResponse this class is used to return an object of this class instead of a raw BER value in respvalue. """ return self._ldap_call(self._l.extop,extreq.requestName,extreq.encodedRequestValue(),RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) def extop_result(self,msgid=ldap.RES_ANY,all=1,timeout=None): resulttype,msg,msgid,respctrls,respoid,respvalue = self.result4(msgid,all=1,timeout=self.timeout,add_ctrls=1,add_intermediates=1,add_extop=1) return (respoid,respvalue) def extop_s(self,extreq,serverctrls=None,clientctrls=None,extop_resp_class=None): msgid = self.extop(extreq,serverctrls,clientctrls) res = self.extop_result(msgid,all=1,timeout=self.timeout) if extop_resp_class: respoid,respvalue = res if extop_resp_class.responseName!=respoid: raise ldap.PROTOCOL_ERROR(f"Wrong OID in extended response! Expected {extop_resp_class.responseName}, got {respoid}") return extop_resp_class(extop_resp_class.responseName,respvalue) else: return res def modify_ext(self,dn,modlist,serverctrls=None,clientctrls=None): """ modify_ext(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> int """ return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) def modify_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None): msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls) resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) return resp_type, resp_data, resp_msgid, resp_ctrls def modify(self,dn,modlist): """ modify(dn, modlist) -> int modify_s(dn, modlist) -> None modify_ext(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> int modify_ext_s(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> tuple Performs an LDAP modify operation on an entry's attributes. dn is the DN of the entry to modify, and modlist is the list of modifications to make to the entry. Each element of the list modlist should be a tuple of the form (mod_op,mod_type,mod_vals), where mod_op is the operation (one of MOD_ADD, MOD_DELETE, MOD_INCREMENT or MOD_REPLACE), mod_type is a string indicating the attribute type name, and mod_vals is either a string value or a list of string values to add, delete, increment by or replace respectively. For the delete operation, mod_vals may be None indicating that all attributes are to be deleted. The asynchronous modify() returns the message id of the initiated request. """ return self.modify_ext(dn,modlist,None,None) def modify_s(self,dn,modlist): return self.modify_ext_s(dn,modlist,None,None) def modrdn(self,dn,newrdn,delold=1): """ modrdn(dn, newrdn [,delold=1]) -> int modrdn_s(dn, newrdn [,delold=1]) -> None Perform a modify RDN operation. These routines take dn, the DN of the entry whose RDN is to be changed, and newrdn, the new RDN to give to the entry. The optional parameter delold is used to specify whether the old RDN should be kept as an attribute of the entry or not. The asynchronous version returns the initiated message id. This operation is emulated by rename() and rename_s() methods since the modrdn2* routines in the C library are deprecated. """ return self.rename(dn,newrdn,None,delold) def modrdn_s(self,dn,newrdn,delold=1): return self.rename_s(dn,newrdn,None,delold) def passwd(self,user,oldpw,newpw,serverctrls=None,clientctrls=None): return self._ldap_call(self._l.passwd,user,oldpw,newpw,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) def passwd_s(self, user, oldpw, newpw, serverctrls=None, clientctrls=None, extract_newpw=False): msgid = self.passwd(user, oldpw, newpw, serverctrls, clientctrls) respoid, respvalue = self.extop_result(msgid, all=1, timeout=self.timeout) if respoid != PasswordModifyResponse.responseName: raise ldap.PROTOCOL_ERROR("Unexpected OID %s in extended response!" % respoid) if extract_newpw and respvalue: respvalue = PasswordModifyResponse(PasswordModifyResponse.responseName, respvalue) return respoid, respvalue def rename(self,dn,newrdn,newsuperior=None,delold=1,serverctrls=None,clientctrls=None): """ rename(dn, newrdn [, newsuperior=None [,delold=1][,serverctrls=None[,clientctrls=None]]]) -> int rename_s(dn, newrdn [, newsuperior=None] [,delold=1][,serverctrls=None[,clientctrls=None]]) -> None Perform a rename entry operation. These routines take dn, the DN of the entry whose RDN is to be changed, newrdn, the new RDN, and newsuperior, the new parent DN, to give to the entry. If newsuperior is None then only the RDN is modified. The optional parameter delold is used to specify whether the old RDN should be kept as an attribute of the entry or not. The asynchronous version returns the initiated message id. This actually corresponds to the rename* routines in the LDAP-EXT C API library. """ return self._ldap_call(self._l.rename,dn,newrdn,newsuperior,delold,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) def rename_s(self,dn,newrdn,newsuperior=None,delold=1,serverctrls=None,clientctrls=None): msgid = self.rename(dn,newrdn,newsuperior,delold,serverctrls,clientctrls) resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) return resp_type, resp_data, resp_msgid, resp_ctrls def result(self,msgid=ldap.RES_ANY,all=1,timeout=None): """ result([msgid=RES_ANY [,all=1 [,timeout=None]]]) -> (result_type, result_data) This method is used to wait for and return the result of an operation previously initiated by one of the LDAP asynchronous operation routines (e.g. search(), modify(), etc.) They all returned an invocation identifier (a message id) upon successful initiation of their operation. This id is guaranteed to be unique across an LDAP session, and can be used to request the result of a specific operation via the msgid parameter of the result() method. If the result of a specific operation is required, msgid should be set to the invocation message id returned when the operation was initiated; otherwise RES_ANY should be supplied. The all parameter only has meaning for search() responses and is used to select whether a single entry of the search response should be returned, or to wait for all the results of the search before returning. A search response is made up of zero or more search entries followed by a search result. If all is 0, search entries will be returned one at a time as they come in, via separate calls to result(). If all is 1, the search response will be returned in its entirety, i.e. after all entries and the final search result have been received. For all set to 0, result tuples trickle in (with the same message id), and with the result type RES_SEARCH_ENTRY, until the final result which has a result type of RES_SEARCH_RESULT and a (usually) empty data field. When all is set to 1, only one result is returned, with a result type of RES_SEARCH_RESULT, and all the result tuples listed in the data field. The method returns a tuple of the form (result_type, result_data). The result_type is one of the constants RES_*. See search() for a description of the search result's result_data, otherwise the result_data is normally meaningless. The result() method will block for timeout seconds, or indefinitely if timeout is negative. A timeout of 0 will effect a poll. The timeout can be expressed as a floating-point value. If timeout is None the default in self.timeout is used. If a timeout occurs, a TIMEOUT exception is raised, unless polling (timeout = 0), in which case (None, None) is returned. """ resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout) return resp_type, resp_data def result2(self,msgid=ldap.RES_ANY,all=1,timeout=None): resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout) return resp_type, resp_data, resp_msgid def result3(self,msgid=ldap.RES_ANY,all=1,timeout=None,resp_ctrl_classes=None): resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4( msgid,all,timeout, add_ctrls=0,add_intermediates=0,add_extop=0, resp_ctrl_classes=resp_ctrl_classes ) return resp_type, resp_data, resp_msgid, decoded_resp_ctrls def result4(self,msgid=ldap.RES_ANY,all=1,timeout=None,add_ctrls=0,add_intermediates=0,add_extop=0,resp_ctrl_classes=None): if timeout is None: timeout = self.timeout ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) if ldap_result is None: resp_type, resp_data, resp_msgid, resp_ctrls, resp_name, resp_value = (None,None,None,None,None,None) else: if len(ldap_result)==4: resp_type, resp_data, resp_msgid, resp_ctrls = ldap_result resp_name, resp_value = None,None else: resp_type, resp_data, resp_msgid, resp_ctrls, resp_name, resp_value = ldap_result if add_ctrls: resp_data = [ (t,r,DecodeControlTuples(c,resp_ctrl_classes)) for t,r,c in resp_data ] decoded_resp_ctrls = DecodeControlTuples(resp_ctrls,resp_ctrl_classes) return resp_type, resp_data, resp_msgid, decoded_resp_ctrls, resp_name, resp_value def search_ext(self,base,scope,filterstr=None,attrlist=None,attrsonly=0,serverctrls=None,clientctrls=None,timeout=-1,sizelimit=0): """ search(base, scope [,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0]]]) -> int search_s(base, scope [,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0]]]) search_st(base, scope [,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0 [,timeout=-1]]]]) search_ext(base,scope,[,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0 [,serverctrls=None [,clientctrls=None [,timeout=-1 [,sizelimit=0]]]]]]]) search_ext_s(base,scope,[,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0 [,serverctrls=None [,clientctrls=None [,timeout=-1 [,sizelimit=0]]]]]]]) Perform an LDAP search operation, with base as the DN of the entry at which to start the search, scope being one of SCOPE_BASE (to search the object itself), SCOPE_ONELEVEL (to search the object's immediate children), or SCOPE_SUBTREE (to search the object and all its descendants). filter is a string representation of the filter to apply in the search (see RFC 4515). Each result tuple is of the form (dn,entry), where dn is a string containing the DN (distinguished name) of the entry, and entry is a dictionary containing the attributes. Attributes types are used as string dictionary keys and attribute values are stored in a list as dictionary value. The DN in dn is extracted using the underlying ldap_get_dn(), which may raise an exception of the DN is malformed. If attrsonly is non-zero, the values of attrs will be meaningless (they are not transmitted in the result). The retrieved attributes can be limited with the attrlist parameter. If attrlist is None, all the attributes of each entry are returned. serverctrls=None clientctrls=None The synchronous form with timeout, search_st() or search_ext_s(), will block for at most timeout seconds (or indefinitely if timeout is negative). A TIMEOUT exception is raised if no result is received within the time. The amount of search results retrieved can be limited with the sizelimit parameter if non-zero. """ if filterstr is None: filterstr = '(objectClass=*)' return self._ldap_call( self._l.search_ext, base,scope,filterstr, attrlist,attrsonly, RequestControlTuples(serverctrls), RequestControlTuples(clientctrls), timeout,sizelimit, ) def search_ext_s(self,base,scope,filterstr=None,attrlist=None,attrsonly=0,serverctrls=None,clientctrls=None,timeout=-1,sizelimit=0): msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit) return self.result(msgid,all=1,timeout=timeout)[1] def search(self,base,scope,filterstr=None,attrlist=None,attrsonly=0): return self.search_ext(base,scope,filterstr,attrlist,attrsonly,None,None) def search_s(self,base,scope,filterstr=None,attrlist=None,attrsonly=0): return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout) def search_st(self,base,scope,filterstr=None,attrlist=None,attrsonly=0,timeout=-1): return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout) def start_tls_s(self): """ start_tls_s() -> None Negotiate TLS with server. The `version' attribute must have been set to VERSION3 before calling start_tls_s. If TLS could not be started an exception will be raised. """ return self._ldap_call(self._l.start_tls_s) def unbind_ext(self,serverctrls=None,clientctrls=None): """ unbind() -> int unbind_s() -> None unbind_ext() -> int unbind_ext_s() -> None This call is used to unbind from the directory, terminate the current association, and free resources. Once called, the connection to the LDAP server is closed and the LDAP object is invalid. Further invocation of methods on the object will yield an exception. The unbind and unbind_s methods are identical, and are synchronous in nature """ res = self._ldap_call(self._l.unbind_ext,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) try: del self._l except AttributeError: pass return res def unbind_ext_s(self,serverctrls=None,clientctrls=None): msgid = self.unbind_ext(serverctrls,clientctrls) if msgid!=None: result = self.result3(msgid,all=1,timeout=self.timeout) else: result = None if __debug__ and self._trace_level>=1: try: self._trace_file.flush() except AttributeError: pass return result def unbind(self): return self.unbind_ext(None,None) def unbind_s(self): return self.unbind_ext_s(None,None) def whoami_s(self,serverctrls=None,clientctrls=None): return self._ldap_call(self._l.whoami_s,serverctrls,clientctrls) def get_option(self,option): result = self._ldap_call(self._l.get_option,option) if option==ldap.OPT_SERVER_CONTROLS or option==ldap.OPT_CLIENT_CONTROLS: result = DecodeControlTuples(result) return result def set_option(self,option,invalue): if option==ldap.OPT_SERVER_CONTROLS or option==ldap.OPT_CLIENT_CONTROLS: invalue = RequestControlTuples(invalue) return self._ldap_call(self._l.set_option,option,invalue) def search_subschemasubentry_s(self,dn=None): """ Returns the distinguished name of the sub schema sub entry for a part of a DIT specified by dn. None as result indicates that the DN of the sub schema sub entry could not be determined. Returns: None or text/bytes depending on bytes_mode. """ empty_dn = '' attrname = 'subschemaSubentry' if dn is None: dn = empty_dn try: r = self.search_s( dn,ldap.SCOPE_BASE,None,[attrname] ) except (ldap.NO_SUCH_OBJECT,ldap.NO_SUCH_ATTRIBUTE,ldap.INSUFFICIENT_ACCESS): r = [] except ldap.UNDEFINED_TYPE: return None try: if r: e = ldap.cidict.cidict(r[0][1]) search_subschemasubentry_dn = e.get(attrname,[None])[0] if search_subschemasubentry_dn is None: if dn: # Try to find sub schema sub entry in root DSE return self.search_subschemasubentry_s(dn=empty_dn) else: # If dn was already root DSE we can return here return None else: if search_subschemasubentry_dn is not None: return search_subschemasubentry_dn.decode('utf-8') except IndexError: return None def read_s(self,dn,filterstr=None,attrlist=None,serverctrls=None,clientctrls=None,timeout=-1): """ Reads and returns a single entry specified by `dn'. Other attributes just like those passed to `search_ext_s()' """ r = self.search_ext_s( dn, ldap.SCOPE_BASE, filterstr, attrlist=attrlist, serverctrls=serverctrls, clientctrls=clientctrls, timeout=timeout, ) if r: return r[0][1] else: return None def read_subschemasubentry_s(self,subschemasubentry_dn,attrs=None): """ Returns the sub schema sub entry's data """ filterstr = '(objectClass=subschema)' if attrs is None: attrs = SCHEMA_ATTRS try: subschemasubentry = self.read_s( subschemasubentry_dn, filterstr=filterstr, attrlist=attrs ) except ldap.NO_SUCH_OBJECT: return None else: return subschemasubentry def find_unique_entry(self,base,scope=ldap.SCOPE_SUBTREE,filterstr=None,attrlist=None,attrsonly=0,serverctrls=None,clientctrls=None,timeout=-1): """ Returns a unique entry, raises exception if not unique """ r = self.search_ext_s( base, scope, filterstr, attrlist=attrlist, attrsonly=attrsonly, serverctrls=serverctrls, clientctrls=clientctrls, timeout=timeout, sizelimit=2, ) if len(r)!=1: raise NO_UNIQUE_ENTRY('No or non-unique search result for %s' % (repr(filterstr))) return r[0] def read_rootdse_s(self, filterstr=None, attrlist=None): """ convenience wrapper around read_s() for reading rootDSE """ base = '' attrlist = attrlist or ['*', '+'] ldap_rootdse = self.read_s( base, filterstr=filterstr, attrlist=attrlist, ) return ldap_rootdse # read_rootdse_s() def get_naming_contexts(self): """ returns all attribute values of namingContexts in rootDSE if namingContexts is not present (not readable) then empty list is returned """ name = 'namingContexts' return self.read_rootdse_s( attrlist=[name] ).get(name, []) class ReconnectLDAPObject(SimpleLDAPObject): """ :py:class:`SimpleLDAPObject` subclass whose synchronous request methods automatically reconnect and re-try in case of server failure (:exc:`ldap.SERVER_DOWN`). The first arguments are same as for the :py:func:`~ldap.initialize()` function. For automatic reconnects it has additional arguments: * retry_max: specifies the number of reconnect attempts before re-raising the :py:exc:`ldap.SERVER_DOWN` exception. * retry_delay: specifies the time in seconds between reconnect attempts. This class also implements the pickle protocol. """ __transient_attrs__ = { '_l', '_ldap_object_lock', '_trace_file', '_reconnect_lock', '_last_bind', } def __init__( self,uri, trace_level=0,trace_file=None,trace_stack_limit=5,bytes_mode=None, bytes_strictness=None, retry_max=1, retry_delay=60.0, fileno=None ): """ Parameters like SimpleLDAPObject.__init__() with these additional arguments: retry_max Maximum count of reconnect trials retry_delay Time span to wait between two reconnect trials """ self._uri = uri self._options = [] self._last_bind = None SimpleLDAPObject.__init__(self, uri, trace_level, trace_file, trace_stack_limit, bytes_mode, bytes_strictness=bytes_strictness, fileno=fileno) self._reconnect_lock = ldap.LDAPLock(desc='reconnect lock within %s' % (repr(self))) self._retry_max = retry_max self._retry_delay = retry_delay self._start_tls = 0 self._reconnects_done = 0 def __getstate__(self): """return data representation for pickled object""" state = { k: v for k,v in self.__dict__.items() if k not in self.__transient_attrs__ } state['_last_bind'] = self._last_bind[0].__name__, self._last_bind[1], self._last_bind[2] return state def __setstate__(self,d): """set up the object from pickled data""" hardfail = d.get('bytes_mode_hardfail') if hardfail: d.setdefault('bytes_strictness', 'error') else: d.setdefault('bytes_strictness', 'warn') self.__dict__.update(d) self._last_bind = getattr(SimpleLDAPObject, self._last_bind[0]), self._last_bind[1], self._last_bind[2] self._ldap_object_lock = self._ldap_lock() self._reconnect_lock = ldap.LDAPLock(desc='reconnect lock within %s' % (repr(self))) # XXX cannot pickle file, use default trace file self._trace_file = ldap._trace_file self.reconnect(self._uri,force=True) def _store_last_bind(self,_method,*args,**kwargs): self._last_bind = (_method,args,kwargs) def _apply_last_bind(self): if self._last_bind!=None: func,args,kwargs = self._last_bind func(self,*args,**kwargs) else: # Send explicit anon simple bind request to provoke ldap.SERVER_DOWN in method reconnect() SimpleLDAPObject.simple_bind_s(self, None, None) def _restore_options(self): """Restore all recorded options""" for k,v in self._options: SimpleLDAPObject.set_option(self,k,v) def passwd_s(self,*args,**kwargs): return self._apply_method_s(SimpleLDAPObject.passwd_s,*args,**kwargs) def reconnect(self,uri,retry_max=1,retry_delay=60.0,force=True): # Drop and clean up old connection completely # Reconnect self._reconnect_lock.acquire() try: if hasattr(self,'_l'): if force: SimpleLDAPObject.unbind_s(self) else: return reconnect_counter = retry_max while reconnect_counter: counter_text = '%d. (of %d)' % (retry_max-reconnect_counter+1,retry_max) if __debug__ and self._trace_level>=1: self._trace_file.write('*** Trying {} reconnect to {}...\n'.format( counter_text,uri )) try: try: # Do the connect self._l = ldap.functions._ldap_function_call(ldap._ldap_module_lock,_ldap.initialize,uri) self._restore_options() # StartTLS extended operation in case this was called before if self._start_tls: SimpleLDAPObject.start_tls_s(self) # Repeat last simple or SASL bind self._apply_last_bind() except ldap.LDAPError: SimpleLDAPObject.unbind_s(self) raise except (ldap.SERVER_DOWN,ldap.TIMEOUT): if __debug__ and self._trace_level>=1: self._trace_file.write('*** {} reconnect to {} failed\n'.format( counter_text,uri )) reconnect_counter = reconnect_counter-1 if not reconnect_counter: raise if __debug__ and self._trace_level>=1: self._trace_file.write('=> delay %s...\n' % (retry_delay)) time.sleep(retry_delay) else: if __debug__ and self._trace_level>=1: self._trace_file.write('*** {} reconnect to {} successful => repeat last operation\n'.format( counter_text,uri )) self._reconnects_done = self._reconnects_done + 1 break finally: self._reconnect_lock.release() return # reconnect() def _apply_method_s(self,func,*args,**kwargs): self.reconnect(self._uri,retry_max=self._retry_max,retry_delay=self._retry_delay,force=False) try: return func(self,*args,**kwargs) except ldap.SERVER_DOWN: # Try to reconnect self.reconnect(self._uri,retry_max=self._retry_max,retry_delay=self._retry_delay,force=True) # Re-try last operation return func(self,*args,**kwargs) def set_option(self,option,invalue): self._options.append((option,invalue)) return SimpleLDAPObject.set_option(self,option,invalue) def bind_s(self,*args,**kwargs): res = self._apply_method_s(SimpleLDAPObject.bind_s,*args,**kwargs) self._store_last_bind(SimpleLDAPObject.bind_s,*args,**kwargs) return res def simple_bind_s(self,*args,**kwargs): res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs) self._store_last_bind(SimpleLDAPObject.simple_bind_s,*args,**kwargs) return res def start_tls_s(self,*args,**kwargs): res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs) self._start_tls = 1 return res def sasl_interactive_bind_s(self,*args,**kwargs): """ sasl_interactive_bind_s(who, auth) -> None """ res = self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs) self._store_last_bind(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs) return res def sasl_bind_s(self,*args,**kwargs): res = self._apply_method_s(SimpleLDAPObject.sasl_bind_s,*args,**kwargs) self._store_last_bind(SimpleLDAPObject.sasl_bind_s,*args,**kwargs) return res def add_ext_s(self,*args,**kwargs): return self._apply_method_s(SimpleLDAPObject.add_ext_s,*args,**kwargs) def cancel_s(self,*args,**kwargs): return self._apply_method_s(SimpleLDAPObject.cancel_s,*args,**kwargs) def compare_ext_s(self,*args,**kwargs): return self._apply_method_s(SimpleLDAPObject.compare_ext_s,*args,**kwargs) def delete_ext_s(self,*args,**kwargs): return self._apply_method_s(SimpleLDAPObject.delete_ext_s,*args,**kwargs) def extop_s(self,*args,**kwargs): return self._apply_method_s(SimpleLDAPObject.extop_s,*args,**kwargs) def modify_ext_s(self,*args,**kwargs): return self._apply_method_s(SimpleLDAPObject.modify_ext_s,*args,**kwargs) def rename_s(self,*args,**kwargs): return self._apply_method_s(SimpleLDAPObject.rename_s,*args,**kwargs) def search_ext_s(self,*args,**kwargs): return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs) def whoami_s(self,*args,**kwargs): return self._apply_method_s(SimpleLDAPObject.whoami_s,*args,**kwargs) # The class called LDAPObject will be used as default for # ldap.open() and ldap.initialize() LDAPObject = SimpleLDAPObject ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/logger.py0000644000175000017500000000054414521037673017523 0ustar00spichugispichugi""" Helper class for using logging as trace file object """ import logging class logging_file_class: def __init__(self, logging_level): self._logging_level = logging_level def write(self, msg): logging.log(self._logging_level, msg[:-1]) def flush(self): return logging_file_obj = logging_file_class(logging.DEBUG) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/modlist.py0000644000175000017500000000671214521037673017722 0ustar00spichugispichugi""" ldap.modlist - create add/modify modlist's See https://www.python-ldap.org/ for details. """ from ldap import __version__ import ldap def addModlist(entry,ignore_attr_types=None): """Build modify list for call of method LDAPObject.add()""" ignore_attr_types = {v.lower() for v in ignore_attr_types or []} modlist = [] for attrtype, value in entry.items(): if attrtype.lower() in ignore_attr_types: # This attribute type is ignored continue # Eliminate empty attr value strings in list attrvaluelist = [item for item in value if item is not None] if attrvaluelist: modlist.append((attrtype, value)) return modlist # addModlist() def modifyModlist( old_entry,new_entry,ignore_attr_types=None,ignore_oldexistent=0,case_ignore_attr_types=None ): """ Build differential modify list for calling LDAPObject.modify()/modify_s() old_entry Dictionary holding the old entry new_entry Dictionary holding what the new entry should be ignore_attr_types List of attribute type names to be ignored completely ignore_oldexistent If non-zero attribute type names which are in old_entry but are not found in new_entry at all are not deleted. This is handy for situations where your application sets attribute value to '' for deleting an attribute. In most cases leave zero. case_ignore_attr_types List of attribute type names for which comparison will be made case-insensitive """ ignore_attr_types = {v.lower() for v in ignore_attr_types or []} case_ignore_attr_types = {v.lower() for v in case_ignore_attr_types or []} modlist = [] attrtype_lower_map = {} for a in old_entry: attrtype_lower_map[a.lower()]=a for attrtype, value in new_entry.items(): attrtype_lower = attrtype.lower() if attrtype_lower in ignore_attr_types: # This attribute type is ignored continue # Filter away null-strings new_value = [item for item in value if item is not None] if attrtype_lower in attrtype_lower_map: old_value = old_entry.get(attrtype_lower_map[attrtype_lower],[]) old_value = [item for item in old_value if item is not None] del attrtype_lower_map[attrtype_lower] else: old_value = [] if not old_value and new_value: # Add a new attribute to entry modlist.append((ldap.MOD_ADD,attrtype,new_value)) elif old_value and new_value: # Replace existing attribute replace_attr_value = len(old_value)!=len(new_value) if not replace_attr_value: if attrtype_lower in case_ignore_attr_types: old_value_set = {v.lower() for v in old_value} new_value_set = {v.lower() for v in new_value} else: old_value_set = set(old_value) new_value_set = set(new_value) replace_attr_value = new_value_set != old_value_set if replace_attr_value: modlist.append((ldap.MOD_DELETE,attrtype,None)) modlist.append((ldap.MOD_ADD,attrtype,new_value)) elif old_value and not new_value: # Completely delete an existing attribute modlist.append((ldap.MOD_DELETE,attrtype,None)) if not ignore_oldexistent: # Remove all attributes of old_entry which are not present # in new_entry at all for a, val in attrtype_lower_map.items(): if a in ignore_attr_types: # This attribute type is ignored continue attrtype = val modlist.append((ldap.MOD_DELETE,attrtype,None)) return modlist # modifyModlist() ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253016.0 python-ldap-3.4.4/Lib/ldap/pkginfo.py0000644000175000017500000000024314525746530017700 0ustar00spichugispichugi""" meta attributes for packaging which does not import any dependencies """ __version__ = '3.4.4' __author__ = 'python-ldap project' __license__ = 'Python style' ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/resiter.py0000644000175000017500000000233314521037673017717 0ustar00spichugispichugi""" ldap.resiter - processing LDAP results with iterators See https://www.python-ldap.org/ for details. """ from ldap.pkginfo import __version__, __author__, __license__ class ResultProcessor: """ Mix-in class used with ldap.ldapopbject.LDAPObject or derived classes. """ def allresults(self, msgid, timeout=-1, add_ctrls=0): """ Generator function which returns an iterator for processing all LDAP operation results of the given msgid like retrieved with LDAPObject.result3() -> 4-tuple """ result_type, result_list, result_msgid, result_serverctrls, _, _ = \ self.result4( msgid, 0, timeout, add_ctrls=add_ctrls ) while result_type and result_list: yield ( result_type, result_list, result_msgid, result_serverctrls ) result_type, result_list, result_msgid, result_serverctrls, _, _ = \ self.result4( msgid, 0, timeout, add_ctrls=add_ctrls ) return # allresults() ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/sasl.py0000644000175000017500000001043514521037673017206 0ustar00spichugispichugi""" sasl.py - support for SASL mechanism See https://www.python-ldap.org/ for details. Description: The ldap.sasl module provides SASL authentication classes. Each class provides support for one SASL mechanism. This is done by implementing a callback() - method, which will be called by the LDAPObject's sasl_bind_s() method Implementing support for new sasl mechanism is very easy --- see the examples of digest_md5 and gssapi. """ from ldap import __version__ if __debug__: # Tracing is only supported in debugging mode from ldap import _trace_level, _trace_file # These are the SASL callback id's , as defined in sasl.h CB_USER = 0x4001 CB_AUTHNAME = 0x4002 CB_LANGUAGE = 0x4003 CB_PASS = 0x4004 CB_ECHOPROMPT = 0x4005 CB_NOECHOPROMPT = 0x4006 CB_GETREALM = 0x4008 class sasl: """ This class handles SASL interactions for authentication. If an instance of this class is passed to ldap's sasl_bind_s() method, the library will call its callback() method. For specific SASL authentication mechanisms, this method can be overridden """ def __init__(self, cb_value_dict, mech): """ The (generic) base class takes a cb_value_dictionary of question-answer pairs. Questions are specified by the respective SASL callback id's. The mech argument is a string that specifies the SASL mechaninsm to be uesd. """ self.cb_value_dict = cb_value_dict or {} if not isinstance(mech, bytes): mech = mech.encode('utf-8') self.mech = mech def callback(self, cb_id, challenge, prompt, defresult): """ The callback method will be called by the sasl_bind_s() method several times. Each time it will provide the id, which tells us what kind of information is requested (the CB_* constants above). The challenge might be a short (English) text or some binary string, from which the return value is calculated. The prompt argument is always a human-readable description string; The defresult is a default value provided by the sasl library Currently, we do not use the challenge and prompt information, and return only information which is stored in the self.cb_value_dict cb_value_dictionary. Note that the current callback interface is not very useful for writing generic sasl GUIs, which would need to know all the questions to ask, before the answers are returned to the sasl lib (in contrast to one question at a time). Unicode strings are always converted to bytes. """ # The following print command might be useful for debugging # new sasl mechanisms. So it is left here cb_result = self.cb_value_dict.get(cb_id, defresult) or '' if __debug__: if _trace_level >= 1: _trace_file.write("*** id=%d, challenge=%s, prompt=%s, defresult=%s\n-> %s\n" % ( cb_id, challenge, prompt, repr(defresult), repr(self.cb_value_dict.get(cb_result)) )) if not isinstance(cb_result, bytes): cb_result = cb_result.encode('utf-8') return cb_result class cram_md5(sasl): """ This class handles SASL CRAM-MD5 authentication. """ def __init__(self, authc_id, password, authz_id=""): auth_dict = { CB_AUTHNAME: authc_id, CB_PASS: password, CB_USER: authz_id, } sasl.__init__(self, auth_dict, "CRAM-MD5") class digest_md5(sasl): """ This class handles SASL DIGEST-MD5 authentication. """ def __init__(self, authc_id, password, authz_id=""): auth_dict = { CB_AUTHNAME: authc_id, CB_PASS: password, CB_USER: authz_id, } sasl.__init__(self, auth_dict, "DIGEST-MD5") class gssapi(sasl): """ This class handles SASL GSSAPI (i.e. Kerberos V) authentication. """ def __init__(self, authz_id=""): sasl.__init__(self, {CB_USER: authz_id}, "GSSAPI") class external(sasl): """ This class handles SASL EXTERNAL authentication (i.e. X.509 client certificate) """ def __init__(self, authz_id=""): sasl.__init__(self, {CB_USER: authz_id}, "EXTERNAL") ././@PaxHeader0000000000000000000000000000003400000000000010212 xustar0028 mtime=1700253999.7772355 python-ldap-3.4.4/Lib/ldap/schema/0000755000175000017500000000000014525750460017127 5ustar00spichugispichugi././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/schema/__init__.py0000644000175000017500000000040714521037673021241 0ustar00spichugispichugi""" ldap.schema - LDAPv3 schema handling See https://www.python-ldap.org/ for details. """ from ldap import __version__ from ldap.schema.subentry import SubSchema,SCHEMA_ATTRS,SCHEMA_CLASS_MAPPING,SCHEMA_ATTR_MAPPING,urlfetch from ldap.schema.models import * ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/schema/models.py0000644000175000017500000004772614521037673021004 0ustar00spichugispichugi""" schema.py - support for subSchemaSubEntry information See https://www.python-ldap.org/ for details. """ import sys import ldap.cidict from collections import UserDict from ldap.schema.tokenizer import split_tokens,extract_tokens NOT_HUMAN_READABLE_LDAP_SYNTAXES = { '1.3.6.1.4.1.1466.115.121.1.4', # Audio '1.3.6.1.4.1.1466.115.121.1.5', # Binary '1.3.6.1.4.1.1466.115.121.1.8', # Certificate '1.3.6.1.4.1.1466.115.121.1.9', # Certificate List '1.3.6.1.4.1.1466.115.121.1.10', # Certificate Pair '1.3.6.1.4.1.1466.115.121.1.23', # G3 FAX '1.3.6.1.4.1.1466.115.121.1.28', # JPEG '1.3.6.1.4.1.1466.115.121.1.40', # Octet String '1.3.6.1.4.1.1466.115.121.1.49', # Supported Algorithm } class SchemaElement: """ Base class for all schema element classes. Not used directly! Arguments: schema_element_str String which contains the schema element description to be parsed. (Bytestrings are decoded using UTF-8) Class attributes: schema_attribute LDAP attribute type containing a certain schema element description token_defaults Dictionary internally used by the schema element parser containing the defaults for certain schema description key-words """ token_defaults = { 'DESC':(None,), } def __init__(self,schema_element_str=None): if isinstance(schema_element_str, bytes): schema_element_str = schema_element_str.decode('utf-8') if schema_element_str: l = split_tokens(schema_element_str) self.set_id(l[1]) d = extract_tokens(l,self.token_defaults) self._set_attrs(l,d) def _set_attrs(self,l,d): self.desc = d['DESC'][0] return def set_id(self,element_id): self.oid = element_id def get_id(self): return self.oid def key_attr(self,key,value,quoted=0): assert value is None or type(value)==str,TypeError("value has to be of str, was %r" % value) if value: if quoted: return " {} '{}'".format(key,value.replace("'","\\'")) else: return f" {key} {value}" else: return "" def key_list(self,key,values,sep=' ',quoted=0): assert type(values)==tuple,TypeError("values has to be a tuple, was %r" % values) if not values: return '' if quoted: quoted_values = [ "'%s'" % value.replace("'","\\'") for value in values ] else: quoted_values = values if len(values)==1: return ' {} {}'.format(key,quoted_values[0]) else: return ' {} ( {} )'.format(key,sep.join(quoted_values)) def __str__(self): result = [str(self.oid)] result.append(self.key_attr('DESC',self.desc,quoted=1)) return '( %s )' % ''.join(result) class ObjectClass(SchemaElement): """ Arguments: schema_element_str String containing an ObjectClassDescription Class attributes: oid OID assigned to the object class names All NAMEs of the object class (tuple of strings) desc Description text (DESC) of the object class (string, or None if missing) obsolete Integer flag (0 or 1) indicating whether the object class is marked as OBSOLETE in the schema must NAMEs or OIDs of all attributes an entry of the object class must have (tuple of strings) may NAMEs or OIDs of additional attributes an entry of the object class may have (tuple of strings) kind Kind of an object class: 0 = STRUCTURAL, 1 = ABSTRACT, 2 = AUXILIARY sup NAMEs or OIDs of object classes this object class is derived from (tuple of strings) x_origin Value of the X-ORIGIN extension flag (tuple of strings) Although it's not official, X-ORIGIN is used in several LDAP server implementations to indicate the source of the associated schema element """ schema_attribute = 'objectClasses' token_defaults = { 'NAME':(()), 'DESC':(None,), 'OBSOLETE':None, 'SUP':(()), 'STRUCTURAL':None, 'AUXILIARY':None, 'ABSTRACT':None, 'MUST':(()), 'MAY':(), 'X-ORIGIN':() } def _set_attrs(self,l,d): self.obsolete = d['OBSOLETE']!=None self.names = d['NAME'] self.desc = d['DESC'][0] self.must = d['MUST'] self.may = d['MAY'] self.x_origin = d['X-ORIGIN'] # Default is STRUCTURAL, see RFC2552 or draft-ietf-ldapbis-syntaxes self.kind = 0 if d['ABSTRACT']!=None: self.kind = 1 elif d['AUXILIARY']!=None: self.kind = 2 if self.kind==0 and not d['SUP'] and self.oid!='2.5.6.0': # STRUCTURAL object classes are sub-classes of 'top' by default self.sup = ('top',) else: self.sup = d['SUP'] return def __str__(self): result = [str(self.oid)] result.append(self.key_list('NAME',self.names,quoted=1)) result.append(self.key_attr('DESC',self.desc,quoted=1)) result.append(self.key_list('SUP',self.sup,sep=' $ ')) result.append({0:'',1:' OBSOLETE'}[self.obsolete]) result.append({0:' STRUCTURAL',1:' ABSTRACT',2:' AUXILIARY'}[self.kind]) result.append(self.key_list('MUST',self.must,sep=' $ ')) result.append(self.key_list('MAY',self.may,sep=' $ ')) result.append(self.key_list('X-ORIGIN',self.x_origin,quoted=1)) return '( %s )' % ''.join(result) AttributeUsage = ldap.cidict.cidict({ 'userApplication':0, # work-around for non-compliant schema 'userApplications':0, 'directoryOperation':1, 'distributedOperation':2, 'dSAOperation':3, }) class AttributeType(SchemaElement): """ Arguments: schema_element_str String containing an AttributeTypeDescription Class attributes: oid OID assigned to the attribute type (string) names All NAMEs of the attribute type (tuple of strings) desc Description text (DESC) of the attribute type (string, or None if missing) obsolete Integer flag (0 or 1) indicating whether the attribute type is marked as OBSOLETE in the schema single_value Integer flag (0 or 1) indicating whether the attribute must have only one value syntax OID of the LDAP syntax assigned to the attribute type no_user_mod Integer flag (0 or 1) indicating whether the attribute is modifiable by a client application equality NAME or OID of the matching rule used for checking whether attribute values are equal (string, or None if missing) substr NAME or OID of the matching rule used for checking whether an attribute value contains another value (string, or None if missing) ordering NAME or OID of the matching rule used for checking whether attribute values are lesser-equal than (string, or None if missing) usage USAGE of an attribute type: 0 = userApplications 1 = directoryOperation, 2 = distributedOperation, 3 = dSAOperation sup NAMEs or OIDs of attribute types this attribute type is derived from (tuple of strings) x_origin Value of the X-ORIGIN extension flag (tuple of strings). Although it's not official, X-ORIGIN is used in several LDAP server implementations to indicate the source of the associated schema element """ schema_attribute = 'attributeTypes' token_defaults = { 'NAME':(()), 'DESC':(None,), 'OBSOLETE':None, 'SUP':(()), 'EQUALITY':(None,), 'ORDERING':(None,), 'SUBSTR':(None,), 'SYNTAX':(None,), 'SINGLE-VALUE':None, 'COLLECTIVE':None, 'NO-USER-MODIFICATION':None, 'USAGE':('userApplications',), 'X-ORIGIN':(), 'X-ORDERED':(None,), } def _set_attrs(self,l,d): self.names = d['NAME'] self.desc = d['DESC'][0] self.obsolete = d['OBSOLETE']!=None self.sup = d['SUP'] self.equality = d['EQUALITY'][0] self.ordering = d['ORDERING'][0] self.substr = d['SUBSTR'][0] self.x_origin = d['X-ORIGIN'] self.x_ordered = d['X-ORDERED'][0] try: syntax = d['SYNTAX'][0] except IndexError: self.syntax = None self.syntax_len = None else: if syntax is None: self.syntax = None self.syntax_len = None else: try: self.syntax,syntax_len = d['SYNTAX'][0].split("{") except ValueError: self.syntax = d['SYNTAX'][0] self.syntax_len = None for i in l: if i.startswith("{") and i.endswith("}"): self.syntax_len = int(i[1:-1]) else: self.syntax_len = int(syntax_len[:-1]) self.single_value = d['SINGLE-VALUE']!=None self.collective = d['COLLECTIVE']!=None self.no_user_mod = d['NO-USER-MODIFICATION']!=None self.usage = AttributeUsage.get(d['USAGE'][0],0) return def __str__(self): result = [str(self.oid)] result.append(self.key_list('NAME',self.names,quoted=1)) result.append(self.key_attr('DESC',self.desc,quoted=1)) result.append(self.key_list('SUP',self.sup,sep=' $ ')) result.append({0:'',1:' OBSOLETE'}[self.obsolete]) result.append(self.key_attr('EQUALITY',self.equality)) result.append(self.key_attr('ORDERING',self.ordering)) result.append(self.key_attr('SUBSTR',self.substr)) result.append(self.key_attr('SYNTAX',self.syntax)) if self.syntax_len!=None: result.append(('{%d}' % (self.syntax_len))*(self.syntax_len>0)) result.append({0:'',1:' SINGLE-VALUE'}[self.single_value]) result.append({0:'',1:' COLLECTIVE'}[self.collective]) result.append({0:'',1:' NO-USER-MODIFICATION'}[self.no_user_mod]) result.append( { 0:"", 1:" USAGE directoryOperation", 2:" USAGE distributedOperation", 3:" USAGE dSAOperation", }[self.usage] ) result.append(self.key_list('X-ORIGIN',self.x_origin,quoted=1)) result.append(self.key_attr('X-ORDERED',self.x_ordered,quoted=1)) return '( %s )' % ''.join(result) class LDAPSyntax(SchemaElement): """ SyntaxDescription oid OID assigned to the LDAP syntax desc Description text (DESC) of the LDAP syntax (string, or None if missing) not_human_readable Integer flag (0 or 1) indicating whether the attribute type is marked as not human-readable (X-NOT-HUMAN-READABLE) """ schema_attribute = 'ldapSyntaxes' token_defaults = { 'DESC':(None,), 'X-NOT-HUMAN-READABLE':(None,), 'X-BINARY-TRANSFER-REQUIRED':(None,), 'X-SUBST':(None,), } def _set_attrs(self,l,d): self.desc = d['DESC'][0] self.x_subst = d['X-SUBST'][0] self.not_human_readable = \ self.oid in NOT_HUMAN_READABLE_LDAP_SYNTAXES or \ d['X-NOT-HUMAN-READABLE'][0]=='TRUE' self.x_binary_transfer_required = d['X-BINARY-TRANSFER-REQUIRED'][0]=='TRUE' return def __str__(self): result = [str(self.oid)] result.append(self.key_attr('DESC',self.desc,quoted=1)) result.append(self.key_attr('X-SUBST',self.x_subst,quoted=1)) result.append( {0:'',1:" X-NOT-HUMAN-READABLE 'TRUE'"}[self.not_human_readable] ) return '( %s )' % ''.join(result) class MatchingRule(SchemaElement): """ Arguments: schema_element_str String containing an MatchingRuleDescription Class attributes: oid OID assigned to the matching rule names All NAMEs of the matching rule (tuple of strings) desc Description text (DESC) of the matching rule obsolete Integer flag (0 or 1) indicating whether the matching rule is marked as OBSOLETE in the schema syntax OID of the LDAP syntax this matching rule is usable with (string, or None if missing) """ schema_attribute = 'matchingRules' token_defaults = { 'NAME':(()), 'DESC':(None,), 'OBSOLETE':None, 'SYNTAX':(None,), } def _set_attrs(self,l,d): self.names = d['NAME'] self.desc = d['DESC'][0] self.obsolete = d['OBSOLETE']!=None self.syntax = d['SYNTAX'][0] return def __str__(self): result = [str(self.oid)] result.append(self.key_list('NAME',self.names,quoted=1)) result.append(self.key_attr('DESC',self.desc,quoted=1)) result.append({0:'',1:' OBSOLETE'}[self.obsolete]) result.append(self.key_attr('SYNTAX',self.syntax)) return '( %s )' % ''.join(result) class MatchingRuleUse(SchemaElement): """ Arguments: schema_element_str String containing an MatchingRuleUseDescription Class attributes: oid OID of the accompanying matching rule names All NAMEs of the matching rule (tuple of strings) desc Description text (DESC) of the matching rule (string, or None if missing) obsolete Integer flag (0 or 1) indicating whether the matching rule is marked as OBSOLETE in the schema applies NAMEs or OIDs of attribute types for which this matching rule is used (tuple of strings) """ schema_attribute = 'matchingRuleUse' token_defaults = { 'NAME':(()), 'DESC':(None,), 'OBSOLETE':None, 'APPLIES':(()), } def _set_attrs(self,l,d): self.names = d['NAME'] self.desc = d['DESC'][0] self.obsolete = d['OBSOLETE']!=None self.applies = d['APPLIES'] return def __str__(self): result = [str(self.oid)] result.append(self.key_list('NAME',self.names,quoted=1)) result.append(self.key_attr('DESC',self.desc,quoted=1)) result.append({0:'',1:' OBSOLETE'}[self.obsolete]) result.append(self.key_list('APPLIES',self.applies,sep=' $ ')) return '( %s )' % ''.join(result) class DITContentRule(SchemaElement): """ Arguments: schema_element_str String containing an DITContentRuleDescription Class attributes: oid OID of the accompanying structural object class names All NAMEs of the DIT content rule (tuple of strings) desc Description text (DESC) of the DIT content rule (string, or None if missing) obsolete Integer flag (0 or 1) indicating whether the DIT content rule is marked as OBSOLETE in the schema aux NAMEs or OIDs of all auxiliary object classes usable in an entry of the object class (tuple of strings) must NAMEs or OIDs of all attributes an entry of the object class must have, which may extend the list of required attributes of the object classes of an entry. (tuple of strings) may NAMEs or OIDs of additional attributes an entry of the object class may have. which may extend the list of optional attributes of the object classes of an entry. (tuple of strings) nots NAMEs or OIDs of attributes which may not be present in an entry of the object class. (tuple of strings) """ schema_attribute = 'dITContentRules' token_defaults = { 'NAME':(()), 'DESC':(None,), 'OBSOLETE':None, 'AUX':(()), 'MUST':(()), 'MAY':(()), 'NOT':(()), } def _set_attrs(self,l,d): self.names = d['NAME'] self.desc = d['DESC'][0] self.obsolete = d['OBSOLETE']!=None self.aux = d['AUX'] self.must = d['MUST'] self.may = d['MAY'] self.nots = d['NOT'] return def __str__(self): result = [str(self.oid)] result.append(self.key_list('NAME',self.names,quoted=1)) result.append(self.key_attr('DESC',self.desc,quoted=1)) result.append({0:'',1:' OBSOLETE'}[self.obsolete]) result.append(self.key_list('AUX',self.aux,sep=' $ ')) result.append(self.key_list('MUST',self.must,sep=' $ ')) result.append(self.key_list('MAY',self.may,sep=' $ ')) result.append(self.key_list('NOT',self.nots,sep=' $ ')) return '( %s )' % ''.join(result) class DITStructureRule(SchemaElement): """ Arguments: schema_element_str String containing an DITStructureRuleDescription Class attributes: ruleid rule ID of the DIT structure rule (only locally unique) names All NAMEs of the DIT structure rule (tuple of strings) desc Description text (DESC) of the DIT structure rule (string, or None if missing) obsolete Integer flag (0 or 1) indicating whether the DIT content rule is marked as OBSOLETE in the schema form NAMEs or OIDs of associated name forms (tuple of strings) sup NAMEs or OIDs of allowed structural object classes of superior entries in the DIT (tuple of strings) """ schema_attribute = 'dITStructureRules' token_defaults = { 'NAME':(()), 'DESC':(None,), 'OBSOLETE':None, 'FORM':(None,), 'SUP':(()), } def set_id(self,element_id): self.ruleid = element_id def get_id(self): return self.ruleid def _set_attrs(self,l,d): self.names = d['NAME'] self.desc = d['DESC'][0] self.obsolete = d['OBSOLETE']!=None self.form = d['FORM'][0] self.sup = d['SUP'] return def __str__(self): result = [str(self.ruleid)] result.append(self.key_list('NAME',self.names,quoted=1)) result.append(self.key_attr('DESC',self.desc,quoted=1)) result.append({0:'',1:' OBSOLETE'}[self.obsolete]) result.append(self.key_attr('FORM',self.form,quoted=0)) result.append(self.key_list('SUP',self.sup,sep=' $ ')) return '( %s )' % ''.join(result) class NameForm(SchemaElement): """ Arguments: schema_element_str String containing an NameFormDescription Class attributes: oid OID of the name form names All NAMEs of the name form (tuple of strings) desc Description text (DESC) of the name form (string, or None if missing) obsolete Integer flag (0 or 1) indicating whether the name form is marked as OBSOLETE in the schema form NAMEs or OIDs of associated name forms (tuple of strings) oc NAME or OID of structural object classes this name form is usable with (string) must NAMEs or OIDs of all attributes an RDN must contain (tuple of strings) may NAMEs or OIDs of additional attributes an RDN may contain (tuple of strings) """ schema_attribute = 'nameForms' token_defaults = { 'NAME':(()), 'DESC':(None,), 'OBSOLETE':None, 'OC':(None,), 'MUST':(()), 'MAY':(()), } def _set_attrs(self,l,d): self.names = d['NAME'] self.desc = d['DESC'][0] self.obsolete = d['OBSOLETE']!=None self.oc = d['OC'][0] self.must = d['MUST'] self.may = d['MAY'] return def __str__(self): result = [str(self.oid)] result.append(self.key_list('NAME',self.names,quoted=1)) result.append(self.key_attr('DESC',self.desc,quoted=1)) result.append({0:'',1:' OBSOLETE'}[self.obsolete]) result.append(self.key_attr('OC',self.oc)) result.append(self.key_list('MUST',self.must,sep=' $ ')) result.append(self.key_list('MAY',self.may,sep=' $ ')) return '( %s )' % ''.join(result) class Entry(UserDict): """ Schema-aware implementation of an LDAP entry class. Mainly it holds the attributes in a string-keyed dictionary with the OID as key. """ def __init__(self,schema,dn,entry): self._keytuple2attrtype = {} self._attrtype2keytuple = {} self._s = schema self.dn = dn super().__init__() self.update(entry) def _at2key(self,nameoroid): """ Return tuple of OID and all sub-types of attribute type specified in nameoroid. """ try: # Mapping already in cache return self._attrtype2keytuple[nameoroid] except KeyError: # Mapping has to be constructed oid = self._s.getoid(ldap.schema.AttributeType,nameoroid) l = nameoroid.lower().split(';') l[0] = oid t = tuple(l) self._attrtype2keytuple[nameoroid] = t return t def update(self,dict): for key, value in dict.items(): self[key] = value def __contains__(self,nameoroid): return self._at2key(nameoroid) in self.data def __getitem__(self,nameoroid): return self.data[self._at2key(nameoroid)] def __setitem__(self,nameoroid,attr_values): k = self._at2key(nameoroid) self._keytuple2attrtype[k] = nameoroid self.data[k] = attr_values def __delitem__(self,nameoroid): k = self._at2key(nameoroid) del self.data[k] del self._attrtype2keytuple[nameoroid] del self._keytuple2attrtype[k] def has_key(self,nameoroid): k = self._at2key(nameoroid) return k in self.data def keys(self): return self._keytuple2attrtype.values() def items(self): return [ (k,self[k]) for k in self.keys() ] def attribute_types( self,attr_type_filter=None,raise_keyerror=1 ): """ Convenience wrapper around SubSchema.attribute_types() which passes object classes of this particular entry as argument to SubSchema.attribute_types() """ return self._s.attribute_types( self.get('objectClass',[]),attr_type_filter,raise_keyerror ) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/schema/subentry.py0000644000175000017500000003722114521037673021361 0ustar00spichugispichugi""" ldap.schema.subentry - subschema subentry handling See https://www.python-ldap.org/ for details. """ import copy from urllib.request import urlopen import ldap.cidict,ldap.schema from ldap.schema.models import * import ldapurl import ldif SCHEMA_CLASS_MAPPING = ldap.cidict.cidict() SCHEMA_ATTR_MAPPING = {} for o in list(vars().values()): if hasattr(o,'schema_attribute'): SCHEMA_CLASS_MAPPING[o.schema_attribute] = o SCHEMA_ATTR_MAPPING[o] = o.schema_attribute SCHEMA_ATTRS = list(SCHEMA_CLASS_MAPPING) class SubschemaError(ValueError): pass class OIDNotUnique(SubschemaError): def __init__(self,desc): self.desc = desc def __str__(self): return 'OID not unique for %s' % (self.desc) class NameNotUnique(SubschemaError): def __init__(self,desc): self.desc = desc def __str__(self): return 'NAME not unique for %s' % (self.desc) class SubSchema: """ Arguments: sub_schema_sub_entry Dictionary usually returned by LDAP search or the LDIF parser containing the sub schema sub entry check_uniqueness Defines whether uniqueness of OIDs and NAME is checked. 0 no check 1 check but add schema description with work-around 2 check and raise exception if non-unique OID or NAME is found Class attributes: sed Dictionary holding the subschema information as pre-parsed SchemaElement objects (do not access directly!) name2oid Dictionary holding the mapping from NAMEs to OIDs (do not access directly!) non_unique_oids List of OIDs used at least twice in the subschema non_unique_names List of NAMEs used at least twice in the subschema for the same schema element """ def __init__(self,sub_schema_sub_entry,check_uniqueness=1): # Initialize all dictionaries self.name2oid = {} self.sed = {} self.non_unique_oids = {} self.non_unique_names = {} for c in SCHEMA_CLASS_MAPPING.values(): self.name2oid[c] = ldap.cidict.cidict() self.sed[c] = {} self.non_unique_names[c] = ldap.cidict.cidict() # Transform entry dict to case-insensitive dict e = ldap.cidict.cidict(sub_schema_sub_entry) # Build the schema registry in dictionaries for attr_type in SCHEMA_ATTRS: for attr_value in filter(None,e.get(attr_type,[])): se_class = SCHEMA_CLASS_MAPPING[attr_type] se_instance = se_class(attr_value) se_id = se_instance.get_id() if check_uniqueness and se_id in self.sed[se_class]: self.non_unique_oids[se_id] = None if check_uniqueness==1: # Add to subschema by adding suffix to ID suffix_counter = 1 new_se_id = se_id while new_se_id in self.sed[se_class]: new_se_id = ';'.join((se_id,str(suffix_counter))) suffix_counter += 1 else: se_id = new_se_id elif check_uniqueness>=2: raise OIDNotUnique(attr_value) # Store the schema element instance in the central registry self.sed[se_class][se_id] = se_instance if hasattr(se_instance,'names'): for name in ldap.cidict.cidict({}.fromkeys(se_instance.names)): if check_uniqueness and name in self.name2oid[se_class]: self.non_unique_names[se_class][se_id] = None raise NameNotUnique(attr_value) else: self.name2oid[se_class][name] = se_id # Turn dict into list maybe more handy for applications self.non_unique_oids = list(self.non_unique_oids) return # subSchema.__init__() def ldap_entry(self): """ Returns a dictionary containing the sub schema sub entry """ # Initialize the dictionary with empty lists entry = {} # Collect the schema elements and store them in # entry's attributes for se_class, elements in self.sed.items(): for se in elements.values(): se_str = str(se) try: entry[SCHEMA_ATTR_MAPPING[se_class]].append(se_str) except KeyError: entry[SCHEMA_ATTR_MAPPING[se_class]] = [ se_str ] return entry def listall(self,schema_element_class,schema_element_filters=None): """ Returns a list of OIDs of all available schema elements of a given schema element class. """ avail_se = self.sed[schema_element_class] if schema_element_filters: result = [] for se_key, se in avail_se.items(): for fk,fv in schema_element_filters: try: if getattr(se,fk) in fv: result.append(se_key) except AttributeError: pass else: result = list(avail_se) return result def tree(self,schema_element_class,schema_element_filters=None): """ Returns a ldap.cidict.cidict dictionary representing the tree structure of the schema elements. """ assert schema_element_class in [ObjectClass,AttributeType] avail_se = self.listall(schema_element_class,schema_element_filters) top_node = '_' tree = ldap.cidict.cidict({top_node:[]}) # 1. Pass: Register all nodes for se in avail_se: tree[se] = [] # 2. Pass: Register all sup references for se_oid in avail_se: se_obj = self.get_obj(schema_element_class,se_oid,None) if se_obj.__class__!=schema_element_class: # Ignore schema elements not matching schema_element_class. # This helps with falsely assigned OIDs. continue assert se_obj.__class__==schema_element_class, \ "Schema element referenced by {} must be of class {} but was {}".format( se_oid,schema_element_class.__name__,se_obj.__class__ ) for s in se_obj.sup or ('_',): sup_oid = self.getoid(schema_element_class,s) try: tree[sup_oid].append(se_oid) except: pass return tree def getoid(self,se_class,nameoroid,raise_keyerror=0): """ Get an OID by name or OID """ nameoroid_stripped = nameoroid.split(';')[0].strip() if nameoroid_stripped in self.sed[se_class]: # name_or_oid is already a registered OID return nameoroid_stripped else: try: result_oid = self.name2oid[se_class][nameoroid_stripped] except KeyError: if raise_keyerror: raise KeyError('No registered {}-OID for nameoroid {}'.format(se_class.__name__,repr(nameoroid_stripped))) else: result_oid = nameoroid_stripped return result_oid def get_inheritedattr(self,se_class,nameoroid,name): """ Get a possibly inherited attribute specified by name of a schema element specified by nameoroid. Returns None if class attribute is not set at all. Raises KeyError if no schema element is found by nameoroid. """ se = self.sed[se_class][self.getoid(se_class,nameoroid)] try: result = getattr(se,name) except AttributeError: result = None if result is None and se.sup: result = self.get_inheritedattr(se_class,se.sup[0],name) return result def get_obj(self,se_class,nameoroid,default=None,raise_keyerror=0): """ Get a schema element by name or OID """ se_oid = self.getoid(se_class,nameoroid) try: se_obj = self.sed[se_class][se_oid] except KeyError: if raise_keyerror: raise KeyError('No ldap.schema.{} instance with nameoroid {} and se_oid {}'.format( se_class.__name__,repr(nameoroid),repr(se_oid)) ) else: se_obj = default return se_obj def get_inheritedobj(self,se_class,nameoroid,inherited=None): """ Get a schema element by name or OID with all class attributes set including inherited class attributes """ inherited = inherited or [] se = copy.copy(self.sed[se_class].get(self.getoid(se_class,nameoroid))) if se and hasattr(se,'sup'): for class_attr_name in inherited: setattr(se,class_attr_name,self.get_inheritedattr(se_class,nameoroid,class_attr_name)) return se def get_syntax(self,nameoroid): """ Get the syntax of an attribute type specified by name or OID """ at_oid = self.getoid(AttributeType,nameoroid) try: at_obj = self.get_inheritedobj(AttributeType,at_oid) except KeyError: return None else: return at_obj.syntax def get_structural_oc(self,oc_list): """ Returns OID of structural object class in oc_list if any is present. Returns None else. """ # Get tree of all STRUCTURAL object classes oc_tree = self.tree(ObjectClass,[('kind',[0])]) # Filter all STRUCTURAL object classes struct_ocs = {} for oc_nameoroid in oc_list: oc_se = self.get_obj(ObjectClass,oc_nameoroid,None) if oc_se and oc_se.kind==0: struct_ocs[oc_se.oid] = None result = None # Build a copy of the oid list, to be cleaned as we go. struct_oc_list = list(struct_ocs) while struct_oc_list: oid = struct_oc_list.pop() for child_oid in oc_tree[oid]: if self.getoid(ObjectClass,child_oid) in struct_ocs: break else: result = oid return result def get_applicable_aux_classes(self,nameoroid): """ Return a list of the applicable AUXILIARY object classes for a STRUCTURAL object class specified by 'nameoroid' if the object class is governed by a DIT content rule. If there's no DIT content rule all available AUXILIARY object classes are returned. """ content_rule = self.get_obj(DITContentRule,nameoroid) if content_rule: # Return AUXILIARY object classes from DITContentRule instance return content_rule.aux else: # list all AUXILIARY object classes return self.listall(ObjectClass,[('kind',[2])]) def attribute_types( self,object_class_list,attr_type_filter=None,raise_keyerror=1,ignore_dit_content_rule=0 ): """ Returns a 2-tuple of all must and may attributes including all inherited attributes of superior object classes by walking up classes along the SUP attribute. The attributes are stored in a ldap.cidict.cidict dictionary. object_class_list list of strings specifying object class names or OIDs attr_type_filter list of 2-tuples containing lists of class attributes which has to be matched raise_keyerror All KeyError exceptions for non-existent schema elements are ignored ignore_dit_content_rule A DIT content rule governing the structural object class is ignored """ AttributeType = ldap.schema.AttributeType ObjectClass = ldap.schema.ObjectClass # Map object_class_list to object_class_oids (list of OIDs) object_class_oids = [ self.getoid(ObjectClass,o) for o in object_class_list ] # Initialize oid_cache = {} r_must,r_may = ldap.cidict.cidict(),ldap.cidict.cidict() if '1.3.6.1.4.1.1466.101.120.111' in object_class_oids: # Object class 'extensibleObject' MAY carry every attribute type for at_obj in self.sed[AttributeType].values(): r_may[at_obj.oid] = at_obj # Loop over OIDs of all given object classes while object_class_oids: object_class_oid = object_class_oids.pop(0) # Check whether the objectClass with this OID # has already been processed if object_class_oid in oid_cache: continue # Cache this OID as already being processed oid_cache[object_class_oid] = None try: object_class = self.sed[ObjectClass][object_class_oid] except KeyError: if raise_keyerror: raise # Ignore this object class continue assert isinstance(object_class,ObjectClass) assert hasattr(object_class,'must'),ValueError(object_class_oid) assert hasattr(object_class,'may'),ValueError(object_class_oid) for a in object_class.must: se_oid = self.getoid(AttributeType,a,raise_keyerror=raise_keyerror) r_must[se_oid] = self.get_obj(AttributeType,se_oid,raise_keyerror=raise_keyerror) for a in object_class.may: se_oid = self.getoid(AttributeType,a,raise_keyerror=raise_keyerror) r_may[se_oid] = self.get_obj(AttributeType,se_oid,raise_keyerror=raise_keyerror) object_class_oids.extend([ self.getoid(ObjectClass,o) for o in object_class.sup ]) # Process DIT content rules if not ignore_dit_content_rule: structural_oc = self.get_structural_oc(object_class_list) if structural_oc: # Process applicable DIT content rule try: dit_content_rule = self.get_obj(DITContentRule,structural_oc,raise_keyerror=1) except KeyError: # Not DIT content rule found for structural objectclass pass else: for a in dit_content_rule.must: se_oid = self.getoid(AttributeType,a,raise_keyerror=raise_keyerror) r_must[se_oid] = self.get_obj(AttributeType,se_oid,raise_keyerror=raise_keyerror) for a in dit_content_rule.may: se_oid = self.getoid(AttributeType,a,raise_keyerror=raise_keyerror) r_may[se_oid] = self.get_obj(AttributeType,se_oid,raise_keyerror=raise_keyerror) for a in dit_content_rule.nots: a_oid = self.getoid(AttributeType,a,raise_keyerror=raise_keyerror) try: del r_may[a_oid] except KeyError: pass # Remove all mandantory attribute types from # optional attribute type list for a in list(r_may): if a in r_must: del r_may[a] # Apply attr_type_filter to results if attr_type_filter: for l in [r_must,r_may]: for a in list(l): for afk,afv in attr_type_filter: try: schema_attr_type = self.sed[AttributeType][a] except KeyError: if raise_keyerror: raise KeyError('No attribute type found in sub schema by name %s' % (a)) # If there's no schema element for this attribute type # but still KeyError is to be ignored we filter it away del l[a] break else: if not getattr(schema_attr_type,afk) in afv: del l[a] break return r_must,r_may # attribute_types() def urlfetch(uri,trace_level=0): """ Fetches a parsed schema entry by uri. If uri is a LDAP URL the LDAP server is queried directly. Otherwise uri is assumed to point to a LDIF file which is loaded with urllib. """ uri = uri.strip() if uri.startswith(('ldap:', 'ldaps:', 'ldapi:')): ldap_url = ldapurl.LDAPUrl(uri) l=ldap.initialize(ldap_url.initializeUrl(),trace_level) l.protocol_version = ldap.VERSION3 l.simple_bind_s(ldap_url.who or '', ldap_url.cred or '') subschemasubentry_dn = l.search_subschemasubentry_s(ldap_url.dn) if subschemasubentry_dn is None: s_temp = None else: if ldap_url.attrs is None: schema_attrs = SCHEMA_ATTRS else: schema_attrs = ldap_url.attrs s_temp = l.read_subschemasubentry_s( subschemasubentry_dn,attrs=schema_attrs ) l.unbind_s() del l else: ldif_file = urlopen(uri) ldif_parser = ldif.LDIFRecordList(ldif_file,max_entries=1) ldif_parser.parse() subschemasubentry_dn,s_temp = ldif_parser.all_records[0] # Work-around for mixed-cased attribute names subschemasubentry_entry = ldap.cidict.cidict() s_temp = s_temp or {} for at,av in s_temp.items(): if at in SCHEMA_CLASS_MAPPING: try: subschemasubentry_entry[at].extend(av) except KeyError: subschemasubentry_entry[at] = av # Finally parse the schema if subschemasubentry_dn!=None: parsed_sub_schema = ldap.schema.SubSchema(subschemasubentry_entry) else: parsed_sub_schema = None return subschemasubentry_dn, parsed_sub_schema ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/ldap/schema/tokenizer.py0000644000175000017500000000461314521037673021517 0ustar00spichugispichugi""" ldap.schema.tokenizer - Low-level parsing functions for schema element strings See https://www.python-ldap.org/ for details. """ import re TOKENS_FINDALL = re.compile( r"(\()" # opening parenthesis r"|" # or r"(\))" # closing parenthesis r"|" # or r"([^'$()\s]+)" # string of length >= 1 without '$() or whitespace r"|" # or r"('(?:[^'\\]|\\.)*'(?!\w))" # any string or empty string surrounded by unescaped # single quotes except if right quote is succeeded by # alphanumeric char r"|" # or r"([^\s]+?)", # residue, all non-whitespace strings ).findall UNESCAPE_PATTERN = re.compile(r"\\(.)") def split_tokens(s): """ Returns list of syntax elements with quotes and spaces stripped. """ parts = [] parens = 0 for opar, cpar, unquoted, quoted, residue in TOKENS_FINDALL(s): if unquoted: parts.append(unquoted) elif quoted: parts.append(UNESCAPE_PATTERN.sub(r'\1', quoted[1:-1])) elif opar: parens += 1 parts.append(opar) elif cpar: parens -= 1 parts.append(cpar) elif residue == '$': if not parens: raise ValueError("'$' outside parenthesis in %r" % (s)) else: raise ValueError(residue, s) if parens: raise ValueError("Unbalanced parenthesis in %r" % (s)) return parts def extract_tokens(l,known_tokens): """ Returns dictionary of known tokens with all values """ assert l[0].strip()=="(" and l[-1].strip()==")",ValueError(l) result = {} result.update(known_tokens) i = 0 l_len = len(l) while i0),self.extype) else: return '{}{}={}'.format( '!'*(self.critical>0), self.extype,quote(self.exvalue or '') ) def __str__(self): return self.unparse() def __repr__(self): return '<{}.{} instance at {}: {}>'.format( self.__class__.__module__, self.__class__.__name__, hex(id(self)), self.__dict__ ) def __eq__(self,other): return \ (self.critical==other.critical) and \ (self.extype==other.extype) and \ (self.exvalue==other.exvalue) def __ne__(self,other): return not self.__eq__(other) class LDAPUrlExtensions(MutableMapping): """ Models a collection of LDAP URL extensions as a mapping type """ __slots__ = ('_data', ) def __init__(self, default=None): self._data = {} if default is not None: self.update(default) def __setitem__(self, name, value): """Store an extension name string value LDAPUrlExtension instance, whose extype nust match `name` """ if not isinstance(value, LDAPUrlExtension): raise TypeError("value must be LDAPUrlExtension, not " + type(value).__name__) if name != value.extype: raise ValueError( "key {!r} does not match extension type {!r}".format( name, value.extype)) self._data[name] = value def __getitem__(self, name): return self._data[name] def __delitem__(self, name): del self._data[name] def __iter__(self): return iter(self._data) def __len__(self): return len(self._data) def __str__(self): return ','.join(str(v) for v in self.values()) def __repr__(self): return '<{}.{} instance at {}: {}>'.format( self.__class__.__module__, self.__class__.__name__, hex(id(self)), self._data ) def __eq__(self,other): if not isinstance(other, self.__class__): return NotImplemented return self._data == other._data def parse(self,extListStr): for extension_str in extListStr.strip().split(','): if extension_str: e = LDAPUrlExtension(extension_str) self[e.extype] = e def unparse(self): return ','.join(v.unparse() for v in self.values()) class LDAPUrl: """ Class for parsing and unparsing LDAP URLs as described in RFC 4516. Usable class attributes: urlscheme URL scheme (either ldap, ldaps or ldapi) hostport LDAP host (default '') dn String holding distinguished name (default '') attrs list of attribute types (default None) scope integer search scope for ldap-module filterstr String representation of LDAP Search Filters (see RFC 4515) extensions Dictionary used as extensions store who Maps automagically to bindname LDAP URL extension cred Maps automagically to X-BINDPW LDAP URL extension """ attr2extype = {'who':'bindname','cred':'X-BINDPW'} def __init__( self, ldapUrl=None, urlscheme='ldap', hostport='',dn='',attrs=None,scope=None,filterstr=None, extensions=None, who=None,cred=None ): self.urlscheme=urlscheme.lower() self.hostport=hostport self.dn=dn self.attrs=attrs self.scope=scope self.filterstr=filterstr self.extensions=(extensions or LDAPUrlExtensions({})) if ldapUrl!=None: self._parse(ldapUrl) if who!=None: self.who = who if cred!=None: self.cred = cred def __eq__(self,other): return \ self.urlscheme==other.urlscheme and \ self.hostport==other.hostport and \ self.dn==other.dn and \ self.attrs==other.attrs and \ self.scope==other.scope and \ self.filterstr==other.filterstr and \ self.extensions==other.extensions def __ne__(self,other): return not self.__eq__(other) def _parse(self,ldap_url): """ parse a LDAP URL and set the class attributes urlscheme,host,dn,attrs,scope,filterstr,extensions """ if not isLDAPUrl(ldap_url): raise ValueError('Value %s for ldap_url does not seem to be a LDAP URL.' % (repr(ldap_url))) scheme,rest = ldap_url.split('://',1) self.urlscheme = scheme.lower() slash_pos = rest.find('/') qemark_pos = rest.find('?') if (slash_pos==-1) and (qemark_pos==-1): # No / and ? found at all self.hostport = unquote(rest) self.dn = '' return else: if slash_pos!=-1 and (qemark_pos==-1 or (slash_posqemark_pos)): # Question mark separates hostport from rest, DN is assumed to be empty self.hostport = unquote(rest[:qemark_pos]) # Do not eat question mark rest = rest[qemark_pos:] else: raise ValueError('Something completely weird happened!') paramlist=rest.split('?',4) paramlist_len = len(paramlist) if paramlist_len>=1: self.dn = unquote(paramlist[0]).strip() if (paramlist_len>=2) and (paramlist[1]): self.attrs = unquote(paramlist[1].strip()).split(',') if paramlist_len>=3: scope = paramlist[2].strip() try: self.scope = SEARCH_SCOPE[scope] except KeyError: raise ValueError('Invalid search scope %s' % (repr(scope))) if paramlist_len>=4: filterstr = paramlist[3].strip() if not filterstr: self.filterstr = None else: self.filterstr = unquote(filterstr) if paramlist_len>=5: if paramlist[4]: self.extensions = LDAPUrlExtensions() self.extensions.parse(paramlist[4]) else: self.extensions = None return def applyDefaults(self,defaults): """ Apply defaults to all class attributes which are None. defaults Dictionary containing a mapping from class attributes to default values """ for k, value in defaults.items(): if getattr(self,k) is None: setattr(self, k, value) def initializeUrl(self): """ Returns LDAP URL suitable to be passed to ldap.initialize() """ if self.urlscheme=='ldapi': # hostport part might contain slashes when ldapi:// is used hostport = ldapUrlEscape(self.hostport) else: hostport = self.hostport return f'{self.urlscheme}://{hostport}' def unparse(self): """ Returns LDAP URL depending on class attributes set. """ if self.attrs is None: attrs_str = '' else: attrs_str = ','.join(self.attrs) scope_str = SEARCH_SCOPE_STR[self.scope] if self.filterstr is None: filterstr = '' else: filterstr = ldapUrlEscape(self.filterstr) dn = ldapUrlEscape(self.dn) if self.urlscheme=='ldapi': # hostport part might contain slashes when ldapi:// is used hostport = ldapUrlEscape(self.hostport) else: hostport = self.hostport ldap_url = '{}://{}/{}?{}?{}?{}'.format( self.urlscheme, hostport,dn,attrs_str,scope_str,filterstr ) if self.extensions: ldap_url = ldap_url+'?'+self.extensions.unparse() return ldap_url def htmlHREF(self,urlPrefix='',hrefText=None,hrefTarget=None): """ Returns a string with HTML link for this LDAP URL. urlPrefix Prefix before LDAP URL (e.g. for addressing another web-based client) hrefText link text/description hrefTarget string added as link target attribute """ if not isinstance(urlPrefix, str): raise TypeError("urlPrefix must be str, not " + type(urlPrefix).__name__) if hrefText is None: hrefText = self.unparse() if not isinstance(hrefText, str): raise TypeError("hrefText must be str, not " + type(hrefText).__name__) if hrefTarget is None: target = '' else: if not isinstance(hrefTarget, str): raise TypeError("hrefTarget must be str, not " + type(hrefTarget).__name__) target = ' target="%s"' % hrefTarget return '{}'.format( target, urlPrefix, self.unparse(), hrefText ) def __str__(self): return self.unparse() def __repr__(self): return '<{}.{} instance at {}: {}>'.format( self.__class__.__module__, self.__class__.__name__, hex(id(self)), self.__dict__ ) def __getattr__(self,name): if name in self.attr2extype: extype = self.attr2extype[name] if self.extensions and \ extype in self.extensions and \ not self.extensions[extype].exvalue is None: result = unquote(self.extensions[extype].exvalue) else: return None else: raise AttributeError('{} has no attribute {}'.format( self.__class__.__name__,name )) return result # __getattr__() def __setattr__(self,name,value): if name in self.attr2extype: extype = self.attr2extype[name] if value is None: # A value of None means that extension is deleted delattr(self,name) elif value!=None: # Add appropriate extension self.extensions[extype] = LDAPUrlExtension( extype=extype,exvalue=unquote(value) ) else: self.__dict__[name] = value def __delattr__(self,name): if name in self.attr2extype: extype = self.attr2extype[name] if self.extensions: try: del self.extensions[extype] except KeyError: pass else: del self.__dict__[name] ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253016.0 python-ldap-3.4.4/Lib/ldif.py0000644000175000017500000004744714525746530016262 0ustar00spichugispichugi""" ldif - generate and parse LDIF data (see RFC 2849) See https://www.python-ldap.org/ for details. """ __version__ = '3.4.4' __all__ = [ # constants 'ldif_pattern', # functions 'CreateLDIF','ParseLDIF', # classes 'LDIFWriter', 'LDIFParser', 'LDIFRecordList', 'LDIFCopy', ] import re from base64 import b64encode, b64decode from io import StringIO import warnings from urllib.parse import urlparse from urllib.request import urlopen attrtype_pattern = r'[\w;.-]+(;[\w_-]+)*' attrvalue_pattern = r'(([^,]|\\,)+|".*?")' attrtypeandvalue_pattern = attrtype_pattern + r'[ ]*=[ ]*' + attrvalue_pattern rdn_pattern = attrtypeandvalue_pattern + r'([ ]*\+[ ]*' + attrtypeandvalue_pattern + r')*[ ]*' dn_pattern = rdn_pattern + r'([ ]*,[ ]*' + rdn_pattern + r')*[ ]*' dn_regex = re.compile('^%s$' % dn_pattern) ldif_pattern = '^((dn(:|::) %(dn_pattern)s)|(%(attrtype_pattern)s(:|::) .*)$)+' % vars() MOD_OP_INTEGER = { 'add':0, # ldap.MOD_ADD 'delete':1, # ldap.MOD_DELETE 'replace':2, # ldap.MOD_REPLACE 'increment':3, # ldap.MOD_INCREMENT } MOD_OP_STR = { 0:'add',1:'delete',2:'replace',3:'increment' } CHANGE_TYPES = ['add','delete','modify','modrdn'] valid_changetype_dict = {} for c in CHANGE_TYPES: valid_changetype_dict[c]=None def is_dn(s): """ returns 1 if s is a LDAP DN """ if s=='': return 1 rm = dn_regex.match(s) return rm!=None and rm.group(0)==s SAFE_STRING_PATTERN = b'(^(\000|\n|\r| |:|<)|[\000\n\r\200-\377]+|[ ]+$)' safe_string_re = re.compile(SAFE_STRING_PATTERN) def list_dict(l): """ return a dictionary with all items of l being the keys of the dictionary """ return {i: None for i in l} class LDIFWriter: """ Write LDIF entry or change records to file object Copy LDIF input to a file output object containing all data retrieved via URLs """ def __init__(self,output_file,base64_attrs=None,cols=76,line_sep='\n'): """ output_file file object for output; should be opened in *text* mode base64_attrs list of attribute types to be base64-encoded in any case cols Specifies how many columns a line may have before it's folded into many lines. line_sep String used as line separator """ self._output_file = output_file self._base64_attrs = list_dict([a.lower() for a in (base64_attrs or [])]) self._cols = cols self._last_line_sep = line_sep self.records_written = 0 def _unfold_lines(self,line): """ Write string line as one or more folded lines """ # Check maximum line length line_len = len(line) if line_len<=self._cols: self._output_file.write(line) self._output_file.write(self._last_line_sep) else: # Fold line pos = self._cols self._output_file.write(line[0:min(line_len,self._cols)]) self._output_file.write(self._last_line_sep) while pos=3.6 License-File: LICENCE Requires-Dist: pyasn1>=0.3.7 Requires-Dist: pyasn1_modules>=0.1.5 python-ldap: python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. Mainly it wraps the OpenLDAP 2.x libs for that purpose. Additionally the package contains modules for other LDAP-related stuff (e.g. processing LDIF, LDAPURLs, LDAPv3 schema, LDAPv3 extended operations and controls, etc.). ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253999.0 python-ldap-3.4.4/Lib/python_ldap.egg-info/SOURCES.txt0000644000175000017500000001002714525750457022654 0ustar00spichugispichugi.coveragerc CHANGES INSTALL LICENCE MANIFEST.in Makefile README TODO pyproject.toml setup.cfg setup.py tox.ini Build/setup.cfg.mingw Build/setup.cfg.suse-linux Build/setup.cfg.win32 Demo/initialize.py Demo/ldapcontrols.py Demo/ldapurl_search.py Demo/matchedvalues.py Demo/ms_ad_bind.py Demo/options.py Demo/page_control.py Demo/paged_search_ext_s.py Demo/passwd_ext_op.py Demo/pickle_ldapobject.py Demo/reconnect.py Demo/rename.py Demo/resiter.py Demo/sasl_bind.py Demo/schema.py Demo/schema_tree.py Demo/simple.py Demo/simplebrowse.py Demo/Lib/ldap/async/deltree.py Demo/Lib/ldap/async/ldifwriter.py Demo/Lib/ldap/async/sizelimit.py Demo/Lib/ldapurl/urlsearch.py Demo/Lib/ldif/ldifcopy.py Demo/pyasn1/dds.py Demo/pyasn1/derefcontrol.py Demo/pyasn1/noopsearch.py Demo/pyasn1/ppolicy.py Demo/pyasn1/psearch.py Demo/pyasn1/readentrycontrol.py Demo/pyasn1/sessiontrack.py Demo/pyasn1/sss_highest_number.py Demo/pyasn1/syncrepl.py Doc/Makefile Doc/bytes_mode.rst Doc/conf.py Doc/contributing.rst Doc/fake_ldap_module_for_documentation.py Doc/faq.rst Doc/index.rst Doc/installing.rst Doc/resources.rst Doc/sample_workflow.rst Doc/spelling_wordlist.txt Doc/reference/index.rst Doc/reference/ldap-async.rst Doc/reference/ldap-controls.rst Doc/reference/ldap-dn.rst Doc/reference/ldap-extop.rst Doc/reference/ldap-filter.rst Doc/reference/ldap-modlist.rst Doc/reference/ldap-resiter.rst Doc/reference/ldap-sasl.rst Doc/reference/ldap-schema.rst Doc/reference/ldap-syncrepl.rst Doc/reference/ldap.rst Doc/reference/ldapurl.rst Doc/reference/ldif.rst Doc/reference/slapdtest.rst Lib/ldapurl.py Lib/ldif.py Lib/ldap/__init__.py Lib/ldap/async.py Lib/ldap/asyncsearch.py Lib/ldap/cidict.py Lib/ldap/compat.py Lib/ldap/constants.py Lib/ldap/dn.py Lib/ldap/filter.py Lib/ldap/functions.py Lib/ldap/ldapobject.py Lib/ldap/logger.py Lib/ldap/modlist.py Lib/ldap/pkginfo.py Lib/ldap/resiter.py Lib/ldap/sasl.py Lib/ldap/syncrepl.py Lib/ldap/controls/__init__.py Lib/ldap/controls/deref.py Lib/ldap/controls/libldap.py Lib/ldap/controls/openldap.py Lib/ldap/controls/pagedresults.py Lib/ldap/controls/ppolicy.py Lib/ldap/controls/psearch.py Lib/ldap/controls/pwdpolicy.py Lib/ldap/controls/readentry.py Lib/ldap/controls/sessiontrack.py Lib/ldap/controls/simple.py Lib/ldap/controls/sss.py Lib/ldap/controls/vlv.py Lib/ldap/extop/__init__.py Lib/ldap/extop/dds.py Lib/ldap/extop/passwd.py Lib/ldap/schema/__init__.py Lib/ldap/schema/models.py Lib/ldap/schema/subentry.py Lib/ldap/schema/tokenizer.py Lib/python_ldap.egg-info/PKG-INFO Lib/python_ldap.egg-info/SOURCES.txt Lib/python_ldap.egg-info/dependency_links.txt Lib/python_ldap.egg-info/not-zip-safe Lib/python_ldap.egg-info/requires.txt Lib/python_ldap.egg-info/top_level.txt Lib/slapdtest/__init__.py Lib/slapdtest/_slapdtest.py Lib/slapdtest/certs/README Lib/slapdtest/certs/ca.conf Lib/slapdtest/certs/ca.pem Lib/slapdtest/certs/client.conf Lib/slapdtest/certs/client.key Lib/slapdtest/certs/client.pem Lib/slapdtest/certs/gencerts.sh Lib/slapdtest/certs/gennssdb.sh Lib/slapdtest/certs/server.conf Lib/slapdtest/certs/server.key Lib/slapdtest/certs/server.pem Modules/LDAPObject.c Modules/LDAPObject.h Modules/berval.c Modules/berval.h Modules/common.c Modules/common.h Modules/constants.c Modules/constants.h Modules/constants_generated.h Modules/functions.c Modules/functions.h Modules/ldapcontrol.c Modules/ldapcontrol.h Modules/ldapmodule.c Modules/message.c Modules/message.h Modules/options.c Modules/options.h Tests/__init__.py Tests/t_bind.py Tests/t_cext.py Tests/t_cidict.py Tests/t_edit.py Tests/t_ldap_asyncsearch.py Tests/t_ldap_controls_libldap.py Tests/t_ldap_controls_ppolicy.py Tests/t_ldap_controls_readentry.py Tests/t_ldap_controls_sss.py Tests/t_ldap_dn.py Tests/t_ldap_filter.py Tests/t_ldap_functions.py Tests/t_ldap_modlist.py Tests/t_ldap_options.py Tests/t_ldap_sasl.py Tests/t_ldap_schema_subentry.py Tests/t_ldap_schema_tokenizer.py Tests/t_ldap_syncrepl.py Tests/t_ldapobject.py Tests/t_ldapurl.py Tests/t_ldif.py Tests/t_slapdobject.py Tests/t_untested_mods.py Tests/data/subschema-ipa.demo1.freeipa.org.ldif Tests/data/subschema-openldap-all.ldif././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253999.0 python-ldap-3.4.4/Lib/python_ldap.egg-info/dependency_links.txt0000644000175000017500000000000114525750457025036 0ustar00spichugispichugi ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1699394856.0 python-ldap-3.4.4/Lib/python_ldap.egg-info/not-zip-safe0000644000175000017500000000000114522532450023202 0ustar00spichugispichugi ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253999.0 python-ldap-3.4.4/Lib/python_ldap.egg-info/requires.txt0000644000175000017500000000004414525750457023366 0ustar00spichugispichugipyasn1>=0.3.7 pyasn1_modules>=0.1.5 ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253999.0 python-ldap-3.4.4/Lib/python_ldap.egg-info/top_level.txt0000644000175000017500000000004214525750457023516 0ustar00spichugispichugi_ldap ldap ldapurl ldif slapdtest ././@PaxHeader0000000000000000000000000000003400000000000010212 xustar0028 mtime=1700253999.7782357 python-ldap-3.4.4/Lib/slapdtest/0000755000175000017500000000000014525750460016752 5ustar00spichugispichugi././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253016.0 python-ldap-3.4.4/Lib/slapdtest/__init__.py0000644000175000017500000000062314525746530021067 0ustar00spichugispichugi""" slapdtest - module for spawning test instances of OpenLDAP's slapd server See https://www.python-ldap.org/ for details. """ __version__ = '3.4.4' from slapdtest._slapdtest import SlapdObject, SlapdTestCase, SysLogHandler from slapdtest._slapdtest import requires_ldapi, requires_sasl, requires_tls from slapdtest._slapdtest import requires_init_fd from slapdtest._slapdtest import skip_unless_ci ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/slapdtest/_slapdtest.py0000644000175000017500000004615414521037673021500 0ustar00spichugispichugi""" slapdtest - module for spawning test instances of OpenLDAP's slapd server See https://www.python-ldap.org/ for details. """ import os import socket import sys import time import subprocess import logging import atexit from logging.handlers import SysLogHandler import unittest from shutil import which from urllib.parse import quote_plus # Switch off processing .ldaprc or ldap.conf before importing _ldap os.environ['LDAPNOINIT'] = '1' import ldap HERE = os.path.abspath(os.path.dirname(__file__)) # a template string for generating simple slapd.d file SLAPD_CONF_TEMPLATE = r"""dn: cn=config objectClass: olcGlobal cn: config olcServerID: %(serverid)s olcLogLevel: %(loglevel)s olcAllows: bind_v2 olcAuthzRegexp: {0}"gidnumber=%(root_gid)s\+uidnumber=%(root_uid)s,cn=peercred,cn=external,cn=auth" "%(rootdn)s" olcAuthzRegexp: {1}"C=DE, O=python-ldap, OU=slapd-test, CN=([A-Za-z]+)" "ldap://ou=people,dc=local???($1)" olcTLSCACertificateFile: %(cafile)s olcTLSCertificateFile: %(servercert)s olcTLSCertificateKeyFile: %(serverkey)s olcTLSVerifyClient: try dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModuleLoad: back_%(database)s dn: olcDatabase=%(database)s,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: %(database)s olcSuffix: %(suffix)s olcRootDN: %(rootdn)s olcRootPW: %(rootpw)s olcDbDirectory: %(directory)s """ LOCALHOST = '127.0.0.1' CI_DISABLED = set(os.environ.get('CI_DISABLED', '').split(':')) if 'LDAPI' in CI_DISABLED: HAVE_LDAPI = False else: HAVE_LDAPI = hasattr(socket, 'AF_UNIX') def identity(test_item): """Identity decorator """ return test_item def skip_unless_ci(reason, feature=None): """Skip test unless test case is executed on CI like Travis CI """ if not os.environ.get('CI', False): return unittest.skip(reason) elif feature in CI_DISABLED: return unittest.skip(reason) else: # Don't skip on Travis return identity def requires_tls(): """Decorator for TLS tests Tests are not skipped on CI (e.g. Travis CI) """ if not ldap.TLS_AVAIL: return skip_unless_ci("test needs ldap.TLS_AVAIL", feature='TLS') else: return identity def requires_sasl(): if not ldap.SASL_AVAIL: return skip_unless_ci( "test needs ldap.SASL_AVAIL", feature='SASL') else: return identity def requires_ldapi(): if not HAVE_LDAPI: return skip_unless_ci( "test needs ldapi support (AF_UNIX)", feature='LDAPI') else: return identity def requires_init_fd(): if not ldap.INIT_FD_AVAIL: return skip_unless_ci( "test needs ldap.INIT_FD", feature='INIT_FD') else: return identity def _add_sbin(path): """Add /sbin and related directories to a command search path""" directories = path.split(os.pathsep) if sys.platform != 'win32': for sbin in '/usr/local/sbin', '/sbin', '/usr/sbin': if sbin not in directories: directories.append(sbin) return os.pathsep.join(directories) def combined_logger( log_name, log_level=logging.WARN, sys_log_format='%(levelname)s %(message)s', console_log_format='%(asctime)s %(levelname)s %(message)s', ): """ Returns a combined SysLogHandler/StreamHandler logging instance with formatters """ if 'LOGLEVEL' in os.environ: log_level = os.environ['LOGLEVEL'] try: log_level = int(log_level) except ValueError: pass # for writing to syslog new_logger = logging.getLogger(log_name) if sys_log_format and os.path.exists('/dev/log'): my_syslog_formatter = logging.Formatter( fmt=' '.join((log_name, sys_log_format))) my_syslog_handler = logging.handlers.SysLogHandler( address='/dev/log', facility=SysLogHandler.LOG_DAEMON, ) my_syslog_handler.setFormatter(my_syslog_formatter) new_logger.addHandler(my_syslog_handler) if console_log_format: my_stream_formatter = logging.Formatter(fmt=console_log_format) my_stream_handler = logging.StreamHandler() my_stream_handler.setFormatter(my_stream_formatter) new_logger.addHandler(my_stream_handler) new_logger.setLevel(log_level) return new_logger # end of combined_logger() class SlapdObject: """ Controller class for a slapd instance, OpenLDAP's server. This class creates a temporary data store for slapd, runs it listening on a private Unix domain socket and TCP port, and initializes it with a top-level entry and the root user. When a reference to an instance of this class is lost, the slapd server is shut down. An instance can be used as a context manager. When exiting the context manager, the slapd server is shut down and the temporary data store is removed. :param openldap_schema_files: A list of schema names or schema paths to load at startup. By default this only contains `core`. .. versionchanged:: 3.1 Added context manager functionality """ slapd_conf_template = SLAPD_CONF_TEMPLATE database = 'mdb' suffix = 'dc=slapd-test,dc=python-ldap,dc=org' root_cn = 'Manager' root_pw = 'password' slapd_loglevel = 'stats stats2' local_host = LOCALHOST testrunsubdirs = ( 'slapd.d', ) openldap_schema_files = ( 'core.ldif', ) TMPDIR = os.environ.get('TMP', os.getcwd()) if 'SCHEMA' in os.environ: SCHEMADIR = os.environ['SCHEMA'] elif os.path.isdir("/etc/openldap/schema"): SCHEMADIR = "/etc/openldap/schema" elif os.path.isdir("/etc/ldap/schema"): SCHEMADIR = "/etc/ldap/schema" else: SCHEMADIR = None BIN_PATH = os.environ.get('BIN', os.environ.get('PATH', os.defpath)) SBIN_PATH = os.environ.get('SBIN', _add_sbin(BIN_PATH)) # create loggers once, multiple calls mess up refleak tests _log = combined_logger('python-ldap-test') def __init__(self): self._proc = None self._port = self._avail_tcp_port() self.server_id = self._port % 4096 self.testrundir = os.path.join(self.TMPDIR, 'python-ldap-test-%d' % self._port) self._slapd_conf = os.path.join(self.testrundir, 'slapd.d') self._db_directory = os.path.join(self.testrundir, "openldap-data") self.ldap_uri = "ldap://%s:%d/" % (self.local_host, self._port) if HAVE_LDAPI: ldapi_path = os.path.join(self.testrundir, 'ldapi') self.ldapi_uri = "ldapi://%s" % quote_plus(ldapi_path) self.default_ldap_uri = self.ldapi_uri # use SASL/EXTERNAL via LDAPI when invoking OpenLDAP CLI tools self.cli_sasl_external = ldap.SASL_AVAIL else: self.ldapi_uri = None self.default_ldap_uri = self.ldap_uri # Use simple bind via LDAP uri self.cli_sasl_external = False self._find_commands() if self.SCHEMADIR is None: raise ValueError('SCHEMADIR is None, ldap schemas are missing.') # TLS certs self.cafile = os.path.join(HERE, 'certs/ca.pem') self.servercert = os.path.join(HERE, 'certs/server.pem') self.serverkey = os.path.join(HERE, 'certs/server.key') self.clientcert = os.path.join(HERE, 'certs/client.pem') self.clientkey = os.path.join(HERE, 'certs/client.key') @property def root_dn(self): return 'cn={self.root_cn},{self.suffix}'.format(self=self) @property def hostname(self): return self.local_host @property def port(self): return self._port def _find_commands(self): self.PATH_LDAPADD = self._find_command('ldapadd') self.PATH_LDAPDELETE = self._find_command('ldapdelete') self.PATH_LDAPMODIFY = self._find_command('ldapmodify') self.PATH_LDAPWHOAMI = self._find_command('ldapwhoami') self.PATH_SLAPADD = self._find_command('slapadd') self.PATH_SLAPD = os.environ.get('SLAPD', None) if not self.PATH_SLAPD: self.PATH_SLAPD = self._find_command('slapd', in_sbin=True) def _find_command(self, cmd, in_sbin=False): if in_sbin: path = self.SBIN_PATH var_name = 'SBIN' else: path = self.BIN_PATH var_name = 'BIN' command = which(cmd, path=path) if command is None: raise ValueError( "Command '{}' not found. Set the {} environment variable to " "override slapdtest's search path.".format(cmd, var_name) ) return command def setup_rundir(self): """ creates rundir structure for setting up a custom directory structure you have to override this method """ os.mkdir(self.testrundir) os.mkdir(self._db_directory) self._create_sub_dirs(self.testrunsubdirs) def _cleanup_rundir(self): """ Recursively delete whole directory specified by `path' """ # cleanup_rundir() is called in atexit handler. Until Python 3.4, # the rest of the world is already destroyed. import os, os.path if not os.path.exists(self.testrundir): return self._log.debug('clean-up %s', self.testrundir) for dirpath, dirnames, filenames in os.walk( self.testrundir, topdown=False ): for filename in filenames: self._log.debug('remove %s', os.path.join(dirpath, filename)) os.remove(os.path.join(dirpath, filename)) for dirname in dirnames: self._log.debug('rmdir %s', os.path.join(dirpath, dirname)) os.rmdir(os.path.join(dirpath, dirname)) os.rmdir(self.testrundir) self._log.info('cleaned-up %s', self.testrundir) def _avail_tcp_port(self): """ find an available port for TCP connection """ sock = socket.socket() try: sock.bind((self.local_host, 0)) port = sock.getsockname()[1] finally: sock.close() self._log.info('Found available port %d', port) return port def gen_config(self): """ generates a slapd.conf and returns it as one string for generating specific static configuration files you have to override this method """ config_dict = { 'serverid': hex(self.server_id), 'loglevel': self.slapd_loglevel, 'database': self.database, 'directory': self._db_directory, 'suffix': self.suffix, 'rootdn': self.root_dn, 'rootpw': self.root_pw, 'root_uid': os.getuid(), 'root_gid': os.getgid(), 'cafile': self.cafile, 'servercert': self.servercert, 'serverkey': self.serverkey, } return self.slapd_conf_template % config_dict def _create_sub_dirs(self, dir_names): """ create sub-directories beneath self.testrundir """ for dname in dir_names: dir_name = os.path.join(self.testrundir, dname) self._log.debug('Create directory %s', dir_name) os.mkdir(dir_name) def _write_config(self): """Loads the slapd.d configuration.""" self._log.debug("importing configuration: %s", self._slapd_conf) self.slapadd(self.gen_config(), ["-n0"]) ldif_paths = [ schema if os.path.exists(schema) else os.path.join(self.SCHEMADIR, schema) for schema in self.openldap_schema_files ] for ldif_path in ldif_paths: self.slapadd(None, ["-n0", "-l", ldif_path]) self._log.debug("import ok: %s", self._slapd_conf) def _test_config(self): self._log.debug('testing config %s', self._slapd_conf) popen_list = [ self.PATH_SLAPD, "-Ttest", "-F", self._slapd_conf, "-u", "-v", "-d", "config" ] p = subprocess.run( popen_list, stdout=subprocess.PIPE, stderr=subprocess.STDOUT ) if p.returncode != 0: self._log.error(p.stdout.decode("utf-8")) raise RuntimeError("configuration test failed") self._log.info("config ok: %s", self._slapd_conf) def _start_slapd(self): """ Spawns/forks the slapd process """ urls = [self.ldap_uri] if self.ldapi_uri: urls.append(self.ldapi_uri) slapd_args = [ self.PATH_SLAPD, '-F', self._slapd_conf, '-h', ' '.join(urls), ] if self._log.isEnabledFor(logging.DEBUG): slapd_args.extend(['-d', '-1']) else: slapd_args.extend(['-d', '0']) self._log.info('starting slapd: %r', ' '.join(slapd_args)) self._proc = subprocess.Popen(slapd_args) # Waits until the LDAP server socket is open, or slapd crashed deadline = time.monotonic() + 10 # no cover to avoid spurious coverage changes, see # https://github.com/python-ldap/python-ldap/issues/127 while True: # pragma: no cover if self._proc.poll() is not None: self._stopped() raise RuntimeError("slapd exited before opening port") try: self._log.debug( "slapd connection check to %s", self.default_ldap_uri ) self.ldapwhoami() except RuntimeError: if time.monotonic() >= deadline: break time.sleep(0.2) else: return raise RuntimeError("slapd did not start properly") def start(self): """ Starts the slapd server process running, and waits for it to come up. """ if self._proc is None: # prepare directory structure atexit.register(self.stop) self._cleanup_rundir() self.setup_rundir() self._write_config() self._test_config() self._start_slapd() self._log.debug( 'slapd with pid=%d listening on %s and %s', self._proc.pid, self.ldap_uri, self.ldapi_uri ) def stop(self): """ Stops the slapd server, and waits for it to terminate and cleans up """ if self._proc is not None: self._log.debug('stopping slapd with pid %d', self._proc.pid) self._proc.terminate() self.wait() self._cleanup_rundir() atexit.unregister(self.stop) def restart(self): """ Restarts the slapd server with same data """ self._proc.terminate() self.wait() self._start_slapd() def wait(self): """Waits for the slapd process to terminate by itself.""" if self._proc: self._proc.wait() self._stopped() def _stopped(self): """Called when the slapd server is known to have terminated""" if self._proc is not None: self._log.info('slapd[%d] terminated', self._proc.pid) self._proc = None def _cli_auth_args(self): if self.cli_sasl_external: authc_args = [ '-Y', 'EXTERNAL', ] if not self._log.isEnabledFor(logging.DEBUG): authc_args.append('-Q') else: authc_args = [ '-x', '-D', self.root_dn, '-w', self.root_pw, ] return authc_args # no cover to avoid spurious coverage changes def _cli_popen(self, ldapcommand, extra_args=None, ldap_uri=None, stdin_data=None): # pragma: no cover if ldap_uri is None: ldap_uri = self.default_ldap_uri if ldapcommand.split("/")[-1].startswith("ldap"): args = [ldapcommand, '-H', ldap_uri] + self._cli_auth_args() else: args = [ldapcommand, '-F', self._slapd_conf] args += (extra_args or []) self._log.debug('Run command: %r', ' '.join(args)) proc = subprocess.Popen( args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE ) self._log.debug('stdin_data=%r', stdin_data) stdout_data, stderr_data = proc.communicate(stdin_data) if stdout_data is not None: self._log.debug('stdout_data=%r', stdout_data) if stderr_data is not None: self._log.debug('stderr_data=%r', stderr_data) if proc.wait() != 0: raise RuntimeError( '{!r} process failed:\n{!r}\n{!r}'.format( args, stdout_data, stderr_data ) ) return stdout_data, stderr_data def ldapwhoami(self, extra_args=None): """ Runs ldapwhoami on this slapd instance """ self._cli_popen(self.PATH_LDAPWHOAMI, extra_args=extra_args) def ldapadd(self, ldif, extra_args=None): """ Runs ldapadd on this slapd instance, passing it the ldif content """ self._cli_popen(self.PATH_LDAPADD, extra_args=extra_args, stdin_data=ldif.encode('utf-8')) def ldapmodify(self, ldif, extra_args=None): """ Runs ldapadd on this slapd instance, passing it the ldif content """ self._cli_popen(self.PATH_LDAPMODIFY, extra_args=extra_args, stdin_data=ldif.encode('utf-8')) def ldapdelete(self, dn, recursive=False, extra_args=None): """ Runs ldapdelete on this slapd instance, deleting 'dn' """ if extra_args is None: extra_args = [] if recursive: extra_args.append('-r') extra_args.append(dn) self._cli_popen(self.PATH_LDAPDELETE, extra_args=extra_args) def slapadd(self, ldif, extra_args=None): """ Runs slapadd on this slapd instance, passing it the ldif content """ self._cli_popen( self.PATH_SLAPADD, stdin_data=ldif.encode("utf-8") if ldif else None, extra_args=extra_args, ) def __enter__(self): self.start() return self def __exit__(self, exc_type, exc_value, traceback): self.stop() class SlapdTestCase(unittest.TestCase): """ test class which also clones or initializes a running slapd """ server_class = SlapdObject server = None ldap_object_class = None def _open_ldap_conn(self, who=None, cred=None, **kwargs): """ return a LDAPObject instance after simple bind """ ldap_conn = self.ldap_object_class(self.server.ldap_uri, **kwargs) ldap_conn.protocol_version = 3 #ldap_conn.set_option(ldap.OPT_REFERRALS, 0) ldap_conn.simple_bind_s(who or self.server.root_dn, cred or self.server.root_pw) return ldap_conn @classmethod def setUpClass(cls): cls.server = cls.server_class() cls.server.start() @classmethod def tearDownClass(cls): cls.server.stop() ././@PaxHeader0000000000000000000000000000003400000000000010212 xustar0028 mtime=1700253999.7792356 python-ldap-3.4.4/Lib/slapdtest/certs/0000755000175000017500000000000014525750460020072 5ustar00spichugispichugi././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/slapdtest/certs/README0000644000175000017500000000166514521037673020762 0ustar00spichugispichugipython-ldap test certificates ============================= Certificates and keys --------------------- * ``ca.pem``: internal root CA certificate * ``server.pem``: TLS server certificate for slapd, signed by root CA. The server cert is valid for DNS Name ``localhost`` and IPs ``127.0.0.1`` and ``:1``. * ``server.key``: private key for ``server.pem``, no password protection * ``client.pem``: certificate for TLS client cert authentication, signed by root CA. * ``client.key``: private key for ``client.pem``, no password protection Configuration and scripts ------------------------- * ``ca.conf`` contains the CA definition as well as extensions for the client and server certificates. * ``client.conf`` and ``server.conf`` hold the subject and base configuration for server and client certs. * ``gencerts.sh`` creates new CA, client and server certificates. * ``gennssdb.sh`` can be used to create a NSSDB for all certs and keys. ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/slapdtest/certs/ca.conf0000644000175000017500000000315114521037673021324 0ustar00spichugispichugi# Written by Christian Heimes [default] ca = "ca" tmpdir = $ENV::CATMPDIR outdir = $ENV::CAOUTDIR name_opt = multiline,-esc_msb,utf8 [req] default_bits = 2048 encrypt_key = no default_md = sha256 utf8 = yes string_mask = utf8only prompt = no distinguished_name = ca_dn [ca_dn] countryName = "DE" organizationName = "python-ldap" organizationalUnitName = "slapd-test" commonName = "Python LDAP Test CA" [ca] default_ca = python_ldap_ca [python_ldap_ca] certificate = $outdir/$ca.pem private_key = $outdir/$ca.key new_certs_dir = $tmpdir serial = $tmpdir/$ca.crt.srl crlnumber = $tmpdir/$ca.crl.srl database = $tmpdir/$ca.db unique_subject = no default_days = 365200 default_md = sha256 policy = match_pol email_in_dn = no preserve = no name_opt = $name_opt cert_opt = ca_default copy_extensions = none default_crl_days = 365100 [match_pol] countryName = match stateOrProvinceName = optional localityName = optional organizationName = match organizationalUnitName = match commonName = supplied [ca_ext] basicConstraints = critical,CA:true keyUsage = critical,keyCertSign,cRLSign subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always [server_san] DNS.1 = localhost IP.1 = 127.0.0.1 IP.2 = ::1 [server_ext] basicConstraints = critical,CA:false keyUsage = critical,digitalSignature,keyEncipherment extendedKeyUsage = critical,serverAuth subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always subjectAltName = @server_san [client_ext] basicConstraints = critical,CA:false keyUsage = critical,digitalSignature extendedKeyUsage = critical,clientAuth subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/slapdtest/certs/ca.pem0000644000175000017500000001047514521037673021167 0ustar00spichugispichugiCertificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: C=DE, O=python-ldap, OU=slapd-test, CN=Python LDAP Test CA Validity Not Before: Apr 12 18:52:38 2019 GMT Not After : Oct 17 18:52:38 2994 GMT Subject: C=DE, O=python-ldap, OU=slapd-test, CN=Python LDAP Test CA Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:d7:30:73:20:44:7d:83:d4:c7:01:b8:ab:1e:7c: 91:f4:38:ac:9c:41:43:64:0c:31:99:48:70:22:7d: ae:1b:47:e7:2a:28:4d:f7:46:4e:b4:ba:ae:c0:9d: d5:1f:4b:7a:79:2f:b9:dc:68:7f:79:84:88:50:51: 3b:7d:dc:d5:57:17:66:45:c0:2c:20:13:f7:99:d6: 9d:e2:12:7c:41:76:82:51:19:2c:b6:ff:46:cb:04: 56:38:22:2a:c3:7a:b5:71:51:49:4e:62:68:a0:99: 6f:de:f3:a2:0f:a2:aa:1b:72:a5:87:bc:42:5a:a7: 22:8d:33:b4:88:a8:dc:5d:72:ca:dd:a0:9a:4e:db: 7d:8b:10:de:c5:41:e9:e9:8d:fa:6c:dd:94:6e:b1: 31:c2:6d:a1:69:6c:7a:3a:b2:76:65:c9:e5:95:38: 62:40:81:c6:29:26:26:d1:d1:c1:f4:5e:fa:24:ef: 13:da:24:13:6f:f5:5c:ba:b1:31:8f:30:94:71:7b: c6:e5:da:b9:b5:64:39:39:09:c2:4a:80:64:58:1d: 99:f5:65:3c:a7:26:08:95:26:35:7b:fa:e7:20:08: ff:72:df:9b:8f:9f:da:8b:c3:a7:8b:fc:8c:c0:a5: 31:87:1d:4c:14:f6:cf:90:5e:2e:6e:a6:db:27:08: eb:df Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: BD:78:D5:4A:F1:90:96:C5:E8:EC:66:49:23:47:03:5F:26:73:86:B2 X509v3 Authority Key Identifier: keyid:BD:78:D5:4A:F1:90:96:C5:E8:EC:66:49:23:47:03:5F:26:73:86:B2 Signature Algorithm: sha256WithRSAEncryption 06:20:1f:eb:42:6a:42:62:b1:ee:69:c8:cd:47:a6:2e:69:95: 59:dc:49:09:69:40:93:25:a1:ec:6d:3a:dd:dc:e5:74:ab:33: 9d:8f:cc:e3:bb:7a:3f:5b:51:58:74:f7:bd:6c:7c:3c:b6:5a: 05:50:a8:8c:c3:fb:5b:75:2a:c2:6c:06:93:4c:a9:93:71:1c: 51:e5:be:a1:24:93:e2:79:ca:ea:08:86:90:b9:70:e7:7a:40: bf:f4:d6:71:f4:4d:c0:0f:e0:31:a0:23:46:77:30:72:a9:62: 8a:2a:12:c4:dd:3d:86:ae:f7:6b:33:80:26:58:49:53:ff:cd: 8a:c6:f6:11:2c:b3:ff:a5:8e:1c:f8:22:e2:1b:8e:04:33:fb: 0d:da:31:86:12:9f:d1:03:86:9c:6a:78:5e:3c:5e:8a:52:aa: 68:1f:ff:f9:17:75:b0:da:f2:99:3c:80:3c:96:2a:33:07:54: 59:84:e7:92:34:0f:99:76:e3:d6:4d:4d:9c:fb:21:35:f9:cb: a5:30:80:8b:9d:61:90:d3:d4:59:3a:2f:f2:f6:20:13:7e:26: dc:50:b0:49:3e:19:fe:eb:7d:cf:b9:1a:5d:5c:3a:76:30:d9: 0e:d7:df:de:ce:a9:c4:21:df:63:b9:d0:64:86:0b:28:9a:2e: ab:51:73:e4 -----BEGIN CERTIFICATE----- MIIDjDCCAnSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJERTEU MBIGA1UECgwLcHl0aG9uLWxkYXAxEzARBgNVBAsMCnNsYXBkLXRlc3QxHDAaBgNV BAMME1B5dGhvbiBMREFQIFRlc3QgQ0EwIBcNMTkwNDEyMTg1MjM4WhgPMjk5NDEw MTcxODUyMzhaMFYxCzAJBgNVBAYTAkRFMRQwEgYDVQQKDAtweXRob24tbGRhcDET MBEGA1UECwwKc2xhcGQtdGVzdDEcMBoGA1UEAwwTUHl0aG9uIExEQVAgVGVzdCBD QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANcwcyBEfYPUxwG4qx58 kfQ4rJxBQ2QMMZlIcCJ9rhtH5yooTfdGTrS6rsCd1R9Lenkvudxof3mEiFBRO33c 1VcXZkXALCAT95nWneISfEF2glEZLLb/RssEVjgiKsN6tXFRSU5iaKCZb97zog+i qhtypYe8QlqnIo0ztIio3F1yyt2gmk7bfYsQ3sVB6emN+mzdlG6xMcJtoWlsejqy dmXJ5ZU4YkCBxikmJtHRwfRe+iTvE9okE2/1XLqxMY8wlHF7xuXaubVkOTkJwkqA ZFgdmfVlPKcmCJUmNXv65yAI/3Lfm4+f2ovDp4v8jMClMYcdTBT2z5BeLm6m2ycI 698CAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD VR0OBBYEFL141UrxkJbF6OxmSSNHA18mc4ayMB8GA1UdIwQYMBaAFL141UrxkJbF 6OxmSSNHA18mc4ayMA0GCSqGSIb3DQEBCwUAA4IBAQAGIB/rQmpCYrHuacjNR6Yu aZVZ3EkJaUCTJaHsbTrd3OV0qzOdj8zju3o/W1FYdPe9bHw8tloFUKiMw/tbdSrC bAaTTKmTcRxR5b6hJJPiecrqCIaQuXDnekC/9NZx9E3AD+AxoCNGdzByqWKKKhLE 3T2GrvdrM4AmWElT/82KxvYRLLP/pY4c+CLiG44EM/sN2jGGEp/RA4acanhePF6K UqpoH//5F3Ww2vKZPIA8liozB1RZhOeSNA+ZduPWTU2c+yE1+culMICLnWGQ09RZ Oi/y9iATfibcULBJPhn+633PuRpdXDp2MNkO19/ezqnEId9judBkhgsomi6rUXPk -----END CERTIFICATE----- ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/slapdtest/certs/client.conf0000644000175000017500000000045014521037673022216 0ustar00spichugispichugi# Written by Christian Heimes [req] default_bits = 2048 encrypt_key = no default_md = sha256 utf8 = yes string_mask = utf8only prompt = no distinguished_name = client_dn [client_dn] countryName = "DE" organizationName = "python-ldap" organizationalUnitName = "slapd-test" commonName = "client" ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/slapdtest/certs/client.key0000644000175000017500000000325014521037673022062 0ustar00spichugispichugi-----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDjt5O6nRrnAWPm T0JvRLBHMclll92IWF/O4GEdcJ5fbBxP3BxK0Dv+6aRcR7b2o0f6fk/bgNepXfv/ MXDQcFlESbfmUNGshFmZr0sjPrYPD1R06TZs+/7RsMXnx1c79mFGEQ4wqzDOBHKQ xeDhNJk+BcE0QABsqF8AA2XC2/dK14QCljKLC84k1zTFTnh8duN2eAalaPQFFOoj 4AnonUnswJ45zIx5V2BdG+oqO5dwo/cEukKgAEL8T2IJ9Cqlmh2sPbMqYC8cODq6 YcugMznxrfHV5LNThfkvwMe26+vv68r65zalPDy0M+cUMTMyBVY4TL3fejrloY2t YMhPJIclAgMBAAECggEAPXdd/u9NRbGQX6hhTFuEIZOEw1F80MLaCaNzU1kExskN 01icom0W5LX4UZhiAK0OTsUtlRhwHh1qWfXkd777uX0UkKycDC8laGByra7Nwb7n ky8oK77Rh5RptyiNmXflxd3wsJ5k7BczPXTMQL3L53vyLMJh2vKPwhcorrJlS+Pi JjINMaR4IrDlpMYlrn9NTjsGr+mj/pdmKfU/KVXeKzFcwKTjUnDJNSbGDIC0AxaJ dGU0yIX9MPW+p5szcA9o22UWW4LsEFY4YABeCqbm9/UQt3jWVMjCy4AOgr/9HWSR DvXI/Xtdl3CTCr8+qDnhBaUI27z+UelZfTBFKUb8AQKBgQD6SmtrTBgEfb6tuxJw AAHRuUcWGjatZ7X+meHRC9B7UPxUrKl9tU5NC7Gz6YMt+vr4bNMwykI6Ndj+4tSJ KqsAC86v19CH4usMBLZ68MeTRvtQGiPah71syYrxf0uvYOx/KzUUBX240Ls+lEbE W33psMoNAezUPpJwKx7CMjcBgQKBgQDo6VaT59bKRc3DXJvqFjd7TPIex+ny6JK+ 8oOwyyFFBwkzfymoOxN4lxSrE6yf7uTemRRn+RIH3UGDottIDqzhjvtcV5uODeIN 8WzxTbl759qIxt+z7aF7SkwJLJAAZS3qqCXKtMBo7ln4xKaoRLT2RohqD1YXGrg8 wmYcUZoPpQKBgQCm2QVSuZ8pH0oFNjfMQbT0wbYJnd/lKMXBu4M1f9Ky4gHT0GYM Ttirs6f6byfrduvmv2TpmWscsti80SktZywnE7fssMlqTHKzyFB9FBV2sFLHyyUr gGFeK9xbsKgbeVkuTPdNKXvtv/eSd/XU38jIB/opQadGtY+ZBqWyfxb8AQKBgBLc SlmBzZ/llSr7xdhn4ihG69hYQfacpL13r/hSCqinUDRuWLY5ynLacR8FYdY1pyzr Yn6k6bPfU93QA0fLgG5ngK1SntMbBrIwWa0UqS+Cb+zhhd3xIUF1m8CmbibKCrTU 1vKaPnaAzqJZclFv9uN2hLdp9IO8cyzgZRpn9TzNAoGAUfZF1983qknfBgD8Lgm3 zzKYtc8q2Ukatfo4VCp66CEprbLcBq5mKx6JiBoMGqU8SI5XVG0F0aHH2n8gImcu bO0vtEldDc1ylZ/H7xhHFWlMzmTlsbHdHVtetFfKLTpjq6duvgLA12lJNHNVu3OU Z1bRWDeZIP70+jdYrmSoVi8= -----END PRIVATE KEY----- ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/slapdtest/certs/client.pem0000644000175000017500000001062314521037673022055 0ustar00spichugispichugiCertificate: Data: Version: 3 (0x2) Serial Number: 3 (0x3) Signature Algorithm: sha256WithRSAEncryption Issuer: C=DE, O=python-ldap, OU=slapd-test, CN=Python LDAP Test CA Validity Not Before: Apr 12 18:52:38 2019 GMT Not After : Mar 1 18:52:38 3019 GMT Subject: C=DE, O=python-ldap, OU=slapd-test, CN=client Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:e3:b7:93:ba:9d:1a:e7:01:63:e6:4f:42:6f:44: b0:47:31:c9:65:97:dd:88:58:5f:ce:e0:61:1d:70: 9e:5f:6c:1c:4f:dc:1c:4a:d0:3b:fe:e9:a4:5c:47: b6:f6:a3:47:fa:7e:4f:db:80:d7:a9:5d:fb:ff:31: 70:d0:70:59:44:49:b7:e6:50:d1:ac:84:59:99:af: 4b:23:3e:b6:0f:0f:54:74:e9:36:6c:fb:fe:d1:b0: c5:e7:c7:57:3b:f6:61:46:11:0e:30:ab:30:ce:04: 72:90:c5:e0:e1:34:99:3e:05:c1:34:40:00:6c:a8: 5f:00:03:65:c2:db:f7:4a:d7:84:02:96:32:8b:0b: ce:24:d7:34:c5:4e:78:7c:76:e3:76:78:06:a5:68: f4:05:14:ea:23:e0:09:e8:9d:49:ec:c0:9e:39:cc: 8c:79:57:60:5d:1b:ea:2a:3b:97:70:a3:f7:04:ba: 42:a0:00:42:fc:4f:62:09:f4:2a:a5:9a:1d:ac:3d: b3:2a:60:2f:1c:38:3a:ba:61:cb:a0:33:39:f1:ad: f1:d5:e4:b3:53:85:f9:2f:c0:c7:b6:eb:eb:ef:eb: ca:fa:e7:36:a5:3c:3c:b4:33:e7:14:31:33:32:05: 56:38:4c:bd:df:7a:3a:e5:a1:8d:ad:60:c8:4f:24: 87:25 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: critical TLS Web Client Authentication X509v3 Subject Key Identifier: 4F:E7:35:C7:C8:C1:01:C3:7C:53:86:B9:BF:AE:8B:D6:45:A2:78:20 X509v3 Authority Key Identifier: keyid:BD:78:D5:4A:F1:90:96:C5:E8:EC:66:49:23:47:03:5F:26:73:86:B2 Signature Algorithm: sha256WithRSAEncryption 1c:90:5f:cf:18:48:95:4d:9d:d3:8e:6d:d1:69:19:1e:7b:3f: 1f:48:7c:c8:0d:2f:c4:53:0f:89:23:f4:be:ea:b4:7a:c6:dd: cc:18:0f:e7:34:ea:2c:d4:07:0d:65:78:e8:20:40:3f:36:ef: 2c:00:31:69:e6:20:48:65:be:57:03:0e:69:ff:b9:83:59:99: 7d:4d:86:98:14:5b:8e:39:25:3a:a8:6d:51:dc:45:a5:0f:cd: f3:7a:fd:55:af:5f:55:75:20:03:f5:4a:75:6a:79:2f:76:84: f6:4e:3d:1d:59:45:9a:b1:6a:57:6f:16:76:76:f8:df:6e:96: d5:25:27:34:4b:21:d8:c9:9a:36:55:45:a0:43:16:43:68:93: 37:af:81:89:06:d1:56:1b:9e:0f:62:40:ad:3c:4c:f5:ef:6c: a2:a4:7f:f2:fa:78:9c:0d:c0:19:f1:10:e8:d8:cf:03:67:3c: 2d:4d:f3:5d:67:5c:41:a7:4f:d6:c5:0e:ff:2c:04:dd:23:bb: 85:44:8e:25:ac:15:a3:82:fa:a4:4f:fa:1d:87:f0:58:dc:ae: 53:05:b9:81:e8:cb:e5:0c:ac:a5:74:68:03:f9:22:a0:45:b6: 62:58:e0:98:d9:8c:54:a4:22:03:7a:37:12:eb:7d:b1:ad:45: 60:8e:7a:df -----BEGIN CERTIFICATE----- MIIDlDCCAnygAwIBAgIBAzANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJERTEU MBIGA1UECgwLcHl0aG9uLWxkYXAxEzARBgNVBAsMCnNsYXBkLXRlc3QxHDAaBgNV BAMME1B5dGhvbiBMREFQIFRlc3QgQ0EwIBcNMTkwNDEyMTg1MjM4WhgPMzAxOTAz MDExODUyMzhaMEkxCzAJBgNVBAYTAkRFMRQwEgYDVQQKDAtweXRob24tbGRhcDET MBEGA1UECwwKc2xhcGQtdGVzdDEPMA0GA1UEAwwGY2xpZW50MIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA47eTup0a5wFj5k9Cb0SwRzHJZZfdiFhfzuBh HXCeX2wcT9wcStA7/umkXEe29qNH+n5P24DXqV37/zFw0HBZREm35lDRrIRZma9L Iz62Dw9UdOk2bPv+0bDF58dXO/ZhRhEOMKswzgRykMXg4TSZPgXBNEAAbKhfAANl wtv3SteEApYyiwvOJNc0xU54fHbjdngGpWj0BRTqI+AJ6J1J7MCeOcyMeVdgXRvq KjuXcKP3BLpCoABC/E9iCfQqpZodrD2zKmAvHDg6umHLoDM58a3x1eSzU4X5L8DH tuvr7+vK+uc2pTw8tDPnFDEzMgVWOEy933o65aGNrWDITySHJQIDAQABo3gwdjAM BgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEF BQcDAjAdBgNVHQ4EFgQUT+c1x8jBAcN8U4a5v66L1kWieCAwHwYDVR0jBBgwFoAU vXjVSvGQlsXo7GZJI0cDXyZzhrIwDQYJKoZIhvcNAQELBQADggEBAByQX88YSJVN ndOObdFpGR57Px9IfMgNL8RTD4kj9L7qtHrG3cwYD+c06izUBw1leOggQD827ywA MWnmIEhlvlcDDmn/uYNZmX1NhpgUW445JTqobVHcRaUPzfN6/VWvX1V1IAP1SnVq eS92hPZOPR1ZRZqxaldvFnZ2+N9ultUlJzRLIdjJmjZVRaBDFkNokzevgYkG0VYb ng9iQK08TPXvbKKkf/L6eJwNwBnxEOjYzwNnPC1N811nXEGnT9bFDv8sBN0ju4VE jiWsFaOC+qRP+h2H8FjcrlMFuYHoy+UMrKV0aAP5IqBFtmJY4JjZjFSkIgN6NxLr fbGtRWCOet8= -----END CERTIFICATE----- ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/slapdtest/certs/gencerts.sh0000755000175000017500000000240414521037673022243 0ustar00spichugispichugi#!/bin/sh # Written by Christian Heimes set -e export CAOUTDIR=. export CATMPDIR=tmp rm -rf $CATMPDIR rm -rf ca.pem ca.key server.pem server.key client.pem client.key rm -rf cert9.db key4.db pkcs11.tx mkdir -p $CAOUTDIR mkdir -p $CATMPDIR touch $CATMPDIR/ca.db touch $CATMPDIR/ca.db.attr echo '01' > $CATMPDIR/ca.crt.srl echo '01' > $CATMPDIR/ca.crl.srl # root CA openssl req -new \ -config ca.conf \ -out $CATMPDIR/ca.csr \ -keyout $CAOUTDIR/ca.key \ -batch openssl ca -selfsign \ -config ca.conf \ -in $CATMPDIR/ca.csr \ -out $CAOUTDIR/ca.pem \ -extensions ca_ext \ -days 356300 \ -batch # server cert openssl req -new \ -config server.conf \ -out $CATMPDIR/server.csr \ -keyout $CAOUTDIR/server.key \ -batch openssl ca \ -config ca.conf \ -in $CATMPDIR/server.csr \ -out $CAOUTDIR/server.pem \ -policy match_pol \ -extensions server_ext \ -batch # client cert openssl req -new \ -config client.conf \ -out $CATMPDIR/client.csr \ -keyout $CAOUTDIR/client.key \ -batch openssl ca \ -config ca.conf \ -in $CATMPDIR/client.csr \ -out $CAOUTDIR/client.pem \ -policy match_pol \ -extensions client_ext \ -batch # cleanup rm -rf $CATMPDIR ca.key echo DONE ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/slapdtest/certs/gennssdb.sh0000755000175000017500000000144714521037673022242 0ustar00spichugispichugi#!/bin/sh # Written by Christian Heimes set -e CATMPDIR=tmp PASSFILE=${CATMPDIR}/passwd.txt NSSDB=sql:${CAOUTDIR} mkdir -p $CATMPDIR # Create PKCS#12 files for NSSDB import echo "dummy" > $PASSFILE openssl pkcs12 -name "servercert" -in server.pem -inkey server.key \ -caname "testca" -CAfile ca.pem \ -password "file:${PASSFILE}" -export -out server.p12 openssl pkcs12 -name "clientcert" -in client.pem -inkey client.key \ -caname "testca" -CAfile ca.pem \ -password "file:${PASSFILE}" -export -out client.p12 # Create NSS DB certutil -d $NSSDB -N --empty-password certutil -d $NSSDB -A -n "testca" -t CT,, -a -i ca.pem pk12util -d $NSSDB -i server.p12 -w ${PASSFILE} pk12util -d $NSSDB -i client.p12 -w ${PASSFILE} certutil -d $NSSDB -L # cleanup rm -rf $CATMPDIR server.p12 client.p12././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/slapdtest/certs/server.conf0000644000175000017500000000047314521037673022253 0ustar00spichugispichugi# Written by Christian Heimes [req] default_bits = 2048 encrypt_key = no default_md = sha256 utf8 = yes string_mask = utf8only prompt = no distinguished_name = server_dn [server_dn] countryName = "DE" organizationName = "python-ldap" organizationalUnitName = "slapd-test" commonName = "server cert for localhost" ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/slapdtest/certs/server.key0000644000175000017500000000325014521037673022112 0ustar00spichugispichugi-----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCsBk0ml3ERFJyg I6ujIJYERVU4doTZZd4r4z/LOef0hyiYiIQAc9wetaoZpM+bl4Eherxy9SBaCBwR zefbaYQz2f2hdEDb+sISOiTke1eiF2ugYNlS55Wk1KnCnORE9bjcSNLPsscoUSzE 2bnBSoUwdiVK18YOCZR6GTeC8eA3ekvlR+9g+FBOgQ9+StXPDdq+iIAGXZREJIua munErtTOw85De4YFCnzGw3UeCITDD4wFmI2IWphRFwWPsSDwUJfATA8S+7Rm4vwr Qj726gUDlicTzPXKhJjXjj6XL7xXHfpQwMPkBCrxesKceHMJ+mrRsuuqHciuixRi g94mILElAgMBAAECggEADG5oJOHMye8zYl8xiBhSvvxDrFDkSNGTvJgvhAArQwCB boRvBZlZzt5R7Ih8eEH6kvDLrYMJU3hCjwbSOojlhNm7+m7sQPleDPMmt1wyeQQ4 Qt681cDmj4LOwcGUvWcEdObOVTQWMFOtaIxTYCSCe34OM9pj9Z+7mxc3a78O9PND Ib/CwcTA1OyoupzkKirqkdLXwK3x2aT/1TMaPX94taHB51cxXc7AglL9QnuCkuaG krqrexy3rGimzsP3OwQGEUjWKcZVSSPT8/k1pPE9hRgOqBy05BfkAzlebdvc3GO5 AbZk0NX2sfVHl4dTEXs/hTBCTQ3XmaltumQ9MdL+AQKBgQDg2I5QxBA2UHb8vCtK f31kfG6YQc4MkoslrrMrtJjZqDYaLZPS1ARPSfYRqcc+7GDreuLmw39f8ZECd+2W BYUqzZv9g13R9DY99g0/sINnZGsESwfIdLNNlHvVx2UrD5ybCj4vLhuPsVV7XlWs cpl+rcuBVpqy8UIXifQ/Z3xLvwKBgQDD3CLjuC0mcTO2sIWqEHqVkc8CY2NJA2Qh C78fwpaCqJUUdWnS69QbRGWgkFJL+oO8lQVQ1bXhZLHyQmy7Z5d5olCH6AW4GRnf hBAnKJ+QTm9B6QVWzjUuHuOeCukfiTQbha14pOS9ar3X2QFWjDnzCRrnAxJmoY3H BJATLHhMGwKBgQDSxAy7xt4Pm+O9y8Gk5tcq771X+i9k96V54EZRzMuPFDAK3/h2 o4marZD9Q7Hi2P+NHTc+67klvbKZpsPOYkRPOEdmH9M9cPe7oz8OGa9DpwzuDEsy a7p8GZjvbyb1c3/wkWxzG3x4eNnReD9FFHOwHMfr6LvAy4iRuh57pM0NzwKBgDY3 1DixnV4M7EHgb7/6O9T3vhRtKujlVWyIcen61etpe4tkTV0kB11c+70M9pstyBYG MqiD4It6coAbvznJnXcAZcaZhivGVxE237nXVwR9kfLu7JlxD+uqhVwUrSAbvR75 TGIfU2rUB6We3u30d349wQK+KPPcOQEk1DValBqNAoGBAKfXOXgFBkIVW79fOkup aIZXdEmU3Up61Oo0KDbxsg4l73NnnvuEnNMBTx3nT3KCVIAcQL9MNpLX/Z0HjOn1 aiWVtTNq2OFL0V0HueBhbkFiWp551jTS7LjndCYHpUB/B8/wXP0kxHUm8HrQrRvK DhV3zcxsXts1INidXjzzOkPi -----END PRIVATE KEY----- ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Lib/slapdtest/certs/server.pem0000644000175000017500000001121714521037673022105 0ustar00spichugispichugiCertificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: sha256WithRSAEncryption Issuer: C=DE, O=python-ldap, OU=slapd-test, CN=Python LDAP Test CA Validity Not Before: Apr 12 18:52:38 2019 GMT Not After : Mar 1 18:52:38 3019 GMT Subject: C=DE, O=python-ldap, OU=slapd-test, CN=server cert for localhost Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:ac:06:4d:26:97:71:11:14:9c:a0:23:ab:a3:20: 96:04:45:55:38:76:84:d9:65:de:2b:e3:3f:cb:39: e7:f4:87:28:98:88:84:00:73:dc:1e:b5:aa:19:a4: cf:9b:97:81:21:7a:bc:72:f5:20:5a:08:1c:11:cd: e7:db:69:84:33:d9:fd:a1:74:40:db:fa:c2:12:3a: 24:e4:7b:57:a2:17:6b:a0:60:d9:52:e7:95:a4:d4: a9:c2:9c:e4:44:f5:b8:dc:48:d2:cf:b2:c7:28:51: 2c:c4:d9:b9:c1:4a:85:30:76:25:4a:d7:c6:0e:09: 94:7a:19:37:82:f1:e0:37:7a:4b:e5:47:ef:60:f8: 50:4e:81:0f:7e:4a:d5:cf:0d:da:be:88:80:06:5d: 94:44:24:8b:9a:9a:e9:c4:ae:d4:ce:c3:ce:43:7b: 86:05:0a:7c:c6:c3:75:1e:08:84:c3:0f:8c:05:98: 8d:88:5a:98:51:17:05:8f:b1:20:f0:50:97:c0:4c: 0f:12:fb:b4:66:e2:fc:2b:42:3e:f6:ea:05:03:96: 27:13:cc:f5:ca:84:98:d7:8e:3e:97:2f:bc:57:1d: fa:50:c0:c3:e4:04:2a:f1:7a:c2:9c:78:73:09:fa: 6a:d1:b2:eb:aa:1d:c8:ae:8b:14:62:83:de:26:20: b1:25 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: critical TLS Web Server Authentication X509v3 Subject Key Identifier: 08:D1:86:1B:82:0A:4F:71:31:E4:F5:31:23:CC:67:3B:FA:84:3B:A0 X509v3 Authority Key Identifier: keyid:BD:78:D5:4A:F1:90:96:C5:E8:EC:66:49:23:47:03:5F:26:73:86:B2 X509v3 Subject Alternative Name: DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1 Signature Algorithm: sha256WithRSAEncryption 88:60:af:be:11:c4:aa:dc:9b:f1:e7:14:da:20:aa:6f:2f:06: ae:38:b2:7c:ac:90:81:22:51:7e:cb:26:15:6e:fe:67:98:c1: 0d:dc:aa:39:98:2b:d2:cc:3c:ff:1a:92:2f:56:0a:a9:6e:d8: 9a:3d:c5:4d:6f:cc:91:2e:e3:4e:bf:22:ab:cb:92:1a:a0:8f: 43:cd:82:bc:48:55:c4:95:cf:10:6b:6a:31:19:92:7d:e0:06: 05:6f:0b:33:e7:2a:37:42:f9:ec:1b:29:99:e1:58:0c:01:a7: c3:8b:58:71:21:9f:61:8c:a7:fb:b6:7e:32:8b:a9:4e:c7:1f: f6:46:e8:dd:ac:a6:4c:53:f8:4d:93:e4:ec:73:ab:0b:be:98: c5:78:c4:92:c0:4c:78:47:52:2f:93:07:67:20:a4:5a:7f:59: 7e:4f:48:53:20:0d:37:bb:06:f8:44:42:64:b4:94:15:43:d1: 4c:51:f3:97:1d:2d:cd:db:b9:bb:1a:69:10:89:7d:ae:1d:0d: 94:78:45:29:cd:c4:42:67:67:96:05:bf:da:aa:23:65:7b:04: ff:b7:ac:9d:ee:0b:e7:0f:c1:c5:0b:48:fe:0f:d6:3f:d8:b4: 77:12:bb:f5:91:4f:43:e6:01:3f:a4:c0:ea:8c:c6:68:99:8e: 49:e8:c4:8b -----BEGIN CERTIFICATE----- MIID1zCCAr+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJERTEU MBIGA1UECgwLcHl0aG9uLWxkYXAxEzARBgNVBAsMCnNsYXBkLXRlc3QxHDAaBgNV BAMME1B5dGhvbiBMREFQIFRlc3QgQ0EwIBcNMTkwNDEyMTg1MjM4WhgPMzAxOTAz MDExODUyMzhaMFwxCzAJBgNVBAYTAkRFMRQwEgYDVQQKDAtweXRob24tbGRhcDET MBEGA1UECwwKc2xhcGQtdGVzdDEiMCAGA1UEAwwZc2VydmVyIGNlcnQgZm9yIGxv Y2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKwGTSaXcREU nKAjq6MglgRFVTh2hNll3ivjP8s55/SHKJiIhABz3B61qhmkz5uXgSF6vHL1IFoI HBHN59tphDPZ/aF0QNv6whI6JOR7V6IXa6Bg2VLnlaTUqcKc5ET1uNxI0s+yxyhR LMTZucFKhTB2JUrXxg4JlHoZN4Lx4Dd6S+VH72D4UE6BD35K1c8N2r6IgAZdlEQk i5qa6cSu1M7DzkN7hgUKfMbDdR4IhMMPjAWYjYhamFEXBY+xIPBQl8BMDxL7tGbi /CtCPvbqBQOWJxPM9cqEmNeOPpcvvFcd+lDAw+QEKvF6wpx4cwn6atGy66odyK6L FGKD3iYgsSUCAwEAAaOBpzCBpDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF oDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUCNGGG4IKT3Ex5PUx I8xnO/qEO6AwHwYDVR0jBBgwFoAUvXjVSvGQlsXo7GZJI0cDXyZzhrIwLAYDVR0R BCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAAAAAAAAAAAAAAAAABMA0GCSqGSIb3 DQEBCwUAA4IBAQCIYK++EcSq3Jvx5xTaIKpvLwauOLJ8rJCBIlF+yyYVbv5nmMEN 3Ko5mCvSzDz/GpIvVgqpbtiaPcVNb8yRLuNOvyKry5IaoI9DzYK8SFXElc8Qa2ox GZJ94AYFbwsz5yo3QvnsGymZ4VgMAafDi1hxIZ9hjKf7tn4yi6lOxx/2RujdrKZM U/hNk+Tsc6sLvpjFeMSSwEx4R1IvkwdnIKRaf1l+T0hTIA03uwb4REJktJQVQ9FM UfOXHS3N27m7GmkQiX2uHQ2UeEUpzcRCZ2eWBb/aqiNlewT/t6yd7gvnD8HFC0j+ D9Y/2LR3Erv1kU9D5gE/pMDqjMZomY5J6MSL -----END CERTIFICATE----- ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/MANIFEST.in0000644000175000017500000000060714521037673016002 0ustar00spichugispichugiinclude MANIFEST.in Makefile CHANGES INSTALL LICENCE README TODO include tox.ini .coveragerc include Modules/*.c Modules/*.h recursive-include Build *.cfg* recursive-include Lib *.py recursive-include Demo *.py recursive-include Tests *.py *.ldif recursive-include Lib/slapdtest *.pem *.key *.conf *.sh README recursive-include Doc *.rst *.py spelling_wordlist.txt Makefile prune Doc/.build ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253011.0 python-ldap-3.4.4/Makefile0000644000175000017500000000463614525746523015717 0ustar00spichugispichugiPYTHON=python3 LCOV_INFO=build/lcov.info LCOV_REPORT=build/lcov_report LCOV_REPORT_OPTIONS=--show-details -no-branch-coverage \ --title "python-ldap LCOV report" SCAN_REPORT=build/scan_report PYTHON_SUPP=/usr/share/doc/python3-devel/valgrind-python.supp .NOTPARALLEL: .PHONY: all all: Modules/constants_generated.h: Lib/ldap/constants.py $(PYTHON) $^ > $@ indent Modules/constants_generated.h rm -f Modules/constants_generated.h~ .PHONY: clean clean: rm -rf build dist *.egg-info .tox MANIFEST rm -f .coverage .coverage.* find . \( -name '*.py[co]' -or -name '*.so*' -or -name '*.dylib' \) \ -delete find . -depth -name __pycache__ -exec rm -rf {} \; build: mkdir -p build # LCOV report (measuring test coverage for C code) .PHONY: lcov-clean lcov-coverage lcov-report lcov-open lcov lcov-clean: rm -rf $(LCOV_INFO) $(LCOV_REPORT) if [ -d build ]; then find build -name '*.gc??' -delete; fi lcov-coverage: WITH_GCOV=1 tox -e py36 $(LCOV_INFO): build lcov --capture --directory build --output-file $(LCOV_INFO) $(LCOV_REPORT): $(LCOV_INFO) genhtml --output-directory $(LCOV_REPORT) \ $(LCOV_REPORT_OPTIONS) $(LCOV_INFO) lcov-report: $(LCOV_REPORT) lcov-open: $(LCOV_REPORT) xdg-open $(LCOV_REPORT)/index.html lcov: lcov-clean $(MAKE) lcov-coverage $(MAKE) lcov-report # clang-analyzer for static C code analysis .PHONY: scan-build scan-build: scan-build -o $(SCAN_REPORT) --html-title="python-ldap scan report" \ -analyze-headers --view \ $(PYTHON) setup.py clean --all build # valgrind memory checker .PHONY: valgrind $(PYTHON_SUPP): @ >&2 echo "valgrind-python.supp not found" @ >&2 echo "install Python development files and run:" @ >&2 echo " $(MAKE) valgrind PYTHON_SUPP=/your/path/to/valgrind-python.supp" exit 1; valgrind: build $(PYTHON_SUPP) valgrind \ --leak-check=full \ --track-fds=yes \ --suppressions=$(PYTHON_SUPP) \ --suppressions=Misc/python-ldap.supp \ --gen-suppressions=all \ --log-file=build/valgrind.log \ $(PYTHON) setup.py test @grep -A7 "blocks are definitely lost" build/valgrind.log; \ if [ $$? == 0 ]; then \ echo "Found definitive leak, see build/valgrind.log"; \ exit 1; \ fi # Code autoformatter .PHONY: autoformat indent black black-check autoformat: indent black indent: indent Modules/*.c Modules/*.h rm -f Modules/*.c~ Modules/*.h~ black: $(PYTHON) -m black $(CURDIR) black-check: $(PYTHON) -m black $(CURDIR) --check ././@PaxHeader0000000000000000000000000000003400000000000010212 xustar0028 mtime=1700253999.7812357 python-ldap-3.4.4/Modules/0000755000175000017500000000000014525750460015651 5ustar00spichugispichugi././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253011.0 python-ldap-3.4.4/Modules/LDAPObject.c0000644000175000017500000012345614525746523017704 0ustar00spichugispichugi/* See https://www.python-ldap.org/ for details. */ #include "common.h" #include "patchlevel.h" #include #include #include "constants.h" #include "LDAPObject.h" #include "ldapcontrol.h" #include "message.h" #include "berval.h" #include "options.h" #ifdef HAVE_SASL #include #endif static void free_attrs(char ***); /* constructor */ LDAPObject * newLDAPObject(LDAP *l) { LDAPObject *self = (LDAPObject *)PyObject_NEW(LDAPObject, &LDAP_Type); if (self == NULL) return NULL; self->ldap = l; self->_save = NULL; self->valid = 1; return self; } /* destructor */ static void dealloc(LDAPObject *self) { if (self->ldap) { if (self->valid) { LDAP_BEGIN_ALLOW_THREADS(self); ldap_unbind_ext(self->ldap, NULL, NULL); LDAP_END_ALLOW_THREADS(self); self->valid = 0; } self->ldap = NULL; } PyObject_DEL(self); } /*------------------------------------------------------------ * utility functions */ /* * check to see if the LDAPObject is valid, * ie has been opened, and not closed. An exception is set if not valid. */ static int not_valid(LDAPObject *l) { if (l->valid) { return 0; } else { PyErr_SetString(LDAPexception_class, "LDAP connection invalid"); return 1; } } /* free a LDAPMod (complete or partially) allocated in Tuple_to_LDAPMod() */ static void LDAPMod_DEL(LDAPMod *lm) { Py_ssize_t i; if (lm->mod_type) PyMem_DEL(lm->mod_type); if (lm->mod_bvalues) { for (i = 0; lm->mod_bvalues[i]; i++) { PyMem_DEL(lm->mod_bvalues[i]); } PyMem_DEL(lm->mod_bvalues); } PyMem_DEL(lm); } /* * convert a tuple of the form (int,str,[str,...]) * or (str, [str,...]) if no_op is true, into an LDAPMod structure. * See ldap_modify(3) for details. * * NOTE: the resulting LDAPMod structure has pointers directly into * the Python string storage, so LDAPMod structures MUST have a * shorter lifetime than the tuple passed in. */ /* XXX - there is no way to pass complex-structured BER objects in here! */ static LDAPMod * Tuple_to_LDAPMod(PyObject *tup, int no_op) { int op; char *type; PyObject *list, *item; LDAPMod *lm = NULL; Py_ssize_t i, len, nstrs; if (!PyTuple_Check(tup)) { LDAPerror_TypeError("Tuple_to_LDAPMod(): expected a tuple", tup); return NULL; } if (no_op) { if (!PyArg_ParseTuple(tup, "sO:Tuple_to_LDAPMod", &type, &list)) return NULL; op = 0; } else { if (!PyArg_ParseTuple(tup, "isO:Tuple_to_LDAPMod", &op, &type, &list)) return NULL; } lm = PyMem_NEW(LDAPMod, 1); if (lm == NULL) goto nomem; lm->mod_op = op | LDAP_MOD_BVALUES; lm->mod_bvalues = NULL; len = strlen(type); lm->mod_type = PyMem_NEW(char, len + 1); if (lm->mod_type == NULL) goto nomem; memcpy(lm->mod_type, type, len + 1); if (list == Py_None) { /* None indicates a NULL mod_bvals */ } else if (PyBytes_Check(list)) { /* Single string is a singleton list */ lm->mod_bvalues = PyMem_NEW(struct berval *, 2); if (lm->mod_bvalues == NULL) goto nomem; lm->mod_bvalues[0] = PyMem_NEW(struct berval, 1); if (lm->mod_bvalues[0] == NULL) goto nomem; lm->mod_bvalues[1] = NULL; lm->mod_bvalues[0]->bv_len = PyBytes_Size(list); lm->mod_bvalues[0]->bv_val = PyBytes_AsString(list); } else if (PySequence_Check(list)) { nstrs = PySequence_Length(list); lm->mod_bvalues = PyMem_NEW(struct berval *, nstrs + 1); if (lm->mod_bvalues == NULL) goto nomem; for (i = 0; i < nstrs; i++) { lm->mod_bvalues[i] = PyMem_NEW(struct berval, 1); if (lm->mod_bvalues[i] == NULL) goto nomem; lm->mod_bvalues[i + 1] = NULL; item = PySequence_GetItem(list, i); if (item == NULL) goto error; if (!PyBytes_Check(item)) { LDAPerror_TypeError ("Tuple_to_LDAPMod(): expected a byte string in the list", item); goto error; } lm->mod_bvalues[i]->bv_len = PyBytes_Size(item); lm->mod_bvalues[i]->bv_val = PyBytes_AsString(item); Py_DECREF(item); } if (nstrs == 0) lm->mod_bvalues[0] = NULL; } return lm; nomem: PyErr_NoMemory(); error: if (lm) LDAPMod_DEL(lm); return NULL; } /* free the structure allocated in List_to_LDAPMods() */ static void LDAPMods_DEL(LDAPMod **lms) { LDAPMod **lmp; for (lmp = lms; *lmp; lmp++) LDAPMod_DEL(*lmp); PyMem_DEL(lms); } /* * convert a list of tuples into a LDAPMod*[] array structure * NOTE: list of tuples must live longer than the LDAPMods */ static LDAPMod ** List_to_LDAPMods(PyObject *list, int no_op) { Py_ssize_t i, len; LDAPMod **lms; PyObject *item; if (!PySequence_Check(list)) { LDAPerror_TypeError("List_to_LDAPMods(): expected list of tuples", list); return NULL; } len = PySequence_Length(list); if (len < 0) { LDAPerror_TypeError("List_to_LDAPMods(): expected list of tuples", list); return NULL; } lms = PyMem_NEW(LDAPMod *, len + 1); if (lms == NULL) goto nomem; for (i = 0; i < len; i++) { lms[i] = NULL; item = PySequence_GetItem(list, i); if (item == NULL) goto error; lms[i] = Tuple_to_LDAPMod(item, no_op); Py_DECREF(item); if (lms[i] == NULL) goto error; } lms[len] = NULL; return lms; nomem: PyErr_NoMemory(); error: if (lms) LDAPMods_DEL(lms); return NULL; } /* * convert a python list of strings into an attr list (char*[]). * returns 1 if successful, 0 if not (with exception set) */ int attrs_from_List(PyObject *attrlist, char ***attrsp) { char **attrs = NULL; PyObject *seq = NULL; if (attrlist == Py_None) { /* None means a NULL attrlist */ #if PY_MAJOR_VERSION == 2 } else if (PyBytes_Check(attrlist)) { #else } else if (PyUnicode_Check(attrlist)) { #endif /* caught by John Benninghoff */ LDAPerror_TypeError ("attrs_from_List(): expected *list* of strings, not a string", attrlist); goto error; } else { PyObject *item = NULL; Py_ssize_t i, len, strlen; #if PY_MAJOR_VERSION >= 3 const char *str; #else char *str; #endif seq = PySequence_Fast(attrlist, "expected list of strings or None"); if (seq == NULL) goto error; len = PySequence_Length(attrlist); attrs = PyMem_NEW(char *, len + 1); if (attrs == NULL) goto nomem; for (i = 0; i < len; i++) { attrs[i] = NULL; item = PySequence_Fast_GET_ITEM(seq, i); if (item == NULL) goto error; #if PY_MAJOR_VERSION == 2 /* Encoded in Python to UTF-8 */ if (!PyBytes_Check(item)) { LDAPerror_TypeError ("attrs_from_List(): expected bytes in list", item); goto error; } if (PyBytes_AsStringAndSize(item, &str, &strlen) == -1) { goto error; } #else if (!PyUnicode_Check(item)) { LDAPerror_TypeError ("attrs_from_List(): expected string in list", item); goto error; } str = PyUnicode_AsUTF8AndSize(item, &strlen); #endif /* Make a copy. PyBytes_AsString* / PyUnicode_AsUTF8* return * internal values that must be treated like const char. Python * 3.7 actually returns a const char. */ attrs[i] = (char *)PyMem_NEW(char, strlen + 1); if (attrs[i] == NULL) goto nomem; memcpy(attrs[i], str, strlen + 1); } attrs[len] = NULL; Py_DECREF(seq); } *attrsp = attrs; return 1; nomem: PyErr_NoMemory(); error: Py_XDECREF(seq); free_attrs(&attrs); return 0; } /* free memory allocated from above routine */ static void free_attrs(char ***attrsp) { char **attrs = *attrsp; char **p; if (attrs == NULL) return; *attrsp = NULL; for (p = attrs; *p != NULL; p++) { PyMem_DEL(*p); } PyMem_DEL(attrs); } /*------------------------------------------------------------ * methods */ /* ldap_unbind_ext */ static PyObject * l_ldap_unbind_ext(LDAPObject *self, PyObject *args) { PyObject *serverctrls = Py_None; PyObject *clientctrls = Py_None; LDAPControl **server_ldcs = NULL; LDAPControl **client_ldcs = NULL; int ldaperror; if (!PyArg_ParseTuple(args, "|OO:unbind_ext", &serverctrls, &clientctrls)) return NULL; if (not_valid(self)) return NULL; if (!PyNone_Check(serverctrls)) { if (!LDAPControls_from_object(serverctrls, &server_ldcs)) return NULL; } if (!PyNone_Check(clientctrls)) { if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { LDAPControl_List_DEL(server_ldcs); return NULL; } } LDAP_BEGIN_ALLOW_THREADS(self); ldaperror = ldap_unbind_ext(self->ldap, server_ldcs, client_ldcs); LDAP_END_ALLOW_THREADS(self); LDAPControl_List_DEL(server_ldcs); LDAPControl_List_DEL(client_ldcs); if (ldaperror != LDAP_SUCCESS) return LDAPerror(self->ldap); self->valid = 0; Py_INCREF(Py_None); return Py_None; } /* ldap_abandon_ext */ static PyObject * l_ldap_abandon_ext(LDAPObject *self, PyObject *args) { int msgid; PyObject *serverctrls = Py_None; PyObject *clientctrls = Py_None; LDAPControl **server_ldcs = NULL; LDAPControl **client_ldcs = NULL; int ldaperror; if (!PyArg_ParseTuple (args, "i|OO:abandon_ext", &msgid, &serverctrls, &clientctrls)) return NULL; if (not_valid(self)) return NULL; if (!PyNone_Check(serverctrls)) { if (!LDAPControls_from_object(serverctrls, &server_ldcs)) return NULL; } if (!PyNone_Check(clientctrls)) { if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { LDAPControl_List_DEL(server_ldcs); return NULL; } } LDAP_BEGIN_ALLOW_THREADS(self); ldaperror = ldap_abandon_ext(self->ldap, msgid, server_ldcs, client_ldcs); LDAP_END_ALLOW_THREADS(self); LDAPControl_List_DEL(server_ldcs); LDAPControl_List_DEL(client_ldcs); if (ldaperror != LDAP_SUCCESS) return LDAPerror(self->ldap); Py_INCREF(Py_None); return Py_None; } /* ldap_add_ext */ static PyObject * l_ldap_add_ext(LDAPObject *self, PyObject *args) { char *dn; PyObject *modlist; PyObject *serverctrls = Py_None; PyObject *clientctrls = Py_None; LDAPControl **server_ldcs = NULL; LDAPControl **client_ldcs = NULL; int msgid; int ldaperror; LDAPMod **mods; if (!PyArg_ParseTuple (args, "sO|OO:add_ext", &dn, &modlist, &serverctrls, &clientctrls)) return NULL; if (not_valid(self)) return NULL; mods = List_to_LDAPMods(modlist, 1); if (mods == NULL) return NULL; if (!PyNone_Check(serverctrls)) { if (!LDAPControls_from_object(serverctrls, &server_ldcs)) { LDAPMods_DEL(mods); return NULL; } } if (!PyNone_Check(clientctrls)) { if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { LDAPMods_DEL(mods); LDAPControl_List_DEL(server_ldcs); return NULL; } } LDAP_BEGIN_ALLOW_THREADS(self); ldaperror = ldap_add_ext(self->ldap, dn, mods, server_ldcs, client_ldcs, &msgid); LDAP_END_ALLOW_THREADS(self); LDAPMods_DEL(mods); LDAPControl_List_DEL(server_ldcs); LDAPControl_List_DEL(client_ldcs); if (ldaperror != LDAP_SUCCESS) return LDAPerror(self->ldap); return PyInt_FromLong(msgid); } /* ldap_simple_bind */ static PyObject * l_ldap_simple_bind(LDAPObject *self, PyObject *args) { char *who; int msgid; int ldaperror; Py_ssize_t cred_len; PyObject *serverctrls = Py_None; PyObject *clientctrls = Py_None; LDAPControl **server_ldcs = NULL; LDAPControl **client_ldcs = NULL; struct berval cred; if (!PyArg_ParseTuple (args, "zz#|OO:simple_bind", &who, &cred.bv_val, &cred_len, &serverctrls, &clientctrls)) return NULL; cred.bv_len = (ber_len_t) cred_len; if (not_valid(self)) return NULL; if (!PyNone_Check(serverctrls)) { if (!LDAPControls_from_object(serverctrls, &server_ldcs)) return NULL; } if (!PyNone_Check(clientctrls)) { if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { LDAPControl_List_DEL(server_ldcs); return NULL; } } LDAP_BEGIN_ALLOW_THREADS(self); ldaperror = ldap_sasl_bind(self->ldap, who, LDAP_SASL_SIMPLE, &cred, server_ldcs, client_ldcs, &msgid); LDAP_END_ALLOW_THREADS(self); LDAPControl_List_DEL(server_ldcs); LDAPControl_List_DEL(client_ldcs); if (ldaperror != LDAP_SUCCESS) return LDAPerror(self->ldap); return PyInt_FromLong(msgid); } #ifdef HAVE_SASL /* The following functions implement SASL binds. A new method sasl_interactive_bind_s(bind_dn, sasl_mechanism) has been introduced. * The bind_dn argument will be passed to the c library; however, normally it is not needed and should be an empty string. * The sasl_mechanism argument is an instance of a class that implements a callback interface. For convenience, it should be derived from the sasl class (which lives in the ldap.sasl module). See the module documentation for more information. Check your /usr/lib/sasl/ directory for locally installed SASL auth modules ("mechanisms"), or try ldapsearch -b "" -s base -LLL -x supportedSASLMechanisms (perhaps with an additional -h and -p argument for ldap host and port). The latter will show you which SASL mechanisms are known to the LDAP server. If you do not want to set up Kerberos, you can still use SASL binds. Your authentication data should then be stored in /etc/sasldb (see saslpasswd(8)). If the LDAP server does not find the sasldb, it wont allow for DIGEST-MD5 and CRAM-MD5. One important thing to get started with sasldb: you should first add a dummy user (saslpasswd -c dummy), and this will give you some strange error messages. Then delete the dummy user (saslpasswd -d dummy), and now you can start adding users to your sasldb (again, use the -c switch). Strange, eh? * The sasl_mechanism object must implement a method, which will be called by the sasl lib several times. The prototype of the callback looks like this: callback(id, challenge, prompt, defresult) has to return a string (or maybe None). The id argument specifies, which information should be passed back to the SASL lib (see SASL_CB_xxx in sasl.h) */ static int interaction(unsigned flags, sasl_interact_t *interact, PyObject *SASLObject) { /* const char *dflt = interact->defresult; */ PyObject *result; char *c_result; result = PyObject_CallMethod(SASLObject, "callback", "isss", interact->id, /* see sasl.h */ interact->challenge, interact->prompt, interact->defresult); if (result == NULL) /*searching for a better error code */ return LDAP_OPERATIONS_ERROR; c_result = PyBytes_AsString(result); /*xxx Error checking?? */ /* according to the sasl docs, we should malloc() the returned string only for calls where interact->id == SASL_CB_PASS, so we probably leak a few bytes per ldap bind. However, if I restrict the strdup() to this case, I get segfaults. Should probably be fixed sometimes. */ interact->result = strdup(c_result); if (interact->result == NULL) return LDAP_OPERATIONS_ERROR; interact->len = strlen(c_result); /* We _should_ overwrite the python string buffer for security reasons, however we may not (api/stringObjects.html). Any ideas? */ Py_DECREF(result); /*not needed any longer */ result = NULL; return LDAP_SUCCESS; } /* This function will be called by ldap_sasl_interactive_bind(). The "*in" is an array of sasl_interact_t's (see sasl.h for a reference). The last interact in the array has an interact->id of SASL_CB_LIST_END. */ int py_ldap_sasl_interaction(LDAP *ld, unsigned flags, void *defaults, void *in) { /* These are just typecasts */ sasl_interact_t *interact = (sasl_interact_t *)in; PyObject *SASLObject = (PyObject *)defaults; /* Loop over the array of sasl_interact_t structs */ while (interact->id != SASL_CB_LIST_END) { int rc = 0; rc = interaction(flags, interact, SASLObject); if (rc) return rc; interact++; } return LDAP_SUCCESS; } static PyObject * l_ldap_sasl_bind_s(LDAPObject *self, PyObject *args) { const char *dn; const char *mechanism; struct berval cred; Py_ssize_t cred_len; PyObject *serverctrls = Py_None; PyObject *clientctrls = Py_None; LDAPControl **server_ldcs = NULL; LDAPControl **client_ldcs = NULL; struct berval *servercred; int ldaperror; if (!PyArg_ParseTuple (args, "zzz#OO:sasl_bind_s", &dn, &mechanism, &cred.bv_val, &cred_len, &serverctrls, &clientctrls)) return NULL; if (not_valid(self)) return NULL; cred.bv_len = cred_len; if (!PyNone_Check(serverctrls)) { if (!LDAPControls_from_object(serverctrls, &server_ldcs)) return NULL; } if (!PyNone_Check(clientctrls)) { if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { LDAPControl_List_DEL(server_ldcs); return NULL; } } LDAP_BEGIN_ALLOW_THREADS(self); ldaperror = ldap_sasl_bind_s(self->ldap, dn, mechanism, cred.bv_val ? &cred : NULL, (LDAPControl **)server_ldcs, (LDAPControl **)client_ldcs, &servercred); LDAP_END_ALLOW_THREADS(self); LDAPControl_List_DEL(server_ldcs); LDAPControl_List_DEL(client_ldcs); if (ldaperror == LDAP_SASL_BIND_IN_PROGRESS) { if (servercred && servercred->bv_val && *servercred->bv_val) return PyBytes_FromStringAndSize(servercred->bv_val, servercred->bv_len); } else if (ldaperror != LDAP_SUCCESS) return LDAPerror(self->ldap); return PyInt_FromLong(ldaperror); } static PyObject * l_ldap_sasl_interactive_bind_s(LDAPObject *self, PyObject *args) { char *c_mechanism; char *who; PyObject *serverctrls = Py_None; PyObject *clientctrls = Py_None; LDAPControl **server_ldcs = NULL; LDAPControl **client_ldcs = NULL; PyObject *SASLObject = NULL; PyObject *mechanism = NULL; int msgid; static unsigned sasl_flags = LDAP_SASL_QUIET; /* * In Python 2.3+, a "I" format argument indicates that we're either converting * the Python object into a long or an unsigned int. In versions prior to that, * it will always convert to a long. Since the sasl_flags variable is an * unsigned int, we need to use the "I" flag if we're running Python 2.3+ and a * "i" otherwise. */ #if (PY_MAJOR_VERSION == 2) && (PY_MINOR_VERSION < 3) if (!PyArg_ParseTuple (args, "sOOOi:sasl_interactive_bind_s", &who, &SASLObject, &serverctrls, &clientctrls, &sasl_flags)) #else if (!PyArg_ParseTuple (args, "sOOOI:sasl_interactive_bind_s", &who, &SASLObject, &serverctrls, &clientctrls, &sasl_flags)) #endif return NULL; if (not_valid(self)) return NULL; if (!PyNone_Check(serverctrls)) { if (!LDAPControls_from_object(serverctrls, &server_ldcs)) return NULL; } if (!PyNone_Check(clientctrls)) { if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { LDAPControl_List_DEL(server_ldcs); return NULL; } } /* now we extract the sasl mechanism from the SASL Object */ mechanism = PyObject_GetAttrString(SASLObject, "mech"); if (mechanism == NULL) return NULL; c_mechanism = PyBytes_AsString(mechanism); Py_DECREF(mechanism); mechanism = NULL; /* Don't know if it is the "intended use" of the defaults parameter of ldap_sasl_interactive_bind_s when we pass the Python object SASLObject, but passing it through some static variable would destroy thread safety, IMHO. */ msgid = ldap_sasl_interactive_bind_s(self->ldap, who, c_mechanism, (LDAPControl **)server_ldcs, (LDAPControl **)client_ldcs, sasl_flags, py_ldap_sasl_interaction, SASLObject); LDAPControl_List_DEL(server_ldcs); LDAPControl_List_DEL(client_ldcs); if (msgid != LDAP_SUCCESS) return LDAPerror(self->ldap); return PyInt_FromLong(msgid); } #endif #ifdef LDAP_API_FEATURE_CANCEL /* ldap_cancel */ static PyObject * l_ldap_cancel(LDAPObject *self, PyObject *args) { int msgid; int cancelid; PyObject *serverctrls = Py_None; PyObject *clientctrls = Py_None; LDAPControl **server_ldcs = NULL; LDAPControl **client_ldcs = NULL; int ldaperror; if (!PyArg_ParseTuple (args, "i|OO:cancel", &cancelid, &serverctrls, &clientctrls)) return NULL; if (not_valid(self)) return NULL; if (!PyNone_Check(serverctrls)) { if (!LDAPControls_from_object(serverctrls, &server_ldcs)) return NULL; } if (!PyNone_Check(clientctrls)) { if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { LDAPControl_List_DEL(server_ldcs); return NULL; } } LDAP_BEGIN_ALLOW_THREADS(self); ldaperror = ldap_cancel(self->ldap, cancelid, server_ldcs, client_ldcs, &msgid); LDAP_END_ALLOW_THREADS(self); LDAPControl_List_DEL(server_ldcs); LDAPControl_List_DEL(client_ldcs); if (ldaperror != LDAP_SUCCESS) return LDAPerror(self->ldap); return PyInt_FromLong(msgid); } #endif /* ldap_compare_ext */ static PyObject * l_ldap_compare_ext(LDAPObject *self, PyObject *args) { char *dn, *attr; PyObject *serverctrls = Py_None; PyObject *clientctrls = Py_None; LDAPControl **server_ldcs = NULL; LDAPControl **client_ldcs = NULL; int msgid; int ldaperror; Py_ssize_t value_len; struct berval value; if (!PyArg_ParseTuple (args, "sss#|OO:compare_ext", &dn, &attr, &value.bv_val, &value_len, &serverctrls, &clientctrls)) return NULL; value.bv_len = (ber_len_t) value_len; if (not_valid(self)) return NULL; if (!PyNone_Check(serverctrls)) { if (!LDAPControls_from_object(serverctrls, &server_ldcs)) return NULL; } if (!PyNone_Check(clientctrls)) { if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { LDAPControl_List_DEL(server_ldcs); return NULL; } } LDAP_BEGIN_ALLOW_THREADS(self); ldaperror = ldap_compare_ext(self->ldap, dn, attr, &value, server_ldcs, client_ldcs, &msgid); LDAP_END_ALLOW_THREADS(self); LDAPControl_List_DEL(server_ldcs); LDAPControl_List_DEL(client_ldcs); if (ldaperror != LDAP_SUCCESS) return LDAPerror(self->ldap); return PyInt_FromLong(msgid); } /* ldap_delete_ext */ static PyObject * l_ldap_delete_ext(LDAPObject *self, PyObject *args) { char *dn; PyObject *serverctrls = Py_None; PyObject *clientctrls = Py_None; LDAPControl **server_ldcs = NULL; LDAPControl **client_ldcs = NULL; int msgid; int ldaperror; if (!PyArg_ParseTuple (args, "s|OO:delete_ext", &dn, &serverctrls, &clientctrls)) return NULL; if (not_valid(self)) return NULL; if (!PyNone_Check(serverctrls)) { if (!LDAPControls_from_object(serverctrls, &server_ldcs)) return NULL; } if (!PyNone_Check(clientctrls)) { if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { LDAPControl_List_DEL(server_ldcs); return NULL; } } LDAP_BEGIN_ALLOW_THREADS(self); ldaperror = ldap_delete_ext(self->ldap, dn, server_ldcs, client_ldcs, &msgid); LDAP_END_ALLOW_THREADS(self); LDAPControl_List_DEL(server_ldcs); LDAPControl_List_DEL(client_ldcs); if (ldaperror != LDAP_SUCCESS) return LDAPerror(self->ldap); return PyInt_FromLong(msgid); } /* ldap_modify_ext */ static PyObject * l_ldap_modify_ext(LDAPObject *self, PyObject *args) { char *dn; PyObject *modlist; PyObject *serverctrls = Py_None; PyObject *clientctrls = Py_None; LDAPControl **server_ldcs = NULL; LDAPControl **client_ldcs = NULL; int msgid; int ldaperror; LDAPMod **mods; if (!PyArg_ParseTuple (args, "sO|OO:modify_ext", &dn, &modlist, &serverctrls, &clientctrls)) return NULL; if (not_valid(self)) return NULL; mods = List_to_LDAPMods(modlist, 0); if (mods == NULL) return NULL; if (!PyNone_Check(serverctrls)) { if (!LDAPControls_from_object(serverctrls, &server_ldcs)) { LDAPMods_DEL(mods); return NULL; } } if (!PyNone_Check(clientctrls)) { if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { LDAPMods_DEL(mods); LDAPControl_List_DEL(server_ldcs); return NULL; } } LDAP_BEGIN_ALLOW_THREADS(self); ldaperror = ldap_modify_ext(self->ldap, dn, mods, server_ldcs, client_ldcs, &msgid); LDAP_END_ALLOW_THREADS(self); LDAPMods_DEL(mods); LDAPControl_List_DEL(server_ldcs); LDAPControl_List_DEL(client_ldcs); if (ldaperror != LDAP_SUCCESS) return LDAPerror(self->ldap); return PyInt_FromLong(msgid); } /* ldap_rename */ static PyObject * l_ldap_rename(LDAPObject *self, PyObject *args) { char *dn, *newrdn; char *newSuperior = NULL; int delold = 1; PyObject *serverctrls = Py_None; PyObject *clientctrls = Py_None; LDAPControl **server_ldcs = NULL; LDAPControl **client_ldcs = NULL; int msgid; int ldaperror; if (!PyArg_ParseTuple (args, "ss|ziOO:rename", &dn, &newrdn, &newSuperior, &delold, &serverctrls, &clientctrls)) return NULL; if (not_valid(self)) return NULL; if (!PyNone_Check(serverctrls)) { if (!LDAPControls_from_object(serverctrls, &server_ldcs)) return NULL; } if (!PyNone_Check(clientctrls)) { if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { LDAPControl_List_DEL(server_ldcs); return NULL; } } LDAP_BEGIN_ALLOW_THREADS(self); ldaperror = ldap_rename(self->ldap, dn, newrdn, newSuperior, delold, server_ldcs, client_ldcs, &msgid); LDAP_END_ALLOW_THREADS(self); LDAPControl_List_DEL(server_ldcs); LDAPControl_List_DEL(client_ldcs); if (ldaperror != LDAP_SUCCESS) return LDAPerror(self->ldap); return PyInt_FromLong(msgid); } /* ldap_result4 */ static PyObject * l_ldap_result4(LDAPObject *self, PyObject *args) { int msgid = LDAP_RES_ANY; int all = 1; double timeout = -1.0; int add_ctrls = 0; int add_intermediates = 0; int add_extop = 0; struct timeval tv; struct timeval *tvp; int res_type; LDAPMessage *msg = NULL; PyObject *retval, *pmsg, *pyctrls = 0; int res_msgid = 0; char *retoid = 0; PyObject *valuestr = NULL; int result = LDAP_SUCCESS; LDAPControl **serverctrls = 0; if (!PyArg_ParseTuple (args, "|iidiii:result4", &msgid, &all, &timeout, &add_ctrls, &add_intermediates, &add_extop)) return NULL; if (not_valid(self)) return NULL; if (timeout >= 0) { tvp = &tv; set_timeval_from_double(tvp, timeout); } else { tvp = NULL; } LDAP_BEGIN_ALLOW_THREADS(self); res_type = ldap_result(self->ldap, msgid, all, tvp, &msg); LDAP_END_ALLOW_THREADS(self); if (res_type < 0) /* LDAP or system error */ return LDAPerror(self->ldap); if (res_type == 0) { /* Polls return (None, None, None, None); timeouts raise an exception */ if (timeout == 0) { if (add_extop) { return Py_BuildValue("(OOOOOO)", Py_None, Py_None, Py_None, Py_None, Py_None, Py_None); } else { return Py_BuildValue("(OOOO)", Py_None, Py_None, Py_None, Py_None); } } else return LDAPerr(LDAP_TIMEOUT); } if (msg) res_msgid = ldap_msgid(msg); if (res_type == LDAP_RES_SEARCH_ENTRY) { /* LDAPmessage_to_python will parse entries and read the controls for each entry */ } else if (res_type == LDAP_RES_SEARCH_REFERENCE) { /* LDAPmessage_to_python will parse refs and read the controls for each res */ } else if (res_type == LDAP_RES_INTERMEDIATE) { /* LDAPmessage_to_python will parse intermediates and controls */ } else { int rc; if (res_type == LDAP_RES_EXTENDED) { struct berval *retdata = 0; LDAP_BEGIN_ALLOW_THREADS(self); rc = ldap_parse_extended_result(self->ldap, msg, &retoid, &retdata, 0); LDAP_END_ALLOW_THREADS(self); /* handle error rc!=0 here? */ if (rc == LDAP_SUCCESS) { valuestr = LDAPberval_to_object(retdata); } ber_bvfree(retdata); } LDAP_BEGIN_ALLOW_THREADS(self); rc = ldap_parse_result(self->ldap, msg, &result, NULL, NULL, NULL, &serverctrls, 0); LDAP_END_ALLOW_THREADS(self); } if (result != LDAP_SUCCESS) { /* result error */ ldap_controls_free(serverctrls); Py_XDECREF(valuestr); return LDAPraise_for_message(self->ldap, msg); } if (!(pyctrls = LDAPControls_to_List(serverctrls))) { int err = LDAP_NO_MEMORY; LDAP_BEGIN_ALLOW_THREADS(self); ldap_set_option(self->ldap, LDAP_OPT_ERROR_NUMBER, &err); LDAP_END_ALLOW_THREADS(self); ldap_controls_free(serverctrls); ldap_msgfree(msg); Py_XDECREF(valuestr); return LDAPerror(self->ldap); } ldap_controls_free(serverctrls); pmsg = LDAPmessage_to_python(self->ldap, msg, add_ctrls, add_intermediates); if (pmsg == NULL) { retval = NULL; } else { /* s handles NULL, but O does not */ if (add_extop) { retval = Py_BuildValue("(iOiOsO)", res_type, pmsg, res_msgid, pyctrls, retoid, valuestr ? valuestr : Py_None); } else { retval = Py_BuildValue("(iOiO)", res_type, pmsg, res_msgid, pyctrls); } if (pmsg != Py_None) { Py_DECREF(pmsg); } } Py_XDECREF(valuestr); Py_XDECREF(pyctrls); return retval; } /* ldap_search_ext */ static PyObject * l_ldap_search_ext(LDAPObject *self, PyObject *args) { char *base; int scope; char *filter; PyObject *attrlist = Py_None; char **attrs; int attrsonly = 0; PyObject *serverctrls = Py_None; PyObject *clientctrls = Py_None; LDAPControl **server_ldcs = NULL; LDAPControl **client_ldcs = NULL; double timeout = -1.0; struct timeval tv; struct timeval *tvp; int sizelimit = 0; int msgid; int ldaperror; if (!PyArg_ParseTuple(args, "sis|OiOOdi:search_ext", &base, &scope, &filter, &attrlist, &attrsonly, &serverctrls, &clientctrls, &timeout, &sizelimit)) return NULL; if (not_valid(self)) return NULL; if (!attrs_from_List(attrlist, &attrs)) return NULL; if (timeout >= 0) { tvp = &tv; set_timeval_from_double(tvp, timeout); } else { tvp = NULL; } if (!PyNone_Check(serverctrls)) { if (!LDAPControls_from_object(serverctrls, &server_ldcs)) { free_attrs(&attrs); return NULL; } } if (!PyNone_Check(clientctrls)) { if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { free_attrs(&attrs); LDAPControl_List_DEL(server_ldcs); return NULL; } } LDAP_BEGIN_ALLOW_THREADS(self); ldaperror = ldap_search_ext(self->ldap, base, scope, filter, attrs, attrsonly, server_ldcs, client_ldcs, tvp, sizelimit, &msgid); LDAP_END_ALLOW_THREADS(self); free_attrs(&attrs); LDAPControl_List_DEL(server_ldcs); LDAPControl_List_DEL(client_ldcs); if (ldaperror != LDAP_SUCCESS) return LDAPerror(self->ldap); return PyInt_FromLong(msgid); } /* ldap_whoami_s (available since OpenLDAP 2.1.13) */ static PyObject * l_ldap_whoami_s(LDAPObject *self, PyObject *args) { PyObject *serverctrls = Py_None; PyObject *clientctrls = Py_None; LDAPControl **server_ldcs = NULL; LDAPControl **client_ldcs = NULL; struct berval *bvalue = NULL; PyObject *result; int ldaperror; if (!PyArg_ParseTuple(args, "|OO:whoami_s", &serverctrls, &clientctrls)) return NULL; if (not_valid(self)) return NULL; if (!PyNone_Check(serverctrls)) { if (!LDAPControls_from_object(serverctrls, &server_ldcs)) return NULL; } if (!PyNone_Check(clientctrls)) { if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { LDAPControl_List_DEL(server_ldcs); return NULL; } } LDAP_BEGIN_ALLOW_THREADS(self); ldaperror = ldap_whoami_s(self->ldap, &bvalue, server_ldcs, client_ldcs); LDAP_END_ALLOW_THREADS(self); LDAPControl_List_DEL(server_ldcs); LDAPControl_List_DEL(client_ldcs); if (ldaperror != LDAP_SUCCESS) { ber_bvfree(bvalue); return LDAPerror(self->ldap); } result = LDAPberval_to_unicode_object(bvalue); ber_bvfree(bvalue); return result; } #ifdef HAVE_TLS /* ldap_start_tls_s */ static PyObject * l_ldap_start_tls_s(LDAPObject *self, PyObject *args) { int ldaperror; if (!PyArg_ParseTuple(args, ":start_tls_s")) return NULL; if (not_valid(self)) return NULL; LDAP_BEGIN_ALLOW_THREADS(self); ldaperror = ldap_start_tls_s(self->ldap, NULL, NULL); LDAP_END_ALLOW_THREADS(self); if (ldaperror != LDAP_SUCCESS) { ldap_set_option(self->ldap, LDAP_OPT_ERROR_NUMBER, &ldaperror); return LDAPerror(self->ldap); } Py_INCREF(Py_None); return Py_None; } #endif /* ldap_set_option */ static PyObject * l_ldap_set_option(LDAPObject *self, PyObject *args) { PyObject *value; int option; if (!PyArg_ParseTuple(args, "iO:set_option", &option, &value)) return NULL; if (not_valid(self)) return NULL; if (!LDAP_set_option(self, option, value)) return NULL; Py_INCREF(Py_None); return Py_None; } /* ldap_get_option */ static PyObject * l_ldap_get_option(LDAPObject *self, PyObject *args) { int option; if (!PyArg_ParseTuple(args, "i:get_option", &option)) return NULL; if (not_valid(self)) return NULL; return LDAP_get_option(self, option); } /* ldap_passwd */ static PyObject * l_ldap_passwd(LDAPObject *self, PyObject *args) { struct berval user; Py_ssize_t user_len; struct berval oldpw; Py_ssize_t oldpw_len; struct berval newpw; Py_ssize_t newpw_len; PyObject *serverctrls = Py_None; PyObject *clientctrls = Py_None; LDAPControl **server_ldcs = NULL; LDAPControl **client_ldcs = NULL; int msgid; int ldaperror; if (!PyArg_ParseTuple (args, "z#z#z#|OO:passwd", &user.bv_val, &user_len, &oldpw.bv_val, &oldpw_len, &newpw.bv_val, &newpw_len, &serverctrls, &clientctrls)) return NULL; user.bv_len = (ber_len_t) user_len; oldpw.bv_len = (ber_len_t) oldpw_len; newpw.bv_len = (ber_len_t) newpw_len; if (not_valid(self)) return NULL; if (!PyNone_Check(serverctrls)) { if (!LDAPControls_from_object(serverctrls, &server_ldcs)) return NULL; } if (!PyNone_Check(clientctrls)) { if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { LDAPControl_List_DEL(server_ldcs); return NULL; } } LDAP_BEGIN_ALLOW_THREADS(self); ldaperror = ldap_passwd(self->ldap, user.bv_val != NULL ? &user : NULL, oldpw.bv_val != NULL ? &oldpw : NULL, newpw.bv_val != NULL ? &newpw : NULL, server_ldcs, client_ldcs, &msgid); LDAP_END_ALLOW_THREADS(self); LDAPControl_List_DEL(server_ldcs); LDAPControl_List_DEL(client_ldcs); if (ldaperror != LDAP_SUCCESS) return LDAPerror(self->ldap); return PyInt_FromLong(msgid); } /* ldap_extended_operation */ static PyObject * l_ldap_extended_operation(LDAPObject *self, PyObject *args) { char *reqoid = NULL; struct berval reqvalue = { 0, NULL }; PyObject *serverctrls = Py_None; PyObject *clientctrls = Py_None; LDAPControl **server_ldcs = NULL; LDAPControl **client_ldcs = NULL; int msgid; int ldaperror; if (!PyArg_ParseTuple (args, "sz#|OO:extended_operation", &reqoid, &reqvalue.bv_val, &reqvalue.bv_len, &serverctrls, &clientctrls)) return NULL; if (not_valid(self)) return NULL; if (!PyNone_Check(serverctrls)) { if (!LDAPControls_from_object(serverctrls, &server_ldcs)) return NULL; } if (!PyNone_Check(clientctrls)) { if (!LDAPControls_from_object(clientctrls, &client_ldcs)) { LDAPControl_List_DEL(server_ldcs); return NULL; } } LDAP_BEGIN_ALLOW_THREADS(self); ldaperror = ldap_extended_operation(self->ldap, reqoid, reqvalue.bv_val != NULL ? &reqvalue : NULL, server_ldcs, client_ldcs, &msgid); LDAP_END_ALLOW_THREADS(self); LDAPControl_List_DEL(server_ldcs); LDAPControl_List_DEL(client_ldcs); if (ldaperror != LDAP_SUCCESS) return LDAPerror(self->ldap); return PyInt_FromLong(msgid); } /* methods */ static PyMethodDef methods[] = { {"unbind_ext", (PyCFunction)l_ldap_unbind_ext, METH_VARARGS}, {"abandon_ext", (PyCFunction)l_ldap_abandon_ext, METH_VARARGS}, {"add_ext", (PyCFunction)l_ldap_add_ext, METH_VARARGS}, {"simple_bind", (PyCFunction)l_ldap_simple_bind, METH_VARARGS}, #ifdef HAVE_SASL {"sasl_interactive_bind_s", (PyCFunction)l_ldap_sasl_interactive_bind_s, METH_VARARGS}, {"sasl_bind_s", (PyCFunction)l_ldap_sasl_bind_s, METH_VARARGS}, #endif {"compare_ext", (PyCFunction)l_ldap_compare_ext, METH_VARARGS}, {"delete_ext", (PyCFunction)l_ldap_delete_ext, METH_VARARGS}, {"modify_ext", (PyCFunction)l_ldap_modify_ext, METH_VARARGS}, {"rename", (PyCFunction)l_ldap_rename, METH_VARARGS}, {"result4", (PyCFunction)l_ldap_result4, METH_VARARGS}, {"search_ext", (PyCFunction)l_ldap_search_ext, METH_VARARGS}, #ifdef HAVE_TLS {"start_tls_s", (PyCFunction)l_ldap_start_tls_s, METH_VARARGS}, #endif {"whoami_s", (PyCFunction)l_ldap_whoami_s, METH_VARARGS}, {"passwd", (PyCFunction)l_ldap_passwd, METH_VARARGS}, {"set_option", (PyCFunction)l_ldap_set_option, METH_VARARGS}, {"get_option", (PyCFunction)l_ldap_get_option, METH_VARARGS}, #ifdef LDAP_API_FEATURE_CANCEL {"cancel", (PyCFunction)l_ldap_cancel, METH_VARARGS}, #endif {"extop", (PyCFunction)l_ldap_extended_operation, METH_VARARGS}, {NULL, NULL} }; /* type entry */ PyTypeObject LDAP_Type = { PyVarObject_HEAD_INIT(NULL, 0) "LDAP", /*tp_name */ sizeof(LDAPObject), /*tp_basicsize */ 0, /*tp_itemsize */ /* methods */ (destructor) dealloc, /*tp_dealloc */ 0, /*tp_print */ 0, /*tp_getattr */ 0, /*tp_setattr */ 0, /*tp_compare */ 0, /*tp_repr */ 0, /*tp_as_number */ 0, /*tp_as_sequence */ 0, /*tp_as_mapping */ 0, /*tp_hash */ 0, /*tp_call */ 0, /*tp_str */ 0, /*tp_getattro */ 0, /*tp_setattro */ 0, /*tp_as_buffer */ 0, /*tp_flags */ 0, /*tp_doc */ 0, /*tp_traverse */ 0, /*tp_clear */ 0, /*tp_richcompare */ 0, /*tp_weaklistoffset */ 0, /*tp_iter */ 0, /*tp_iternext */ methods, /*tp_methods */ 0, /*tp_members */ 0, /*tp_getset */ }; ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253011.0 python-ldap-3.4.4/Modules/LDAPObject.h0000644000175000017500000000246114525746523017701 0ustar00spichugispichugi/* See https://www.python-ldap.org/ for details. */ #ifndef __h_LDAPObject #define __h_LDAPObject #include "common.h" typedef struct { PyObject_HEAD LDAP *ldap; PyThreadState *_save; /* for thread saving on referrals */ int valid; } LDAPObject; extern PyTypeObject LDAP_Type; #define LDAPObject_Check(v) (Py_TYPE(v) == &LDAP_Type) extern LDAPObject *newLDAPObject(LDAP *); /* macros to allow thread saving in the context of an LDAP connection */ #define LDAP_BEGIN_ALLOW_THREADS( l ) \ { \ LDAPObject *lo = (l); \ if (lo->_save != NULL) \ Py_FatalError( "saving thread twice?" ); \ lo->_save = PyEval_SaveThread(); \ } #define LDAP_END_ALLOW_THREADS( l ) \ { \ LDAPObject *lo = (l); \ PyThreadState *_save = lo->_save; \ lo->_save = NULL; \ PyEval_RestoreThread( _save ); \ } #endif /* __h_LDAPObject */ ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253011.0 python-ldap-3.4.4/Modules/berval.c0000644000175000017500000000222114525746523017272 0ustar00spichugispichugi/* See https://www.python-ldap.org/ for details. */ #include "common.h" #include "berval.h" /* * Copies out the data from a berval, and returns it as a new Python object, * Returns None if the berval pointer is NULL. * * Note that this function is not the exact inverse of LDAPberval_from_object * with regards to the NULL/None conversion. * * Returns a new Python object on success, or NULL on failure. */ PyObject * LDAPberval_to_object(const struct berval *bv) { PyObject *ret = NULL; if (!bv || !bv->bv_val) { ret = Py_None; Py_INCREF(ret); } else { ret = PyBytes_FromStringAndSize(bv->bv_val, bv->bv_len); } return ret; } /* * Same as LDAPberval_to_object, but returns a Unicode PyObject. * Use when the value is known to be text (for instance a distinguishedName). * * Returns a new Python object on success, or NULL on failure. */ PyObject * LDAPberval_to_unicode_object(const struct berval *bv) { PyObject *ret = NULL; if (!bv) { ret = Py_None; Py_INCREF(ret); } else { ret = PyUnicode_FromStringAndSize(bv->bv_val, bv->bv_len); } return ret; } ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253011.0 python-ldap-3.4.4/Modules/berval.h0000644000175000017500000000040514525746523017301 0ustar00spichugispichugi/* See https://www.python-ldap.org/ for details. */ #ifndef __h_berval #define __h_berval #include "common.h" PyObject *LDAPberval_to_object(const struct berval *bv); PyObject *LDAPberval_to_unicode_object(const struct berval *bv); #endif /* __h_berval_ */ ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253011.0 python-ldap-3.4.4/Modules/common.c0000644000175000017500000000134714525746523017317 0ustar00spichugispichugi/* Miscellaneous common routines * See https://www.python-ldap.org/ for details. */ #include "common.h" /* dynamically add the methods into the module dictionary d */ void LDAPadd_methods(PyObject *d, PyMethodDef *methods) { PyMethodDef *meth; for (meth = methods; meth->ml_meth; meth++) { PyObject *f = PyCFunction_New(meth, NULL); PyDict_SetItemString(d, meth->ml_name, f); Py_DECREF(f); } } /* Raise TypeError with custom message and object */ PyObject * LDAPerror_TypeError(const char *msg, PyObject *obj) { PyObject *args = Py_BuildValue("sO", msg, obj); if (args == NULL) { return NULL; } PyErr_SetObject(PyExc_TypeError, args); Py_DECREF(args); return NULL; } ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253011.0 python-ldap-3.4.4/Modules/common.h0000644000175000017500000000316414525746523017323 0ustar00spichugispichugi/* common utility macros * See https://www.python-ldap.org/ for details. */ #ifndef __h_common #define __h_common #define PY_SSIZE_T_CLEAN #include "Python.h" #if defined(HAVE_CONFIG_H) #include "config.h" #endif #include #include #include #if LDAP_VENDOR_VERSION < 20400 #error Current python-ldap requires OpenLDAP 2.4.x #endif #if LDAP_VENDOR_VERSION >= 20448 /* openldap.h with ldap_init_fd() was introduced in 2.4.48 * see https://bugs.openldap.org/show_bug.cgi?id=8671 */ #define HAVE_LDAP_INIT_FD 1 #include #elif (defined(__APPLE__) && (LDAP_VENDOR_VERSION == 20428)) /* macOS system libldap 2.4.28 does not have ldap_init_fd symbol */ #undef HAVE_LDAP_INIT_FD #else /* ldap_init_fd() has been around for a very long time * SSSD has been defining the function for a while, so it's probably OK. */ #define HAVE_LDAP_INIT_FD 1 #define LDAP_PROTO_TCP 1 #define LDAP_PROTO_UDP 2 #define LDAP_PROTO_IPC 3 extern int ldap_init_fd(ber_socket_t fd, int proto, LDAP_CONST char *url, LDAP **ldp); #endif #if defined(MS_WINDOWS) #include #else /* unix */ #include #include #include #endif #include #define streq( a, b ) \ ( (*(a)==*(b)) && 0==strcmp(a,b) ) extern PyObject *LDAPerror_TypeError(const char *, PyObject *); void LDAPadd_methods(PyObject *d, PyMethodDef *methods); #define PyNone_Check(o) ((o) == Py_None) /* Py2/3 compatibility */ #if PY_VERSION_HEX >= 0x03000000 /* In Python 3, alias PyInt to PyLong */ #define PyInt_FromLong PyLong_FromLong #endif #endif /* __h_common_ */ ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253011.0 python-ldap-3.4.4/Modules/constants.c0000644000175000017500000001657514525746523020054 0ustar00spichugispichugi/* constants defined for LDAP * See https://www.python-ldap.org/ for details. */ #include "common.h" #include "constants.h" #include "ldapcontrol.h" /* the base exception class */ PyObject *LDAPexception_class; /* list of exception classes */ #define LDAP_ERROR_MIN LDAP_REFERRAL_LIMIT_EXCEEDED #ifdef LDAP_PROXIED_AUTHORIZATION_DENIED #define LDAP_ERROR_MAX LDAP_PROXIED_AUTHORIZATION_DENIED #else #ifdef LDAP_ASSERTION_FAILED #define LDAP_ERROR_MAX LDAP_ASSERTION_FAILED #else #define LDAP_ERROR_MAX LDAP_OTHER #endif #endif #define LDAP_ERROR_OFFSET -LDAP_ERROR_MIN static PyObject *errobjects[LDAP_ERROR_MAX - LDAP_ERROR_MIN + 1]; /* Convert a bare LDAP error number into an exception */ PyObject * LDAPerr(int errnum) { if (errnum >= LDAP_ERROR_MIN && errnum <= LDAP_ERROR_MAX && errobjects[errnum + LDAP_ERROR_OFFSET] != NULL) { PyErr_SetNone(errobjects[errnum + LDAP_ERROR_OFFSET]); } else { PyObject *args = Py_BuildValue("{s:i}", "errnum", errnum); if (args == NULL) return NULL; PyErr_SetObject(LDAPexception_class, args); Py_DECREF(args); } return NULL; } /* Convert an LDAP error into an informative python exception */ PyObject * LDAPraise_for_message(LDAP *l, LDAPMessage *m) { if (l == NULL) { PyErr_SetFromErrno(LDAPexception_class); ldap_msgfree(m); return NULL; } else { int myerrno, errnum, opt_errnum, msgid = -1, msgtype = 0; PyObject *errobj; PyObject *info; PyObject *str; PyObject *pyerrno; PyObject *pyresult; PyObject *pyctrls = NULL; char *matched = NULL, *error = NULL, **refs = NULL; LDAPControl **serverctrls = NULL; /* at first save errno for later use before it gets overwritten by another call */ myerrno = errno; if (m != NULL) { msgid = ldap_msgid(m); msgtype = ldap_msgtype(m); ldap_parse_result(l, m, &errnum, &matched, &error, &refs, &serverctrls, 1); } if (msgtype <= 0) { opt_errnum = ldap_get_option(l, LDAP_OPT_ERROR_NUMBER, &errnum); if (opt_errnum != LDAP_OPT_SUCCESS) errnum = opt_errnum; if (errnum == LDAP_NO_MEMORY) { return PyErr_NoMemory(); } ldap_get_option(l, LDAP_OPT_MATCHED_DN, &matched); ldap_get_option(l, LDAP_OPT_ERROR_STRING, &error); } if (errnum >= LDAP_ERROR_MIN && errnum <= LDAP_ERROR_MAX && errobjects[errnum + LDAP_ERROR_OFFSET] != NULL) { errobj = errobjects[errnum + LDAP_ERROR_OFFSET]; } else { errobj = LDAPexception_class; } info = PyDict_New(); if (info == NULL) { ldap_memfree(matched); ldap_memfree(error); ldap_memvfree((void **)refs); ldap_controls_free(serverctrls); return NULL; } if (msgtype > 0) { pyresult = PyInt_FromLong(msgtype); if (pyresult) PyDict_SetItemString(info, "msgtype", pyresult); Py_XDECREF(pyresult); } if (msgid >= 0) { pyresult = PyInt_FromLong(msgid); if (pyresult) PyDict_SetItemString(info, "msgid", pyresult); Py_XDECREF(pyresult); } pyresult = PyInt_FromLong(errnum); if (pyresult) PyDict_SetItemString(info, "result", pyresult); Py_XDECREF(pyresult); str = PyUnicode_FromString(ldap_err2string(errnum)); if (str) PyDict_SetItemString(info, "desc", str); Py_XDECREF(str); if (myerrno != 0) { pyerrno = PyInt_FromLong(myerrno); if (pyerrno) PyDict_SetItemString(info, "errno", pyerrno); Py_XDECREF(pyerrno); } if (!(pyctrls = LDAPControls_to_List(serverctrls))) { int err = LDAP_NO_MEMORY; ldap_set_option(l, LDAP_OPT_ERROR_NUMBER, &err); ldap_memfree(matched); ldap_memfree(error); ldap_memvfree((void **)refs); ldap_controls_free(serverctrls); return PyErr_NoMemory(); } ldap_controls_free(serverctrls); PyDict_SetItemString(info, "ctrls", pyctrls); Py_XDECREF(pyctrls); if (matched != NULL) { if (*matched != '\0') { str = PyUnicode_FromString(matched); if (str) PyDict_SetItemString(info, "matched", str); Py_XDECREF(str); } ldap_memfree(matched); } if (errnum == LDAP_REFERRAL && refs != NULL && refs[0] != NULL) { /* Keep old behaviour, overshadow error message */ char err[1024]; snprintf(err, sizeof(err), "Referral:\n%s", refs[0]); str = PyUnicode_FromString(err); PyDict_SetItemString(info, "info", str); Py_XDECREF(str); } else if (error != NULL && *error != '\0') { str = PyUnicode_FromString(error); if (str) PyDict_SetItemString(info, "info", str); Py_XDECREF(str); } PyErr_SetObject(errobj, info); Py_DECREF(info); ldap_memvfree((void **)refs); ldap_memfree(error); return NULL; } } PyObject * LDAPerror(LDAP *l) { return LDAPraise_for_message(l, NULL); } /* initialise the module constants */ int LDAPinit_constants(PyObject *m) { PyObject *exc, *nobj; struct ldap_apifeature_info info = { 1, "X_OPENLDAP_THREAD_SAFE", 0 }; int thread_safe = 0; /* simple constants */ if (PyModule_AddIntConstant(m, "OPT_ON", 1) != 0) return -1; if (PyModule_AddIntConstant(m, "OPT_OFF", 0) != 0) return -1; /* exceptions */ LDAPexception_class = PyErr_NewException("ldap.LDAPError", NULL, NULL); if (LDAPexception_class == NULL) { return -1; } if (PyModule_AddObject(m, "LDAPError", LDAPexception_class) != 0) return -1; Py_INCREF(LDAPexception_class); /* XXX - backward compatibility with pre-1.8 */ if (PyModule_AddObject(m, "error", LDAPexception_class) != 0) return -1; Py_INCREF(LDAPexception_class); #ifdef LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE if (ldap_get_option(NULL, LDAP_OPT_API_FEATURE_INFO, &info) == LDAP_SUCCESS) { thread_safe = (info.ldapaif_version == 1); } #endif if (PyModule_AddIntConstant(m, "LIBLDAP_R", thread_safe) != 0) return -1; /* Generated constants -- see Lib/ldap/constants.py */ #define add_err(n) do { \ exc = PyErr_NewException("ldap." #n, LDAPexception_class, NULL); \ if (exc == NULL) return -1; \ nobj = PyLong_FromLong(LDAP_##n); \ if (nobj == NULL) return -1; \ if (PyObject_SetAttrString(exc, "errnum", nobj) != 0) return -1; \ Py_DECREF(nobj); \ errobjects[LDAP_##n+LDAP_ERROR_OFFSET] = exc; \ if (PyModule_AddObject(m, #n, exc) != 0) return -1; \ Py_INCREF(exc); \ } while (0) #define add_int(n) do { \ if (PyModule_AddIntConstant(m, #n, LDAP_##n) != 0) return -1; \ } while (0) #define add_string(n) do { \ if (PyModule_AddStringConstant(m, #n, LDAP_##n) != 0) return -1; \ } while (0) #include "constants_generated.h" return 0; } ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253011.0 python-ldap-3.4.4/Modules/constants.h0000644000175000017500000000127014525746523020043 0ustar00spichugispichugi/* See https://www.python-ldap.org/ for details. */ #ifndef __h_constants_ #define __h_constants_ #include "common.h" extern int LDAPinit_constants(PyObject *m); extern PyObject *LDAPconstant(int); extern PyObject *LDAPexception_class; extern PyObject *LDAPerror(LDAP *); extern PyObject *LDAPraise_for_message(LDAP *, LDAPMessage *m); PyObject *LDAPerr(int errnum); #ifndef LDAP_CONTROL_PAGE_OID #define LDAP_CONTROL_PAGE_OID "1.2.840.113556.1.4.319" #endif /* !LDAP_CONTROL_PAGE_OID */ #ifndef LDAP_CONTROL_VALUESRETURNFILTER #define LDAP_CONTROL_VALUESRETURNFILTER "1.2.826.0.1.3344810.2.3" /* RFC 3876 */ #endif /* !LDAP_CONTROL_VALUESRETURNFILTER */ #endif /* __h_constants_ */ ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Modules/constants_generated.h0000644000175000017500000002072114521037673022056 0ustar00spichugispichugi/* * Generated with: * python Lib/ldap/constants.py > Modules/constants_generated.h * * Please do any modifications there, then re-generate this file */ add_err(ADMINLIMIT_EXCEEDED); add_err(AFFECTS_MULTIPLE_DSAS); add_err(ALIAS_DEREF_PROBLEM); add_err(ALIAS_PROBLEM); add_err(ALREADY_EXISTS); add_err(AUTH_METHOD_NOT_SUPPORTED); add_err(AUTH_UNKNOWN); add_err(BUSY); add_err(CLIENT_LOOP); add_err(COMPARE_FALSE); add_err(COMPARE_TRUE); add_err(CONFIDENTIALITY_REQUIRED); add_err(CONNECT_ERROR); add_err(CONSTRAINT_VIOLATION); add_err(CONTROL_NOT_FOUND); add_err(DECODING_ERROR); add_err(ENCODING_ERROR); add_err(FILTER_ERROR); add_err(INAPPROPRIATE_AUTH); add_err(INAPPROPRIATE_MATCHING); add_err(INSUFFICIENT_ACCESS); add_err(INVALID_CREDENTIALS); add_err(INVALID_DN_SYNTAX); add_err(INVALID_SYNTAX); add_err(IS_LEAF); add_err(LOCAL_ERROR); add_err(LOOP_DETECT); add_err(MORE_RESULTS_TO_RETURN); add_err(NAMING_VIOLATION); add_err(NO_MEMORY); add_err(NO_OBJECT_CLASS_MODS); add_err(NO_OBJECT_CLASS_MODS); add_err(NO_RESULTS_RETURNED); add_err(NO_SUCH_ATTRIBUTE); add_err(NO_SUCH_OBJECT); add_err(NOT_ALLOWED_ON_NONLEAF); add_err(NOT_ALLOWED_ON_RDN); add_err(NOT_SUPPORTED); add_err(OBJECT_CLASS_VIOLATION); add_err(OPERATIONS_ERROR); add_err(OTHER); add_err(PARAM_ERROR); add_err(PARTIAL_RESULTS); add_err(PROTOCOL_ERROR); add_err(REFERRAL); add_err(REFERRAL_LIMIT_EXCEEDED); add_err(RESULTS_TOO_LARGE); add_err(SASL_BIND_IN_PROGRESS); add_err(SERVER_DOWN); add_err(SIZELIMIT_EXCEEDED); add_err(STRONG_AUTH_NOT_SUPPORTED); add_err(STRONG_AUTH_REQUIRED); add_err(SUCCESS); add_err(TIMELIMIT_EXCEEDED); add_err(TIMEOUT); add_err(TYPE_OR_VALUE_EXISTS); add_err(UNAVAILABLE); add_err(UNAVAILABLE_CRITICAL_EXTENSION); add_err(UNDEFINED_TYPE); add_err(UNWILLING_TO_PERFORM); add_err(USER_CANCELLED); add_err(VLV_ERROR); add_err(X_PROXY_AUTHZ_FAILURE); #if defined(LDAP_API_FEATURE_CANCEL) add_err(CANCELLED); add_err(NO_SUCH_OPERATION); add_err(TOO_LATE); add_err(CANNOT_CANCEL); #endif #if defined(LDAP_ASSERTION_FAILED) add_err(ASSERTION_FAILED); #endif #if defined(LDAP_PROXIED_AUTHORIZATION_DENIED) add_err(PROXIED_AUTHORIZATION_DENIED); #endif add_int(API_VERSION); add_int(VENDOR_VERSION); add_int(PORT); add_int(VERSION1); add_int(VERSION2); add_int(VERSION3); add_int(VERSION_MIN); add_int(VERSION); add_int(VERSION_MAX); add_int(TAG_MESSAGE); add_int(TAG_MSGID); add_int(REQ_BIND); add_int(REQ_UNBIND); add_int(REQ_SEARCH); add_int(REQ_MODIFY); add_int(REQ_ADD); add_int(REQ_DELETE); add_int(REQ_MODRDN); add_int(REQ_COMPARE); add_int(REQ_ABANDON); add_int(TAG_LDAPDN); add_int(TAG_LDAPCRED); add_int(TAG_CONTROLS); add_int(TAG_REFERRAL); add_int(REQ_EXTENDED); #if LDAP_API_VERSION >= 2004 add_int(TAG_NEWSUPERIOR); add_int(TAG_EXOP_REQ_OID); add_int(TAG_EXOP_REQ_VALUE); add_int(TAG_EXOP_RES_OID); add_int(TAG_EXOP_RES_VALUE); #if defined(HAVE_SASL) add_int(TAG_SASL_RES_CREDS); #endif #endif add_int(SASL_AUTOMATIC); add_int(SASL_INTERACTIVE); add_int(SASL_QUIET); add_int(RES_BIND); add_int(RES_SEARCH_ENTRY); add_int(RES_SEARCH_RESULT); add_int(RES_MODIFY); add_int(RES_ADD); add_int(RES_DELETE); add_int(RES_MODRDN); add_int(RES_COMPARE); add_int(RES_ANY); add_int(RES_SEARCH_REFERENCE); add_int(RES_EXTENDED); add_int(RES_UNSOLICITED); add_int(RES_INTERMEDIATE); add_int(AUTH_NONE); add_int(AUTH_SIMPLE); add_int(SCOPE_BASE); add_int(SCOPE_ONELEVEL); add_int(SCOPE_SUBTREE); #if defined(LDAP_SCOPE_SUBORDINATE) add_int(SCOPE_SUBORDINATE); #endif add_int(MOD_ADD); add_int(MOD_DELETE); add_int(MOD_REPLACE); add_int(MOD_INCREMENT); add_int(MOD_BVALUES); add_int(MSG_ONE); add_int(MSG_ALL); add_int(MSG_RECEIVED); add_int(DEREF_NEVER); add_int(DEREF_SEARCHING); add_int(DEREF_FINDING); add_int(DEREF_ALWAYS); add_int(NO_LIMIT); add_int(OPT_API_INFO); add_int(OPT_DEREF); add_int(OPT_SIZELIMIT); add_int(OPT_TIMELIMIT); #if defined(LDAP_OPT_REFERRALS) add_int(OPT_REFERRALS); #endif add_int(OPT_RESULT_CODE); add_int(OPT_ERROR_NUMBER); add_int(OPT_RESTART); add_int(OPT_PROTOCOL_VERSION); add_int(OPT_SERVER_CONTROLS); add_int(OPT_CLIENT_CONTROLS); add_int(OPT_API_FEATURE_INFO); add_int(OPT_HOST_NAME); add_int(OPT_DESC); add_int(OPT_DIAGNOSTIC_MESSAGE); add_int(OPT_ERROR_STRING); add_int(OPT_MATCHED_DN); add_int(OPT_DEBUG_LEVEL); add_int(OPT_TIMEOUT); add_int(OPT_REFHOPLIMIT); add_int(OPT_NETWORK_TIMEOUT); #if defined(LDAP_OPT_TCP_USER_TIMEOUT) add_int(OPT_TCP_USER_TIMEOUT); #endif add_int(OPT_URI); #if defined(LDAP_OPT_DEFBASE) add_int(OPT_DEFBASE); #endif #if HAVE_TLS #if defined(LDAP_OPT_X_TLS) add_int(OPT_X_TLS); #endif add_int(OPT_X_TLS_CTX); add_int(OPT_X_TLS_CACERTFILE); add_int(OPT_X_TLS_CACERTDIR); add_int(OPT_X_TLS_CERTFILE); add_int(OPT_X_TLS_KEYFILE); add_int(OPT_X_TLS_REQUIRE_CERT); add_int(OPT_X_TLS_CIPHER_SUITE); add_int(OPT_X_TLS_RANDOM_FILE); add_int(OPT_X_TLS_DHFILE); add_int(OPT_X_TLS_NEVER); add_int(OPT_X_TLS_HARD); add_int(OPT_X_TLS_DEMAND); add_int(OPT_X_TLS_ALLOW); add_int(OPT_X_TLS_TRY); #if defined(LDAP_OPT_X_TLS_VERSION) add_int(OPT_X_TLS_VERSION); #endif #if defined(LDAP_OPT_X_TLS_CIPHER) add_int(OPT_X_TLS_CIPHER); #endif #if defined(LDAP_OPT_X_TLS_PEERCERT) add_int(OPT_X_TLS_PEERCERT); #endif #if defined(LDAP_OPT_X_TLS_CRLCHECK) add_int(OPT_X_TLS_CRLCHECK); #endif #if defined(LDAP_OPT_X_TLS_CRLFILE) add_int(OPT_X_TLS_CRLFILE); #endif add_int(OPT_X_TLS_CRL_NONE); add_int(OPT_X_TLS_CRL_PEER); add_int(OPT_X_TLS_CRL_ALL); #if defined(LDAP_OPT_X_TLS_NEWCTX) add_int(OPT_X_TLS_NEWCTX); #endif #if defined(LDAP_OPT_X_TLS_PROTOCOL_MIN) add_int(OPT_X_TLS_PROTOCOL_MIN); #endif #if defined(LDAP_OPT_X_TLS_PACKAGE) add_int(OPT_X_TLS_PACKAGE); #endif #if defined(LDAP_OPT_X_TLS_ECNAME) add_int(OPT_X_TLS_ECNAME); #endif #if defined(LDAP_OPT_X_TLS_REQUIRE_SAN) add_int(OPT_X_TLS_REQUIRE_SAN); #endif #if defined(LDAP_OPT_X_TLS_PEERCERT) add_int(OPT_X_TLS_PEERCERT); #endif #if defined(LDAP_OPT_X_TLS_PROTOCOL_MAX) add_int(OPT_X_TLS_PROTOCOL_MAX); #endif #if defined(LDAP_OPT_X_TLS_PROTOCOL_SSL3) add_int(OPT_X_TLS_PROTOCOL_SSL3); #endif #if defined(LDAP_OPT_X_TLS_PROTOCOL_TLS1_0) add_int(OPT_X_TLS_PROTOCOL_TLS1_0); #endif #if defined(LDAP_OPT_X_TLS_PROTOCOL_TLS1_1) add_int(OPT_X_TLS_PROTOCOL_TLS1_1); #endif #if defined(LDAP_OPT_X_TLS_PROTOCOL_TLS1_2) add_int(OPT_X_TLS_PROTOCOL_TLS1_2); #endif #if defined(LDAP_OPT_X_TLS_PROTOCOL_TLS1_3) add_int(OPT_X_TLS_PROTOCOL_TLS1_3); #endif #endif add_int(OPT_X_SASL_MECH); add_int(OPT_X_SASL_REALM); add_int(OPT_X_SASL_AUTHCID); add_int(OPT_X_SASL_AUTHZID); add_int(OPT_X_SASL_SSF); add_int(OPT_X_SASL_SSF_EXTERNAL); add_int(OPT_X_SASL_SECPROPS); add_int(OPT_X_SASL_SSF_MIN); add_int(OPT_X_SASL_SSF_MAX); #if defined(LDAP_OPT_X_SASL_NOCANON) add_int(OPT_X_SASL_NOCANON); #endif #if defined(LDAP_OPT_X_SASL_USERNAME) add_int(OPT_X_SASL_USERNAME); #endif #if defined(LDAP_OPT_CONNECT_ASYNC) add_int(OPT_CONNECT_ASYNC); #endif #if defined(LDAP_OPT_X_KEEPALIVE_IDLE) add_int(OPT_X_KEEPALIVE_IDLE); #endif #if defined(LDAP_OPT_X_KEEPALIVE_PROBES) add_int(OPT_X_KEEPALIVE_PROBES); #endif #if defined(LDAP_OPT_X_KEEPALIVE_INTERVAL) add_int(OPT_X_KEEPALIVE_INTERVAL); #endif add_int(DN_FORMAT_LDAP); add_int(DN_FORMAT_LDAPV3); add_int(DN_FORMAT_LDAPV2); add_int(DN_FORMAT_DCE); add_int(DN_FORMAT_UFN); add_int(DN_FORMAT_AD_CANONICAL); add_int(DN_FORMAT_MASK); add_int(DN_PRETTY); add_int(DN_SKIP); add_int(DN_P_NOLEADTRAILSPACES); add_int(DN_P_NOSPACEAFTERRDN); add_int(DN_PEDANTIC); add_int(AVA_NULL); add_int(AVA_STRING); add_int(AVA_BINARY); add_int(AVA_NONPRINTABLE); add_int(OPT_SUCCESS); add_int(URL_ERR_BADSCOPE); add_int(URL_ERR_MEM); #ifdef HAVE_SASL if (PyModule_AddIntConstant(m, "SASL_AVAIL", 1) != 0) return -1; #else if (PyModule_AddIntConstant(m, "SASL_AVAIL", 0) != 0) return -1; #endif #ifdef HAVE_TLS if (PyModule_AddIntConstant(m, "TLS_AVAIL", 1) != 0) return -1; #else if (PyModule_AddIntConstant(m, "TLS_AVAIL", 0) != 0) return -1; #endif #ifdef HAVE_LDAP_INIT_FD if (PyModule_AddIntConstant(m, "INIT_FD_AVAIL", 1) != 0) return -1; #else if (PyModule_AddIntConstant(m, "INIT_FD_AVAIL", 0) != 0) return -1; #endif add_string(CONTROL_MANAGEDSAIT); add_string(CONTROL_PROXY_AUTHZ); add_string(CONTROL_SUBENTRIES); add_string(CONTROL_VALUESRETURNFILTER); add_string(CONTROL_ASSERT); add_string(CONTROL_PRE_READ); add_string(CONTROL_POST_READ); add_string(CONTROL_SORTREQUEST); add_string(CONTROL_SORTRESPONSE); add_string(CONTROL_PAGEDRESULTS); add_string(CONTROL_SYNC); add_string(CONTROL_SYNC_STATE); add_string(CONTROL_SYNC_DONE); add_string(SYNC_INFO); add_string(CONTROL_PASSWORDPOLICYREQUEST); add_string(CONTROL_PASSWORDPOLICYRESPONSE); add_string(CONTROL_RELAX); ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253011.0 python-ldap-3.4.4/Modules/functions.c0000644000175000017500000001157014525746523020036 0ustar00spichugispichugi/* See https://www.python-ldap.org/ for details. */ #include "common.h" #include "functions.h" #include "LDAPObject.h" #include "berval.h" #include "constants.h" #include "options.h" /* ldap_initialize */ static PyObject * l_ldap_initialize(PyObject *unused, PyObject *args) { char *uri; LDAP *ld = NULL; int ret; PyThreadState *save; if (!PyArg_ParseTuple(args, "s:initialize", &uri)) return NULL; save = PyEval_SaveThread(); ret = ldap_initialize(&ld, uri); PyEval_RestoreThread(save); if (ret != LDAP_SUCCESS) return LDAPerror(ld); return (PyObject *)newLDAPObject(ld); } #ifdef HAVE_LDAP_INIT_FD /* initialize_fd(fileno, url) */ static PyObject * l_ldap_initialize_fd(PyObject *unused, PyObject *args) { char *url; LDAP *ld = NULL; int ret; int fd; int proto = -1; LDAPURLDesc *lud = NULL; PyThreadState *save; if (!PyArg_ParseTuple(args, "is:initialize_fd", &fd, &url)) return NULL; /* Get LDAP protocol from scheme */ ret = ldap_url_parse(url, &lud); if (ret != LDAP_SUCCESS) return LDAPerr(ret); if (strcmp(lud->lud_scheme, "ldap") == 0) { proto = LDAP_PROTO_TCP; } else if (strcmp(lud->lud_scheme, "ldaps") == 0) { proto = LDAP_PROTO_TCP; } else if (strcmp(lud->lud_scheme, "ldapi") == 0) { proto = LDAP_PROTO_IPC; } #ifdef LDAP_CONNECTIONLESS else if (strcmp(lud->lud_scheme, "cldap") == 0) { proto = LDAP_PROTO_UDP; } #endif else { ldap_free_urldesc(lud); PyErr_SetString(PyExc_ValueError, "unsupported URL scheme"); return NULL; } ldap_free_urldesc(lud); save = PyEval_SaveThread(); ret = ldap_init_fd((ber_socket_t) fd, proto, url, &ld); PyEval_RestoreThread(save); if (ret != LDAP_SUCCESS) return LDAPerror(ld); return (PyObject *)newLDAPObject(ld); } #endif /* ldap_str2dn */ static PyObject * l_ldap_str2dn(PyObject *unused, PyObject *args) { struct berval str; LDAPDN dn; int flags = 0; PyObject *result = NULL, *tmp; int res, i, j; Py_ssize_t str_len; /* * From a DN string such as "a=b,c=d;e=f", build * a list-equivalent of AVA structures; namely: * ((('a','b',1),('c','d',1)),(('e','f',1),)) * The integers are a bit combination of the AVA_* flags */ if (!PyArg_ParseTuple(args, "z#|i:str2dn", &str.bv_val, &str_len, &flags)) return NULL; str.bv_len = (ber_len_t) str_len; res = ldap_bv2dn(&str, &dn, flags); if (res != LDAP_SUCCESS) return LDAPerr(res); tmp = PyList_New(0); if (!tmp) goto failed; for (i = 0; dn[i]; i++) { LDAPRDN rdn; PyObject *rdnlist; rdn = dn[i]; rdnlist = PyList_New(0); if (!rdnlist) goto failed; if (PyList_Append(tmp, rdnlist) == -1) { Py_DECREF(rdnlist); goto failed; } for (j = 0; rdn[j]; j++) { LDAPAVA *ava = rdn[j]; PyObject *tuple; tuple = Py_BuildValue("(O&O&i)", LDAPberval_to_unicode_object, &ava->la_attr, LDAPberval_to_unicode_object, &ava->la_value, ava->la_flags & ~(LDAP_AVA_FREE_ATTR | LDAP_AVA_FREE_VALUE)); if (!tuple) { Py_DECREF(rdnlist); goto failed; } if (PyList_Append(rdnlist, tuple) == -1) { Py_DECREF(tuple); goto failed; } Py_DECREF(tuple); } Py_DECREF(rdnlist); } result = tmp; tmp = NULL; failed: Py_XDECREF(tmp); ldap_dnfree(dn); return result; } /* ldap_set_option (global options) */ static PyObject * l_ldap_set_option(PyObject *self, PyObject *args) { PyObject *value; int option; if (!PyArg_ParseTuple(args, "iO:set_option", &option, &value)) return NULL; if (!LDAP_set_option(NULL, option, value)) return NULL; Py_INCREF(Py_None); return Py_None; } /* ldap_get_option (global options) */ static PyObject * l_ldap_get_option(PyObject *self, PyObject *args) { int option; if (!PyArg_ParseTuple(args, "i:get_option", &option)) return NULL; return LDAP_get_option(NULL, option); } /* methods */ static PyMethodDef methods[] = { {"initialize", (PyCFunction)l_ldap_initialize, METH_VARARGS}, #ifdef HAVE_LDAP_INIT_FD {"initialize_fd", (PyCFunction)l_ldap_initialize_fd, METH_VARARGS}, #endif {"str2dn", (PyCFunction)l_ldap_str2dn, METH_VARARGS}, {"set_option", (PyCFunction)l_ldap_set_option, METH_VARARGS}, {"get_option", (PyCFunction)l_ldap_get_option, METH_VARARGS}, {NULL, NULL} }; /* initialisation */ void LDAPinit_functions(PyObject *d) { LDAPadd_methods(d, methods); } ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253011.0 python-ldap-3.4.4/Modules/functions.h0000644000175000017500000000030114525746523020031 0ustar00spichugispichugi/* See https://www.python-ldap.org/ for details. */ #ifndef __h_functions_ #define __h_functions_ #include "common.h" extern void LDAPinit_functions(PyObject *); #endif /* __h_functions_ */ ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253011.0 python-ldap-3.4.4/Modules/ldapcontrol.c0000644000175000017500000002216414525746523020350 0ustar00spichugispichugi/* See https://www.python-ldap.org/ for details. */ #include "common.h" #include "LDAPObject.h" #include "ldapcontrol.h" #include "berval.h" #include "constants.h" /* Prints to stdout the contents of an array of LDAPControl objects */ /* XXX: This is a debugging tool, and the printf generates some warnings * about pointer types. I left it here in case something breaks and we * need to inspect an LDAPControl structure. static void LDAPControl_DumpList( LDAPControl** lcs ) { LDAPControl** lcp; LDAPControl* lc; for ( lcp = lcs; *lcp; lcp++ ) { lc = *lcp; printf("OID: %s\nCriticality: %d\nBER length: %d\nBER value: %x\n", lc->ldctl_oid, lc->ldctl_iscritical, lc->ldctl_value.bv_len, lc->ldctl_value.bv_val); } } */ /* Free a single LDAPControl object created by Tuple_to_LDAPControl */ static void LDAPControl_DEL(LDAPControl *lc) { if (lc == NULL) return; if (lc->ldctl_oid) PyMem_DEL(lc->ldctl_oid); PyMem_DEL(lc); } /* Free an array of LDAPControl objects created by LDAPControls_from_object */ void LDAPControl_List_DEL(LDAPControl **lcs) { LDAPControl **lcp; if (lcs == NULL) return; for (lcp = lcs; *lcp; lcp++) LDAPControl_DEL(*lcp); PyMem_DEL(lcs); } /* Takes a tuple of the form: * (OID: string, Criticality: int/boolean, Value: string/None) * and converts it into an LDAPControl structure. * * The Value string should represent an ASN.1 encoded structure. */ static LDAPControl * Tuple_to_LDAPControl(PyObject *tup) { char *oid; char iscritical; struct berval berbytes; PyObject *bytes; LDAPControl *lc = NULL; Py_ssize_t len; if (!PyTuple_Check(tup)) { LDAPerror_TypeError("Tuple_to_LDAPControl(): expected a tuple", tup); return NULL; } if (!PyArg_ParseTuple (tup, "sbO:Tuple_to_LDAPControl", &oid, &iscritical, &bytes)) return NULL; lc = PyMem_NEW(LDAPControl, 1); if (lc == NULL) { PyErr_NoMemory(); return NULL; } lc->ldctl_iscritical = iscritical; len = strlen(oid); lc->ldctl_oid = PyMem_NEW(char, len + 1); if (lc->ldctl_oid == NULL) { PyErr_NoMemory(); LDAPControl_DEL(lc); return NULL; } memcpy(lc->ldctl_oid, oid, len + 1); /* The berval can either be None or a String */ if (PyNone_Check(bytes)) { berbytes.bv_len = 0; berbytes.bv_val = NULL; } else if (PyBytes_Check(bytes)) { berbytes.bv_len = PyBytes_Size(bytes); berbytes.bv_val = PyBytes_AsString(bytes); } else { LDAPerror_TypeError("Tuple_to_LDAPControl(): expected bytes", bytes); LDAPControl_DEL(lc); return NULL; } lc->ldctl_value = berbytes; return lc; } /* Convert a list of tuples (of a format acceptable to the Tuple_to_LDAPControl * function) into an array of LDAPControl objects. */ int LDAPControls_from_object(PyObject *list, LDAPControl ***controls_ret) { Py_ssize_t len, i; LDAPControl **ldcs; LDAPControl *ldc; PyObject *item; if (!PySequence_Check(list)) { LDAPerror_TypeError("LDAPControls_from_object(): expected a list", list); return 0; } len = PySequence_Length(list); ldcs = PyMem_NEW(LDAPControl *, len + 1); if (ldcs == NULL) { PyErr_NoMemory(); return 0; } for (i = 0; i < len; i++) { item = PySequence_GetItem(list, i); if (item == NULL) { PyMem_DEL(ldcs); return 0; } ldc = Tuple_to_LDAPControl(item); if (ldc == NULL) { Py_DECREF(item); PyMem_DEL(ldcs); return 0; } ldcs[i] = ldc; Py_DECREF(item); } ldcs[len] = NULL; *controls_ret = ldcs; return 1; } PyObject * LDAPControls_to_List(LDAPControl **ldcs) { PyObject *res = 0, *pyctrl; LDAPControl **tmp = ldcs; Py_ssize_t num_ctrls = 0, i; if (tmp) while (*tmp++) num_ctrls++; if ((res = PyList_New(num_ctrls)) == NULL) { return NULL; } for (i = 0; i < num_ctrls; i++) { pyctrl = Py_BuildValue("sbO&", ldcs[i]->ldctl_oid, ldcs[i]->ldctl_iscritical, LDAPberval_to_object, &ldcs[i]->ldctl_value); if (pyctrl == NULL) { Py_DECREF(res); return NULL; } PyList_SET_ITEM(res, i, pyctrl); } return res; } /* --------------- en-/decoders ------------- */ /* Matched Values, aka, Values Return Filter */ static PyObject * encode_rfc3876(PyObject *self, PyObject *args) { PyObject *res = 0; int err; BerElement *vrber = 0; char *vrFilter; struct berval *ctrl_val; if (!PyArg_ParseTuple (args, "s:encode_valuesreturnfilter_control", &vrFilter)) { goto endlbl; } if (!(vrber = ber_alloc_t(LBER_USE_DER))) { LDAPerr(LDAP_NO_MEMORY); goto endlbl; } err = ldap_put_vrFilter(vrber, vrFilter); if (err == -1) { LDAPerr(LDAP_FILTER_ERROR); goto endlbl; } err = ber_flatten(vrber, &ctrl_val); if (err == -1) { LDAPerr(LDAP_NO_MEMORY); goto endlbl; } res = LDAPberval_to_object(ctrl_val); ber_bvfree(ctrl_val); endlbl: if (vrber) ber_free(vrber, 1); return res; } static PyObject * encode_rfc2696(PyObject *self, PyObject *args) { PyObject *res = 0; BerElement *ber = 0; struct berval cookie, *ctrl_val; Py_ssize_t cookie_len; int size = 0; /* ber_int_t is int */ ber_tag_t tag; if (!PyArg_ParseTuple(args, "is#:encode_page_control", &size, &cookie.bv_val, &cookie_len)) { goto endlbl; } cookie.bv_len = (ber_len_t) cookie_len; if (!(ber = ber_alloc_t(LBER_USE_DER))) { LDAPerr(LDAP_NO_MEMORY); goto endlbl; } tag = ber_printf(ber, "{i", size); if (tag == LBER_ERROR) { LDAPerr(LDAP_ENCODING_ERROR); goto endlbl; } if (!cookie.bv_len) tag = ber_printf(ber, "o", "", 0); else tag = ber_printf(ber, "O", &cookie); if (tag == LBER_ERROR) { LDAPerr(LDAP_ENCODING_ERROR); goto endlbl; } tag = ber_printf(ber, /*{ */ "N}"); if (tag == LBER_ERROR) { LDAPerr(LDAP_ENCODING_ERROR); goto endlbl; } if (-1 == ber_flatten(ber, &ctrl_val)) { LDAPerr(LDAP_NO_MEMORY); goto endlbl; } res = LDAPberval_to_object(ctrl_val); ber_bvfree(ctrl_val); endlbl: if (ber) ber_free(ber, 1); return res; } static PyObject * decode_rfc2696(PyObject *self, PyObject *args) { PyObject *res = 0; BerElement *ber = 0; struct berval ldctl_value; ber_tag_t tag; struct berval *cookiep; int count = 0; /* ber_int_t is int */ Py_ssize_t ldctl_value_len; if (!PyArg_ParseTuple(args, "s#:decode_page_control", &ldctl_value.bv_val, &ldctl_value_len)) { goto endlbl; } ldctl_value.bv_len = (ber_len_t) ldctl_value_len; if (!(ber = ber_init(&ldctl_value))) { LDAPerr(LDAP_NO_MEMORY); goto endlbl; } tag = ber_scanf(ber, "{iO", &count, &cookiep); if (tag == LBER_ERROR) { LDAPerr(LDAP_DECODING_ERROR); goto endlbl; } res = Py_BuildValue("(iO&)", count, LDAPberval_to_object, cookiep); ber_bvfree(cookiep); endlbl: if (ber) ber_free(ber, 1); return res; } static PyObject * encode_assertion_control(PyObject *self, PyObject *args) { int err; PyObject *res = 0; char *assertion_filterstr; struct berval ctrl_val; LDAP *ld = NULL; PyThreadState *save; if (!PyArg_ParseTuple(args, "s:encode_assertion_control", &assertion_filterstr)) { goto endlbl; } /* XXX: ldap_create() is a nasty and slow hack. It's creating a full blown * LDAP object just to encode assertion controls. */ save = PyEval_SaveThread(); err = ldap_create(&ld); PyEval_RestoreThread(save); if (err != LDAP_SUCCESS) return LDAPerror(ld); err = ldap_create_assertion_control_value(ld, assertion_filterstr, &ctrl_val); if (err != LDAP_SUCCESS) { LDAPerror(ld); save = PyEval_SaveThread(); ldap_unbind_ext(ld, NULL, NULL); PyEval_RestoreThread(save); return NULL; } save = PyEval_SaveThread(); ldap_unbind_ext(ld, NULL, NULL); PyEval_RestoreThread(save); res = LDAPberval_to_object(&ctrl_val); if (ctrl_val.bv_val != NULL) { ber_memfree(ctrl_val.bv_val); } endlbl: return res; } static PyMethodDef methods[] = { {"encode_page_control", encode_rfc2696, METH_VARARGS}, {"decode_page_control", decode_rfc2696, METH_VARARGS}, {"encode_valuesreturnfilter_control", encode_rfc3876, METH_VARARGS}, {"encode_assertion_control", encode_assertion_control, METH_VARARGS}, {NULL, NULL} }; void LDAPinit_control(PyObject *d) { LDAPadd_methods(d, methods); } ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253011.0 python-ldap-3.4.4/Modules/ldapcontrol.h0000644000175000017500000000052714525746523020354 0ustar00spichugispichugi/* See https://www.python-ldap.org/ for details. */ #ifndef __h_ldapcontrol #define __h_ldapcontrol #include "common.h" void LDAPinit_control(PyObject *d); void LDAPControl_List_DEL(LDAPControl **); int LDAPControls_from_object(PyObject *, LDAPControl ***); PyObject *LDAPControls_to_List(LDAPControl **ldcs); #endif /* __h_ldapcontrol */ ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253011.0 python-ldap-3.4.4/Modules/ldapmodule.c0000644000175000017500000000364414525746523020157 0ustar00spichugispichugi/* See https://www.python-ldap.org/ for details. */ #include "common.h" #include "constants.h" #include "functions.h" #include "ldapcontrol.h" #include "LDAPObject.h" #if PY_MAJOR_VERSION >= 3 PyMODINIT_FUNC PyInit__ldap(void); #else PyMODINIT_FUNC init_ldap(void); #endif #define _STR(x) #x #define STR(x) _STR(x) static char version_str[] = STR(LDAPMODULE_VERSION); static char author_str[] = STR(LDAPMODULE_AUTHOR); static char license_str[] = STR(LDAPMODULE_LICENSE); static void init_pkginfo(PyObject *m) { PyModule_AddStringConstant(m, "__version__", version_str); PyModule_AddStringConstant(m, "__author__", author_str); PyModule_AddStringConstant(m, "__license__", license_str); } /* dummy module methods */ static PyMethodDef methods[] = { {NULL, NULL} }; /* module initialisation */ /* Common initialization code */ PyObject * init_ldap_module(void) { PyObject *m, *d; /* Create the module and add the functions */ #if PY_MAJOR_VERSION >= 3 static struct PyModuleDef ldap_moduledef = { PyModuleDef_HEAD_INIT, "_ldap", /* m_name */ "", /* m_doc */ -1, /* m_size */ methods, /* m_methods */ }; m = PyModule_Create(&ldap_moduledef); #else m = Py_InitModule("_ldap", methods); #endif /* Initialize LDAP class */ if (PyType_Ready(&LDAP_Type) < 0) { Py_DECREF(m); return NULL; } /* Add some symbolic constants to the module */ d = PyModule_GetDict(m); init_pkginfo(m); if (LDAPinit_constants(m) == -1) { return NULL; } LDAPinit_functions(d); LDAPinit_control(d); /* Check for errors */ if (PyErr_Occurred()) Py_FatalError("can't initialize module _ldap"); return m; } #if PY_MAJOR_VERSION < 3 PyMODINIT_FUNC init_ldap() { init_ldap_module(); } #else PyMODINIT_FUNC PyInit__ldap() { return init_ldap_module(); } #endif ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253011.0 python-ldap-3.4.4/Modules/message.c0000644000175000017500000002357114525746523017456 0ustar00spichugispichugi/* See https://www.python-ldap.org/ for details. */ #include "common.h" #include "message.h" #include "berval.h" #include "ldapcontrol.h" #include "constants.h" /* * Converts an LDAP message into a Python structure. * * On success, returns a list of dictionaries. * On failure, returns NULL, and sets an error. * * The message m is always freed, regardless of return value. * * If add_ctrls is non-zero, per-entry/referral/partial/intermediate * controls will be added as a third item to each entry tuple * * If add_intermediates is non-zero, intermediate/partial results will * be returned */ PyObject * LDAPmessage_to_python(LDAP *ld, LDAPMessage *m, int add_ctrls, int add_intermediates) { /* we convert an LDAP message into a python structure. * It is always a list of dictionaries. * We always free m. */ PyObject *result, *pyctrls = 0; LDAPMessage *entry; LDAPControl **serverctrls = 0; int rc; result = PyList_New(0); if (result == NULL) { ldap_msgfree(m); return NULL; } for (entry = ldap_first_entry(ld, m); entry != NULL; entry = ldap_next_entry(ld, entry)) { char *dn; char *attr; BerElement *ber = NULL; PyObject *entrytuple; PyObject *attrdict; PyObject *pydn; dn = ldap_get_dn(ld, entry); if (dn == NULL) { Py_DECREF(result); ldap_msgfree(m); return LDAPerror(ld); } attrdict = PyDict_New(); if (attrdict == NULL) { Py_DECREF(result); ldap_msgfree(m); ldap_memfree(dn); return NULL; } rc = ldap_get_entry_controls(ld, entry, &serverctrls); if (rc) { Py_DECREF(result); ldap_msgfree(m); ldap_memfree(dn); return LDAPerror(ld); } /* convert serverctrls to list of tuples */ if (!(pyctrls = LDAPControls_to_List(serverctrls))) { int err = LDAP_NO_MEMORY; ldap_set_option(ld, LDAP_OPT_ERROR_NUMBER, &err); Py_DECREF(result); ldap_msgfree(m); ldap_memfree(dn); ldap_controls_free(serverctrls); return LDAPerror(ld); } ldap_controls_free(serverctrls); /* Fill attrdict with lists */ for (attr = ldap_first_attribute(ld, entry, &ber); attr != NULL; attr = ldap_next_attribute(ld, entry, ber) ) { PyObject *valuelist; PyObject *pyattr; struct berval **bvals; pyattr = PyUnicode_FromString(attr); bvals = ldap_get_values_len(ld, entry, attr); /* Find which list to append to */ if (PyDict_Contains(attrdict, pyattr)) { /* Multiple attribute entries with same name. This code path * is rarely used and cannot be exhausted with OpenLDAP * tests. 389-DS sometimes triggeres it, see * https://github.com/python-ldap/python-ldap/issues/218 */ valuelist = PyDict_GetItem(attrdict, pyattr); /* Turn borrowed reference into owned reference */ if (valuelist != NULL) Py_INCREF(valuelist); } else { valuelist = PyList_New(0); if (valuelist != NULL && PyDict_SetItem(attrdict, pyattr, valuelist) == -1) { Py_DECREF(valuelist); valuelist = NULL; /* catch error later */ } } if (valuelist == NULL) { Py_DECREF(pyattr); Py_DECREF(attrdict); Py_DECREF(result); if (ber != NULL) ber_free(ber, 0); ldap_msgfree(m); ldap_memfree(attr); ldap_memfree(dn); Py_XDECREF(pyctrls); return NULL; } if (bvals != NULL) { Py_ssize_t i; for (i = 0; bvals[i]; i++) { PyObject *valuestr; valuestr = LDAPberval_to_object(bvals[i]); if (PyList_Append(valuelist, valuestr) == -1) { Py_DECREF(pyattr); Py_DECREF(attrdict); Py_DECREF(result); Py_DECREF(valuestr); Py_DECREF(valuelist); if (ber != NULL) ber_free(ber, 0); ldap_msgfree(m); ldap_memfree(attr); ldap_memfree(dn); Py_XDECREF(pyctrls); return NULL; } Py_DECREF(valuestr); } ldap_value_free_len(bvals); } Py_DECREF(pyattr); Py_DECREF(valuelist); ldap_memfree(attr); } pydn = PyUnicode_FromString(dn); if (pydn == NULL) { Py_DECREF(result); ldap_msgfree(m); ldap_memfree(dn); return NULL; } if (add_ctrls) { entrytuple = Py_BuildValue("(OOO)", pydn, attrdict, pyctrls); } else { entrytuple = Py_BuildValue("(OO)", pydn, attrdict); } Py_DECREF(pydn); ldap_memfree(dn); Py_DECREF(attrdict); Py_XDECREF(pyctrls); PyList_Append(result, entrytuple); Py_DECREF(entrytuple); if (ber != NULL) ber_free(ber, 0); } for (entry = ldap_first_reference(ld, m); entry != NULL; entry = ldap_next_reference(ld, entry)) { char **refs = NULL; PyObject *entrytuple; PyObject *reflist = PyList_New(0); if (reflist == NULL) { Py_DECREF(result); ldap_msgfree(m); return NULL; } if (ldap_parse_reference(ld, entry, &refs, &serverctrls, 0) != LDAP_SUCCESS) { Py_DECREF(reflist); Py_DECREF(result); ldap_msgfree(m); return LDAPerror(ld); } /* convert serverctrls to list of tuples */ if (!(pyctrls = LDAPControls_to_List(serverctrls))) { int err = LDAP_NO_MEMORY; ldap_set_option(ld, LDAP_OPT_ERROR_NUMBER, &err); Py_DECREF(reflist); Py_DECREF(result); ldap_msgfree(m); ldap_controls_free(serverctrls); return LDAPerror(ld); } ldap_controls_free(serverctrls); if (refs) { Py_ssize_t i; for (i = 0; refs[i] != NULL; i++) { /* A referal is a distinguishedName => unicode */ PyObject *refstr = PyUnicode_FromString(refs[i]); PyList_Append(reflist, refstr); Py_DECREF(refstr); } ber_memvfree((void **)refs); } if (add_ctrls) { entrytuple = Py_BuildValue("(sOO)", NULL, reflist, pyctrls); } else { entrytuple = Py_BuildValue("(sO)", NULL, reflist); } Py_DECREF(reflist); Py_XDECREF(pyctrls); PyList_Append(result, entrytuple); Py_DECREF(entrytuple); } if (add_intermediates) { for (entry = ldap_first_message(ld, m); entry != NULL; entry = ldap_next_message(ld, entry)) { /* list of tuples */ /* each tuple is OID, Berval, controllist */ if (LDAP_RES_INTERMEDIATE == ldap_msgtype(entry)) { PyObject *valtuple; PyObject *valuestr; char *retoid = 0; PyObject *pyoid; struct berval *retdata = 0; if (ldap_parse_intermediate (ld, entry, &retoid, &retdata, &serverctrls, 0) != LDAP_SUCCESS) { Py_DECREF(result); ldap_msgfree(m); return LDAPerror(ld); } /* convert serverctrls to list of tuples */ if (!(pyctrls = LDAPControls_to_List(serverctrls))) { int err = LDAP_NO_MEMORY; ldap_set_option(ld, LDAP_OPT_ERROR_NUMBER, &err); Py_DECREF(result); ldap_msgfree(m); ldap_controls_free(serverctrls); ldap_memfree(retoid); ber_bvfree(retdata); return LDAPerror(ld); } ldap_controls_free(serverctrls); valuestr = LDAPberval_to_object(retdata); ber_bvfree(retdata); if (valuestr == NULL) { ldap_memfree(retoid); Py_DECREF(result); ldap_msgfree(m); return NULL; } pyoid = PyUnicode_FromString(retoid); ldap_memfree(retoid); if (pyoid == NULL) { Py_DECREF(valuestr); Py_DECREF(result); ldap_msgfree(m); return NULL; } valtuple = Py_BuildValue("(NNN)", pyoid, valuestr, pyctrls); if (valtuple == NULL) { Py_DECREF(result); ldap_msgfree(m); return NULL; } if (PyList_Append(result, valtuple) == -1) { Py_DECREF(valtuple); Py_DECREF(result); ldap_msgfree(m); return NULL; } Py_DECREF(valtuple); } } } ldap_msgfree(m); return result; } ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253011.0 python-ldap-3.4.4/Modules/message.h0000644000175000017500000000043514525746523017455 0ustar00spichugispichugi/* See https://www.python-ldap.org/ for details. */ #ifndef __h_message #define __h_message #include "common.h" extern PyObject *LDAPmessage_to_python(LDAP *ld, LDAPMessage *m, int add_ctrls, int add_intermediates); #endif /* __h_message_ */ ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253011.0 python-ldap-3.4.4/Modules/options.c0000644000175000017500000003305714525746523017525 0ustar00spichugispichugi/* See https://www.python-ldap.org/ for details. */ #include "common.h" #include "constants.h" #include "LDAPObject.h" #include "ldapcontrol.h" #include "options.h" #include "berval.h" void set_timeval_from_double(struct timeval *tv, double d) { tv->tv_usec = (long)(fmod(d, 1.0) * 1000000.0); tv->tv_sec = (long)floor(d); } /** * Converts a return code from ldap_set_option() or ldap_get_option() * into a python error, and returns NULL. */ static PyObject * option_error(int res, const char *fn) { if (res == LDAP_OPT_ERROR) PyErr_SetString(PyExc_ValueError, "option error"); else if (res == LDAP_PARAM_ERROR) PyErr_SetString(PyExc_ValueError, "parameter error"); else if (res == LDAP_NO_MEMORY) PyErr_NoMemory(); else PyErr_Format(PyExc_SystemError, "error %d from %s", res, fn); return NULL; } /** * Sets an LDAP option. * Returns 0 on failure, 1 on success */ int LDAP_set_option(LDAPObject *self, int option, PyObject *value) { int res; int intval; unsigned int uintval; double doubleval; char *strval; struct timeval tv; #if HAVE_SASL /* unsigned long */ ber_len_t blen; #endif void *ptr; LDAP *ld; LDAPControl **controls = NULL; ld = self ? self->ldap : NULL; switch (option) { case LDAP_OPT_API_INFO: case LDAP_OPT_API_FEATURE_INFO: case LDAP_OPT_DESC: #ifdef HAVE_SASL case LDAP_OPT_X_SASL_SSF: #endif #ifdef LDAP_OPT_X_TLS_PEERCERT case LDAP_OPT_X_TLS_PEERCERT: #endif /* Read-only options */ PyErr_SetString(PyExc_ValueError, "read-only option"); return 0; case LDAP_OPT_REFERRALS: case LDAP_OPT_RESTART: #ifdef LDAP_OPT_X_SASL_NOCANON case LDAP_OPT_X_SASL_NOCANON: #endif #ifdef LDAP_OPT_CONNECT_ASYNC case LDAP_OPT_CONNECT_ASYNC: #endif /* Truth-value options */ ptr = PyObject_IsTrue(value) ? LDAP_OPT_ON : LDAP_OPT_OFF; break; case LDAP_OPT_DEREF: case LDAP_OPT_SIZELIMIT: case LDAP_OPT_TIMELIMIT: case LDAP_OPT_PROTOCOL_VERSION: case LDAP_OPT_ERROR_NUMBER: case LDAP_OPT_DEBUG_LEVEL: #ifdef HAVE_TLS case LDAP_OPT_X_TLS: case LDAP_OPT_X_TLS_REQUIRE_CERT: #ifdef LDAP_OPT_X_TLS_CRLCHECK case LDAP_OPT_X_TLS_CRLCHECK: #endif #ifdef LDAP_OPT_X_TLS_NEWCTX case LDAP_OPT_X_TLS_NEWCTX: #endif #ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN case LDAP_OPT_X_TLS_PROTOCOL_MIN: #endif #ifdef LDAP_OPT_X_TLS_PROTOCOL_MAX case LDAP_OPT_X_TLS_PROTOCOL_MAX: #endif #ifdef LDAP_OPT_X_TLS_REQUIRE_SAN case LDAP_OPT_X_TLS_REQUIRE_SAN: #endif #endif #ifdef LDAP_OPT_X_KEEPALIVE_IDLE case LDAP_OPT_X_KEEPALIVE_IDLE: #endif #ifdef LDAP_OPT_X_KEEPALIVE_PROBES case LDAP_OPT_X_KEEPALIVE_PROBES: #endif #ifdef LDAP_OPT_X_KEEPALIVE_INTERVAL case LDAP_OPT_X_KEEPALIVE_INTERVAL: #endif /* integer value options */ if (!PyArg_Parse(value, "i:set_option", &intval)) return 0; ptr = &intval; break; #ifdef LDAP_OPT_TCP_USER_TIMEOUT case LDAP_OPT_TCP_USER_TIMEOUT: #endif if (!PyArg_Parse(value, "I:set_option", &uintval)) return 0; ptr = &uintval; break; #ifdef HAVE_SASL case LDAP_OPT_X_SASL_SSF_MIN: case LDAP_OPT_X_SASL_SSF_MAX: case LDAP_OPT_X_SASL_SSF_EXTERNAL: case LDAP_OPT_X_SASL_MAXBUFSIZE: if (!PyArg_Parse(value, "k:set_option", &blen)) return 0; ptr = &blen; break; #endif case LDAP_OPT_HOST_NAME: case LDAP_OPT_URI: #ifdef LDAP_OPT_DEFBASE case LDAP_OPT_DEFBASE: #endif case LDAP_OPT_ERROR_STRING: case LDAP_OPT_MATCHED_DN: #ifdef HAVE_TLS case LDAP_OPT_X_TLS_CACERTFILE: case LDAP_OPT_X_TLS_CACERTDIR: case LDAP_OPT_X_TLS_CERTFILE: case LDAP_OPT_X_TLS_KEYFILE: case LDAP_OPT_X_TLS_CIPHER_SUITE: case LDAP_OPT_X_TLS_RANDOM_FILE: case LDAP_OPT_X_TLS_DHFILE: #ifdef LDAP_OPT_X_TLS_CRLFILE case LDAP_OPT_X_TLS_CRLFILE: #endif #ifdef LDAP_OPT_X_TLS_ECNAME case LDAP_OPT_X_TLS_ECNAME: #endif #endif #ifdef HAVE_SASL case LDAP_OPT_X_SASL_SECPROPS: #endif #ifdef LDAP_OPT_SOCKET_BIND_ADDRESSES case LDAP_OPT_SOCKET_BIND_ADDRESSES: #endif /* String valued options */ if (!PyArg_Parse(value, "s:set_option", &strval)) return 0; ptr = strval; break; case LDAP_OPT_TIMEOUT: case LDAP_OPT_NETWORK_TIMEOUT: /* Float valued timeval options */ if (value == Py_None) { /* None is mapped to infinity timeout */ doubleval = -1; } else { /* 'd' handles int/long */ if (!PyArg_Parse(value, "d:set_option", &doubleval)) { if (PyErr_ExceptionMatches(PyExc_TypeError)) { /* TypeError: mention either float or None is expected */ PyErr_Clear(); PyErr_Format(PyExc_TypeError, "A float or None is expected for timeout, got %.100s", Py_TYPE(value)->tp_name); } return 0; } } if (doubleval >= 0) { set_timeval_from_double(&tv, doubleval); ptr = &tv; } else if (doubleval == -1) { /* -1 is infinity timeout */ tv.tv_sec = -1; tv.tv_usec = 0; ptr = &tv; } else { PyErr_Format(PyExc_ValueError, "timeout must be >= 0 or -1/None for infinity, got %S", value); return 0; } break; case LDAP_OPT_SERVER_CONTROLS: case LDAP_OPT_CLIENT_CONTROLS: if (!LDAPControls_from_object(value, &controls)) return 0; ptr = controls; break; default: PyErr_Format(PyExc_ValueError, "unknown option %d", option); return 0; } if (self) { LDAP_BEGIN_ALLOW_THREADS(self); res = ldap_set_option(ld, option, ptr); LDAP_END_ALLOW_THREADS(self); } else { PyThreadState *save; save = PyEval_SaveThread(); res = ldap_set_option(NULL, option, ptr); PyEval_RestoreThread(save); } if ((option == LDAP_OPT_SERVER_CONTROLS) || (option == LDAP_OPT_CLIENT_CONTROLS)) LDAPControl_List_DEL(controls); if (res != LDAP_OPT_SUCCESS) { option_error(res, "ldap_set_option"); return 0; } return 1; } static int LDAP_int_get_option(LDAPObject *self, int option, void *value) { int res; if (self != NULL) { LDAP_BEGIN_ALLOW_THREADS(self); res = ldap_get_option(self->ldap, option, value); LDAP_END_ALLOW_THREADS(self); } else { PyThreadState *save; save = PyEval_SaveThread(); res = ldap_get_option(NULL, option, value); PyEval_RestoreThread(save); } return res; } PyObject * LDAP_get_option(LDAPObject *self, int option) { int res; int intval; unsigned int uintval; struct timeval *tv; LDAPAPIInfo apiinfo; LDAPControl **lcs; char *strval; struct berval berbytes; #if HAVE_SASL /* unsigned long */ ber_len_t blen; #endif PyObject *extensions, *v; Py_ssize_t i, num_extensions; switch (option) { #ifdef HAVE_SASL case LDAP_OPT_X_SASL_SECPROPS: case LDAP_OPT_X_SASL_SSF_EXTERNAL: /* Write-only options */ PyErr_SetString(PyExc_ValueError, "write-only option"); return NULL; #endif case LDAP_OPT_API_INFO: apiinfo.ldapai_info_version = LDAP_API_INFO_VERSION; res = LDAP_int_get_option(self, option, &apiinfo); if (res != LDAP_OPT_SUCCESS) return option_error(res, "ldap_get_option"); /* put the extensions into tuple form */ num_extensions = 0; while (apiinfo.ldapai_extensions[num_extensions]) num_extensions++; extensions = PyTuple_New(num_extensions); for (i = 0; i < num_extensions; i++) PyTuple_SET_ITEM(extensions, i, PyUnicode_FromString(apiinfo.ldapai_extensions [i])); /* return api info as a dictionary */ v = Py_BuildValue("{s:i, s:i, s:i, s:s, s:i, s:O}", "info_version", apiinfo.ldapai_info_version, "api_version", apiinfo.ldapai_api_version, "protocol_version", apiinfo.ldapai_protocol_version, "vendor_name", apiinfo.ldapai_vendor_name, "vendor_version", apiinfo.ldapai_vendor_version, "extensions", extensions); if (apiinfo.ldapai_vendor_name) ldap_memfree(apiinfo.ldapai_vendor_name); for (i = 0; i < num_extensions; i++) ldap_memfree(apiinfo.ldapai_extensions[i]); ldap_memfree(apiinfo.ldapai_extensions); Py_DECREF(extensions); return v; case LDAP_OPT_REFERRALS: case LDAP_OPT_RESTART: case LDAP_OPT_DEREF: case LDAP_OPT_SIZELIMIT: case LDAP_OPT_TIMELIMIT: case LDAP_OPT_PROTOCOL_VERSION: case LDAP_OPT_ERROR_NUMBER: case LDAP_OPT_DEBUG_LEVEL: case LDAP_OPT_DESC: #ifdef HAVE_TLS case LDAP_OPT_X_TLS: case LDAP_OPT_X_TLS_REQUIRE_CERT: #ifdef LDAP_OPT_X_TLS_CRLCHECK case LDAP_OPT_X_TLS_CRLCHECK: #endif #ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN case LDAP_OPT_X_TLS_PROTOCOL_MIN: #endif #ifdef LDAP_OPT_X_TLS_PROTOCOL_MAX case LDAP_OPT_X_TLS_PROTOCOL_MAX: #endif #ifdef LDAP_OPT_X_TLS_REQUIRE_SAN case LDAP_OPT_X_TLS_REQUIRE_SAN: #endif #endif #ifdef LDAP_OPT_X_SASL_NOCANON case LDAP_OPT_X_SASL_NOCANON: #endif #ifdef LDAP_OPT_CONNECT_ASYNC case LDAP_OPT_CONNECT_ASYNC: #endif #ifdef LDAP_OPT_X_KEEPALIVE_IDLE case LDAP_OPT_X_KEEPALIVE_IDLE: #endif #ifdef LDAP_OPT_X_KEEPALIVE_PROBES case LDAP_OPT_X_KEEPALIVE_PROBES: #endif #ifdef LDAP_OPT_X_KEEPALIVE_INTERVAL case LDAP_OPT_X_KEEPALIVE_INTERVAL: #endif /* Integer-valued options */ res = LDAP_int_get_option(self, option, &intval); if (res != LDAP_OPT_SUCCESS) return option_error(res, "ldap_get_option"); return PyInt_FromLong(intval); #ifdef LDAP_OPT_TCP_USER_TIMEOUT case LDAP_OPT_TCP_USER_TIMEOUT: #endif /* unsigned int options */ res = LDAP_int_get_option(self, option, &uintval); if (res != LDAP_OPT_SUCCESS) return option_error(res, "ldap_get_option"); return PyLong_FromUnsignedLong(uintval); #ifdef HAVE_SASL case LDAP_OPT_X_SASL_SSF: case LDAP_OPT_X_SASL_SSF_MIN: case LDAP_OPT_X_SASL_SSF_MAX: case LDAP_OPT_X_SASL_MAXBUFSIZE: /* ber_len_t options (unsigned long)*/ res = LDAP_int_get_option(self, option, &blen); if (res != LDAP_OPT_SUCCESS) return option_error(res, "ldap_get_option"); return PyLong_FromUnsignedLong(blen); #endif case LDAP_OPT_HOST_NAME: case LDAP_OPT_URI: #ifdef LDAP_OPT_DEFBASE case LDAP_OPT_DEFBASE: #endif case LDAP_OPT_ERROR_STRING: case LDAP_OPT_MATCHED_DN: #ifdef HAVE_TLS case LDAP_OPT_X_TLS_CACERTFILE: case LDAP_OPT_X_TLS_CACERTDIR: case LDAP_OPT_X_TLS_CERTFILE: case LDAP_OPT_X_TLS_KEYFILE: case LDAP_OPT_X_TLS_CIPHER_SUITE: case LDAP_OPT_X_TLS_RANDOM_FILE: case LDAP_OPT_X_TLS_DHFILE: #ifdef LDAP_OPT_X_TLS_CRLFILE case LDAP_OPT_X_TLS_CRLFILE: #endif #ifdef LDAP_OPT_X_TLS_VERSION case LDAP_OPT_X_TLS_VERSION: #endif #ifdef LDAP_OPT_X_TLS_CIPHER case LDAP_OPT_X_TLS_CIPHER: #endif #ifdef LDAP_OPT_X_TLS_PACKAGE case LDAP_OPT_X_TLS_PACKAGE: #endif #ifdef LDAP_OPT_X_TLS_ECNAME case LDAP_OPT_X_TLS_ECNAME: #endif #endif #ifdef HAVE_SASL case LDAP_OPT_X_SASL_MECH: case LDAP_OPT_X_SASL_REALM: case LDAP_OPT_X_SASL_AUTHCID: case LDAP_OPT_X_SASL_AUTHZID: #ifdef LDAP_OPT_X_SASL_USERNAME case LDAP_OPT_X_SASL_USERNAME: #endif #endif #ifdef LDAP_OPT_SOCKET_BIND_ADDRESSES case LDAP_OPT_SOCKET_BIND_ADDRESSES: #endif /* String-valued options */ res = LDAP_int_get_option(self, option, &strval); if (res != LDAP_OPT_SUCCESS) return option_error(res, "ldap_get_option"); if (strval == NULL) { Py_INCREF(Py_None); return Py_None; } v = PyUnicode_FromString(strval); ldap_memfree(strval); return v; #ifdef HAVE_TLS #ifdef LDAP_OPT_X_TLS_PEERCERT case LDAP_OPT_X_TLS_PEERCERT: #endif #endif /* Options dealing with raw data */ res = LDAP_int_get_option(self, option, &berbytes); if (res != LDAP_OPT_SUCCESS) return option_error(res, "ldap_get_option"); v = LDAPberval_to_object(&berbytes); ldap_memfree(berbytes.bv_val); return v; case LDAP_OPT_TIMEOUT: case LDAP_OPT_NETWORK_TIMEOUT: /* Double-valued timeval options */ res = LDAP_int_get_option(self, option, &tv); if (res != LDAP_OPT_SUCCESS) return option_error(res, "ldap_get_option"); if (tv == NULL) { Py_INCREF(Py_None); return Py_None; } v = PyFloat_FromDouble((double)tv->tv_sec + ((double)tv->tv_usec / 1000000.0) ); ldap_memfree(tv); return v; case LDAP_OPT_SERVER_CONTROLS: case LDAP_OPT_CLIENT_CONTROLS: res = LDAP_int_get_option(self, option, &lcs); if (res != LDAP_OPT_SUCCESS) return option_error(res, "ldap_get_option"); v = LDAPControls_to_List(lcs); ldap_controls_free(lcs); return v; default: PyErr_Format(PyExc_ValueError, "unknown option %d", option); return NULL; } } ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1700253011.0 python-ldap-3.4.4/Modules/options.h0000644000175000017500000000043514525746523017524 0ustar00spichugispichugi/* See https://www.python-ldap.org/ for details. */ int LDAP_optionval_by_name(const char *name); int LDAP_set_option(LDAPObject *self, int option, PyObject *value); PyObject *LDAP_get_option(LDAPObject *self, int option); void set_timeval_from_double(struct timeval *tv, double d); ././@PaxHeader0000000000000000000000000000003400000000000010212 xustar0028 mtime=1700253999.7852356 python-ldap-3.4.4/PKG-INFO0000644000175000017500000000351514525750460015342 0ustar00spichugispichugiMetadata-Version: 2.1 Name: python-ldap Version: 3.4.4 Summary: Python modules for implementing LDAP clients Home-page: https://www.python-ldap.org/ Download-URL: https://pypi.org/project/python-ldap/ Author: python-ldap project Author-email: python-ldap@python.org License: Python style Classifier: Development Status :: 5 - Production/Stable Classifier: Intended Audience :: Developers Classifier: Intended Audience :: System Administrators Classifier: Operating System :: OS Independent Classifier: Operating System :: MacOS :: MacOS X Classifier: Operating System :: Microsoft :: Windows Classifier: Operating System :: POSIX Classifier: Programming Language :: C Classifier: Programming Language :: Python Classifier: Programming Language :: Python :: 3 Classifier: Programming Language :: Python :: 3.6 Classifier: Programming Language :: Python :: 3.7 Classifier: Programming Language :: Python :: 3.8 Classifier: Programming Language :: Python :: 3.9 Classifier: Programming Language :: Python :: 3.10 Classifier: Programming Language :: Python :: 3.11 Classifier: Programming Language :: Python :: 3.12 Classifier: Topic :: Database Classifier: Topic :: Internet Classifier: Topic :: Software Development :: Libraries :: Python Modules Classifier: Topic :: System :: Systems Administration :: Authentication/Directory :: LDAP Classifier: License :: OSI Approved :: Python Software Foundation License Requires-Python: >=3.6 License-File: LICENCE Requires-Dist: pyasn1>=0.3.7 Requires-Dist: pyasn1_modules>=0.1.5 python-ldap: python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. Mainly it wraps the OpenLDAP 2.x libs for that purpose. Additionally the package contains modules for other LDAP-related stuff (e.g. processing LDIF, LDAPURLs, LDAPv3 schema, LDAPv3 extended operations and controls, etc.). ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/README0000644000175000017500000001162514521037673015126 0ustar00spichugispichugi--------------------------------------- python-ldap: LDAP client API for Python --------------------------------------- What is python-ldap? ==================== python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. Mainly it wraps the OpenLDAP client libs for that purpose. Additionally the package contains modules for other LDAP-related stuff (e.g. processing LDIF, LDAPURLs, LDAPv3 sub-schema, etc.). Not included: Direct BER support See INSTALL for version compatibility See TODO for planned features. Contributors welcome. For module documentation, see: https://www.python-ldap.org/ Quick usage example: ==================== .. code-block:: python import ldap l = ldap.initialize("ldap://my_ldap_server.my_domain") l.simple_bind_s("","") l.search_s("o=My Organisation, c=AU", ldap.SCOPE_SUBTREE, "objectclass=*") See directory ``Demo/`` of source distribution package for more example code. Author(s) contact and documentation: ==================================== https://www.python-ldap.org/ If you are looking for help, please try the mailing list archives first, then send a question to the mailing list. Be warned that questions will be ignored if they can be trivially answered by referring to the documentation. If you are interested in helping, please contact the mailing list. If you want new features or upgrades, please check the mailing list archives and then enquire about any progress. Acknowledgements: ================= Thanks to Konstantin Chuguev and Steffen Ries for working on support for OpenLDAP 2.0.x features. Thanks to Michael Stroeder for the modules ``ldif``, ``ldapurl``, ``ldap/schema/*.py``, ``ldap/*.py`` and ``ldap/controls/*.py``. Thanks to Hans Aschauer for the C wrapper schema and SASL support. Thanks to Mauro Cicognini for the WIN32/MSVC6 bits, and the pre-built WIN32 ``ldap.pyd``. Thanks to Waldemar Osuch for contributing the new-style docs based on reStructuredText. Thanks to Torsten Kurbad for the easy_install support. Thanks to James Andrewartha for significant contribution to ``Doc/*.tex``. Thanks to Rich Megginson for extending support for LDAPv3 controls and adding support for LDAPv3 extended operations. Thanks to Peter Gietz, DAASI for funding some control modules. Thanks to Chris Mikkelson for various fixes and ldap.syncrepl. These very kind people have supplied patches or suggested changes: * Federico Di Gregorio * John Benninghoff * Donn Cave * Jason Gunthorpe * gurney_j * Eric S. Johansson * David Margrave * Uche Ogbuji * Neale Pickett * Blake Weston * Wido Depping * Deepak Giridharagopal * Ingo Steuwer * Andreas Hasenack * Matej Vela These people contributed to Python 3 porting (at https://github.com/pyldap/): * ​A. Karl Kornel * Alex Willmer * Aymeric Augustin * Bradley Baetz * Christian Heimes * Dirk Mueller * Jon Dufresne * Martin Basti * Miro Hrončok * Paul Aurich * Petr Viktorin * Pieterjan De Potter * Raphaël Barrois * Robert Kuska * Stanislav Láznička * Tobias Bräutigam * Tom van Dijk * Wentao Han * William Brown Thanks to all the guys on the python-ldap mailing list for their contributions and input into this package. Thanks! We may have missed someone: please mail us if we have omitted your name. Licence ======= The python-ldap project comes with a LICENCE file. We are aware that its text is unclear, but it cannot be changed: all authors of python-ldap would need to approve the licence change, but a complete list of all the authors is not available. (Note that the Git repository of the project is incomplete. Furthermore, commits imported from CVS lack authorship information; users "stroeder" or "leonard" are commiters (reviewers), but sometimes not authors of the committed code.) The current maintainers assume that the license is the sentence that refers to "Python-style license" and assume this means a highly permissive open source license that only requires preservation of the text of the LICENCE file (including the disclaimer paragraph). ------------------------------------------------------------------------------- All contributions committed since July 1st, 2021, as well as some past contributions, are licensed under the MIT license. The MIT licence and more details are listed in the file LICENCE.MIT. ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/TODO0000644000175000017500000000202014521037673014723 0ustar00spichugispichugi*** List of things to-do in no particular order *** General: - Define common Python style license for all modules - Support Python 3.2+ Modules/ - Specific support for more controls - VLV control - server-side sorting control - Wrap libldif as faster drop-in replacement for module ldif? - Extract response controls in SASL bind responses - Attach response controls to LDAPError instances to deliver the controls to the calling application in case of an error - Attach more useful information to LDAPError instances, e.g. the filter used when doing a search in case of ldap.FILTER_ERROR etc. Lib/ - Unicode support for DNs, filter strings, etc. but not entry attributes! (Everybody asking for the latter should check the mailing list archive first.) - Caching of search requests for each LDAPObject instance - LDIF parser for replication logs and change records Tests/ - Clean up and finish the mess of small test scripts started. - Create a test script that exercises everything with a server holding the BLITS test data set ././@PaxHeader0000000000000000000000000000003400000000000010212 xustar0028 mtime=1700253999.7842357 python-ldap-3.4.4/Tests/0000755000175000017500000000000014525750460015343 5ustar00spichugispichugi././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Tests/__init__.py0000644000175000017500000000102314521037673017450 0ustar00spichugispichugi""" Automatic tests for python-ldap See https://www.python-ldap.org/ for details. """ from . import t_bind from . import t_cext from . import t_cidict from . import t_ldap_dn from . import t_ldap_filter from . import t_ldap_functions from . import t_ldap_modlist from . import t_ldap_schema_tokenizer from . import t_ldapurl from . import t_ldif from . import t_ldapobject from . import t_edit from . import t_ldap_schema_subentry from . import t_untested_mods from . import t_ldap_controls_libldap from . import t_ldap_options ././@PaxHeader0000000000000000000000000000003400000000000010212 xustar0028 mtime=1700253999.7842357 python-ldap-3.4.4/Tests/data/0000755000175000017500000000000014525750460016254 5ustar00spichugispichugi././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Tests/data/subschema-ipa.demo1.freeipa.org.ldif0000644000175000017500000157366214521037673025065 0ustar00spichugispichugi######################################################################## # LDIF export by web2ldap 1.2.80, see http://www.web2ldap.de # Date and time: Saturday, 2017-02-18 17:09:08 GMT # Bind-DN: u'uid=admin,cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org' # LDAP-URL of search: # ldap://ipa.demo1.freeipa.org/cn%3Dschema?matchingRuleUse,ldapSyntaxes,nameForms,dITStructureRules,attributeTypes,matchingRules,dITContentRules,objectClasses,objectClass,cn?base?%28objectClass%3D%2A%29?bindname=uid%3Dadmin%2Ccn%3Dusers%2Ccn%3Daccounts%2Cdc%3Ddemo1%2Cdc%3Dfreeipa%2Cdc%3Dorg ######################################################################## version: 1 dn: cn=schema attributeTypes: ( 2.16.840.1.113730.3.1.582 NAME 'nsDS5ReplicaCredentials' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 S INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.51 NAME 'ipaAllowedToPerform' DES C 'DNs allowed to perform an operation' SUP distinguishedName EQUALITY dist inguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA v4. 0' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2274 NAME 'nsslapd-instancedir' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.24.1 NAME 'krbHostServer' EQUAL ITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.18.0.2.4.1139 NAME 'printer-info' DESC 'Descriptive in formation about this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'r fc3712' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.4 NAME 'ipatokenNotAfter' DESC 'Token expiration date' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.24 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.532 NAME 'ntUserCountryCode' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY caseIg noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'LDAP referrals a ttribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'LDAPv3 referr als Internet Draft' ) attributeTypes: ( 1.3.6.1.4.1.13769.2.4 NAME ( 'nsAIMid' 'nscpaimscreenname' ) EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.52 NAME 'ipk11Verify' DESC 'Key supports verification where the signature is an appendix to the data' EQUA LITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.204 NAME 'replicaNickName' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( sslVersionMin-oid NAME 'sslVersionMin' DESC 'Netscape defi ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape ' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord' DESC 'Key, RFC 2 535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.8.11.2 NAME 'ipaNTSecurityIdentifier' DESC 'NT Security ID' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IP A v3' 'user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DES C 'Base at which the samba RID generation algorithm should operate' EQUALIT Y integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.2243 NAME 'nsslapd-securelistenhost' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( modified-oid NAME 'modified' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2108 NAME 'nsPagedLookThroughLimit' DESC 'Binder-based simple paged search operation look through limit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIG IN '389' ) attributeTypes: ( 1.3.6.1.4.1.6981.11.3.7 NAME 'FTPStatus' DESC 'Account sta tus: enabled or disabled' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.7 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) attributeTypes: ( notBefore-oid NAME 'notBefore' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2091 NAME 'nsslapd-suffix' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.24 NAME 'ipaEntitlementId' DESC 'E ntitlement Unique identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreO rderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'NT Gro up Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- VALUE ) attributeTypes: ( nsUserRDNComponent-oid NAME 'nsUserRDNComponent' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 1.3.18.0.2.4.1117 NAME 'printer-media-local-supported' DES C 'Site-specific names of media supported by this printer.' EQUALITY caseIg noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.5.4.51 NAME 'houseIdentifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORI GIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.2301 NAME 'nsslapd-plugin-logging' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822mailbox' ) EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 4524' X-DEPRECATED 'rfc822mailbox' ) attributeTypes: ( 2.16.840.1.113730.3.1.607 NAME 'nsDS5Flags' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsTaskLabel-oid NAME 'nsTaskLabel' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord' DESC 'NSEC, RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.1.2068 NAME 'pamExcludeSuffix' DESC 'S uffixes to exclude from PAM authentication' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.12 X-ORIGIN 'Red Hat Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2157 NAME 'dnaRemoteBindCred' DESC ' Remote bind credentials' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( nsBindDN-oid NAME 'nsBindDN' DESC 'Netscape defined attrib ute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' ) attributeTypes: ( requestError-oid NAME 'requestError' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( Clone-oid NAME 'Clone' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 7 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( tokenMsg-oid NAME 'tokenMsg' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.44 NAME 'ipaPermExcludedAttr' DES C 'IPA permission explicitly excluded attribute' EQUALITY caseIgnoreMatch O RDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN ( 'IPA v4.0' 'user defined' ) ) attributeTypes: ( 2.5.4.18 NAME 'postOfficeBox' EQUALITY caseIgnoreMatch SU BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI N 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.2261 NAME 'nsslapd-attribute-name-ex ceptions' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.527 NAME 'ntUserLastLogoff' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 1.3.6.1.4.1.250.1.2 NAME 'multiLineDescription' DESC 'Pilo t attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Internet W hite Pages Pilot' ) attributeTypes: ( 2.16.840.1.113730.3.1.102 NAME ( 'passwordChange' 'pwdAllo wUserChange' ) DESC 'Netscape defined password policy attribute type' SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory S erver' ) attributeTypes: ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' DESC 'Standard LDAP a ttribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ' RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.21 NAME 'mailQuota' DESC 'Netscape M essaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 1.2.840.113556.1.4.482 NAME 'calOtherCalURIs' DESC 'RFC273 9: multi-value URI for snapshots of other calendars' EQUALITY caseIgnoreIA5 Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .26 X-ORIGIN 'rfc2739' ) attributeTypes: ( 2.16.840.1.113730.3.1.2238 NAME 'nsslapd-security' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( ownerName-oid NAME 'ownerName' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.14 NAME 'nisNetIdHost' DESC 'nisNe tIdHost' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X- ORIGIN ( 'RFC2307bis' 'user defined' ) ) attributeTypes: ( numberOfResets-oid NAME 'numberOfResets' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2327 NAME 'nsslapd-auditfaillog' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.6 NAME 'javaClassName' DESC 'Fully qualified name of distinguished Java class or interface' EQUALITY caseExac tMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2713 ' ) attributeTypes: ( 2.16.840.1.113730.3.1.240 NAME 'replicatedattributelist' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2175 NAME 'nsslapd-accesslog-logrota tionsync-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1 .1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsRevisionNumber-oid NAME 'nsRevisionNumber' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne tscape' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.11 NAME 'externalHost' DESC 'Multi value string attribute that allows storing host names.' EQUALITY caseIgnore Match ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.62 NAME 'ipaAnchorUUID' DESC 'Uni que Anchor Identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrdering Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2207 NAME 'nsslapd-rootdn' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-V ALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsHelpRef-oid NAME 'nsHelpRef' DESC 'Netscape defined attr ibute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.3 NAME 'searchTimeLimit' DESC 'Maxi mum time an agent or service allows for a search to complete' EQUALITY inte gerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.15.2.1 NAME 'krbPrincipalAuthInd' E QUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.43 NAME 'ntUserDeleteAccount' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.8.1.9 NAME 'ipaMaxUsernameLength' EQU ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.217 NAME 'replicaCFUpdated' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI N 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.61 NAME 'ipk11Sensitive' DESC ' Key is sensitive' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.6 NAME 'targetDn' DESC 'Changelog at tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Changelog Inte rnet Draft' ) attributeTypes: ( transId-oid NAME 'transId' DESC 'CMS defined attribute' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC 'Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SI NGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.5.4.25 NAME 'internationalISDNNumber' EQUALITY numericS tringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.36 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.998 NAME ( 'passwordGraceUserTime' ' pwdGraceUserTime' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.9.1 NAME 'krbMaxTicketLife' EQU ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.7.3 NAME 'cmdCategory' DESC 'Additio nal classification for commands' EQUALITY caseIgnoreMatch ORDERING caseIgno reMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord' DESC 'host inf ormation, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substri ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' DESC 'Standard LDA P attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGI N 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.2225 NAME 'nsslapd-workingdir' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING LE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' EQUA LITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.1.781 NAME 'mgrpAddHeader' DESC 'Netsc ape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.65 NAME 'ntUserLogonServer' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.2295 NAME 'nsslapd-allowed-sasl-mech anisms' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2162 NAME 'winSyncDirectoryFilter' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.9 NAME 'sudoNotAfter' DESC 'End of t ime interval for which the entry is valid' EQUALITY generalizedTimeMatch OR DERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 X- ORIGIN 'SUDO' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.59 NAME 'ipaKeyUsage' DESC 'Allow ed key usage' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.73 NAME 'sambaTrustPartner' DESC 'Ful ly qualified name of the domain with which a trust exists' EQUALITY caseIgn oreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 1.3.18.0.2.4.1121 NAME 'printer-resolution-supported' DESC 'List of resolutions supported for printing documents by this printer.' EQ UALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.12 NAME 'ipatokenTOTPtimeStep' DESC 'TOTP time-step' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( tokenKeyType-oid NAME 'tokenKeyType' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2139 NAME 'winSyncMoveAction' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.14 NAME 'idnsForwardPolicy' DESC ' forward policy: only or first' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnor eIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORI GIN ( 'IPA v2' 'user defined' ) ) attributeTypes: ( nsExpirationDate-oid NAME 'nsExpirationDate' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne tscape' ) attributeTypes: ( dateOfArchival-oid NAME 'dateOfArchival' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( unrevokedCerts-oid NAME 'unrevokedCerts' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.1 NAME 'eduPersonAffiliation' DESC 'Affiliation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'http://middlew are.internet2.edu/eduperson/' ) attributeTypes: ( nsVendor-oid NAME 'nsVendor' DESC 'Netscape defined attrib ute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.2332 NAME 'allowWeakDHParam' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.87 NAME 'cirUpdateSchedule' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI N 'Netscape Directory Server' ) attributeTypes: ( thisUpdate-oid NAME 'thisUpdate' DESC 'CMS defined attribu te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.253 NAME 'nsValueSyntax' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' Netscape servers - value item' ) attributeTypes: ( 2.5.4.32 NAME 'owner' SUP distinguishedName EQUALITY dist inguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4519' ) attributeTypes: ( nsLdapSchemaVersion-oid NAME 'nsLdapSchemaVersion' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN 'Netscape' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.44.1 NAME 'krbPwdHistory' EQUAL ITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 2.16.840.1.113730.3.1.2100 NAME 'autoMemberInclusiveRegex' DESC 'Auto Membership inclusive regex rule' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 X-ORIGIN '389 Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.11 NAME 'objectclassMap' DESC 'Obje ct class mappings used, required, or supported by an agent or service' EQUA LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'RF C4876' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2089 NAME 'mepMappedAttr' DESC 'Mana ged Entries mapped attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2212 NAME 'nsslapd-useroc' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.20.2.6 NAME 'ipaReplTopoSegmentGener ated' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 X-ORIGIN ( 'FreeIPA' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2282 NAME 'nsslapd-rundir' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( tokenResult-oid NAME 'tokenResult' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.13769.3.3 NAME 'mozillaHomeLocalityName' SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DESC 'Disc onnect Users outside logon hours (default: -1 => off, 0 => on)' EQUALITY in tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationname' ) SUP name EQUALIT Y caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'organizationname' ) attributeTypes: ( 2.16.840.1.113730.3.1.2259 NAME 'nsslapd-return-exact-case ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsAdminAccessAddresses-oid NAME 'nsAdminAccessAddresses' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus' EQ UALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( nsAdminUsers-oid NAME 'nsAdminUsers' DESC 'Netscape define d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape A dministration Services' ) attributeTypes: ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' DESC 'Standard LDAP a ttribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ' RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.19 NAME 'mailMessageStore' DESC 'Net scape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.2126 NAME 'dnaHostname' DESC 'DNA ho stname of replica to get new range of values' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.221 NAME 'passwordStorageScheme' DES C 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2230 NAME 'nsslapd-ldapiautobind' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2196 NAME 'nsslapd-accesslog-logexpi rationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466. 115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.576 NAME 'nsRoleFilter' DESC 'Netsca pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALU E X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.70 NAME 'serverRoot' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets cape Administration Services' ) attributeTypes: ( 5.3.6.1.1.1.1.0 NAME 'trustModel' DESC 'Access scheme' EQU ALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'nss_ldap/pam_ldap' ) attributeTypes: ( 1.2.840.113554.1.4.1.6.2 NAME 'krbPwdAttributes' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.248 NAME 'nsValueDN' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Nets cape servers - value item' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.41 NAME 'parentOrganization' EQU ALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VA LUE X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.8 NAME 'hostCategory' DESC 'Additi onal classification for hosts' EQUALITY caseIgnoreMatch ORDERING caseIgnore OrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) imp ersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( nsAdminEnableDSGW-oid NAME 'nsAdminEnableDSGW' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' Netscape Administration Services' ) attributeTypes: ( 1.3.18.0.2.4.1132 NAME 'printer-multiple-document-jobs-sup ported' DESC 'Indicates whether or not this printer supports more than one document per job.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 7 SINGLE-VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.21 NAME 'ipatokenHOTPcounter' D ESC 'HOTP counter' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.21.1.1 NAME 'ipaCertProfileStoreIssu ed' DESC 'Store certificates issued using this profile' EQUALITY booleanMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.2' ' user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1 NAME ( 'mozillaNickname' 'xmozillani ckname' ) SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.27 NAME 'idnsSecAlgorithm' DESC 'D NSKEY algorithm: string used as mnemonic' EQUALITY caseIgnoreIA5Match SUBST R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE- VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( notAfter-oid NAME 'notAfter' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.5.18.2 NAME 'modifyTimestamp' EQUALITY generalizedTimeM atch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'R FC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.1.92 NAME ( 'passwordExpWarned' 'pwdEx pirationWarned' ) DESC 'Netscape defined password policy attribute type' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X- ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.5322.21.2.1 NAME 'krbPwdMaxFailure' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.5 NAME 'ipaNTHash' DESC 'NT Hash of user password' EQUALITY octetStringMatch ORDERING octetStringOrderingMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'u ser defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2246 NAME 'nsslapd-maxdescriptors' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.23 NAME 'ipaNTTrustedDomainSID' D ESC 'NT Trusted Domain Security ID' EQUALITY caseIgnoreIA5Match SUBSTR case IgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.1.11 NAME 'ipaUserObjectClasses' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.32.1 NAME 'krbPwdMinDiffChars' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.2113 NAME 'internalModifiersName' DE SC 'plugin dn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MO DIFICATION USAGE directoryOperation X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.20 NAME 'ipk11PublicKeyInfo' DE SC 'DER-encoding of SubjectPublicKeyInfo of associated public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN ( 'IPA v4.1 ' 'user defined' ) ) attributeTypes: ( issueInfo-oid NAME 'issueInfo' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2094 NAME 'nsslapd-parent-suffix' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X -ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.692 NAME 'inetUserStatus' DESC '"act ive", "inactive", or "deleted" status of a user' SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape subscriber interoperability' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC 'Nex t NT rid to give out for groups' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.18.0.2.4.1110 NAME 'printer-job-priority-supported' DE SC 'Indicates the number of job priority levels supported by this printer.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.1.2183 NAME 'nsslapd-audit-logrotation syncmin' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.789 NAME 'mgrpNoDuplicateChecks' DES C 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.2304 NAME 'nsslapd-dynamic-plugins' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.602 NAME 'entrydn' DESC 'internal se rver defined attribute type' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOpe ration ) attributeTypes: ( 2.16.840.1.113730.3.1.1098 NAME 'nsds5replicaSessionPauseT ime' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Serve r' ) attributeTypes: ( 2.16.840.1.113730.3.1.2073 NAME 'pamSecure' DESC 'Require secure (TLS/SSL) connection for PAM auth' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .7 SINGLE-VALUE X-ORIGIN 'Red Hat Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2264 NAME 'nsslapd-max-filter-nest-l evel' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.41 NAME 'ipaRangeType' DESC 'Rang e type' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 1.3.18.0.2.4.1129 NAME 'printer-color-supported' DESC 'Ind icates whether this printer is capable of any type of color printing at all , including highlight color.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.7 SINGLE-VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.5.21.2 NAME 'dITContentRules' EQUALITY objectIdentifier FirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOpe ration X-ORIGIN 'RFC 4512' ) attributeTypes: ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' EQUAL ITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.1.522 NAME 'ntUserComment' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VAL UE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( nsmsgDisallowAccess-oid NAME 'nsmsgDisallowAccess' DESC 'N etscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.24 NAME 'mailRoutingAddress' DESC 'N etscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 1.2.840.113556.1.4.485 NAME 'calOtherCalAdrURIs' DESC 'RFC 2739: multi-value URI to other request destinations' EQUALITY caseIgnoreIA5 Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .26 X-ORIGIN 'rfc2739' ) attributeTypes: ( 2.16.840.1.113730.3.1.2131 NAME 'pamFilter' DESC 'Filter t o match entries that should use PAM authentication' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Red Hat Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.42 NAME 'ipk11Derive' DESC 'Key supports key derivation' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.234 NAME 'nsSNMPLocation' DESC 'Nets cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( tokenIssuer-oid NAME 'tokenIssuer' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord' DESC 'Naming A uthority Pointer, RFC 2915' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA 5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' S YNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.9 NAME 'eduPersonScopedAffiliation' DESC 'Scoped Affiliation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'h ttp://middleware.internet2.edu/eduperson/' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.16 NAME 'ipaNTTrustAuthIncoming' DESC 'Authentication information for the incoming portion of a trust' EQUAL ITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( requestFlag-oid NAME 'requestFlag' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( nsHostLocation-oid NAME 'nsHostLocation' DESC 'Netscape de fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netsca pe' ) attributeTypes: ( 2.16.840.1.113730.3.1.590 NAME 'nsDS5ReplicaName' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2178 NAME 'nsslapd-accesslog-logrota tionsynchour' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.146 6.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.15 NAME 'ipk11Destroyable' DESC 'Can be destroyed by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2081 NAME ( 'passwordMaxRepeats' 'pw dMaxRepeats' ) DESC 'Netscape defined password policy attribute type' SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory S erver' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.14 NAME 'accessTime' DESC 'Access time' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.687 NAME 'nsds5replicaChangesSentSin ceStartup' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGI N 'Netscape Directory Server' ) attributeTypes: ( 1.3.18.0.2.4.1107 NAME 'printer-xri-supported' DESC 'The u nordered list of XRI (extended resource identifiers) supported by this prin ter.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.1.46 NAME 'ntGroupDeleteGroup' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.8.1.4 NAME 'ipaSearchRecordsLimit' EQ UALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.5.32 NAME 'ipaLocation' DESC 'Refere nce to IPA location' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.12 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.9 NAME 'newRdn' DESC 'Changelog attr ibute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Changelog Intern et Draft' ) attributeTypes: ( 2.16.840.1.113730.3.1.2147 NAME 'rootdn-allow-host' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORI GIN 'Netscape Directory Server' ) attributeTypes: ( autoRenew-oid NAME 'autoRenew' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.34 NAME 'ipaIDRangeSize' DESC 'Si ze of a Posix ID range' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2251 NAME 'nsslapd-accesscontrol' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod' SYNTAX 1.3.6.1.4. 1.1466.115.121.1.14 SINGLE-VALUE X-ORIGIN 'RFC 4519' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' SYNTAX 1.3.6. 1.4.1.1466.115.121.1.26 USAGE dSAOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.1.11 NAME 'newSuperior' DESC 'Changelo g attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Changelog Internet Draft' ) attributeTypes: ( 2.16.840.1.113730.3.1.229 NAME 'nsslapd-pluginVendor' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord' DESC 'for AFS Data Base location, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnore IA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( clientId-oid NAME 'clientId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Home di rectory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2228 NAME 'nsslapd-ldapifilepath' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' DESC 'Standard LDAP a ttribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ' RFC 2307' ) attributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.21 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.2317 NAME 'nsslapd-auditfaillog-logr otationsync-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1. 4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.68 NAME 'ntUserPasswordExpired' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SING LE-VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.7 NAME 'idnsSOAretry' DESC 'SOA re try value' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2298 NAME 'nsslapd-enable-turbo-mode ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.585 NAME 'nsDS5ReplicatedAttributeLi st' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2165 NAME 'schemaUpdateObjectclassAc cept' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.52 NAME 'ipaProtectedOperation' D ESC 'Operation to be protected' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2277 NAME 'nsslapd-tmpdir' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.1002 NAME 'nsds7NewWinUserSyncEnable d' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.7 NAME 'ipatokenSerial' DESC 'O TP Token Serial number' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.19 NAME 'ipatokenRadiusRetries' DESC 'Number of allowed Retries' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime' DESC 'o ld variant of modifyTimestamp' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI N 'RFC 1274' ) attributeTypes: ( 2.16.840.1.113730.3.1.535 NAME 'ntUserHomeDirDrive' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.110 NAME 'ntGroupId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X- ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.33 NAME 'mgrpModerator' DESC 'Netsca pe Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.207 NAME 'vlvBase' DESC 'Netscape de fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netsca pe Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.51 NAME 'ipk11Encrypt' DESC 'Ke y supports encryption' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( nsServerMigrationClassname-oid NAME 'nsServerMigrationClas sname' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( nsSSLPersonalitySSL-oid NAME 'nsSSLPersonalitySSL' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN 'Netscape' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' DESC 'A s tring option' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. 26 SINGLE-VALUE ) attributeTypes: ( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 4519' ) attributeTypes: ( crlExtensions-oid NAME 'crlExtensions' DESC 'CMS defined a ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.1.4 NAME 'vendorName' EQUALITY 1.3.6.1.4.1.1466.1 09.114.1 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICA TION USAGE dSAOperation X-ORIGIN 'RFC 3045' ) attributeTypes: ( 1.3.6.1.4.1.6981.11.3.4 NAME 'FTPDownloadRatio' DESC 'Rati o (compared with FTPRatioUp) for downloaded files' EQUALITY integerMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.16 NAME 'dereferenceAliases' DESC ' Specifies if a service or agent either requires, supports, or uses derefere ncing of aliases.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 7 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.18 NAME 'ipk11StartDate' DESC ' Validity start date' EQUALITY generalizedTimeMatch ORDERING generalizedTime OrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.801 NAME 'mgrpRemoveHeader' DESC 'Ne tscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.27 NAME 'ipaSELinuxUserMapOrder' D ESC 'Available SELinux user context ordering' EQUALITY caseIgnoreMatch ORDE RING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.11.70 NAME 'ipaPermTargetTo' DESC 'D estination location to move an entry IPA permission ACI' EQUALITY distingui shedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2215 NAME 'nsslapd-allow-unauthentic ated-binds' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.18.0.2.4.1118 NAME 'printer-copies-supported' DESC 'Th e maximum number of copies of a document that may be printed as a single jo b on this printer.' EQUALITY integerMatch ORDERING integerOrderingMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.1.55 NAME 'aci' DESC 'Netscape defined access control information attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( tokenOp-oid NAME 'tokenOp' DESC 'CMS defined attribute' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' EQUALITY case IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.1.2285 NAME 'nsslapd-hash-filters' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.7 NAME ( 'l' 'locality' 'localityname' ) SUP name E QUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'locality localityname' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord' DESC 'SSH Key Fingerprint, draft-ietf-secsh-dns-05.txt' EQUALITY caseIgnoreIA5Match SUBST R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( nsSSL3SessionTimeout-oid NAME 'nsSSL3SessionTimeout' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR IGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.2152 NAME 'nsds5ReplicaProtocolTimeo ut' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( dataType-oid NAME 'dataType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.52.1 NAME 'krbObjectReferences' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' DESC ' Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY integerM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.49 NAME 'ipaPermTarget' DESC 'IPA permission target' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.105 NAME ( 'passwordLockout' 'pwdLoc kOut' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6 .1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.2129 NAME 'dnaNextRange' DESC 'DNA r ange of values to get from replica' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( nsSSL3-oid NAME 'nsSSL3' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC 'Windo ws NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2199 NAME 'nsslapd-accesslog-logexpi rationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.571 NAME 'nsSizeLimit' DESC 'Binder- based search operation size limit (entries)' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory S erver' ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.13 NAME 'nisNetIdGroup' DESC 'nisN etIdGroup' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'RFC2307bis' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2322 NAME 'nsslapd-auditfaillog-logm infreediskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.77 NAME 'changeTime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets cape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.243 NAME 'nsValueCIS' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Net scape servers - value item' ) attributeTypes: ( 2.16.840.1.113730.3.8.18.2.3 NAME 'ipaVaultPublicKey' DESC 'IPA vault public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.40 X-ORIGIN ( 'IPA v4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2170 NAME 'nsslapd-accesslog-level' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.3 NAME 'enrolledBy' DESC 'DN of ad ministrator who performed manual enrollment of the host' SUP distinguishedN ame EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X- ORIGIN 'IPA v2' ) attributeTypes: ( publicKeyFormat-oid NAME 'publicKeyFormat' DESC 'CMS defin ed attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2202 NAME 'nsslapd-accesslog-logging -enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( classId-oid NAME 'classId' DESC 'Certificate profile class ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 NAME 'authenticationMethod' DESC 'Identifies the types of authentication methods either used, required, or p rovided by a service or peer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( ' RFC4876' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.21.1.4 NAME 'ipaCaCategory' DESC 'Ad ditional classification for CAs' EQUALITY caseIgnoreMatch ORDERING caseIgno reOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.15 X-ORIGIN ( 'IPA v4.2' 'user defined' ) ) attributeTypes: ( 1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC 'Automou nt information' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121. 1.26 SINGLE-VALUE X-ORIGIN 'RFC 2307bis' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.29.1 NAME 'krbAdmServers' EQUAL ITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.64 NAME 'ipk11SignRecover' DESC 'Key supports signatures where data can be recovered from the signature' E QUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORI GIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( publishingStatus-oid NAME 'publishingStatus' DESC 'CMS def ined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined ' ) attributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'vehicle li cense or registration plate' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2798' ) attributeTypes: ( nsCertConfig-oid NAME 'nsCertConfig' DESC 'Netscape define d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape C ertificate Management System' ) attributeTypes: ( 2.16.840.1.113730.3.1.99 NAME ( 'passwordMinLength' 'pwdMi nLength' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1. 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Serve r' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.8 NAME 'ipaNTHomeDirectory' DESC 'User Home Directory Path' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrde ringMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2249 NAME 'nsslapd-idletimeout' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.20 NAME 'telephoneNumber' EQUALITY telephoneNumberM atch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.50 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.8.7.6 NAME 'ipaSudoRunAs' DESC 'Refere nce to a user or group that the commands can be run as.' SUP memberUser EQU ALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2116 NAME 'dnaPrefix' DESC 'DNA stri ng prefix for dna value' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2220 NAME 'nsslapd-minssf-exclude-ro otdse' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'Standard LDAP attri bute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.2186 NAME 'nsslapd-auditlog-logrotat iontime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.1.60 NAME 'ntUserAuthFlags' DESC 'Nets cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VAL UE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( DomainManager-oid NAME 'DomainManager' SYNTAX 1.3.6.1.4.1 .1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2290 NAME 'nsslapd-disk-monitoring-t hreshold' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2076 NAME ( 'passwordMinAlphas' 'pwd MinAlphas' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Ser ver' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.49 NAME 'DHCIDRecord' DESC 'Dynamic Host Configuration Protocol (DHCP) Information, RFC 4701' EQUALITY caseIgno reIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113719.1.301.4.40.1 NAME 'krbTicketPolicyRefere nce' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( authorityKeyHost-oid NAME 'authorityKeyHost' DESC 'Authori ty Key Hosts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.406 NAME 'nsSynchUserIDFormat' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR IGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.74 NAME 'sambaFlatName' DESC 'NetBIOS name of a domain' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 1.3.18.0.2.4.1122 NAME 'printer-media-supported' DESC 'The standard names/types/sizes (and optional color suffixes) of the media supp orted by this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.5.21.5 NAME 'attributeTypes' EQUALITY objectIdentifierF irstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOper ation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.11 NAME 'ipatokenTOTPclockOffse t' DESC 'TOTP clock offset' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( nsAdminEnableEnduser-oid NAME 'nsAdminEnableEnduser' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR IGIN 'Netscape Administration Services' ) attributeTypes: ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' DESC 'Standard LDAP att ribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.17 NAME 'idnsPersistentSearch' DES C 'allow persistent searches' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2134 NAME 'nsds5ReplicaStripAttrs' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.544 NAME 'nsParentUniqueId' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.4 NAME 'eduPersonOrgUnitDN' DESC 'O rganizational Unit DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'http: //middleware.internet2.edu/eduperson/' ) attributeTypes: ( 2.16.840.1.113730.3.1.82 NAME 'cirBindDn' DESC 'Netscape d efined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netsc ape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.13 NAME 'ipaNTTrustDirection' DES C 'Direction of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.27 SINGLE-VALUE ) attributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'a JPEG i mage' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 X-ORIGIN 'RFC 2798' ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.13 NAME 'javaClassNames' DESC 'Ful ly qualified Java class or interface name' EQUALITY caseExactMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2713' ) attributeTypes: ( 2.16.840.1.113730.3.1.2103 NAME 'autoMemberDisabled' DESC 'Auto Membership disabled attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.809 NAME 'nsds5replicaLastInitStatus ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2084 NAME 'nsSymmetricKey' DESC 'A s ymmetric key - currently used by attribute encryption' SYNTAX 1.3.6.1.4.1.1 466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'attribute encryption' ) attributeTypes: ( 2.16.840.1.113730.3.1.682 NAME 'nsds5ReplicaPurgeDelay' DE SC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' EQUAL ITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.41 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 1.3.6.1.4.1.1.1.1.12 NAME 'nisDomain' DESC 'NIS domain' SY NTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'RFC2307bis' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.20.2.1 NAME 'ipaReplTopoConfRoot' DE SC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN ( 'FreeIPA' 'user defined' ) ) attributeTypes: ( requestInfo-oid NAME 'requestInfo' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( nsTLS1-oid NAME 'nsTLS1' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( keySize-oid NAME 'keySize' DESC 'CMS defined attribute' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2063 NAME 'nsEncryptionAlgorithm' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.13769.3.4 NAME 'mozillaHomeState' SUP name EQ UALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.31 NAME 'ipaSshPubKey' DESC 'SSH public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.5.4.13 NAME 'description' EQUALITY caseIgnoreMatch SUBS TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.2254 NAME 'nsslapd-pwpolicy-local' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( keyState-oid NAME 'keyState' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.14 NAME 'mailAutoReplyMode' DESC 'Ne tscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( tokenPolicy-oid NAME 'tokenPolicy' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2121 NAME 'dnaScope' DESC 'DNA base DN for finding entries' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X -ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.224 NAME 'nsslapd-pluginPath' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.2.1.2 NAME 'acctPolicySubentry' DESC 'A ccount policy pointer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE US AGE directoryOperation X-ORIGIN 'Account Policy Plugin' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Timest amp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.2233 NAME 'nsslapd-ldapiuidnumbertyp e' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2191 NAME 'nsslapd-errorlog-logmaxdi skspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.579 NAME 'nsDS5ReplicaPort' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.2 NAME 'idnsZoneActive' DESC 'defi ne if the zone is considered in use' EQUALITY booleanMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.610 NAME 'nsAccountLock' DESC 'Opera tional attribute for Account Inactivation' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.2.840.113554.1.4.1.6.1 NAME 'krbCanonicalName' EQUALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.26 SINGLE-VALUE ) attributeTypes: ( proofOfArchival-oid NAME 'proofOfArchival' DESC 'CMS defin ed attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.707 NAME 'vacationstartdate' DESC 'N etscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.580 NAME 'nsDS5ReplicaTransportInfo' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2168 NAME 'schemaUpdateAttributeReje ct' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( metaInfo-oid NAME 'metaInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s ) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.146 6.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.79 NAME 'sambaTrustPosixOffset' DESC 'POSIX offset of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.27 SINGLE-VALUE ) attributeTypes: ( dateOfRevocation-oid NAME 'dateOfRevocation' DESC 'CMS def ined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined ' ) attributeTypes: ( 1.3.18.0.2.4.1137 NAME 'printer-generated-natural-language -supported' DESC 'Natural language(s) supported for this directory entry.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.1.1005 NAME 'nsds7DirsyncCookie' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGL E-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.530 NAME 'ntUserLogonHours' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-V ALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.24 NAME 'ipatokenTOTPsyncWindow ' DESC 'TOTP Sync Window (maximum synchronization variance in seconds)' EQU ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIG IN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy' DESC 'old variant of modifiersName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'R FC 1274' ) attributeTypes: ( 2.16.840.1.113730.3.1.36 NAME 'nsLicensedFor' DESC 'Netsca pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'N etscape Administration Services' ) attributeTypes: ( 1.3.6.1.4.1.13769.2.2 NAME ( 'mozillaSecondEmail' 'xmozill asecondemail' ) EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Mozilla A ddress Book' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.22 NAME 'idnsSecKeyInactive' DESC 'DNSSEC key (planned) inactivation time' EQUALITY generalizedTimeMatch ORDE RING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SING LE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.202 NAME 'replicaCredentials' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIG IN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.3023 NAME 'nsViewFilter' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' Netscape Directory Server' ) attributeTypes: ( nsSSL2Ciphers-oid NAME 'nsSSL2Ciphers' DESC 'Netscape defi ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape ' ) attributeTypes: ( nsServerAddress-oid NAME 'nsServerAddress' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets cape' ) attributeTypes: ( 2.16.840.1.113730.3.1.91 NAME 'passwordExpirationTime' DES C 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Dire ctory Server' ) attributeTypes: ( 1.3.6.1.4.1.5322.21.2.2 NAME 'krbPwdFailureCountInterval' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.2241 NAME 'nsslapd-errorlog' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsProductName-oid NAME 'nsProductName' DESC 'Netscape defi ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape ' ) attributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList' DESC 'X.509 author ity revocation list' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.40 X-ORIGIN 'RFC 4523' ) attributeTypes: ( 2.16.840.1.113730.3.1.2027 NAME 'nsruvReplicaLastModified' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2097 NAME 'autoMemberScope' DESC 'Au to Membership scope criteria' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-V ALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'Times tamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.695 NAME 'inetSubscriberChallenge' D ESC 'Used to confirm subscriberIdentity. This attribute holds the challeng e phrase and is used in conjunction with the inetSubscriberResponse' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Netscape subscriber i nteroperability' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.49.1 NAME 'krbLastFailedAuth' E QUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VA LUE ) attributeTypes: ( 2.16.840.1.113730.3.1.2218 NAME 'nsslapd-localssf' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE -VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.18.0.2.4.1115 NAME 'printer-stacking-order-supported' DESC 'The possible stacking order of pages as they are printed and ejected from this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.15.1 NAME 'krbLdapServers' EQUA LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.2.840.113556.1.4.479 NAME 'calFBURL' DESC 'RFC2739: URI to the users default freebusy data' EQUALITY caseIgnoreIA5Match SUBSTR case IgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'rfc 2739' ) attributeTypes: ( 2.16.840.1.113730.3.1.2307 NAME 'nsslapd-allow-hashed-pass words' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.58 NAME 'replicaBindDn' DESC 'Netsca pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'N etscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.605 NAME 'entryid' DESC 'internal se rver defined attribute type' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 2.16.840.1.113730.3.1.2288 NAME 'nsslapd-defaultnamingcont ext' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( authorityParentID-oid NAME 'authorityParentID' DESC 'Autho rity Parent ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.13769.3.9 NAME 'mozillaWorkUrl' EQUALITY case IgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Moz illa Address Book' ) attributeTypes: ( 2.16.840.1.113730.3.1.2155 NAME 'nsds5ReplicaBackoffMax' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.42 NAME 'ipaPermDefaultAttr' DESC 'IPA permission default attribute' EQUALITY caseIgnoreMatch ORDERING caseI gnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4. 0' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2267 NAME 'nsslapd-certmap-basedn' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.525 NAME 'ntUserWorkstations' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.100 NAME 'passwordKeepHistory' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.23 NAME 'mgrpAllowedDomain' DESC 'Ne tscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 1.2.840.113556.1.4.480 NAME 'calCAPURI' DESC 'RFC2739: URI used to communicate with the users calendar' EQUALITY caseIgnoreIA5Match S UBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-O RIGIN 'rfc2739' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.41 NAME 'ipk11KeyType' DESC 'Ke y type' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.237 NAME 'nsSNMPMasterHost' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( profileID-oid NAME 'profileID' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( nsDefaultAcceptLanguage-oid NAME 'nsDefaultAcceptLanguage' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.6.1 NAME 'krbPrincipalExpiration ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL E-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.2325 NAME 'nsslapd-auditfaillog-logg ing-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( requestOwner-oid NAME 'requestOwner' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.593 NAME 'nsSNMPName' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Net scape Directory Server' ) attributeTypes: ( nextRange-oid NAME 'nextRange' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.17 NAME 'hostCApolicy' DESC 'Polic y on how to treat host requests for cert operations.' EQUALITY caseIgnoreMa tch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.60 NAME 'ipaKeyExtUsage' DESC 'Al lowed extended key usage' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.38 X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2205 NAME 'nsslapd-auditlog-logging- hide-unhashed-pw' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1 .1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.18.0.2.4.1108 NAME 'printer-aliases' DESC 'List of sit e-specific administrative names of this printer in addition to the value sp ecified for printer-name.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstr ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALITY ca seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.45 NAME 'ntGroupCreateNewGroup' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN GLE-VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.8.1.7 NAME 'ipaDefaultLoginShell' EQU ALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.63 NAME 'ipk11Sign' DESC 'Key s upports signatures where the signature is an appendix to the data' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( ' IPA v4.1' 'user defined' ) ) attributeTypes: ( serialno-oid NAME 'serialno' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.215 NAME 'oid' DESC 'Netscape define d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape D irectory Server' ) attributeTypes: ( userDN-oid NAME 'userDN' DESC 'CMS defined attribute' SYNT AX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2798' ) attributeTypes: ( 2.16.840.1.113730.3.1.2142 NAME 'nsSaslMapPriority' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGL E-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.39 NAME 'ipaNTSIDBlacklistOutgoin g' DESC 'Extra SIDs filtered out from outgoing MS-PAC' EQUALITY caseIgnoreI A5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.26 X-ORIGIN 'IPA v3' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC 'Trust Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.26 ) attributeTypes: ( publicKeyData-oid NAME 'publicKeyData' DESC 'CMS defined a ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2119 NAME 'dnaMagicRegen' DESC 'DNA value that will trigger regeneration of attribute value' SYNTAX 1.3.6.1.4.1 .1466.115.121.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.7.1 NAME 'memberAllowCmd' DESC 'Refe rence to a command or group of commands that are allowed by the rule.' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.12 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.47.1 NAME 'krbPrincipalAliases' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC 'Tim estamp of when the user is allowed to update the password' EQUALITY integer Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( sessionContext-oid NAME 'sessionContext' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) attributeTypes: ( 2.5.4.42 NAME 'givenName' SUP name EQUALITY caseIgnoreMat ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- ORIGIN 'RFC 4519' ) attributeTypes: ( tokenType-oid NAME 'tokenType' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2189 NAME 'nsslapd-auditlog-logrotat iontimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.7.12 NAME 'hostMask' DESC 'IP mask t o identify a subnet.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUB STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2312 NAME 'dnaExcludeScope' DESC 'DN of a subtree excluded from DNA plugin scope' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.12 X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.67 NAME 'ntUserProfile' DESC 'Netsca pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALU E X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( revokedCerts-oid NAME 'revokedCerts' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2079 NAME ( 'passwordMinSpecials' 'p wdMinSpecials' ) DESC 'Netscape defined password policy attribute type' SYN TAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.588 NAME 'nsDS5ReplicaId' DESC 'Nets cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA LUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2160 NAME 'dnaRemoteBindMethod' DESC 'Remote bind method: SIMPLE, SSL, SASL/DIGEST-MD5, or SASL/GSSAPI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.13769.4.3 NAME 'mozillaCustom3' EQUALITY case IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.71 NAME 'sambaTrustAttributes' DESC ' Trust attributes for a trusted domain' EQUALITY integerMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.57 NAME 'ipaCertIssuerSerial' DES C 'Issuer name and serial number' EQUALITY caseIgnoreMatch SUBSTR caseIgnor eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( transStatus-oid NAME 'transStatus' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2272 NAME 'nsslapd-plugin-binddn-tra cking' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.2 NAME 'ipatokenDisabled' DESC 'Optionally marks token as Disabled' EQUALITY booleanMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 2.5.21.8 NAME 'matchingRuleUse' EQUALITY objectIdentifier FirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOpe ration X-ORIGIN 'RFC 4512' ) attributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME ( 'labeledURI' 'labeledurl' ) E QUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15 X-ORIGIN 'RFC 2079' X-DEPRECATED 'labeledurl' ) attributeTypes: ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.54 NAME 'ipk11Wrap' DESC 'Key s upports wrapping' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( beginRange-oid NAME 'beginRange' DESC 'CMS defined attribu te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( signingAlgorithmId-oid NAME 'signingAlgorithmId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user def ined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2330 NAME 'nsslapd-logging-backend' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.89 NAME 'cirSyncInterval' DESC 'Nets cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' DESC 'A string list option' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' DESC 'The class of a resource record' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115 .121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.1.251 NAME 'nsValueFlags' DESC 'Netsca pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'N etscape servers - value item' ) attributeTypes: ( 1.3.6.1.4.1.6981.11.3.1 NAME 'FTPQuotaFiles' DESC 'Quota ( in number of files) for an FTP user' EQUALITY integerMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.13 NAME 'serviceCredentialLevel' DE SC 'Specifies the type of credentials either used, required, or supported b y a specific service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.26 X-ORIGIN ( 'RFC4876' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2106 NAME 'nsIDListScanLimit' DESC ' Binder-based search operation ID list scan limit (candidate entries)' SYNTA X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORI GIN '389' ) attributeTypes: ( 2.16.840.1.113730.3.1.804 NAME 'nsSchemaCSN' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsServerSecurity-oid NAME 'nsServerSecurity' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne tscape' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.22 NAME 'ipaMigrationEnabled' DESC 'Enable adding user entries with pre-hashed passwords.' SYNTAX 1.3.6.1.4.1 .1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.75 NAME 'ipaNTAdditionalSuffixes' DESC 'Suffix for the user principal name associated with the domain' EQUAL ITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4 .4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2210 NAME 'nsslapd-auditlog' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.50 NAME 'replicaBeginOrc' DESC 'Nets cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.20.2.4 NAME 'ipaReplTopoSegmentRight Node' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 X-ORIGIN ( 'FreeIPA' 'user defined' ) ) attributeTypes: ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDrink' ) EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' X-DEPRECATED 'favouriteDrink' ) attributeTypes: ( 2.16.840.1.113730.3.1.2280 NAME 'nsslapd-bakdir' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surName' ) SUP name EQUALITY caseIgn oreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'surName' ) attributeTypes: ( 2.16.840.1.113730.3.1.2066 NAME 'nsSaslMapFilterTemplate' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.13769.3.1 NAME 'mozillaHomeStreet' EQUALITY c aseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 2.16.840.1.113730.3.1.198 NAME 'memberURL' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Nets cape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindo w' DESC 'Reset time after lockout in minutes (default: 30)' EQUALITY intege rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.5.4.16 NAME 'postalAddress' EQUALITY caseIgnoreListMatc h SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.108 NAME 'passwordUnlock' DESC 'Nets cape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' DESC 'Standard L DAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2307 ' ) attributeTypes: ( 2.16.840.1.113730.3.1.2124 NAME 'dnaRemainingValues' DESC 'DNA remaining values left to assign' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( nsSSLClientAuth-oid NAME 'nsSSLClientAuth' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets cape' ) attributeTypes: ( duration-oid NAME 'duration' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( tokenID-oid NAME 'tokenID' DESC 'CMS defined attribute' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2236 NAME 'nsslapd-anonlimitsdn' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SI NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2194 NAME 'nsslapd-errorlog-logminfr eediskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.574 NAME 'nsRole' DESC 'Netscape def ined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICAT ION USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsAdminGroupName-oid NAME 'nsAdminGroupName' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne tscape' ) attributeTypes: ( 2.16.840.1.113730.3.8.19.2.2 NAME 'ipaMinDomainLevel' DESC 'Minimal supported Domain Level value' EQUALITY numericStringMatch ORDERIN G numericStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE X-OR IGIN ( 'IPA v4' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.72 NAME 'serverVersionNumber' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORI GIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.246 NAME 'nsValueInt' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Net scape servers - value item' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.43 NAME 'preferredTimeZone' DESC 'preferred time zone for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgno reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGI N 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.2173 NAME 'nsslapd-errorlog-maxlogsi ze' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.6 NAME 'userCategory' DESC 'Additi onal classification for users' EQUALITY caseIgnoreMatch ORDERING caseIgnore OrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( SecureAdminPort-oid NAME 'SecureAdminPort' SYNTAX 1.3.6.1 .4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.18.0.2.4.1130 NAME 'printer-document-format-supported' DESC 'The possible source document formats which may be interpreted and pr inted by this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.5 NAME 'followReferrals' DESC 'An a gent or service does or should follow referrals' EQUALITY booleanMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user def ined' ) ) attributeTypes: ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY caseI gnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.23 NAME 'ipatokenTOTPauthWindow ' DESC 'TOTP Auth Window (maximum authentication variance in seconds)' EQUA LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGI N ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.21.1.7 NAME 'ipaCaIssuerDN' DESC 'Is suer DN' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA v4.4 Lightweight CAs' 'user define d' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.5.25 NAME 'idnsSecKeyRevoke' DESC 'D NSKEY REVOKE flag (equivalent to bit 8): RFC 5011' EQUALITY booleanMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( requestId-oid NAME 'requestId' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.552 NAME 'costargettree' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VAL UE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.94 NAME 'retryCountResetTime' DESC ' Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directo ry Server' ) attributeTypes: ( tokenNotBefore-oid NAME 'tokenNotBefore' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.21 NAME 'ipaAllowToImpersonate' D ESC 'Principals that can be impersonated' SUP distinguishedName EQUALITY di stinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA-v 3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2244 NAME 'nnslapd-threadnumber' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SI NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.2.840.113556.1.2.102 NAME 'memberOf' DESC 'Group that th e entry belongs to' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape Delegated Administrator' ) attributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 X-ORIGIN 'RFC 4519' X-DEPRECATED 'fax' ) attributeTypes: ( authorityEnabled-oid NAME 'authorityEnabled' DESC 'Authori ty Enabled' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( nsDirectoryURL-oid NAME 'nsDirectoryURL' DESC 'Netscape de fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netsca pe' ) attributeTypes: ( 2.16.840.1.113730.3.1.2111 NAME 'tombstoneNumSubordinates' DESC 'count of immediate subordinates for tombstone entries' EQUALITY inte gerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN '389 d irectory server' ) attributeTypes: ( 2.16.840.1.113730.3.8.7.9 NAME 'ipaSudoRunAsGroup' DESC 'R eference to group that the commands can be run as.' SUP memberUser EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.22 NAME 'ipk11Subject' DESC 'DE R-encoding of subject name' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.40 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( deltaSize-oid NAME 'deltaSize' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.690 NAME 'inetDomainBaseDN' DESC 'Ba se DN of user subtree for a DNS domain' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 2 SINGLE-VALUE X-ORIGIN 'Netscape subscriber interoperability' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user define d' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2223 NAME 'nsslapd-localhost' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'Standard LDAP a ttribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ' RFC 2307' ) attributeTypes: ( ServerCertExtractFile-oid NAME 'ServerCertExtractFile' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.2181 NAME 'nsslapd-accesslog-logrota tionsyncmin' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.569 NAME 'cosPriority' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsOsVersion-oid NAME 'nsOsVersion' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( nsJarfilename-oid NAME 'nsJarfilename' DESC 'Netscape defi ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape ' ) attributeTypes: ( 2.16.840.1.113730.3.1.2293 NAME 'nsslapd-ndn-cache-enabled ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2071 NAME 'pamIDAttr' DESC 'Name of attribute holding PAM ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Re d Hat Directory Server' ) attributeTypes: ( tokenSerial-oid NAME 'tokenSerial' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( password-oid NAME 'password' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2158 NAME 'dnaRemoteBindDN' DESC 'Re mote bind DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN '3 89 Directory Server' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.3.1 NAME 'krbPrincipalType' EQU ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPasswo rd' DESC 'Previous clear text password (used for trusted domain passwords)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.3.18.0.2.4.1127 NAME 'printer-pages-per-minute' DESC 'Th e nominal number of pages per minute which may be output by this printer.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.14 NAME 'ipatokenRadiusUserName ' DESC 'Corresponding Radius username' EQUALITY caseIgnoreMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 0.9.2342.19200300.100.1.54 NAME 'ditRedirect' DESC 'Standa rd LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 1274' ) attributeTypes: ( 2.16.840.1.113730.3.1.520 NAME 'nswmExtendedUserPrefs' DES C 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.26 NAME 'mgrpErrorsTo' DESC 'Netscap e Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .26 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.2137 NAME 'nsds5ReplicaAbortCleanRUV ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.12 NAME 'idnsAllowTransfer' DESC ' BIND9 allow-transfer ACL element' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6. 1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v2' 'user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperati on X-ORIGIN 'RFC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.1.232 NAME 'nsSNMPEnabled' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VAL UE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( algorithmId-oid NAME 'algorithmId' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord' DESC 'certifica te, RFC 2538' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.17 NAME 'ldapSchemas' SYNTAX 1.3 .6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'RFC 2927' ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.7 NAME 'eduPersonEntitlement' DESC 'Entitlement' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'http://middlew are.internet2.edu/eduperson/' ) attributeTypes: ( 2.16.840.1.113730.3.1.2328 NAME 'nsslapd-auditfaillog-list ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.81 NAME 'cirPort' DESC 'Netscape def ined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscap e Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.14 NAME 'ipaNTTrustPartner' DESC 'Fully qualified name of the domain with which a trust exists' EQUALITY cas eIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' ' user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.6981.11.3.9 NAME 'FTPgid' DESC 'System uid (ov errides gidNumber if present)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.17 NAME 'ipk11CheckValue' DESC 'Checksum' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X -ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2087 NAME 'mepManagedEntry' DESC 'Ma naged Entries pointer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN '389 D irectory Server' ) attributeTypes: ( nsAdminSIEDN-oid NAME 'nsAdminSIEDN' DESC 'Netscape define d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.685 NAME 'nsds5replicaLastUpdateStar t' DESC 'Netscape defined attribute type' EQUALITY generalizedTimeMatch ORD ERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SIN GLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2208 NAME 'nsslapd-rootdnpw' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.48 NAME 'replicaPort' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Net scape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.1.2 NAME 'ipaGroupSearchFields' EQU ALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.8.5.30 NAME 'idnsSubstitutionVariable' DESC 'User defined variable for DNS plugin' EQUALITY caseIgnoreIA5Match SY NTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.210 NAME 'vlvSort' DESC 'Netscape de fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netsca pe Directory Server' ) attributeTypes: ( dateOfModify-oid NAME 'dateOfModify' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.51 NAME 'nSEC3PARAMRecord' DESC 'RFC 5155' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2145 NAME 'rootdn-close-time' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2257 NAME 'nsslapd-accesslog-logbuff ering' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.32 NAME 'ipaKrbPrincipalAlias' DE SC 'DEPRECATED - DO NOT USE' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOr deringMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlycountrynam e' ) EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' X-DEPRECATED 'friendlycountry name' ) attributeTypes: ( extension-oid NAME 'extension' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.13 NAME 'mailAlternateAddress' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.227 NAME 'nsslapd-pluginId' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC 'Roam ing profile path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier' EQUALITY bitStringMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.5 NAME 'idnsSOAserial' DESC 'SOA s erial number' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2315 NAME 'nsDS5ReplicaWaitForAsyncR esults' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.613 NAME 'copiedFrom' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsServerPort-oid NAME 'nsServerPort' DESC 'Netscape define d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 1.2.840.113554.1.4.1.6.4 NAME 'krbPwdMaxRenewableLife' EQ UALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORI GIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.8 NAME 'javaSerializedData' DESC ' Serialized form of a Java object' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SING LE-VALUE X-ORIGIN 'RFC 2713' ) attributeTypes: ( deltaNumber-oid NAME 'deltaNumber' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.583 NAME 'nsDS5ReplicaBindMethod' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2275 NAME 'nsslapd-schemadir' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsSSLActivation-oid NAME 'nsSSLActivation' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets cape' ) attributeTypes: ( 1.3.18.0.2.4.1138 NAME 'printer-make-and-model' DESC 'Make and model of this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc 3712' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.5 NAME 'ipatokenVendor' DESC 'O ptional Vendor identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstr ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.1000 NAME 'nsds7WindowsReplicaSubtre e' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' EQUALITY dist inguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.1.533 NAME 'ntUserCodePage' DESC 'Nets cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VAL UE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.35 NAME 'changeLog' DESC 'the distin guished name of the entry which contains the set of entries comprising this servers changelog' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.12 X-ORIGIN 'Changelog Internet Draft' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.53 NAME 'ipk11VerifyRecover' DE SC 'Key supports verification where data is recovered from the signature' E QUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORI GIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.205 NAME 'changeLogMaximumConcurrent Writes' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord' DESC 'Signature, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' DESC 'A boo lean option' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SING LE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.3 NAME 'ipaNTFlatName' DESC 'Flat /Netbios Name' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SU BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( nsDirectoryInfoRef-oid NAME 'nsDirectoryInfoRef' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' ) attributeTypes: ( 1.3.6.1.4.1.6981.11.3.6 NAME 'FTPDownloadBandwidth' DESC ' Bandwidth (in KB/s) to limit download speeds to' EQUALITY integerMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) attributeTypes: ( 2.16.840.1.113730.3.1.2109 NAME 'nsPagedIDListScanLimit' D ESC 'Binder-based simple paged search operation ID list scan limit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGI N '389' ) attributeTypes: ( 2.16.840.1.113730.3.1.2092 NAME 'nsslapd-ldapiautodnsuffix ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 12 X-ORIGIN 'Netscape' ) attributeTypes: ( transOps-oid NAME 'transOps' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.25 NAME 'ipaPermissionType' DESC ' IPA permission flags' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingM atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'X.509 supported algorithms' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 4523' ) attributeTypes: ( 1.3.18.0.2.4.1116 NAME 'printer-output-features-supported' DESC 'The possible output features supported by this printer.' EQUALITY ca seIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.1.2302 NAME 'nsslapd-listen-backlog-si ze' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.57 NAME 'replicaRoot' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Net scape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.608 NAME 'nsDS5Task' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets cape Directory Server' ) attributeTypes: ( nextUpdate-oid NAME 'nextUpdate' DESC 'CMS defined attribu te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2069 NAME 'pamMissingSuffix' DESC 'H ow to handle missing include or exclude suffixes' SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.15 SINGLE-VALUE X-ORIGIN 'Red Hat Directory Server' ) attributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetaddress' ) EQUALITY caseIg noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'streetaddress' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord' DESC 'RRSIG, R FC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.28.1 NAME 'krbPrincNamingAttr' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.2150 NAME 'rootdn-deny-ip' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsGroupRDNComponent-oid NAME 'nsGroupRDNComponent' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN 'Netscape Administration Services' ) attributeTypes: ( algorithm-oid NAME 'algorithm' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC 'Maximu m password age, in seconds (default: -1 => never expire passwords)' EQUALIT Y integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.47 NAME 'ipaPermRight' DESC 'IPA permission rights' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2262 NAME 'nsslapd-maxbersize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING LE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' EQUALITY caseI gnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.528 NAME 'ntUserAcctExpires' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.103 NAME ( 'passwordCheckSyntax' 'pw dCheckSyntax' ) DESC 'Netscape defined password policy attribute type' SYNT AX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' DESC 'Standard L DAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307 ' ) attributeTypes: ( 1.2.840.113556.1.4.483 NAME 'calOtherFBURLs' DESC 'RFC2739 : multi-value URI for other free/busy data' EQUALITY caseIgnoreIA5Match SUB STR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORI GIN 'rfc2739' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.44 NAME 'ipk11AllowedMechanisms ' DESC 'Space-separated list of mechanisms allowed to be used with this key ' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2239 NAME 'nsslapd-SSL3ciphers' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2320 NAME 'nsslapd-auditfaillog-logr otationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.79 NAME 'cirReplicaRoot' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ' Netscape Directory Server' ) attributeTypes: ( issuerName-oid NAME 'issuerName' DESC 'CMS defined attribu te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'preferr ed name of a person to be used when displaying entries' EQUALITY caseIgnore Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2798' ) attributeTypes: ( nsProductVersion-oid NAME 'nsProductVersion' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne tscape' ) attributeTypes: ( 2.16.840.1.113730.3.8.18.2.1 NAME 'ipaVaultType' DESC 'IPA vault type' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X -ORIGIN ( 'IPA v4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2176 NAME 'nsslapd-errorlog-logrotat ionsync-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.1 NAME 'ipaUniqueID' DESC 'Unique identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( endRange-oid NAME 'endRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.12 NAME 'sourceHostCategory' DESC 'Additional classification for hosts' EQUALITY caseIgnoreMatch ORDERING cas eIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.43.1 NAME 'krbSupportedEncSaltTy pes' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.16.840.1.113730.3.8.11.65 NAME 'ipaWrappingMech' DESC 'P KCS#11 wrapping mechanism equivalent to CK_MECHANISM_TYPE' EQUALITY caseIgn oreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( crlCache-oid NAME 'crlCache' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2200 NAME 'nsslapd-errorlog-logexpir ationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.0 NAME 'defaultServerList' DESC 'Li st of default servers' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'RFC4876 ' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' DESC 'signed message used to support S/MIME' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 2798' ) attributeTypes: ( 1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'automount M ap Name' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SI NGLE-VALUE X-ORIGIN 'RFC 2307bis' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.28 NAME 'idnsSecKeyRef' DESC 'PKCS #11 URI of the key' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( nsSecureServerPort-oid NAME 'nsSecureServerPort' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.218 NAME 'replicaAbandonedChanges' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.66 NAME 'ipk11Extractable' DESC 'Key is extractable and can be wrapped' EQUALITY booleanMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord' DESC 'Location, RFC 1876' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( authorityKeyNickname-oid NAME 'authorityKeyNickname' DESC 'Authority key nickname' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'user-defined' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.7 NAME 'changeType' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Changelog In ternet Draft' ) attributeTypes: ( usertype-oid NAME 'usertype' DESC 'Distinguish whether the user is administrator, agent or subsystem.' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC ' Concatenated MD5 hashes of the salted NT passwords used on this account' EQ UALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( ' IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.5.4.26 NAME 'registeredAddress' SUP postalAddress EQUAL ITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.41 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.999 NAME ( 'passwordGraceLimit' 'pwd GraceLoginLimit' ) DESC 'Netscape defined password policy attribute type' S YNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directo ry Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2114 NAME 'internalCreatorsName' DES C 'plugin dn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MOD IFICATION USAGE directoryOperation X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.7.4 NAME 'externalUser' DESC 'Multiv alue string attribute that allows storing user names.' EQUALITY caseIgnoreM atch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( nsBindPassword-oid NAME 'nsBindPassword' DESC 'Netscape de fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netsca pe' ) attributeTypes: ( 2.16.840.1.113730.3.1.812 NAME 'netscapeReversiblePassword ' DESC 'password for HTTP Digest/MD5 authentication' EQUALITY octetStringMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'Netscape Web Server' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' DESC 'domain nam e pointer, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' DESC 'Standard LDAP attri bute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.2226 NAME 'nsslapd-listenhost' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING LE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2184 NAME 'nsslapd-accesslog-logrota tiontime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' EQUALITY distin guishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.1.62 NAME 'ntUserParms' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.2296 NAME 'nsslapd-ignore-virtual-at trs' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2074 NAME 'pamService' DESC 'Service name to pass to pam_start' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VAL UE X-ORIGIN 'Red Hat Directory Server' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.26.1 NAME 'krbPrincipalReference s' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.1 NAME 'ipk11UniqueId' DESC 'Me aningless unique identifier' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2163 NAME 'winSyncWindowsFilter' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.13769.4.4 NAME 'mozillaCustom4' EQUALITY case IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( resourceACLS-oid NAME 'resourceACLS' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.72 NAME 'sambaTrustDirection' DESC 'D irection of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.58 NAME 'ipaKeyTrust' DESC 'Key t rust (unknown, trusted, distrusted)' EQUALITY caseIgnoreMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 1.3.18.0.2.4.1120 NAME 'printer-print-quality-supported' D ESC 'List of print qualities supported for printing documents on this print er.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.13 NAME 'ipatokenOwner' DESC 'U ser entry that owns this token' SUP distinguishedName EQUALITY distinguishe dNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN ( 'IP A OTP' 'user defined' ) ) attributeTypes: ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Standard LDAP attri bute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.15 NAME 'idnsForwarders' DESC 'lis t of forwarders' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v2' 'user define d' ) ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.2 NAME 'eduPersonNickName' DESC 'Ni ckName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'http://middleware.in ternet2.edu/eduperson/' ) attributeTypes: ( 2.16.840.1.113730.3.1.542 NAME 'nsUniqueId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2333 NAME 'nsds5ReplicaReleaseTimeou t' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.84 NAME 'cirUseSsl' DESC 'Netscape d efined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netsc ape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.11 NAME 'ipaNTTrustType' DESC 'Ty pe of trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN GLE-VALUE ) attributeTypes: ( nsServerID-oid NAME 'nsServerID' DESC 'Netscape defined at tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.254 NAME 'nsValueHelpURL' DESC 'Nets cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape servers - value item' ) attributeTypes: ( expiredCerts-oid NAME 'expiredCerts' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.0.2 NAME 'dNSdefaultTTL' DESC 'An inte ger denoting default time to live, RFC 2308' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.5.4.33 NAME 'roleOccupant' SUP distinguishedName EQUALI TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RF C 4519' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.10 NAME 'credentialLevel' DESC 'Ide ntifies type of credentials either used, required, or supported by an agent or service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. 26 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2101 NAME 'autoMemberDefaultGroup' D ESC 'Auto Membership default group' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X- ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.12 NAME 'ipk11Modifiable' DESC 'Can be modified by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.807 NAME 'nsds5replicaLastInitStart' DESC 'Netscape defined attribute type' EQUALITY generalizedTimeMatch ORDER ING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL E-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.31.1 NAME 'krbMinPwdLife' EQUAL ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.2213 NAME 'nsslapd-userat' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.20.2.7 NAME 'ipaReplTopoManagedAgree mentState' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 X-ORIGIN ( 'FreeIPA' 'user defined' ) ) attributeTypes: ( 0.9.2342.19200300.100.1.8 NAME 'userClass' EQUALITY caseI gnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.80 NAME 'sambaSupportedEncryptionType s' DESC 'Supported encryption types of a trust' EQUALITY integerMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.2283 NAME 'nsslapd-SSLclientAuth' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.1 NAME 'aliasedObjectName' EQUALITY distinguishedNa meMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'RFC 451 2' ) attributeTypes: ( 1.3.6.1.4.1.13769.3.2 NAME 'mozillaHomeStreet2' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 2.16.840.1.113730.3.1.2148 NAME 'rootdn-deny-host' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength' DESC 'Length of Password History Entries (default: 0 => off)' EQUALITY integerMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'organizationalUnitNam e' ) attributeTypes: ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' EQUALI TY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.1.16 NAME 'mailDeliveryOption' DESC 'N etscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.2127 NAME 'dnaPortNum' DESC 'DNA por t number of replica to get new range of values' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.222 NAME ( 'passwordMinAge' 'pwdMinA ge' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1 .4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113719.1.1.4.1.35 NAME 'lastLoginTime' DESC 'La st login time' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE dire ctoryOperation X-ORIGIN 'Account Policy Plugin' ) attributeTypes: ( SecurePort-oid NAME 'SecurePort' SYNTAX 1.3.6.1.4.1.1466. 115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2231 NAME 'nsslapd-ldapimaprootdn' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2197 NAME 'nsslapd-errorlog-logexpir ationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.577 NAME 'cosIndirectSpecifier' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2318 NAME 'nsslapd-auditfaillog-logr otationsynchour' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.71 NAME 'serverProductName' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI N 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.0 NAME 'idnsName' DESC 'DNS FQDN' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.48.1 NAME 'krbLastSuccessfulAuth ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL E-VALUE ) attributeTypes: ( 5.3.6.1.1.1.1.1 NAME 'accessTo' DESC 'Access to which serv ers user is allowed' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'nss_ldap/pam_ldap' ) attributeTypes: ( 1.2.840.113554.1.4.1.6.3 NAME 'krbPwdMaxLife' EQUALITY in tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IP A v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.249 NAME 'nsValueType' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne tscape servers - value item' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.14.1 NAME 'krbRealmReferences' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113730.3.8.3.9 NAME 'ipaEnabledFlag' DESC 'The flag to show if the association is active or should be ignored' EQUALITY bo oleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v 2' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 2.16.840.1.113730.3.1.2278 NAME 'nsslapd-certdir' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.18.0.2.4.1135 NAME 'printer-name' DESC 'The site-speci fic administrative name of this printer.' EQUALITY caseIgnoreMatch SUBSTR c aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.26 NAME 'ipatokenHOTPsyncWindow ' DESC 'HOTP Sync Window (maximum synchronization skip-ahead)' EQUALITY int egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.21.1.2 NAME 'ipaMemberCa' DESC 'Refe rence to a CA member' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA v4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.38 NAME 'nsLicenseEndTime' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.20 NAME 'idnsSecKeyPublish' DESC ' DNSSEC key (planned) publication time' EQUALITY generalizedTimeMatch ORDERI NG generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE -VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.200 NAME 'changeLogMaximumAge' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR IGIN 'Netscape Directory Server' ) attributeTypes: ( authorityDN-oid NAME 'authorityDN' DESC 'Authority DN' SYN TAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 2.5.18.3 NAME 'creatorsName' EQUALITY distinguishedNameMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.1.93 NAME 'passwordRetryCount' DESC 'N etscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Director y Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.6 NAME 'ipaNTLogonScript' DESC 'U ser Logon Script Name' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrdering Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.11.22 NAME 'ipaAllowedTarget' DESC ' Target principals alowed to get a ticket for' SUP distinguishedName EQUALIT Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'I PA-v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2247 NAME 'nsslapd-conntablesize' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( requestSourceId-oid NAME 'requestSourceId' DESC 'CMS defin ed attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.1.12 NAME 'ipaGroupObjectClasses' S YNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( crlSize-oid NAME 'crlSize' DESC 'CMS defined attribute' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.21 NAME 'ipk11Distrusted' DESC 'Must not be trusted by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( nsSuiteSpotUser-oid NAME 'nsSuiteSpotUser' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets cape' ) attributeTypes: ( 2.16.840.1.113730.3.1.2095 NAME 'connection' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne tscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.693 NAME 'inetUserHttpURL' DESC 'A u sers Web addresses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape subscriber interoperability' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 h ash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 .1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 1.3.18.0.2.4.1113 NAME 'printer-service-person' DESC 'The identity of the current human service person responsible for servicing this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.1.2305 NAME 'nsslapd-moddn-aci' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.603 NAME 'dncomp' DESC 'internal ser ver defined attribute type' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 2.16.840.1.113730.3.1.1099 NAME 'winSyncInterval' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord' DESC 'Delegation Signer, RFC 3658' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( revokedOn-oid NAME 'revokedOn' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( nsBaseDN-oid NAME 'nsBaseDN' DESC 'Netscape defined attrib ute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.40 NAME 'ipaUserAuthType' DESC 'A llowed authentication methods' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15 X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2265 NAME 'nsslapd-versionstring' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.18.0.2.4.1128 NAME 'printer-compression-supported' DES C 'Compression algorithms supported by this printer.' EQUALITY caseIgnoreMa tch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X -ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.1.523 NAME 'ntUserFlags' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.25 NAME 'mgrpDeliverTo' DESC 'Netsca pe Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.2132 NAME 'nsds5ReplicaEnabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsExecRef-oid NAME 'nsExecRef' DESC 'Netscape defined attr ibute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.235 NAME 'nsSNMPContact' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.43 NAME 'ipk11KeyGenMechanism' DESC 'Mechanism used to generate this key' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defi ned' ) ) attributeTypes: ( 2.16.840.1.113719.1.301.4.46.1 NAME 'krbMKey' EQUALITY oc tetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 2.16.840.1.113730.3.8.11.19 NAME 'ipaNTSupportedEncryption Types' DESC 'Supported encryption types of a trust' EQUALITY integerMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.591 NAME 'nsDS5ReplicaReferral' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O RIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2179 NAME 'nsslapd-errorlog-logrotat ionsynchour' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2082 NAME ( 'passwordMinCategories' 'pwdMinCategories' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Direc tory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.15 NAME 'nisDomainName' DESC 'NIS domain name.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUB STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.688 NAME 'nsds5replicaLastUpdateStat us' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' EQUALI TY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.26 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.8.1.5 NAME 'ipaCustomFields' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.16.840.1.113730.3.8.5.33 NAME 'ipaServiceWeight' DESC 'W eight for the server in IPA location' EQUALITY integerMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.213 NAME 'vlvEnabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Net scape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2140 NAME 'passwordTrackUpdateTime' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.37 NAME 'ipaKrbAuthzData' DESC 't ype of PAC preferred by a service' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.15 X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' DESC 'Security ID List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2252 NAME 'nsslapd-groupevalnestleve l' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.51.1 NAME 'krbExtraData' EQUALI TY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' DESC 'List of user workstations the user is allowed to logon to' EQUALITY caseIg noreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.8.12.33 NAME 'ipaAssignedIDView' DESC 'DN of view assigned to this particular host' SUP distinguishedName EQUALIT Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN ( 'IPA v4' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2229 NAME 'nsslapd-ldapilisten' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair' DESC 'X.509 cross cer tificate pair' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 40 X-ORIGIN 'RFC 4523' ) attributeTypes: ( 2.16.840.1.113730.3.8.7.10 NAME 'ipaSudoRunAsExtGroup' DES C 'Multivalue string attribute that allows storing group name the command c an be run as' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR case IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2 ' ) attributeTypes: ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' EQUALI TY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.8 NAME 'idnsSOAexpire' DESC 'SOA e xpire value' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2310 NAME 'nsds5ReplicaFlowControlWi ndow' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.69 NAME 'subtreeACI' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Nets cape Directory Server 1.0' ) attributeTypes: ( 2.16.840.1.113730.3.1.2299 NAME 'nsslapd-connection-buffer ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2166 NAME 'schemaUpdateObjectclassRe ject' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( revokedBy-oid NAME 'revokedBy' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.586 NAME 'nsDS5ReplicaUpdateSchedule ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.13769.4.1 NAME 'mozillaCustom1' EQUALITY case IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.55 NAME 'ipaSecretKey' DESC 'Encr ypted secret key data' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.40 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2270 NAME 'nsslapd-auditlog-list' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X -ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.1003 NAME 'nsds7NewWinGroupSyncEnabl ed' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.536 NAME 'ntGroupAttributes' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE- VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.111 NAME 'ntUniqueId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'Standard LDA P attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGI N 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.30 NAME 'mgrpRFC822MailMember' DESC 'mgrpRFC822MailMember' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466. 115.121.1.26 X-ORIGIN ( 'RFC2307bis' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.5.18 NAME 'idnsSecInlineSigning' DES C 'allow inline DNSSEC signing' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.208 NAME 'vlvScope' DESC 'Netscape d efined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Netsc ape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' DESC 'Non-Term inal DNS Name Redirection, RFC 2672' EQUALITY caseIgnoreIA5Match SUBSTR cas eIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( privateKeyData-oid NAME 'privateKeyData' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.34.1 NAME 'krbPwdHistoryLength' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( nsNickName-oid NAME 'nsNickName' DESC 'Netscape defined at tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' DESC 'An integer option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.5.4.36 NAME 'userCertificate' DESC 'X.509 user certifica te' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 4523' ) attributeTypes: ( 2.16.840.1.113730.3.1.2104 NAME 'nsslapd-pluginConfigArea' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 2 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.1.5 NAME 'vendorVersion' EQUALITY 1.3.6.1.4.1.146 6.109.114.1 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIF ICATION USAGE dSAOperation X-ORIGIN 'RFC 3045' ) attributeTypes: ( 1.3.6.1.4.1.6981.11.3.3 NAME 'FTPUploadRatio' DESC 'Ratio (compared with FTPRatioDown) for uploaded files' EQUALITY integerMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.15 NAME 'serviceAuthenticationMetho d' DESC 'Specifies types authentication methods either used, required, or s upported by a particular service' EQUALITY caseIgnoreMatch SUBSTR caseIgnor eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'RFC4876' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.19 NAME 'ipk11EndDate' DESC 'Va lidity end date' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrde ringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.802 NAME 'nsds5ReplicaLegacyConsumer ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.20 NAME 'memberService' DESC 'Refe rence to the pam service of this operation.' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2216 NAME 'nsslapd-require-secure-bi nds' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsKeyfile-oid NAME 'nsKeyfile' DESC 'Netscape defined attr ibute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.52 NAME 'replicaUpdateSchedule' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O RIGIN 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' SYNTAX 1.3.6.1.4.1 .1466.115.121.1.23 X-ORIGIN 'RFC 1274' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.70 NAME 'ipk11UnwrapTemplate' D ESC 'DN of template to apply to keys unwrapped using this key' EQUALITY dis tinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORI GIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2286 NAME 'nsslapd-outbound-ldap-io- timeout' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' ) SUP name EQUALITY case IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.11 SINGLE-VALUE X-ORIGIN 'RFC 4519' X-DEPRECATED 'countryName' ) attributeTypes: ( 2.16.840.1.113730.3.1.2064 NAME 'nsSaslMapRegexString' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2153 NAME ( 'passwordAdminDN' 'pwdAd minDN' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3. 6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC 'Minimu m password age, in seconds (default: 0 => allow immediate password change)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.48 NAME 'ipaPermTargetFilter' DES C 'IPA permission target filter' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) attributeTypes: ( 2.5.4.14 NAME 'searchGuide' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.25 X-ORIGIN 'RFC 4519' ) attributeTypes: ( version-oid NAME 'version' DESC 'CMS defined attribute' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.106 NAME ( 'passwordMaxFailure' 'pwd MaxFailure' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Se rver' ) attributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Standard L DAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307 ' ) attributeTypes: ( 2.16.840.1.113730.3.1.2234 NAME 'nsslapd-ldapigidnumbertyp e' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.572 NAME 'nsTimeLimit' DESC 'Binder- based search operation time limit (seconds)' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory S erver' ) attributeTypes: ( 2.16.840.1.113730.3.1.2323 NAME 'nsslapd-auditfaillog-loge xpirationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.74 NAME 'administratorContactInfo' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( nsClassname-oid NAME 'nsClassname' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.244 NAME 'nsValueCES' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Net scape servers - value item' ) attributeTypes: ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' DESC 'IAN A GSS-API authorized service name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.15 X-ORIGIN 'NSS LDAP schema' ) attributeTypes: ( allowWeakCipher-oid NAME 'allowWeakCipher' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets cape' ) attributeTypes: ( 2.16.840.1.113730.3.1.2171 NAME 'nsslapd-accesslog-maxlogs perdir' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.4 NAME 'fqdn' DESC 'FQDN' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2203 NAME 'nsslapd-errorlog-logging- enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.7 NAME 'profileTTL' DESC 'Time to l ive, in seconds, before a profile is considered stale' EQUALITY integerMatc h ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE -VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.21.1.5 NAME 'ipaCertProfileCategory' DESC 'Additional classification for certificate profiles' EQUALITY caseIgn oreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.2' 'user defined' ) ) attributeTypes: ( 1.3.6.1.1.1.1.32 NAME 'automountKey' DESC 'Automount Key v alue' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGL E-VALUE X-ORIGIN 'RFC 2307bis' ) attributeTypes: ( nsDeleteclassname-oid NAME 'nsDeleteclassname' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' Netscape Administration Services' ) attributeTypes: ( nsmsgNumMsgQuota-oid NAME 'nsmsgNumMsgQuota' DESC 'Netscap e Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.65 NAME 'ipk11Unwrap' DESC 'Key supports unwrapping' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( nsAdminCgiWaitPid-oid NAME 'nsAdminCgiWaitPid' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC 'iden tifies a department within an organization' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'R FC 2798' ) attributeTypes: ( 2.16.840.1.113730.3.1.550 NAME 'cosAttribute' DESC 'Netsca pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'N etscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.96 NAME ( 'passwordHistory' 'pwdHist ory' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6. 1.4.1.1466.115.121.1.5 USAGE directoryOperation X-ORIGIN 'Netscape Director y Server' ) attributeTypes: ( 1.3.6.1.4.1.5322.21.2.5 NAME 'krbLastAdminUnlock' EQUALIT Y generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' DESC ' Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.9 NAME 'ipaNTHomeDirectoryDrive' DESC 'User Home Drive Letter' EQUALITY caseIgnoreMatch ORDERING caseIgnoreO rderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.5.4.21 NAME 'telexNumber' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.52 X-ORIGIN 'RFC 4519' ) attributeTypes: ( numberOfRenewals-oid NAME 'numberOfRenewals' DESC 'CMS def ined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined ' ) attributeTypes: ( 2.16.840.1.113730.3.1.2117 NAME 'dnaNextValue' DESC 'DNA n ext available value for assignment' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SI NGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.7.7 NAME 'ipaSudoRunAsExtUser' DESC 'Multivalue string attribute that allows storing user name the command can be run as' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgn oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2098 NAME 'autoMemberFilter' DESC 'A uto Membership filter criteria' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.17 NAME 'RPRecord' DESC 'Responsible Person, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' DESC 'Standard LDAP attri bute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.2221 NAME 'nsslapd-validate-cert' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2187 NAME 'nsslapd-accesslog-logrota tiontimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.146 6.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2308 NAME 'nstombstonecsn' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.61 NAME 'ntUserUsrComment' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.2291 NAME 'nsslapd-disk-monitoring-g race-period' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2077 NAME ( 'passwordMinUppers' 'pwd MinUppers' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Ser ver' ) attributeTypes: ( SecureEEClientAuthPort-oid NAME 'SecureEEClientAuthPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.407 NAME 'nsSynchUniqueAttribute' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X -ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.77 NAME 'sambaSecurityIdentifier' DES C 'SID of a trusted domain' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5 SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2268 NAME 'nsslapd-accesslog-list' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.18.0.2.4.1125 NAME 'printer-finishings-supported' DESC 'The possible finishing operations supported by this printer.' EQUALITY ca seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.8 NAME 'ipatokenOTPkey' DESC 'O TP Token Key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.4 0 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 2.5.21.6 NAME 'objectClasses' EQUALITY objectIdentifierFi rstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOpera tion X-ORIGIN 'RFC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.16 NAME 'ipatokenRadiusServer' DESC 'Server String Configuration' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 .1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( cmsUserGroup-oid NAME 'cmsUserGroup' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.28 NAME 'mgrpMsgRejectAction' DESC ' Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 1.3.6.1.1.1.1.29 NAME 'nisSecretkey' DESC 'nisSecretkey' E QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'RFC2307bis' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2135 NAME 'nsds5ReplicaCleanRUV' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.10 NAME 'idnsUpdatePolicy' DESC 'D NS dynamic updates policy' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5 SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.230 NAME 'nsslapd-pluginDescription' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsAdminCacheLifetime-oid NAME 'nsAdminCacheLifetime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR IGIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.327 NAME 'nsIndexType' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne tscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.545 NAME 'nscpEntryDN' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.5 NAME 'eduPersonPrimaryAffiliation ' DESC 'Primary Affiliation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA LUE X-ORIGIN 'http://middleware.internet2.edu/eduperson/' ) attributeTypes: ( 2.16.840.1.113730.3.1.83 NAME 'cirUsePersistentSearch' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.12 NAME 'ipaNTTrustAttributes' DE SC 'Trust attributes for a trusted domain' EQUALITY integerMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.10 NAME 'javaFactory' DESC 'Fully qualified Java class name of a JNDI object factory' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2713' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.11 NAME 'ipk11Private' DESC 'Is private to application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.5.18.10 NAME 'subschemaSubentry' EQUALITY distinguished NameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFIC ATION USAGE directoryOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.1.2085 NAME 'isReplicated' DESC 'Chang elog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.18 NAME 'managedBy' DESC 'DNs of e ntries allowed to manage' SUP distinguishedName EQUALITY distinguishedNameM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.683 NAME 'nsds5ReplicaTombstonePurge Interval' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC 'Sta ndard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'RFC 1274' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.20.2.2 NAME 'ipaReplTopoSegmentDirec tion' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 X-ORIGIN ( 'FreeIPA' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.1100 NAME 'oneWaySync' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.68 NAME 'ipk11NeverExtractable' DESC 'Key has never been extractable' EQUALITY booleanMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( nsConfigRoot-oid NAME 'nsConfigRoot' DESC 'Netscape define d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( requestType-oid NAME 'requestType' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.10.1 NAME 'krbMaxRenewableAge' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.13769.3.7 NAME 'mozillaHomeUrl' EQUALITY case IgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Moz illa Address Book' ) attributeTypes: ( issuedBy-oid NAME 'issuedBy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.30 NAME 'ipaSELinuxUser' DESC 'An SELinux user' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SU BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2255 NAME 'passwordIsGlobalPolicy' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( requestState-oid NAME 'requestState' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTelephon eNumber' ) EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 4524' X-DEPRECATED 'mobileTelephoneNumber' ) attributeTypes: ( nsAdminDomainName-oid NAME 'nsAdminDomainName' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.15 NAME 'mailAutoReplyText' DESC 'Ne tscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.2122 NAME 'dnaMaxValue' DESC 'DNA ma ximum value to assign' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X- ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.225 NAME 'nsslapd-pluginInitfunc' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsAdminEndUserHTMLIndex-oid NAME 'nsAdminEndUserHTMLIndex' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.2.1.3 NAME 'accountInactivityLimit' DES C 'Account inactivity limit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA LUE X-ORIGIN 'Account Policy Plugin' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'Driver letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 .1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined ' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2192 NAME 'nsslapd-auditlog-logmaxdi skspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsBuildSecurity-oid NAME 'nsBuildSecurity' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets cape' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.3 NAME 'idnsSOAmName' DESC 'SOA Na me' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.708 NAME 'vacationenddate' DESC 'Net scape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.581 NAME 'nsDS5ReplicaBindDN' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORI GIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2169 NAME 'nsslapd-pagedsizelimit' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( mgrpApprovePassword-oid NAME 'mgrpApprovePassword' DESC 'N etscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.26 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.78 NAME 'sambaTrustForestTrustInfo' D ESC 'Forest trust information for a trusted domain object' EQUALITY caseExa ctMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 1.3.18.0.2.4.1136 NAME 'printer-location' DESC 'The physic al location of this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rf c3712' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.25 NAME 'ipatokenHOTPauthWindow ' DESC 'HOTP Auth Window (maximum authentication skip-ahead)' EQUALITY inte gerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.531 NAME 'ntUserBadPwCount' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-V ALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY caseI gnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.1.37 NAME 'nsLicenseStartTime' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.23 NAME 'idnsSecKeyDelete' DESC 'D NSSEC key (planned) deletion timestamp' EQUALITY generalizedTimeMatch ORDER ING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL E-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.203 NAME 'replicaEntryFilter' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORI GIN 'Netscape Directory Server' ) attributeTypes: ( authorityID-oid NAME 'authorityID' DESC 'Authority ID' SYN TAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC 'Share Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.1 NAME 'ipaExternalMember' DESC ' External Group Member Identifier' EQUALITY caseIgnoreMatch ORDERING caseIgn oreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v3' ' user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2242 NAME 'nsslapd-securePort' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING LE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList' DESC 'X.509 cert ificate revocation list' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.40 X-ORIGIN 'RFC 4523' ) attributeTypes: ( nsAdminAccountInfo-oid NAME 'nsAdminAccountInfo' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.24 NAME 'ipk11Local' DESC 'Was created locally on token' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2090 NAME 'mepRDNAttr' DESC 'Managed Entries RDN attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.696 NAME 'inetSubscriberResponse' DE SC 'Used to confirm subscriberIdentity. This attribute holds the response phrase and is used in conjunction with the inetSubscriberChallenge' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Netscape subscriber in teroperability' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Accoun t Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 S INGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.5.4.50 NAME 'uniqueMember' EQUALITY uniqueMemberMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.34 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.2219 NAME 'nsslapd-minssf' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-V ALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.18.0.2.4.1114 NAME 'printer-delivery-orientation-suppo rted' DESC 'The possible delivery orientations of pages as they are printed and ejected from this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 1.3.6.1.4.1.250.1.60 NAME ( 'ttl' 'timeToLive' ) DESC 'tim e to live in seconds for cached objects' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 X-ORIGIN 'LDAP Caching Internet Draft' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.42.1 NAME 'krbDefaultEncSaltType s' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.16.840.1.113730.3.1.2300 NAME 'nsslapd-connection-nocano n' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.59 NAME 'ntUserPriv' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X- ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.2289 NAME 'nsslapd-disk-monitoring' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsDefaultObjectClass-oid NAME 'nsDefaultObjectClass' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR IGIN 'Netscape Administration Services' ) attributeTypes: ( 1.3.6.1.4.1.13769.3.8 NAME 'mozillaWorkStreet2' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 2.16.840.1.113730.3.1.2156 NAME 'nsslapd-sasl-max-buffer-s ize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2260 NAME 'nsslapd-result-tweak' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.45 NAME 'ipaPermBindRuleType' DES C 'IPA permission bind rule type' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.526 NAME 'ntUserLastLogon' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.101 NAME ( 'passwordInHistory' 'pwdI nHistory' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1 .3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' DESC 'Standard LDAP att ribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RF C 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.20 NAME 'mailProgramDeliveryInfo' DE SC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.146 6.115.121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 1.2.840.113556.1.4.481 NAME 'calCalAdrURI' DESC 'RFC2739: URI for event equests destination' EQUALITY caseIgnoreIA5Match SUBSTR caseI gnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'rfc2 739' ) attributeTypes: ( 2.16.840.1.113730.3.1.238 NAME 'nsSNMPMasterPort' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.10 NAME 'sudoOrder' DESC 'an integer to order the sudoRole entries' EQUALITY integerMatch ORDERING integerOrder ingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'SUDO' ) attributeTypes: ( 2.16.840.1.113730.3.1.2326 NAME 'nsslapd-auditfaillog-logg ing-hide-unhashed-pw' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1 .4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.7 NAME 'javaCodebase' DESC 'URL(s) specifying the location of class definition' EQUALITY caseExactIA5Match SY NTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2713' ) attributeTypes: ( firstUnsaved-oid NAME 'firstUnsaved' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.594 NAME 'nsDS5ReplicatedAttributeLi stTotal' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2174 NAME 'nsslapd-auditlog-maxlogsi ze' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.10 NAME 'sourceHost' DESC 'Link to a host or group of hosts' SUP memberHost EQUALITY distinguishedNameMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2206 NAME 'nsslapd-unhashed-pw-switc h' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.63 NAME 'ipaOriginalUid' DESC 'Or iginal UID of overriden user' EQUALITY caseIgnoreMatch ORDERING caseIgnoreO rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( ' IPA v4' 'user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 NAME 'preferredServerList' DESC ' List of preferred servers' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstr ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'RFC 4876' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.42 NAME 'ntUserCreateNewAccount' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.8.1.8 NAME 'ipaDefaultPrimaryGroup' E QUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'PKCS #12 PFX PDU for exchange of personal identity information' SYNTAX 1.3.6.1.4.1. 1466.115.121.1.5 X-ORIGIN 'RFC 2798' ) attributeTypes: ( 2.16.840.1.113730.3.1.5 NAME 'changeNumber' DESC 'Changelo g attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Changelog Internet Draft' ) attributeTypes: ( 2.16.840.1.113730.3.1.2143 NAME 'nsslapd-sasl-mapping-fall back' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.18.9 NAME 'hasSubordinates' DESC 'if TRUE, subordinate entries may exist' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .7 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'num Subordinates Internet Draft' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.38 NAME 'ipaNTSIDBlacklistIncomin g' DESC 'Extra SIDs filtered out from incoming MS-PAC' EQUALITY caseIgnoreI A5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.26 X-ORIGIN 'IPA v3' ) attributeTypes: ( SecureAgentPort-oid NAME 'SecureAgentPort' SYNTAX 1.3.6.1 .4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 2.5.4.24 NAME 'x121Address' EQUALITY numericStringMatch S UBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 X-O RIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.997 NAME 'pwdpolicysubentry' DESC 'N etscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.12 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Director y Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.7.2 NAME 'memberDenyCmd' DESC 'Refer ence to a command or group of commands that are denied by the rule.' SUP di stinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.12 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2224 NAME 'nsslapd-port' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VAL UE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'Standard LDAP attr ibute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'RFC 2307' ) attributeTypes: ( 2.5.4.43 NAME 'initials' SUP name EQUALITY caseIgnoreMatc h SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O RIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.30.1 NAME 'krbMaxPwdLife' EQUAL ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.7.13 NAME 'sudoCmd' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactMatch ORDERING caseExactMatch SU BSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2313 NAME 'nsslapd-changelogtrim-int erval' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.64 NAME 'ntUserNumLogons' DESC 'Nets cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VAL UE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.2294 NAME 'nsslapd-ndn-cache-max-siz e' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2161 NAME 'nsIndexIDListScanLimit' D ESC 'fine grained idlistscanlimit - per index/type/value' SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.589 NAME 'nsDS5ReplicaType' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.13769.4.2 NAME 'mozillaCustom2' EQUALITY case IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.8 NAME 'sudoNotBefore' DESC 'Start o f time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.70 NAME 'sambaTrustType' DESC 'Type o f trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.56 NAME 'ipaCertSubject' DESC 'Su bject name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2273 NAME 'nsslapd-config' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-V ALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.21.9 NAME 'structuralObjectClass' EQUALITY objectIden tifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIF ICATION USAGE directoryOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.3 NAME 'ipatokenNotBefore' DESC 'Token validity date' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.24 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( nsDisplayName-oid NAME 'nsDisplayName' DESC 'Netscape defi ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( authorityParentDN-oid NAME 'authorityParentDN' DESC 'Autho rity Parent DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'Standard LDAP att ribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.2138 NAME 'nsslapd-readonly' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.55 NAME 'ipk11WrapTemplate' DES C 'DN of template of keys which can be wrapped using this key' EQUALITY dis tinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORI GIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2331 NAME 'nsslapd-logging-hr-timest amps-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.146 6.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.86 NAME 'cirLastUpdateApplied' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR IGIN 'Netscape Directory Server' ) attributeTypes: ( certProfileConfig-oid NAME 'certProfileConfig' DESC 'Certi ficate profile configuration' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' DESC 'An integer den oting time to live' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .27 ) attributeTypes: ( 2.5.4.31 NAME 'member' SUP distinguishedName EQUALITY dis tinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4519 ' ) attributeTypes: ( sslVersionMax-oid NAME 'sslVersionMax' DESC 'Netscape defi ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape ' ) attributeTypes: ( 2.16.840.1.113730.3.1.252 NAME 'nsValueDescription' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORI GIN 'Netscape servers - value item' ) attributeTypes: ( userstate-oid NAME 'userstate' DESC 'Distinguish whether t he user is administrator, agent or subsystem.' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2107 NAME 'nsPagedSizeLimit' DESC 'B inder-based simple paged search operation size limit' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN '389' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.17.1 NAME 'krbKdcServers' EQUAL ITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.12 NAME 'defaultSearchScope' DESC ' Default scope used when performing a search' EQUALITY caseIgnoreIA5Match SY NTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) attributeTypes: ( tokenSubject-oid NAME 'tokenSubject' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.805 NAME 'nsds5replicaTimeout' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2088 NAME 'mepStaticAttr' DESC 'Mana ged Entries static attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.23 NAME 'ipaCertificateSubjectBase ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( keyInfo-oid NAME 'keyInfo' DESC 'CMS defined attribute' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.74 NAME 'ipaDNSVersion' DESC 'IPA DNS data version' EQUALITY integerMatch ORDERING integerOrderingMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v4.3' 'user d efined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2211 NAME 'nsslapd-dynamicconf' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.51 NAME 'replicaUpdateReplayed' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O RIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.20.2.5 NAME 'ipaReplTopoSegmentStatu s' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X -ORIGIN ( 'FreeIPA' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2281 NAME 'nsslapd-saslpath' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) SUP name EQUALITY case IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'commonName' ) attributeTypes: ( 2.16.840.1.113730.3.1.2067 NAME 'pamIncludeSuffix' DESC 'S uffixes to include for PAM authentication' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.12 X-ORIGIN 'Red Hat Directory Server' ) attributeTypes: ( UnSecurePort-oid NAME 'UnSecurePort' SYNTAX 1.3.6.1.4.1.1 466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.199 NAME 'memberCertificateDescripti on' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.26 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.2312.4.3.3.1 NAME 'sabayonProfileURL' DESC 'Th e URL of a sabayon profile' SUP labeledURI EQUALITY caseExactMatch SUBSTR c aseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Saba yon' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange' DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY integer Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.5.4.17 NAME 'postalCode' EQUALITY caseIgnoreMatch SUBST R caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.2258 NAME 'nsslapd-csnlogging' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING LE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsSSL2-oid NAME 'nsSSL2' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.109 NAME ( 'passwordLockoutDuration' 'pwdLockoutDuration' ) DESC 'Netscape defined password policy attribute ty pe' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Di rectory Server' ) attributeTypes: ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'Standard LDAP a ttribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.18 NAME 'mailHost' DESC 'Netscape Me ssaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.2125 NAME 'dnaThreshold' DESC 'DNA t hreshold for getting next range of values' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.220 NAME ( 'passwordMustChange' 'pwd MustChange' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Se rver' ) attributeTypes: ( 2.16.840.1.113730.3.1.2237 NAME 'nsslapd-counters' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2195 NAME 'nsslapd-auditlog-logminfr eediskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.575 NAME 'nsRoleDN' DESC 'Netscape d efined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE directory Operation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.19.2.3 NAME 'ipaMaxDomainLevel' DESC 'Maximal supported Domain Level value' EQUALITY numericStringMatch ORDERIN G numericStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE X-OR IGIN ( 'IPA v4' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.73 NAME 'installationTimeStamp' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O RIGIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.247 NAME 'nsValueBin' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'Nets cape servers - value item' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.7 NAME 'memberHost' DESC 'Referenc e to a device where the operation takes place (usually host).' SUP distingu ishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .12 X-ORIGIN 'IPA v2' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group( s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466 .115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.18.0.2.4.1133 NAME 'printer-ipp-versions-supported' DE SC 'IPP protocol version(s) that this printer supports.' EQUALITY caseIgnor eMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.20 NAME 'ipatokenUserMapAttribu te' DESC 'Attribute to map from the user entry for RADIUS server authentica tion' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY caseI gnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.8.5.26 NAME 'idnsSecKeySep' DESC 'DNSK EY SEP flag (equivalent to bit 15): RFC 4035' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defin ed' ) ) attributeTypes: ( 2.5.18.1 NAME 'createTimestamp' EQUALITY generalizedTimeM atch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'R FC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.1.553 NAME 'costemplatedn' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VAL UE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.95 NAME 'accountUnlockTime' DESC 'Ne tscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.20 NAME 'memberPrincipal' DESC 'P rincipal names member of a groupOfPrincipals group' EQUALITY caseIgnoreMatc h SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O RIGIN ( 'IPA-v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.11.4 NAME 'ipaNTFallbackPrimaryGroup ' DESC 'Fallback Group to set the Primary group Security Identifier for use rs with UPGs' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2245 NAME 'nsslapd-maxthreadsperconn ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.39.1 NAME 'krbPrincipalKey' EQU ALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 2.16.840.1.113730.3.8.1.10 NAME 'ipaPwdExpAdvNotify' EQUA LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.2112 NAME 'ntGroupType' DESC 'Netsca pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALU E X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.23 NAME 'ipk11Id' DESC 'Key ass ociation identifier' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.40 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( numberOfEnrollments-oid NAME 'numberOfEnrollments' DESC 'C MS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user d efined' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord' DESC 'mailbox or mail list information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR case IgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' DESC ' Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.691 NAME 'inetDomainStatus' DESC '"a ctive", "inactive", or "deleted" status of a domain' SYNTAX 1.3.6.1.4.1.146 6.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape subscriber interoperability' ) attributeTypes: ( 1.3.18.0.2.4.1111 NAME 'printer-job-k-octets-supported' DE SC 'The maximum size in kilobytes (1,024 octets actually) incoming print jo b that this printer will accept.' EQUALITY integerMatch ORDERING integerOrd eringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3 712' ) attributeTypes: ( 2.16.840.1.113730.3.1.2182 NAME 'nsslapd-errorlog-logrotat ionsyncmin' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466. 115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.788 NAME 'mgrpBroadcasterPolicy' DES C 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( crlNumber-oid NAME 'crlNumber' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.601 NAME 'adminRole' DESC 'Administr ative role' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Delegat ed Administrator' ) attributeTypes: ( 2.16.840.1.113730.3.1.2072 NAME 'pamFallback' DESC 'Fallba ck to regular LDAP BIND if PAM auth fails' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.7 SINGLE-VALUE X-ORIGIN 'Red Hat Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2159 NAME 'dnaRemoteConnProtocol' DE SC 'Connection protocol: LDAP, TLS, or SSL' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( nsLogSuppress-oid NAME 'nsLogSuppress' DESC 'Netscape defi ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape ' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword' DESC 'Clear text password (used for trusted domain passwords)' EQUALITY octetSt ringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 2.5.21.1 NAME 'dITStructureRules' EQUALITY integerFirstCo mponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 1.3.18.0.2.4.1126 NAME 'printer-pages-per-minute-color' DE SC 'The nominal number of color pages per minute which may be output by thi s printer.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.1.521 NAME 'ntUserHomeDir' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VAL UE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.15 NAME 'ipatokenRadiusConfigLi nk' DESC 'Corresponding Radius Configuration link' SUP distinguishedName EQ UALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-V ALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 1.2.840.113556.1.4.484 NAME 'calOtherCAPURIs' DESC 'RFC273 9: multi-value URI to other calendars' EQUALITY caseIgnoreIA5Match SUBSTR c aseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ' rfc2739' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.50.1 NAME 'krbLoginFailedCount' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.5.13 NAME 'idnsAllowSyncPTR' DESC 'p ermit synchronization of PTR records' EQUALITY booleanMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2130 NAME 'dnaRangeRequestTimeout' D ESC 'DNA timeout for querying replica for next range of values' SYNTAX 1.3. 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.233 NAME 'nsSNMPOrganization' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORI GIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord' DESC 'Key Exchang e Delegation, RFC 2230' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Sub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation X-ORIGIN 'RFC 451 2' ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.8 NAME 'eduPersonPrimaryOrgUnitDN' DESC 'Primary Organizational Unit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-O RIGIN 'http://middleware.internet2.edu/eduperson/' ) attributeTypes: ( 2.16.840.1.113730.3.1.2329 NAME ( 'passwordSendExpiringTim e' 'pwdSendExpiringTime' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.17 NAME 'ipaNTTrustForestTrustInf o' DESC 'Forest trust information for a trusted domain object' EQUALITY oct etStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( nsHardwarePlatform-oid NAME 'nsHardwarePlatform' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 1.3.6.1.4.1.6981.11.3.8 NAME 'FTPuid' DESC 'System uid (ov errides uidNumber if present)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) attributeTypes: ( transName-oid NAME 'transName' DESC 'CMS defined attribute ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.14 NAME 'ipk11Copyable' DESC 'C an be copied by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2080 NAME ( 'passwordMin8bit' 'pwdMi n8bit' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3. 6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.686 NAME 'nsds5replicaLastUpdateEnd' DESC 'Netscape defined attribute type' EQUALITY generalizedTimeMatch ORDER ING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL E-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2209 NAME 'nsslapd-rootpwstoragesche me' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.49 NAME 'replicaUpdateFailedAt' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O RIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.1.3 NAME 'ipaSearchTimeLimit' EQUAL ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.5.31 NAME 'idnsServerId' DESC 'DNS s erver identifier' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.8 NAME 'changes' DESC 'Changelog att ribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'Changelog Intern et Draft' ) attributeTypes: ( 2.16.840.1.113730.3.1.2146 NAME 'rootdn-days-allowed' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN GLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.37.1 NAME 'krbPasswordExpiration ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL E-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.35 NAME 'ipaBaseRID' DESC 'First value of a RID range' EQUALITY integerMatch ORDERING integerOrderingMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2250 NAME 'nsslapd-ioblocktimeout' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' SYNT AX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelephoneN umber' ) EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 4524' X-DEPRECATED 'p agerTelephoneNumber' ) attributeTypes: ( 2.16.840.1.113730.3.1.10 NAME 'deleteOldRdn' DESC 'Changel og attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 X-ORIGIN 'Changelog Internet Draft' ) attributeTypes: ( 2.16.840.1.113730.3.1.228 NAME 'nsslapd-pluginVersion' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC 'Logo n script path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.5.4.46 NAME 'dnQualifier' EQUALITY caseIgnoreMatch ORDE RING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.44 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.2316 NAME 'nsslapd-auditfaillog-maxl ogsize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.6 NAME 'idnsSOArefresh' DESC 'SOA refresh value' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.614 NAME 'copyingFrom' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.2.840.113554.1.4.1.6.5 NAME 'krbPwdAllowedKeysalts' EQU ALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( nsSSLToken-oid NAME 'nsSSLToken' DESC 'Netscape defined at tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.584 NAME 'nsDS5ReplicaRoot' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2164 NAME 'winSyncSubtreePair' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR IGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.53 NAME 'ipaPublicKey' DESC 'Publ ic key as DER-encoded SubjectPublicKeyInfo (RFC 5280)' EQUALITY octetString Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN ( 'IPA v4.1' 'user defi ned' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2276 NAME 'nsslapd-lockdir' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.6 NAME 'ipatokenModel' DESC 'Op tional Model identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA O TP' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.1001 NAME 'nsds7DirectoryReplicaSubt ree' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.534 NAME 'ntUserPrimaryGroupId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SING LE-VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.18 NAME 'ipatokenRadiusTimeout' DESC 'Server Timeout' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTelepho neNumber' ) EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 4524' X-DEPRECATED 'homeTelephoneNumber' ) attributeTypes: ( 2.16.840.1.113730.3.8.21.1.8 NAME 'ipaCaSubjectDN' DESC 'S ubject DN' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA v4.4 Lightweight CAs' 'user defi ned' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.32 NAME 'mgrpMsgMaxSize' DESC 'Netsc ape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.206 NAME 'filterInfo' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Net scape Directory Server' ) attributeTypes: ( 1.3.18.0.2.4.1140 NAME 'printer-uri' DESC 'A URI supported by this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.1.2334 NAME 'ntUserNtPassword' DESC 'N etscape defined attribute type, synced or generated NT Password hash' SYNTA X 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchroni zation' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC 'Optio n Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.5.4.34 NAME 'seeAlso' SUP distinguishedName EQUALITY di stinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 451 9' ) attributeTypes: ( nsSSL3Ciphers-oid NAME 'nsSSL3Ciphers' DESC 'Netscape defi ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape ' ) attributeTypes: ( 1.3.6.1.4.1.6981.11.3.5 NAME 'FTPUploadBandwidth' DESC 'Ba ndwidth (in KB/s) to limit upload speeds to' EQUALITY integerMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) attributeTypes: ( 2.16.840.1.113730.3.1.2093 NAME 'nsslapd-changelogsuffix' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.26 NAME 'ipaSELinuxUserMapDefault' DESC 'Default SELinux user' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMa tch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( nsUniqueAttribute-oid NAME 'nsUniqueAttribute' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.71 NAME 'ipaPermTargetFrom' DESC 'Source location from where moving an entry IPA permission ACI' EQUALITY di stinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-OR IGIN ( 'IPA v4.0' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2214 NAME 'nsslapd-svrtab' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList' DESC 'X.509 delta revo cation list' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 4523' ) attributeTypes: ( 1.3.18.0.2.4.1119 NAME 'printer-natural-language-configure d' DESC 'The configured natural language in which error and status messages will be generated (by default) by this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.1.1 NAME 'krbPrincipalName' EQU ALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.1.2303 NAME 'nsslapd-ignore-time-skew' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.54 NAME 'replicaUseSSL' DESC 'Netsca pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'N etscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) EQUALIT Y caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'userid' ) attributeTypes: ( 2.16.840.1.113730.3.1.609 NAME 'nsds5BeginReplicaRefresh' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2284 NAME 'nsslapd-ssl-check-hostnam e' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.1097 NAME 'nsds5replicaBusyWaitTime' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) SUP name EQUA LITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'stateOrProvinceName' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.45 NAME 'IPSECKEYRecord' DESC 'IPSEC KEY, RFC 4025' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defi ned' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2151 NAME 'nsslapd-plugin-depends-on -type' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsViewConfiguration-oid NAME 'nsViewConfiguration' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.25.1 NAME 'krbSearchScope' EQUA LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' DESC 'Fo rce Users to logon for password change (default: 0 => off, 2 => on)' EQUALI TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.11.46 NAME 'ipaPermLocation' DESC 'L ocation of IPA permission ACI' EQUALITY distinguishedNameMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2263 NAME 'nsslapd-maxsasliosize' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S INGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.529 NAME 'ntUserMaxStorage' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-V ALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( CACertExtractFile-oid NAME 'CACertExtractFile' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.104 NAME ( 'passwordWarning' 'pwdExp ireWarning' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Se rver' ) attributeTypes: ( 1.3.6.1.1.1.1.12 NAME 'memberUid' DESC 'Standard LDAP attr ibute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307' ) attributeTypes: ( nsAccessLog-oid NAME 'nsAccessLog' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.2128 NAME 'dnaSecurePortNum' DESC 'D NA secure port number of replica to get new range of values' SYNTAX 1.3.6.1 .4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( dateOfRecovery-oid NAME 'dateOfRecovery' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( ServerKeyExtractFile-oid NAME 'ServerKeyExtractFile' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR IGIN 'Netscape' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Next NT rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE ) attributeTypes: ( nsPidLog-oid NAME 'nsPidLog' DESC 'Netscape defined attrib ute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.2198 NAME 'nsslapd-auditlog-logexpir ationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.570 NAME 'nsLookThroughLimit' DESC ' Binder-based search operation look through limit (candidate entries)' SYNTA X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORI GIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.12 NAME 'nisNetIdUser' DESC 'nisNe tIdUser' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X- ORIGIN ( 'RFC2307bis' 'user defined' ) ) attributeTypes: ( nsCertfile-oid NAME 'nsCertfile' DESC 'Netscape defined at tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.2321 NAME 'nsslapd-auditfaillog-logm axdiskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.76 NAME 'serverHostName' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.242 NAME 'nsSystemIndex' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ' Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.18.2.2 NAME 'ipaVaultSalt' DESC 'IPA vault salt' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN ( 'IPA v4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2177 NAME 'nsslapd-auditlog-logrotat ionsync-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.2 NAME 'ipaClientVersion' DESC 'Te xt string describing client version of the IPA software installed' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.13 NAME 'accessRuleType' DESC 'The flag to represent if it is allow or deny rule.' EQUALITY caseIgnoreMatch O RDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.64 NAME 'ipaSecretKeyRef' DESC 'D N of the ipa key object' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.12 X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2201 NAME 'nsslapd-auditlog-logexpir ationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 NAME 'defaultSearchBase' DESC 'De fault base for searches' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.12 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) attributeTypes: ( nsServerCreationClassname-oid NAME 'nsServerCreationClassn ame' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.41 NAME 'ntUserDomainId' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VAL UE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.29 NAME 'idnsTemplateAttribute' DE SC 'Template attribute for dynamic attribute generation' EQUALITY caseIgnor eIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.67 NAME 'ipk11AlwaysSensitive' DESC 'Key has always been sensitive' EQUALITY booleanMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.219 NAME 'vlvUses' DESC 'Netscape de fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Netsca pe Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord' DESC 'IPv6 addr ess, RFC 1886' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.1.973 NAME 'nsds5ReplConflict' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.18.4 NAME 'modifiersName' EQUALITY distinguishedNameM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.1.98 NAME 'passwordExp' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.27 NAME 'destinationIndicator' EQUALITY caseIgnoreM atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.2248 NAME 'nsslapd-reservedescriptor s' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( tokenIP-oid NAME 'tokenIP' DESC 'CMS defined attribute' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2115 NAME 'dnaType' DESC 'DNA attrib ute type to maintain' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN '389 Di rectory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.7.5 NAME 'ipaSudoOpt' DESC 'Options( s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115 .121.1.26 X-ORIGIN 'IPA v2' ) attributeTypes: ( subjectName-oid NAME 'subjectName' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2227 NAME 'nsslapd-snmp-index' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING LE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' DESC 'Standard LDAP attri bute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.2185 NAME 'nsslapd-errorlog-logrotat iontime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' EQUALIT Y caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.1.63 NAME 'ntUserUnitsPerWeek' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE- VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.2297 NAME 'nsslapd-search-return-ori ginal-type-switch' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2075 NAME ( 'passwordMinDigits' 'pwd MinDigits' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Ser ver' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.75 NAME 'sambaTrustAuthOutgoing' DESC 'Authentication information for the outgoing portion of a trust' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 1.3.18.0.2.4.1123 NAME 'printer-sides-supported' DESC 'The number of impression sides (one or two) and the two-sided impression rotat ions supported by this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.5.21.4 NAME 'matchingRules' EQUALITY objectIdentifierFi rstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOpera tion X-ORIGIN 'RFC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.10 NAME 'ipatokenOTPdigits' DES C 'OTP Token Number of digits' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' DESC 'Standard LDAP at tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'R FC 2307' ) attributeTypes: ( requestResult-oid NAME 'requestResult' DESC 'CMS defined a ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.16 NAME 'idnsZoneRefresh' DESC 'zo ne refresh interval' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v2' 'user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord' DESC 'service lo cation, RFC 2782' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.3 NAME 'eduPersonOrgDN' DESC 'Organ ization DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'htt p://middleware.internet2.edu/eduperson/' ) attributeTypes: ( 2.16.840.1.113730.3.1.543 NAME 'nsState' DESC 'Netscape de fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-OR IGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.85 NAME 'cirBindCredentials' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIG IN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.10 NAME 'ipaNTDomainGUID' DESC 'N T Domain GUID' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v3' ' user defined' ) ) attributeTypes: ( dateOfCreate-oid NAME 'dateOfCreate' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.8.1 NAME 'krbTicketFlags' EQUAL ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.12 NAME 'javaDoc' DESC 'The Java d ocumentation for the class' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1 466.115.121.1.26 X-ORIGIN 'RFC 2713' ) attributeTypes: ( 2.16.840.1.113730.3.1.2102 NAME 'autoMemberGroupingAttr' D ESC 'Auto Membership grouping attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 26 SINGLE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.13 NAME 'ipk11Label' DESC 'Desc ription' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.808 NAME 'nsds5replicaLastInitEnd' D ESC 'Netscape defined attribute type' EQUALITY generalizedTimeMatch ORDERIN G generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE- VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsUserIDFormat-oid NAME 'nsUserIDFormat' DESC 'Netscape de fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netsca pe Administration Services' ) attributeTypes: ( 0.9.2342.19200300.100.1.9 NAME 'host' EQUALITY caseIgnore Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( nsAdminOneACLDir-oid NAME 'nsAdminOneACLDir' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne tscape Administration Services' ) attributeTypes: ( 2.5.4.0 NAME 'objectClass' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 X-ORIGIN 'RFC 4512' ) attributeTypes: ( nsBuildNumber-oid NAME 'nsBuildNumber' DESC 'Netscape defi ned attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape ' ) attributeTypes: ( 1.3.6.1.4.1.13769.3.5 NAME 'mozillaHomePostalCode' EQUALI TY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 2.16.840.1.113730.3.1.2149 NAME 'rootdn-allow-ip' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI N 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.2312.4.3.3.2 NAME 'sabayonProfileName' DESC 'T he Name of a sabayon profile' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Sa bayon' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' DESC 'Min imal password length (default: 5)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.5.4.12 NAME 'title' SUP name EQUALITY caseIgnoreMatch S UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN 'RFC 4519' ) attributeTypes: ( authoritySerial-oid NAME 'authoritySerial' DESC 'Authority certificate serial number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VAL UE X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.17 NAME 'mailForwardingAddress' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( revInfo-oid NAME 'revInfo' DESC 'CMS defined attribute' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2120 NAME 'dnaFilter' DESC 'DNA filt er for finding entries' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X -ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.223 NAME ( 'passwordResetFailureCoun t' 'pwdFailureCountInterval' ) DESC 'Netscape defined password policy attri bute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Nets cape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'Times tamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE ) attributeTypes: ( 2.5.4.49 NAME ( 'distinguishedName' 'dn' ) EQUALITY disti nguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4519' X-DEPRECATED 'dn' ) attributeTypes: ( 2.16.840.1.113730.3.1.2232 NAME 'nsslapd-ldapimaptoentries ' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.578 NAME 'nsDS5ReplicaHost' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2190 NAME 'nsslapd-accesslog-logmaxd iskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.1 NAME 'idnsAllowDynUpdate' DESC ' permit dynamic updates on this zone' EQUALITY booleanMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2319 NAME 'nsslapd-auditfaillog-logr otationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.45.1 NAME 'krbLastPwdChange' EQ UALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VAL UE ) attributeTypes: ( 2.5.21.10 NAME 'governingStructureRule' EQUALITY integerM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 2.16.840.1.113730.3.1.2279 NAME 'nsslapd-ldifdir' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.18.0.2.4.1134 NAME 'printer-more-info' DESC 'A URI for more information about this specific printer.' EQUALITY caseIgnoreMatch SU BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.9 NAME 'attributeMap' DESC 'Attribu te mappings used, required, or supported by an agent or service' EQUALITY c aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'RFC4876' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.1004 NAME 'nsds7WindowsDomain' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING LE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) DESC 'Standard LDAP attribute type' EQUALITY caseIgnoreIA5Match SUBSTR cas eIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'RFC 2247' 'user defined' ) ) attributeTypes: ( certStatus-oid NAME 'certStatus' DESC 'CMS defined attribu te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.8.21.1.3 NAME 'ipaMemberCertProfile' D ESC 'Reference to a certificate profile member' SUP distinguishedName EQUAL ITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ( 'IPA v4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC 'pr eferred written or spoken language for a person' EQUALITY caseIgnoreMatch S UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'RFC 2798' ) attributeTypes: ( 1.3.6.1.4.1.13769.2.3 NAME ( 'mozillaUseHtmlMail' 'xmozill ausehtmlmail' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.21 NAME 'idnsSecKeyActivate' DESC 'DNSSEC key (planned) activation time' EQUALITY generalizedTimeMatch ORDERI NG generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE -VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.201 NAME 'changeLogMaximumSize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O RIGIN 'Netscape Directory Server' ) attributeTypes: ( adminMessages-oid NAME 'adminMessages' DESC 'CMS defined a ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( nsSerialNumber-oid NAME 'nsSerialNumber' DESC 'Netscape de fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netsca pe' ) attributeTypes: ( 1.3.6.1.4.1.5322.21.2.3 NAME 'krbPwdLockoutDuration' EQUA LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.90 NAME 'cirBeginORC' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Net scape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.7 NAME 'ipaNTProfilePath' DESC 'U ser Profile Path' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING LE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2240 NAME 'nsslapd-accesslog' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.1.13 NAME 'ipaDefaultEmailDomain' E QUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.99 NAME 'SPFRecord' DESC 'Sender Pol icy Framework (SPF) for Authorizing Use of Domains in Email, RFC 7208' EQUA LITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2096 NAME 'entryusn' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE N O-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'Netscape' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'LanMa nager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121 .1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.694 NAME 'inetSubscriberAccountId' D ESC 'A unique attribute linking the subscriber to a billing system' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape subscriber interoperabilit y' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.18.1 NAME 'krbPwdServers' EQUAL ITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.18.0.2.4.1112 NAME 'printer-current-operator' DESC 'Th e identity of the current human operator responsible for operating this pri nter.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.1.2306 NAME 'nsslapd-return-default-op attr' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.2.840.113556.1.4.478 NAME 'calCalURI' DESC 'RFC2739: URI of entire default calendar' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreI A5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'rfc2739' ) attributeTypes: ( tokenNotAfter-oid NAME 'tokenNotAfter' DESC 'CMS defined a ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.604 NAME 'parentid' DESC 'internal s erver defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.42 NAME 'APLRecord' DESC 'Lists of A ddress Prefixes, RFC 3132' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5 SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2 ' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2154 NAME 'nsds5ReplicaBackoffMin' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.43 NAME 'ipaPermIncludedAttr' DES C 'IPA permission explicitly included attribute' EQUALITY caseIgnoreMatch O RDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN ( 'IPA v4.0' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2266 NAME 'nsslapd-enquote-sup-oc' D ESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.524 NAME 'ntUserScriptPath' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.1.22 NAME 'mgrpAllowedBroadcaster' DES C 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.2133 NAME 'pwdUpdateTime' DESC 'Last password update time' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE US AGE directoryOperation X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.236 NAME 'nsSNMPDescription' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' SYNTA X 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.1.2324 NAME 'nsslapd-auditfaillog-loge xpirationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsPreference-oid NAME 'nsPreference' DESC 'Netscape define d attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape A dministration Services' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.18 NAME 'ipaNTTrustPosixOffset' D ESC 'POSIX offset of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.33.1 NAME 'krbPwdMinLength' EQU ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( crlName-oid NAME 'crlName' DESC 'CMS defined attribute' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( status-oid NAME 'status' DESC 'CMS defined attribute' SYNT AX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.592 NAME 'nsDS5ReplicaAutoReferral' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( requestAgentGroup-oid NAME 'requestAgentGroup' DESC 'CMS d efined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defin ed' ) attributeTypes: ( 2.16.840.1.113730.3.1.2083 NAME ( 'passwordMinTokenLength' 'pwdMinTokenLength' ) DESC 'Netscape defined password policy attribute typ e' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Dir ectory Server' ) attributeTypes: ( numberOfRecoveries-oid NAME 'numberOfRecoveries' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user def ined' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.16 NAME 'ipaConfigString' DESC 'Ge neric configuration stirng' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMat ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.689 NAME 'nsds5replicaUpdateInProgre ss' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.7 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.61 NAME 'ipaWrappingKey' DESC 'PK CS#11 URI of the wrapping key' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2204 NAME 'nsslapd-auditlog-logging- enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.18.0.2.4.1109 NAME 'printer-charset-configured' DESC ' The configured charset in which error and status messages will be generated (by default) by this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.1.44 NAME 'ntGroupDomainId' DESC 'Nets cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA LUE X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.8.20.2.8 NAME 'ipaReplTopoManagedSuffi x' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X -ORIGIN ( 'FreeIPA' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.1.6 NAME 'ipaHomesRootDir' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.214 NAME 'passwordAllowChangeTime' D ESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Di rectory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.62 NAME 'ipk11Decrypt' DESC 'Ke y supports decryption' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( tokenStatus-oid NAME 'tokenStatus' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.55 NAME 'HIPRecord' DESC 'Host Ident ity Protocol (HIP) Domain Name System (DNS) Extension, RFC 5205' EQUALITY c aseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2141 NAME 'dsOnlyMemberUid' DESC 'El ements from a memberuid attribute created to reflect dynamic group membersh ip' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Red Hat Directory Server ' ) attributeTypes: ( nsDirectoryFailoverList-oid NAME 'nsDirectoryFailoverList' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 6 X-ORIGIN 'Netscape' ) attributeTypes: ( nsSSLSessionTimeout-oid NAME 'nsSSLSessionTimeout' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.36 NAME 'ipaSecondaryBaseRID' DES C 'First value of a secondary RID range' EQUALITY integerMatch ORDERING int egerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGI N ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2253 NAME 'nsslapd-nagle' DESC 'Nets cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA LUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2118 NAME 'dnaInterval' DESC 'DNA in terval between values' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X- ORIGIN '389 Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC 'Ti mestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch SUBSTR case IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 45 19' ) attributeTypes: ( 2.16.840.1.113730.3.1.2188 NAME 'nsslapd-errorlog-logrotat iontimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.32769 NAME 'DLVRecord' DESC 'DNSSEC Lookaside Validation, RFC 4431' EQUALITY caseIgnoreIA5Match SUBSTR caseIgno reIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v 4.4.2' 'user defined' ) ) attributeTypes: ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.8.7.11 NAME 'ipaSudoRunAsGroupCategory ' DESC 'Additional classification for groups' SUP userCategory EQUALITY cas eIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2311 NAME 'nsds5ReplicaFlowControlPa use' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.66 NAME 'ntUserUniqueId' DESC 'Netsc ape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALU E X-ORIGIN 'Netscape NT Synchronization' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.9 NAME 'idnsSOAminimum' DESC 'SOA minimum value' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2078 NAME ( 'passwordMinLowers' 'pwd MinLowers' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Ser ver' ) attributeTypes: ( 2.16.840.1.113730.3.1.587 NAME 'nsds50ruv' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Nets cape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2167 NAME 'schemaUpdateAttributeAcce pt' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2271 NAME 'nsslapd-rewrite-rfc1274' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.54 NAME 'ipaPrivateKey' DESC 'Pri vate key as DER-encoded EncryptedPrivateKeyInfo (RFC 5958)' EQUALITY octetS tringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN ( 'IP A v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.1 NAME 'ipatokenUniqueID' DESC 'Token Unique Identifier' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'Standard LDA P attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGI N 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.31 NAME 'mailEnhancedUniqueMember' D ESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.12 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.5.1 NAME 'krbUPEnabled' DESC 'Bo olean' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.8.5.19 NAME 'idnsSecKeyCreated' DESC ' DNSSEC key creation timestamp' EQUALITY generalizedTimeMatch ORDERING gener alizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X -ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.209 NAME 'vlvFilter' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Nets cape Directory Server' ) attributeTypes: ( nsErrorLog-oid NAME 'nsErrorLog' DESC 'Netscape defined at tribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record' DESC 'A6 Record T ype, RFC 2874' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.1.88 NAME 'cirUpdateFailedat' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI N 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC 'Base6 4 encoded user parameter string' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.250 NAME 'nsValueDefault' DESC 'Nets cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape servers - value item' ) attributeTypes: ( 2.5.4.37 NAME 'cACertificate' DESC 'X.509 CA certificate' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RF C 4523' ) attributeTypes: ( 1.3.6.1.4.1.6981.11.3.2 NAME 'FTPQuotaMBytes' DESC 'Quota (in megabytes) for an FTP user' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.14 NAME 'serviceSearchDescriptor' D ESC 'Specifies search descriptors required, used, or supported by a particu lar service or agent' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'RFC4876' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2105 NAME 'autoMemberTargetGroup' DE SC 'Auto Membership target group' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SING LE-VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.803 NAME 'nsBackendSuffix' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE di rectoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2217 NAME 'nsslapd-allow-anonymous-a ccess' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.53 NAME 'replicaBindMethod' DESC 'Ne tscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGI N 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.4 NAME 'info' EQUALITY caseIgnore Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.71 NAME 'ipk11AlwaysAuthenticat e' DESC 'User has to authenticate for each use with this key' EQUALITY bool eanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v 4.1' 'user defined' ) ) attributeTypes: ( nsSSLSupportedCiphers-oid NAME 'nsSSLSupportedCiphers' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- ORIGIN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.2287 NAME 'nsslapd-force-sasl-extern al' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2065 NAME 'nsSaslMapBaseDNTemplate' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.5.4.5 NAME 'serialNumber' EQUALITY caseIgnoreMatch SUBS TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 X-ORIGIN 'RFC 4519' ) attributeTypes: ( p12Expiration-oid NAME 'p12Expiration' DESC 'CMS defined a ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( tokenUserID-oid NAME 'tokenUserID' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.197 NAME 'replicaHost' DESC 'Netscap e defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Ne tscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold' DESC 'Lockout users after bad logon attempts (default: 0 => off)' EQUALITY integ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( tokenReason-oid NAME 'tokenReason' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.5.4.15 NAME 'businessCategory' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-OR IGIN 'RFC 4519' ) attributeTypes: ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' EQUALITY c aseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( 2.16.840.1.113730.3.1.107 NAME 'passwordResetDuration' DES C 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' DESC 'Standard LD AP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIG IN 'RFC 2307' ) attributeTypes: ( 2.16.840.1.113730.3.1.2235 NAME 'nsslapd-ldapientrysearchb ase' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( tokenAppletID-oid NAME 'tokenAppletID' DESC 'CMS defined a ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( extensions-oid NAME 'extensions' DESC 'CMS defined attribu te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( nsInstalledLocation-oid NAME 'nsInstalledLocation' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN 'Netscape' ) attributeTypes: ( 2.16.840.1.113730.3.1.573 NAME 'nsIdleTimeout' DESC 'Binde r-based connection idle timeout (seconds)' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Ser ver' ) attributeTypes: ( 2.16.840.1.113730.3.8.19.2.1 NAME 'ipaDomainLevel' DESC 'D omain Level value' EQUALITY numericStringMatch ORDERING numericStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE X-ORIGIN ( 'IPA v4' 'user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.2428.20.4 NAME 'UnknownRecord' DESC 'unknown D NS record, RFC 3597' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'use r defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.75 NAME 'adminUrl' DESC 'Netscape de fined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netsca pe Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.245 NAME 'nsValueTel' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'Net scape servers - value item' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.42 NAME 'preferredLocale' DESC 'p referred locale for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Ne tscape' ) attributeTypes: ( nsNYR-oid NAME 'nsNYR' DESC 'Netscape defined attribute ty pe' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.2172 NAME 'nsslapd-accesslog-maxlogs ize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.5 NAME 'memberUser' DESC 'Referenc e to a principal that performs an action (usually user).' SUP distinguished Name EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X -ORIGIN 'IPA v2' ) attributeTypes: ( userMessages-oid NAME 'userMessages' DESC 'CMS defined att ribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.18.0.2.4.1131 NAME 'printer-charset-supported' DESC 'S et of charsets supported for the attribute values of syntax DirectoryString for this directory entry.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.15 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.22 NAME 'ipatokenTOTPwatermark' DESC 'TOTP watermark' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.4 NAME 'bindTimeLimit' DESC 'Maximu m time an agent or service allows for a bind operation to complete' EQUALIT Y integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.27 SINGLE-VALUE X-ORIGIN ( 'RFC4876' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.21.1.6 NAME 'ipaCaId' DESC 'Dogtag A uthority ID' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBS TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4 Lightweight CAs' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.8.5.24 NAME 'idnsSecKeyZone' DESC 'DNS KEY ZONE flag (equivalent to bit 7): RFC 4035' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defi ned' ) ) attributeTypes: ( archivedBy-oid NAME 'archivedBy' DESC 'CMS defined attribu te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.53.1 NAME 'krbPrincContainerRef' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'numeri cally identifies an employee within an organization' EQUALITY caseIgnoreMat ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE X-ORIGIN 'RFC 2798' ) attributeTypes: ( 2.16.840.1.113730.3.1.551 NAME 'cosspecifier' DESC 'Netsca pe defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALU E X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.97 NAME ( 'passwordMaxAge' 'pwdMaxAg e' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1. 4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.5322.21.2.4 NAME 'krbAllowedToDelegateTo' EQU ALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' DESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier' SYNTAX 1.3.6.1. 4.1.1466.115.121.1.51 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.8.7.8 NAME 'ipaSudoRunAsUserCategory' DESC 'Additional classification for users' SUP userCategory EQUALITY caseIg noreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.2099 NAME 'autoMemberExclusiveRegex' DESC 'Auto Membership exclusive regex rule' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 X-ORIGIN '389 Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord' DESC 'text strin g, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2307 ' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC 'Next NT rid to give our for users' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.2222 NAME 'nsslapd-localuser' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2180 NAME 'nsslapd-auditlog-logrotat ionsynchour' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2309 NAME 'nsds5ReplicaPreciseTombst onePurging' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( tokenOrigin-oid NAME 'tokenOrigin' DESC 'CMS defined attri bute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.16.840.1.113730.3.1.2292 NAME 'nsslapd-disk-monitoring-l ogging-critical' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2070 NAME 'pamIDMapMethod' DESC 'How to map BIND DN to PAM identity' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Red Hat Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.408 NAME 'replicaLastRelevantChange' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 7 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.76 NAME 'sambaTrustAuthIncoming' DESC 'Authentication information for the incoming portion of a trust' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2269 NAME 'nsslapd-errorlog-list' DE SC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X -ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.18.0.2.4.1124 NAME 'printer-number-up-supported' DESC 'The possible numbers of print-stream pages to impose upon a single side of an instance of a selected medium.' EQUALITY integerMatch ORDERING integerO rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'rfc3712' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.9 NAME 'ipatokenOTPalgorithm' D ESC 'OTP Token Algorithm' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( allowPinReset-oid NAME 'allowPinReset' DESC 'CMS defined a ttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( 2.5.21.7 NAME 'nameForms' EQUALITY objectIdentifierFirstC omponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.8.16.1.17 NAME 'ipatokenRadiusSecret' DESC 'Server Secret' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.40 SINGLE-VALUE X-ORIGIN ( 'IPA OTP' 'user defined' ) ) attributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' EQUALITY octetStr ingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 1274' ) attributeTypes: ( 2.16.840.1.113719.1.301.4.36.1 NAME 'krbPwdPolicyReference ' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SIN GLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.28 NAME 'nisPublickey' DESC 'nisPublickey' E QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'RFC2307bis' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.29 NAME 'mgrpMsgRejectText' DESC 'Ne tscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.2136 NAME 'nsds5ReplicaCleanRUVNotif ied' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.27 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.11 NAME 'idnsAllowQuery' DESC 'BIN D9 allow-query ACL element' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1. 1466.115.121.1.26 SINGLE-VALUE X-ORIGIN ( 'IPA v2' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.231 NAME 'nsslapd-pluginEnabled' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( nsWellKnownJarfiles-oid NAME 'nsWellKnownJarfiles' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIG IN 'Netscape Administration Services' ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord' DESC 'non-exista nt, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 US AGE directoryOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( nsAdminAccessHosts-oid NAME 'nsAdminAccessHosts' DESC 'Net scape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' ) attributeTypes: ( 2.16.840.1.113730.3.1.328 NAME 'nsMatchingRule' DESC 'Nets cape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.6 NAME 'eduPersonPrincipalName' DES C 'Principal Name' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIG IN 'http://middleware.internet2.edu/eduperson/' ) attributeTypes: ( 2.16.840.1.113730.3.1.80 NAME 'cirHost' DESC 'Netscape def ined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscap e Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.15 NAME 'ipaNTTrustAuthOutgoing' DESC 'Authentication information for the outgoing portion of a trust' EQUAL ITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.11 NAME 'javaReferenceAddress' DES C 'Addresses associated with a JNDI Reference' EQUALITY caseExactMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2713' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.16 NAME 'ipk11Trusted' DESC 'Ca n be trusted by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2086 NAME 'mepManagedBy' DESC 'Manag ed Entries backpointer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.3.19 NAME 'serviceCategory' DESC 'Ad ditional classification for services' EQUALITY caseIgnoreMatch ORDERING cas eIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.684 NAME 'nsds5ReplicaChangeCount' D ESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.1.1 NAME 'ipaUserSearchFields' EQUA LITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113730.3.8.20.2.3 NAME 'ipaReplTopoSegmentLeftN ode' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'FreeIPA' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.1101 NAME 'nsRoleScopeDN' DESC 'Scop e of a role' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN '38 9 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.17.1.69 NAME 'ipk11WrapWithTrusted' DESC 'Key can only be wrapped with a trusted wrapping key' EQUALITY boolean Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1 ' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113719.1.301.4.41.1 NAME 'krbSubTrees' EQUALIT Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.52 NAME 'TLSARecord' DESC 'DNS-Based Authentication of Named Entities - Transport Layer Security Protocol, RFC 6698' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) attributeTypes: ( 1.3.1.1.4.1.453.16.2.103 NAME 'numSubordinates' DESC 'coun t of immediate subordinates' EQUALITY integerMatch ORDERING integerOrdering Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATIO N USAGE directoryOperation X-ORIGIN 'numSubordinates Internet Draft' ) attributeTypes: ( 1.3.6.1.4.1.13769.3.6 NAME 'mozillaHomeCountryName' SUP n ame EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' ) attributeTypes: ( 2.16.840.1.113730.3.1.2144 NAME 'rootdn-open-time' DESC 'N etscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.11.33 NAME 'ipaBaseID' DESC 'First v alue of a Posix ID range' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.27 SINGLE-VALUE X-ORIGIN ( 'IPA v3' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2256 NAME 'passwordLegacyPolicy' DES C 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.9999999 NAME 'nsds5debugreplicatimeo ut' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.15 X-ORIGIN 'RFC 4524' ) attributeTypes: ( SubsystemName-oid NAME 'SubsystemName' SYNTAX 1.3.6.1.4.1 .1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' SYNTAX 1 .3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation X-ORIGIN 'RFC 4512' ) attributeTypes: ( 2.16.840.1.113730.3.1.12 NAME 'mailAccessDomain' DESC 'Net scape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.2123 NAME 'dnaSharedCfgDN' DESC 'DNA shared configuration entry DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE -VALUE X-ORIGIN '389 Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.226 NAME 'nsslapd-pluginType' DESC ' Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC 'Time stamp of when the user will be logged off automatically' EQUALITY integerMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.5.4.44 NAME 'generationQualifier' SUP name EQUALITY cas eIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.16.840.1.113730.3.1.2193 NAME 'nsslapd-accesslog-logminf reediskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.146 6.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.7.14 NAME 'ipaSudoRunAsExtUserGroup' DESC 'Multivalue string attribute that allows storing groups of users that are not managed by IPA the command can be run as' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.15 X-ORIGIN ( 'IPA v4.0' 'user defined' ) ) attributeTypes: ( 2.16.840.1.113730.3.1.2314 NAME 'nsslapd-changelogcompactd b-interval' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.4 NAME 'idnsSOArName' DESC 'SOA ro ot Name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.1.612 NAME 'generation' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Net scape Directory Server' ) cn: schema ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5String' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'DirectoryString' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'DN' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'Facsimile Telephone Numb er' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.23 DESC 'FAX' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.24 DESC 'GeneralizedTime' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.27 DESC 'INTEGER' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional UID' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'OctetString' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'TelephoneNumber' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'Teletex Terminal Identif ier' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' ) matchingRules: ( 2.5.13.17 NAME 'octetStringMatch' DESC 'The octetStringMatc h rule compares an assertion value of the Octet String syntax to an attribu te value of a syntax (e.g., the Octet String or JPEG syntax) whose correspo nding ASN.1 type is the OCTET STRING ASN.1 type. The rule evaluates to TRU E if and only if the attribute value and the assertion value are the same l ength and corresponding octets (by position) are the same.' SYNTAX 1.3.6.1. 4.1.1466.115.121.1.40 ) matchingRules: ( 2.5.13.18 NAME 'octetStringOrderingMatch' DESC 'The octetSt ringOrderingMatch rule compares an assertion value of the Octet String synt ax to an attribute value of a syntax (e.g., the Octet String or JPEG syntax ) whose corresponding ASN.1 type is the OCTET STRING ASN.1 type. The rule evaluates to TRUE if and only if the attribute value appears earlier in the collation order than the assertion value. The rule compares octet strings from the first octet to the last octet, and from the most significant bit to the least significant bit within the octet. The first occurrence of a d ifferent bit determines the ordering of the strings. A zero bit precedes a one bit. If the strings contain different numbers of octets but the longe r string is identical to the shorter string up to the length of the shorter string, then the shorter string precedes the longer string.' SYNTAX 1.3.6. 1.4.1.1466.115.121.1.40 ) matchingRules: ( 2.5.13.16 NAME 'bitStringMatch' DESC 'The bitStringMatch ru le compares an assertion value of the Bit String syntax to an attribute val ue of a syntax (e.g., the Bit String syntax) whose corresponding ASN.1 type is BIT STRING. If the corresponding ASN.1 type of the attribute syntax do es not have a named bit list [ASN.1] (which is the case for the Bit String syntax), then the rule evaluates to TRUE if and only if the attribute value has the same number of bits as the assertion value and the bits match on a bitwise basis. If the corresponding ASN.1 type does have a named bit list , then bitStringMatch operates as above, except that trailing zero bits in the attribute and assertion values are treated as absent.' SYNTAX 1.3.6.1.4 .1.1466.115.121.1.6 ) matchingRules: ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' DESC 'T he caseExactIA5Match rule compares an assertion value of the IA5 String syn tax to an attribute value of a syntax (e.g., the IA5 String syntax) whose c orresponding ASN.1 type is IA5String. The rule evaluates to TRUE if and onl y if the prepared attribute value character string and the prepared asserti on value character string have the same number of characters and correspond ing characters have the same code point. In preparing the attribute value a nd assertion value for comparison, characters are not case folded in the Ma p preparation step, and only Insignificant Space Handling is applied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 26 ) matchingRules: ( 2.5.13.5 NAME 'caseExactMatch' DESC 'The caseExactMatch rul e compares an assertion value of the Directory String syntax to an attribut e value of a syntax (e.g., the Directory String, Printable String, Country String, or Telephone Number syntax) whose corresponding ASN.1 type is Direc toryString or one of the alternative string types of DirectoryString, such as PrintableString (the other alternatives do not correspond to any syntax defined in this document). The rule evaluates to TRUE if and only if the pr epared attribute value character string and the prepared assertion value ch aracter string have the same number of characters and corresponding charact ers have the same code point. In preparing the attribute value and assertio n value for comparison, characters are not case folded in the Map preparati on step, and only Insignificant Space Handling is applied in the Insignific ant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.5.13.6 NAME 'caseExactOrderingMatch' DESC 'The caseExactO rderingMatch rule compares an assertion value of the Directory String synta x to an attribute value of a syntax (e.g., the Directory String, Printable String, Country String, or Telephone Number syntax) whose corresponding ASN .1 type is DirectoryString or one of its alternative string types. The rule evaluates to TRUE if and only if, in the code point collation order, the p repared attribute value character string appears earlier than the prepared assertion value character string; i.e., the attribute value is "less than" the assertion value. In preparing the attribute value and assertion value f or comparison, characters are not case folded in the Map preparation step, and only Insignificant Space Handling is applied in the Insignificant Chara cter Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.5.13.7 NAME 'caseExactSubstringsMatch' DESC 'The caseExac tSubstringsMatch rule compares an assertion value of the Substring Assertio n syntax to an attribute value of a syntax (e.g., the Directory String, Pri ntable String, Country String, or Telephone Number syntax) whose correspond ing ASN.1 type is DirectoryString or one of its alternative string types. T he rule evaluates to TRUE if and only if (1) the prepared substrings of the assertion value match disjoint portions of the prepared attribute value ch aracter string in the order of the substrings in the assertion value, (2) a n substring, if present, matches the beginning of the prepared at tribute value character string, and (3) a substring, if present, ma tches the end of the prepared attribute value character string. A prepared substring matches a portion of the prepared attribute value character stri ng if corresponding characters have the same code point. In preparing the a ttribute value and assertion value substrings for comparison, characters ar e not case folded in the Map preparation step, and only Insignificant Space Handling is applied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) matchingRules: ( 2.16.840.1.113730.3.3.1 NAME 'caseExactIA5SubstringsMatch' DESC 'The caseExactIA5SubstringsMatch rule compares an assertion value of t he Substring Assertion syntax to an attribute value of a syntax (e.g., the IA5 syntax) whose corresponding ASN.1 type is IA5 String or one of its alte rnative string types. The rule evaluates to TRUE if and only if (1) the pre pared substrings of the assertion value match disjoint portions of the prep ared attribute value character string in the order of the substrings in the assertion value, (2) an substring, if present, matches the begin ning of the prepared attribute value character string, and (3) a su bstring, if present, matches the end of the prepared attribute value charac ter string. A prepared substring matches a portion of the prepared attribu te value character string if corresponding characters have the same code po int. In preparing the attribute value and assertion value substrings for co mparison, characters are not case folded in the Map preparation step, and o nly Insignificant Space Handling is applied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) matchingRules: ( 2.5.13.27 NAME 'generalizedTimeMatch' DESC 'The rule evalua tes to TRUE if and only if the attribute value represents the same universa l coordinated time as the assertion value.' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.24 ) matchingRules: ( 2.5.13.28 NAME 'generalizedTimeOrderingMatch' DESC 'The rul e evaluates to TRUE if and only if the attribute value represents a univers al coordinated time that is earlier than the universal coordinated time rep resented by the assertion value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) matchingRules: ( 2.5.13.13 NAME 'booleanMatch' DESC 'The booleanMatch rule c ompares an assertion value of the Boolean syntax to an attribute value of a syntax (e.g., the Boolean syntax) whose corresponding ASN.1 type is BOOLEA N. The rule evaluates to TRUE if and only if the attribute value and the a ssertion value are both TRUE or both FALSE.' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.7 ) matchingRules: ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' DESC ' The caseIgnoreIA5Match rule compares an assertion value of the IA5 String s yntax to an attribute value of a syntax (e.g., the IA5 String syntax) whose corresponding ASN.1 type is IA5String. The rule evaluates to TRUE if and only if the prepared attribute value character string and the prepared asse rtion value character string have the same number of characters and corresp onding characters have the same code point. In preparing the attribute val ue and assertion value for comparison, characters are case folded in the Ma p preparation step, and only Insignificant Space Handling is applied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 26 ) matchingRules: ( 1.3.6.1.4.1.1466.109.114.3 NAME 'caseIgnoreIA5SubstringsMat ch' DESC 'The caseIgnoreIA5SubstringsMatch rule compares an assertion value of the Substring Assertion syntax to an attribute value of a syntax (e.g., the IA5 String syntax) whose corresponding ASN.1 type is IA5String. The r ule evaluates to TRUE if and only if (1) the prepared substrings of the ass ertion value match disjoint portions of the prepared attribute value charac ter string in the order of the substrings in the assertion value, (2) an substring, if present, matches the beginning of the prepared attrib ute value character string, and (3) a substring, if present, matche s the end of the prepared attribute value character string. A prepared sub string matches a portion of the prepared attribute value character string i f corresponding characters have the same code point. In preparing the attr ibute value and assertion value substrings for comparison, characters are c ase folded in the Map preparation step, and only Insignificant Space Handli ng is applied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1 .4.1.1466.115.121.1.58 ) matchingRules: ( 2.5.13.2 NAME 'caseIgnoreMatch' DESC 'The caseIgnoreMatch r ule compares an assertion value of the Directory String syntax to an attrib ute value of a syntax (e.g., the Directory String, Printable String, Countr y String, or Telephone Number syntax) whose corresponding ASN.1 type is Dir ectoryString or one of its alternative string types. The rule evaluates to TRUE if and only if the prepared attribute value character string and the prepared assertion value character string have the same number of character s and corresponding characters have the same code point. In preparing the a ttribute value and assertion value for comparison, characters are case fold ed in the Map preparation step, and only Insignificant Space Handling is ap plied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.146 6.115.121.1.15 ) matchingRules: ( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' DESC 'The caseIgnor eOrderingMatch rule compares an assertion value of the Directory String syn tax to an attribute value of a syntax (e.g., the Directory String, Printabl e String, Country String, or Telephone Number syntax) whose corresponding A SN.1 type is DirectoryString or one of its alternative string types. The ru le evaluates to TRUE if and only if, in the code point collation order, the prepared attribute value character string appears earlier than the prepare d assertion value character string; i.e., the attribute value is "less than " the assertion value. In preparing the attribute value and assertion value for comparison, characters are case folded in the Map preparation step, an d only Insignificant Space Handling is applied in the Insignificant Charact er Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' DESC 'The caseIgn oreSubstringsMatch rule compares an assertion value of the Substring Assert ion syntax to an attribute value of a syntax (e.g., the Directory String, P rintable String, Country String, or Telephone Number syntax) whose correspo nding ASN.1 type is DirectoryString or one of its alternative string types. The rule evaluates to TRUE if and only if (1) the prepared substrings of t he assertion value match disjoint portions of the prepared attribute value character string in the order of the substrings in the assertion value, (2) an substring, if present, matches the beginning of the prepared attribute value character string, and (3) a substring, if present, matches the end of the prepared attribute value character string. A prepar ed substring matches a portion of the prepared attribute value character st ring if corresponding characters have the same code point. In preparing the attribute value and assertion value substrings for comparison, characters are case folded in the Map preparation step, and only Insignificant Space H andling is applied in the Insignificant Character Handling step.' SYNTAX 1. 3.6.1.4.1.1466.115.121.1.58 ) matchingRules: ( 2.5.13.11 NAME 'caseIgnoreListMatch' DESC 'The caseIgnoreLi stMatch rule compares an assertion value that is a sequence of strings to a n attribute value of a syntax (e.g., the Postal Address syntax) whose corre sponding ASN.1 type is a SEQUENCE OF the DirectoryString ASN.1 type. The ru le evaluates to TRUE if and only if the attribute value and the assertion v alue have the same number of strings and corresponding strings (by position ) match according to the caseIgnoreMatch matching rule. In [X.520], the ass ertion syntax for this matching rule is defined to be: SEQUENCE OF Di rectoryString {ub-match} That is, it is different from the corresponding ty pe for the Postal Address syntax. The choice of the Postal Address syntax for the assertion syntax of the caseIgnoreListMatch in LDAP should not be s een as limiting the matching rule to apply only to attributes with the Post al Address syntax.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) matchingRules: ( 2.5.13.12 NAME 'caseIgnoreListSubstringsMatch' DESC 'The ca seIgnoreListSubstringsMatch rule compares an assertion value of the Substri ng Assertion syntax to an attribute value of a syntax (e.g., the Postal Add ress syntax) whose corresponding ASN.1 type is a SEQUENCE OF the DirectoryS tring ASN.1 type. The rule evaluates to TRUE if and only if the assertion v alue matches, per the caseIgnoreSubstringsMatch rule, the character string formed by concatenating the strings of the attribute value, except that non e of the , , or substrings of the assertion value are considered to match a substring of the concatenated string which spans mor e than one of the original strings of the attribute value. Note that, in te rms of the LDAP-specific encoding of the Postal Address syntax, the concate nated string omits the line separator and the escaping of "\" and "$" characters.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) matchingRules: ( 2.5.13.0 NAME 'objectIdentifierMatch' DESC 'The objectIdent ifierMatch rule compares an assertion value of the OID syntax to an attribu te value of a syntax (e.g., the OID syntax) whose corresponding ASN.1 type is OBJECT IDENTIFIER. The rule evaluates to TRUE if and only if the asserti on value and the attribute value represent the same object identifier; that is, the same sequence of integers, whether represented explicitly in the < numericoid> form of or implicitly in the form (see [RFC4512]) . If an LDAP client supplies an assertion value in the form and the chosen descriptor is not recognized by the server, then the objectIdentifi erMatch rule evaluates to Undefined.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) matchingRules: ( 2.5.13.31 NAME 'directoryStringFirstComponentMatch' DESC 'T he directoryStringFirstComponentMatch rule compares an assertion value of t he Directory String syntax to an attribute value of a syntax whose correspo nding ASN.1 type is a SEQUENCE with a mandatory first component of the Dire ctoryString ASN.1 type. Note that the assertion syntax of this matching rul e differs from the attribute syntax of attributes for which this is the equ ality matching rule. The rule evaluates to TRUE if and only if the assertio n value matches the first component of the attribute value using the rules of caseIgnoreMatch.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' DESC ' The objectIdentifierFirstComponentMatch rule compares an assertion value of the OID syntax to an attribute value of a syntax (e.g., the Attribute Type Description, DIT Content Rule Description, LDAP Syntax Description, Matchi ng Rule Description, Matching Rule Use Description, Name Form Description, or Object Class Description syntax) whose corresponding ASN.1 type is a SEQ UENCE with a mandatory first component of the OBJECT IDENTIFIER ASN.1 type. Note that the assertion syntax of this matching rule differs from the attr ibute syntax of attributes for which this is the equality matching rule. Th e rule evaluates to TRUE if and only if the assertion value matches the fir st component of the attribute value using the rules of objectIdentifierMatc h.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) matchingRules: ( 2.5.13.1 NAME 'distinguishedNameMatch' DESC 'The distinguis hedNameMatch rule compares an assertion value of the DN syntax to an attrib ute value of a syntax (e.g., the DN syntax) whose corresponding ASN.1 type is DistinguishedName. The rule evaluates to TRUE if and only if the attribu te value and the assertion value have the same number of relative distingui shed names and corresponding relative distinguished names (by position) are the same. A relative distinguished name (RDN) of the assertion value is t he same as an RDN of the attribute value if and only if they have the same number of attribute value assertions and each attribute value assertion (AV A) of the first RDN is the same as the AVA of the second RDN with the same attribute type. The order of the AVAs is not significant. Also note that a particular attribute type may appear in at most one AVA in an RDN. Two A VAs with the same attribute type are the same if their values are equal acc ording to the equality matching rule of the attribute type. If one or more of the AVA comparisons evaluate to Undefined and the remaining AVA compari sons return TRUE then the distinguishedNameMatch rule evaluates to Undefine d.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) matchingRules: ( 2.5.13.14 NAME 'integerMatch' DESC 'The rule evaluates to T RUE if and only if the attribute value and the assertion value are the same integer value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) matchingRules: ( 2.5.13.15 NAME 'integerOrderingMatch' DESC 'The rule evalua tes to TRUE if and only if the integer value of the attribute value is less than the integer value of the assertion value.' SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.27 ) matchingRules: ( 2.5.13.29 NAME 'integerFirstComponentMatch' DESC 'The integ erFirstComponentMatch rule compares an assertion value of the Integer synta x to an attribute value of a syntax (e.g., the DIT Structure Rule Descripti on syntax) whose corresponding ASN.1 type is a SEQUENCE with a mandatory fi rst component of the INTEGER ASN.1 type. Note that the assertion syntax of this matching rule differs from the attribute syntax of attributes for whi ch this is the equality matching rule. The rule evaluates to TRUE if and o nly if the assertion value and the first component of the attribute value a re the same integer value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) matchingRules: ( 2.16.840.1.113730.3.3.2.0.1 NAME 'caseIgnoreOrderingMatch-d efault' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.0.1.6 NAME 'caseIgnoreSubstringMatc h-default' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.1.1 NAME 'caseIgnoreOrderingMatch-a r' DESC 'ar' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.1.1.6 NAME 'caseIgnoreSubstringMatc h-ar' DESC 'ar' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.2.1 NAME 'caseIgnoreOrderingMatch-b e' DESC 'be' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.2.1.6 NAME 'caseIgnoreSubstringMatc h-be' DESC 'be' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.3.1 NAME 'caseIgnoreOrderingMatch-b g' DESC 'bg' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.3.1.6 NAME 'caseIgnoreSubstringMatc h-bg' DESC 'bg' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.4.1 NAME 'caseIgnoreOrderingMatch-c a' DESC 'ca' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.4.1.6 NAME 'caseIgnoreSubstringMatc h-ca' DESC 'ca' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.5.1 NAME 'caseIgnoreOrderingMatch-c s' DESC 'cs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.5.1.6 NAME 'caseIgnoreSubstringMatc h-cs' DESC 'cs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.6.1 NAME 'caseIgnoreOrderingMatch-d a' DESC 'da' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.6.1.6 NAME 'caseIgnoreSubstringMatc h-da' DESC 'da' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.7.1 NAME 'caseIgnoreOrderingMatch-d e' DESC 'de' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.7.1.6 NAME 'caseIgnoreSubstringMatc h-de' DESC 'de' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.8.1 NAME 'caseIgnoreOrderingMatch-d e-AT' DESC 'de-AT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.8.1.6 NAME 'caseIgnoreSubstringMatc h-de-AT' DESC 'de-AT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.9.1 NAME 'caseIgnoreOrderingMatch-d e-CH' DESC 'de-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.9.1.6 NAME 'caseIgnoreSubstringMatc h-de-CH' DESC 'de-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.10.1 NAME 'caseIgnoreOrderingMatch- el' DESC 'el' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.10.1.6 NAME 'caseIgnoreSubstringMat ch-el' DESC 'el' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.11.1 NAME 'caseIgnoreOrderingMatch- en' DESC 'en' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.11.1.6 NAME 'caseIgnoreSubstringMat ch-en' DESC 'en' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.12.1 NAME 'caseIgnoreOrderingMatch- en-CA' DESC 'en-CA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.12.1.6 NAME 'caseIgnoreSubstringMat ch-en-CA' DESC 'en-CA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.13.1 NAME 'caseIgnoreOrderingMatch- en-GB' DESC 'en-GB' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.13.1.6 NAME 'caseIgnoreSubstringMat ch-en-GB' DESC 'en-GB' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.14.1 NAME 'caseIgnoreOrderingMatch- en-IE' DESC 'en-IE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.14.1.6 NAME 'caseIgnoreSubstringMat ch-en-IE' DESC 'en-IE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.15.1 NAME 'caseIgnoreOrderingMatch- es' DESC 'es' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.15.1.6 NAME 'caseIgnoreSubstringMat ch-es' DESC 'es' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.16.1 NAME 'caseIgnoreOrderingMatch- et' DESC 'et' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.16.1.6 NAME 'caseIgnoreSubstringMat ch-et' DESC 'et' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.17.1 NAME 'caseIgnoreOrderingMatch- fi' DESC 'fi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.17.1.6 NAME 'caseIgnoreSubstringMat ch-fi' DESC 'fi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.18.1 NAME 'caseIgnoreOrderingMatch- fr' DESC 'fr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.18.1.6 NAME 'caseIgnoreSubstringMat ch-fr' DESC 'fr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.19.1 NAME 'caseIgnoreOrderingMatch- fr-BE' DESC 'fr-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.19.1.6 NAME 'caseIgnoreSubstringMat ch-fr-BE' DESC 'fr-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.20.1 NAME 'caseIgnoreOrderingMatch- fr-CA' DESC 'fr-CA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.20.1.6 NAME 'caseIgnoreSubstringMat ch-fr-CA' DESC 'fr-CA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.21.1 NAME 'caseIgnoreOrderingMatch- fr-CH' DESC 'fr-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.21.1.6 NAME 'caseIgnoreSubstringMat ch-fr-CH' DESC 'fr-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.22.1 NAME 'caseIgnoreOrderingMatch- hr' DESC 'hr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.22.1.6 NAME 'caseIgnoreSubstringMat ch-hr' DESC 'hr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.23.1 NAME 'caseIgnoreOrderingMatch- hu' DESC 'hu' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.23.1.6 NAME 'caseIgnoreSubstringMat ch-hu' DESC 'hu' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.24.1 NAME 'caseIgnoreOrderingMatch- is' DESC 'is' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.24.1.6 NAME 'caseIgnoreSubstringMat ch-is' DESC 'is' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.25.1 NAME 'caseIgnoreOrderingMatch- it' DESC 'it' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.25.1.6 NAME 'caseIgnoreSubstringMat ch-it' DESC 'it' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.26.1 NAME 'caseIgnoreOrderingMatch- it-CH' DESC 'it-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.26.1.6 NAME 'caseIgnoreSubstringMat ch-it-CH' DESC 'it-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.27.1 NAME 'caseIgnoreOrderingMatch- iw' DESC 'iw' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.27.1.6 NAME 'caseIgnoreSubstringMat ch-iw' DESC 'iw' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.28.1 NAME 'caseIgnoreOrderingMatch- ja' DESC 'ja' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.28.1.6 NAME 'caseIgnoreSubstringMat ch-ja' DESC 'ja' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.29.1 NAME 'caseIgnoreOrderingMatch- ko' DESC 'ko' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.29.1.6 NAME 'caseIgnoreSubstringMat ch-ko' DESC 'ko' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.30.1 NAME 'caseIgnoreOrderingMatch- lt' DESC 'lt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.30.1.6 NAME 'caseIgnoreSubstringMat ch-lt' DESC 'lt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.31.1 NAME 'caseIgnoreOrderingMatch- lv' DESC 'lv' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.31.1.6 NAME 'caseIgnoreSubstringMat ch-lv' DESC 'lv' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.32.1 NAME 'caseIgnoreOrderingMatch- mk' DESC 'mk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.32.1.6 NAME 'caseIgnoreSubstringMat ch-mk' DESC 'mk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.33.1 NAME 'caseIgnoreOrderingMatch- nl' DESC 'nl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.33.1.6 NAME 'caseIgnoreSubstringMat ch-nl' DESC 'nl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.34.1 NAME 'caseIgnoreOrderingMatch- nl-BE' DESC 'nl-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.34.1.6 NAME 'caseIgnoreSubstringMat ch-nl-BE' DESC 'nl-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.35.1 NAME 'caseIgnoreOrderingMatch- no' DESC 'no' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.35.1.6 NAME 'caseIgnoreSubstringMat ch-no' DESC 'no' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.36.1 NAME 'caseIgnoreOrderingMatch- no-NO-B' DESC 'no-NO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.36.1.6 NAME 'caseIgnoreSubstringMat ch-no-NO-B' DESC 'no-NO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.37.1 NAME 'caseIgnoreOrderingMatch- no-NO-NY' DESC 'no-NO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.37.1.6 NAME 'caseIgnoreSubstringMat ch-no-NO-NY' DESC 'no-NO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.38.1 NAME 'caseIgnoreOrderingMatch- pl' DESC 'pl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.38.1.6 NAME 'caseIgnoreSubstringMat ch-pl' DESC 'pl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.39.1 NAME 'caseIgnoreOrderingMatch- ro' DESC 'ro' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.39.1.6 NAME 'caseIgnoreSubstringMat ch-ro' DESC 'ro' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.40.1 NAME 'caseIgnoreOrderingMatch- ru' DESC 'ru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.40.1.6 NAME 'caseIgnoreSubstringMat ch-ru' DESC 'ru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.41.1 NAME 'caseIgnoreOrderingMatch- sh' DESC 'sh' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.41.1.6 NAME 'caseIgnoreSubstringMat ch-sh' DESC 'sh' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.42.1 NAME 'caseIgnoreOrderingMatch- sk' DESC 'sk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.42.1.6 NAME 'caseIgnoreSubstringMat ch-sk' DESC 'sk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.43.1 NAME 'caseIgnoreOrderingMatch- sl' DESC 'sl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.43.1.6 NAME 'caseIgnoreSubstringMat ch-sl' DESC 'sl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.44.1 NAME 'caseIgnoreOrderingMatch- sq' DESC 'sq' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.44.1.6 NAME 'caseIgnoreSubstringMat ch-sq' DESC 'sq' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.45.1 NAME 'caseIgnoreOrderingMatch- sr' DESC 'sr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.45.1.6 NAME 'caseIgnoreSubstringMat ch-sr' DESC 'sr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.46.1 NAME 'caseIgnoreOrderingMatch- sv' DESC 'sv' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.46.1.6 NAME 'caseIgnoreSubstringMat ch-sv' DESC 'sv' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.47.1 NAME 'caseIgnoreOrderingMatch- tr' DESC 'tr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.47.1.6 NAME 'caseIgnoreSubstringMat ch-tr' DESC 'tr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.48.1 NAME 'caseIgnoreOrderingMatch- uk' DESC 'uk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.48.1.6 NAME 'caseIgnoreSubstringMat ch-uk' DESC 'uk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.49.1 NAME 'caseIgnoreOrderingMatch- zh' DESC 'zh' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.49.1.6 NAME 'caseIgnoreSubstringMat ch-zh' DESC 'zh' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.50.1 NAME 'caseIgnoreOrderingMatch- zh-TW' DESC 'zh-TW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.50.1.6 NAME 'caseIgnoreSubstringMat ch-zh-TW' DESC 'zh-TW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.51.1 NAME 'caseIgnoreOrderingMatch- af' DESC 'af' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.51.1.6 NAME 'caseIgnoreSubstringMat ch-af' DESC 'af' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.52.1 NAME 'caseIgnoreOrderingMatch- af-NA' DESC 'af-NA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.52.1.6 NAME 'caseIgnoreSubstringMat ch-af-NA' DESC 'af-NA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.53.1 NAME 'caseIgnoreOrderingMatch- af-ZA' DESC 'af-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.53.1.6 NAME 'caseIgnoreSubstringMat ch-af-ZA' DESC 'af-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.54.1 NAME 'caseIgnoreOrderingMatch- ar-AE' DESC 'ar-AE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.54.1.6 NAME 'caseIgnoreSubstringMat ch-ar-AE' DESC 'ar-AE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.55.1 NAME 'caseIgnoreOrderingMatch- ar-BH' DESC 'ar-BH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.55.1.6 NAME 'caseIgnoreSubstringMat ch-ar-BH' DESC 'ar-BH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.56.1 NAME 'caseIgnoreOrderingMatch- ar-DZ' DESC 'ar-DZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.56.1.6 NAME 'caseIgnoreSubstringMat ch-ar-DZ' DESC 'ar-DZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.57.1 NAME 'caseIgnoreOrderingMatch- ar-EG' DESC 'ar-EG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.57.1.6 NAME 'caseIgnoreSubstringMat ch-ar-EG' DESC 'ar-EG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.58.1 NAME 'caseIgnoreOrderingMatch- ar-IQ' DESC 'ar-IQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.58.1.6 NAME 'caseIgnoreSubstringMat ch-ar-IQ' DESC 'ar-IQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.59.1 NAME 'caseIgnoreOrderingMatch- ar-JO' DESC 'ar-JO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.59.1.6 NAME 'caseIgnoreSubstringMat ch-ar-JO' DESC 'ar-JO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.60.1 NAME 'caseIgnoreOrderingMatch- ar-KW' DESC 'ar-KW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.60.1.6 NAME 'caseIgnoreSubstringMat ch-ar-KW' DESC 'ar-KW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.61.1 NAME 'caseIgnoreOrderingMatch- ar-LB' DESC 'ar-LB' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.61.1.6 NAME 'caseIgnoreSubstringMat ch-ar-LB' DESC 'ar-LB' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.62.1 NAME 'caseIgnoreOrderingMatch- ar-LY' DESC 'ar-LY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.62.1.6 NAME 'caseIgnoreSubstringMat ch-ar-LY' DESC 'ar-LY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.63.1 NAME 'caseIgnoreOrderingMatch- ar-MA' DESC 'ar-MA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.63.1.6 NAME 'caseIgnoreSubstringMat ch-ar-MA' DESC 'ar-MA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.64.1 NAME 'caseIgnoreOrderingMatch- ar-OM' DESC 'ar-OM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.64.1.6 NAME 'caseIgnoreSubstringMat ch-ar-OM' DESC 'ar-OM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.65.1 NAME 'caseIgnoreOrderingMatch- ar-QA' DESC 'ar-QA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.65.1.6 NAME 'caseIgnoreSubstringMat ch-ar-QA' DESC 'ar-QA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.66.1 NAME 'caseIgnoreOrderingMatch- ar-SA' DESC 'ar-SA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.66.1.6 NAME 'caseIgnoreSubstringMat ch-ar-SA' DESC 'ar-SA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.67.1 NAME 'caseIgnoreOrderingMatch- ar-SD' DESC 'ar-SD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.67.1.6 NAME 'caseIgnoreSubstringMat ch-ar-SD' DESC 'ar-SD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.68.1 NAME 'caseIgnoreOrderingMatch- ar-SY' DESC 'ar-SY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.68.1.6 NAME 'caseIgnoreSubstringMat ch-ar-SY' DESC 'ar-SY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.69.1 NAME 'caseIgnoreOrderingMatch- ar-TN' DESC 'ar-TN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.69.1.6 NAME 'caseIgnoreSubstringMat ch-ar-TN' DESC 'ar-TN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.70.1 NAME 'caseIgnoreOrderingMatch- ar-YE' DESC 'ar-YE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.70.1.6 NAME 'caseIgnoreSubstringMat ch-ar-YE' DESC 'ar-YE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.71.1 NAME 'caseIgnoreOrderingMatch- as' DESC 'as' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.71.1.6 NAME 'caseIgnoreSubstringMat ch-as' DESC 'as' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.72.1 NAME 'caseIgnoreOrderingMatch- as-IN' DESC 'as-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.72.1.6 NAME 'caseIgnoreSubstringMat ch-as-IN' DESC 'as-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.73.1 NAME 'caseIgnoreOrderingMatch- az' DESC 'az' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.73.1.6 NAME 'caseIgnoreSubstringMat ch-az' DESC 'az' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.74.1 NAME 'caseIgnoreOrderingMatch- az-Latn' DESC 'az-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.74.1.6 NAME 'caseIgnoreSubstringMat ch-az-Latn' DESC 'az-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.75.1 NAME 'caseIgnoreOrderingMatch- az-Latn-AZ' DESC 'az-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.75.1.6 NAME 'caseIgnoreSubstringMat ch-az-Latn-AZ' DESC 'az-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.76.1 NAME 'caseIgnoreOrderingMatch- bn' DESC 'bn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.76.1.6 NAME 'caseIgnoreSubstringMat ch-bn' DESC 'bn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.77.1 NAME 'caseIgnoreOrderingMatch- bn-BD' DESC 'bn-BD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.77.1.6 NAME 'caseIgnoreSubstringMat ch-bn-BD' DESC 'bn-BD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.78.1 NAME 'caseIgnoreOrderingMatch- bn-IN' DESC 'bn-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.78.1.6 NAME 'caseIgnoreSubstringMat ch-bn-IN' DESC 'bn-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.79.1 NAME 'caseIgnoreOrderingMatch- bs' DESC 'bs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.79.1.6 NAME 'caseIgnoreSubstringMat ch-bs' DESC 'bs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.80.1 NAME 'caseIgnoreOrderingMatch- chr' DESC 'chr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.80.1.6 NAME 'caseIgnoreSubstringMat ch-chr' DESC 'chr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.81.1 NAME 'caseIgnoreOrderingMatch- chr-US' DESC 'chr-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.81.1.6 NAME 'caseIgnoreSubstringMat ch-chr-US' DESC 'chr-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.82.1 NAME 'caseIgnoreOrderingMatch- cy' DESC 'cy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.82.1.6 NAME 'caseIgnoreSubstringMat ch-cy' DESC 'cy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.83.1 NAME 'caseIgnoreOrderingMatch- de-BE' DESC 'de-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.83.1.6 NAME 'caseIgnoreSubstringMat ch-de-BE' DESC 'de-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.84.1 NAME 'caseIgnoreOrderingMatch- de-LI' DESC 'de-LI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.84.1.6 NAME 'caseIgnoreSubstringMat ch-de-LI' DESC 'de-LI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.85.1 NAME 'caseIgnoreOrderingMatch- de-LU' DESC 'de-LU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.85.1.6 NAME 'caseIgnoreSubstringMat ch-de-LU' DESC 'de-LU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.86.1 NAME 'caseIgnoreOrderingMatch- el-CY' DESC 'el-CY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.86.1.6 NAME 'caseIgnoreSubstringMat ch-el-CY' DESC 'el-CY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.87.1 NAME 'caseIgnoreOrderingMatch- el-GR' DESC 'el-GR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.87.1.6 NAME 'caseIgnoreSubstringMat ch-el-GR' DESC 'el-GR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.88.1 NAME 'caseIgnoreOrderingMatch- en-AS' DESC 'en-AS' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.88.1.6 NAME 'caseIgnoreSubstringMat ch-en-AS' DESC 'en-AS' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.89.1 NAME 'caseIgnoreOrderingMatch- en-AU' DESC 'en-AU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.89.1.6 NAME 'caseIgnoreSubstringMat ch-en-AU' DESC 'en-AU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.90.1 NAME 'caseIgnoreOrderingMatch- en-BE' DESC 'en-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.90.1.6 NAME 'caseIgnoreSubstringMat ch-en-BE' DESC 'en-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.91.1 NAME 'caseIgnoreOrderingMatch- en-BW' DESC 'en-BW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.91.1.6 NAME 'caseIgnoreSubstringMat ch-en-BW' DESC 'en-BW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.92.1 NAME 'caseIgnoreOrderingMatch- en-BZ' DESC 'en-BZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.92.1.6 NAME 'caseIgnoreSubstringMat ch-en-BZ' DESC 'en-BZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.93.1 NAME 'caseIgnoreOrderingMatch- en-GU' DESC 'en-GU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.93.1.6 NAME 'caseIgnoreSubstringMat ch-en-GU' DESC 'en-GU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.94.1 NAME 'caseIgnoreOrderingMatch- en-GY' DESC 'en-GY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.94.1.6 NAME 'caseIgnoreSubstringMat ch-en-GY' DESC 'en-GY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.95.1 NAME 'caseIgnoreOrderingMatch- en-HK' DESC 'en-HK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.95.1.6 NAME 'caseIgnoreSubstringMat ch-en-HK' DESC 'en-HK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.96.1 NAME 'caseIgnoreOrderingMatch- en-IN' DESC 'en-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.96.1.6 NAME 'caseIgnoreSubstringMat ch-en-IN' DESC 'en-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.97.1 NAME 'caseIgnoreOrderingMatch- en-JM' DESC 'en-JM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.97.1.6 NAME 'caseIgnoreSubstringMat ch-en-JM' DESC 'en-JM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.98.1 NAME 'caseIgnoreOrderingMatch- en-MH' DESC 'en-MH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.98.1.6 NAME 'caseIgnoreSubstringMat ch-en-MH' DESC 'en-MH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.99.1 NAME 'caseIgnoreOrderingMatch- en-MP' DESC 'en-MP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.99.1.6 NAME 'caseIgnoreSubstringMat ch-en-MP' DESC 'en-MP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.100.1 NAME 'caseIgnoreOrderingMatch -en-MT' DESC 'en-MT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.100.1.6 NAME 'caseIgnoreSubstringMa tch-en-MT' DESC 'en-MT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.101.1 NAME 'caseIgnoreOrderingMatch -en-MU' DESC 'en-MU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.101.1.6 NAME 'caseIgnoreSubstringMa tch-en-MU' DESC 'en-MU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.102.1 NAME 'caseIgnoreOrderingMatch -en-NA' DESC 'en-NA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.102.1.6 NAME 'caseIgnoreSubstringMa tch-en-NA' DESC 'en-NA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.103.1 NAME 'caseIgnoreOrderingMatch -en-NZ' DESC 'en-NZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.103.1.6 NAME 'caseIgnoreSubstringMa tch-en-NZ' DESC 'en-NZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.104.1 NAME 'caseIgnoreOrderingMatch -en-PH' DESC 'en-PH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.104.1.6 NAME 'caseIgnoreSubstringMa tch-en-PH' DESC 'en-PH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.105.1 NAME 'caseIgnoreOrderingMatch -en-PK' DESC 'en-PK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.105.1.6 NAME 'caseIgnoreSubstringMa tch-en-PK' DESC 'en-PK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.106.1 NAME 'caseIgnoreOrderingMatch -en-SG' DESC 'en-SG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.106.1.6 NAME 'caseIgnoreSubstringMa tch-en-SG' DESC 'en-SG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.107.1 NAME 'caseIgnoreOrderingMatch -en-TT' DESC 'en-TT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.107.1.6 NAME 'caseIgnoreSubstringMa tch-en-TT' DESC 'en-TT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.108.1 NAME 'caseIgnoreOrderingMatch -en-UM' DESC 'en-UM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.108.1.6 NAME 'caseIgnoreSubstringMa tch-en-UM' DESC 'en-UM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.109.1 NAME 'caseIgnoreOrderingMatch -en-US' DESC 'en-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.109.1.6 NAME 'caseIgnoreSubstringMa tch-en-US' DESC 'en-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.110.1 NAME 'caseIgnoreOrderingMatch -en-US-POSIX' DESC 'en-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.110.1.6 NAME 'caseIgnoreSubstringMa tch-en-US-POSIX' DESC 'en-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.111.1 NAME 'caseIgnoreOrderingMatch -en-VI' DESC 'en-VI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.111.1.6 NAME 'caseIgnoreSubstringMa tch-en-VI' DESC 'en-VI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.112.1 NAME 'caseIgnoreOrderingMatch -en-ZA' DESC 'en-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.112.1.6 NAME 'caseIgnoreSubstringMa tch-en-ZA' DESC 'en-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.113.1 NAME 'caseIgnoreOrderingMatch -en-ZW' DESC 'en-ZW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.113.1.6 NAME 'caseIgnoreSubstringMa tch-en-ZW' DESC 'en-ZW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.114.1 NAME 'caseIgnoreOrderingMatch -es-AR' DESC 'es-AR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.114.1.6 NAME 'caseIgnoreSubstringMa tch-es-AR' DESC 'es-AR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.115.1 NAME 'caseIgnoreOrderingMatch -es-BO' DESC 'es-BO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.115.1.6 NAME 'caseIgnoreSubstringMa tch-es-BO' DESC 'es-BO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.116.1 NAME 'caseIgnoreOrderingMatch -es-CL' DESC 'es-CL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.116.1.6 NAME 'caseIgnoreSubstringMa tch-es-CL' DESC 'es-CL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.117.1 NAME 'caseIgnoreOrderingMatch -es-CO' DESC 'es-CO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.117.1.6 NAME 'caseIgnoreSubstringMa tch-es-CO' DESC 'es-CO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.118.1 NAME 'caseIgnoreOrderingMatch -es-CR' DESC 'es-CR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.118.1.6 NAME 'caseIgnoreSubstringMa tch-es-CR' DESC 'es-CR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.119.1 NAME 'caseIgnoreOrderingMatch -es-DO' DESC 'es-DO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.119.1.6 NAME 'caseIgnoreSubstringMa tch-es-DO' DESC 'es-DO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.120.1 NAME 'caseIgnoreOrderingMatch -es-EC' DESC 'es-EC' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.120.1.6 NAME 'caseIgnoreSubstringMa tch-es-EC' DESC 'es-EC' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.121.1 NAME 'caseIgnoreOrderingMatch -es-ES' DESC 'es-ES' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.121.1.6 NAME 'caseIgnoreSubstringMa tch-es-ES' DESC 'es-ES' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.122.1 NAME 'caseIgnoreOrderingMatch -es-GQ' DESC 'es-GQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.122.1.6 NAME 'caseIgnoreSubstringMa tch-es-GQ' DESC 'es-GQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.123.1 NAME 'caseIgnoreOrderingMatch -es-GT' DESC 'es-GT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.123.1.6 NAME 'caseIgnoreSubstringMa tch-es-GT' DESC 'es-GT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.124.1 NAME 'caseIgnoreOrderingMatch -es-HN' DESC 'es-HN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.124.1.6 NAME 'caseIgnoreSubstringMa tch-es-HN' DESC 'es-HN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.125.1 NAME 'caseIgnoreOrderingMatch -es-MX' DESC 'es-MX' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.125.1.6 NAME 'caseIgnoreSubstringMa tch-es-MX' DESC 'es-MX' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.126.1 NAME 'caseIgnoreOrderingMatch -es-NI' DESC 'es-NI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.126.1.6 NAME 'caseIgnoreSubstringMa tch-es-NI' DESC 'es-NI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.127.1 NAME 'caseIgnoreOrderingMatch -es-PA' DESC 'es-PA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.127.1.6 NAME 'caseIgnoreSubstringMa tch-es-PA' DESC 'es-PA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.128.1 NAME 'caseIgnoreOrderingMatch -es-PE' DESC 'es-PE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.128.1.6 NAME 'caseIgnoreSubstringMa tch-es-PE' DESC 'es-PE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.129.1 NAME 'caseIgnoreOrderingMatch -es-PR' DESC 'es-PR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.129.1.6 NAME 'caseIgnoreSubstringMa tch-es-PR' DESC 'es-PR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.130.1 NAME 'caseIgnoreOrderingMatch -es-PY' DESC 'es-PY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.130.1.6 NAME 'caseIgnoreSubstringMa tch-es-PY' DESC 'es-PY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.131.1 NAME 'caseIgnoreOrderingMatch -es-SV' DESC 'es-SV' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.131.1.6 NAME 'caseIgnoreSubstringMa tch-es-SV' DESC 'es-SV' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.132.1 NAME 'caseIgnoreOrderingMatch -es-US' DESC 'es-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.132.1.6 NAME 'caseIgnoreSubstringMa tch-es-US' DESC 'es-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.133.1 NAME 'caseIgnoreOrderingMatch -es-UY' DESC 'es-UY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.133.1.6 NAME 'caseIgnoreSubstringMa tch-es-UY' DESC 'es-UY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.134.1 NAME 'caseIgnoreOrderingMatch -es-VE' DESC 'es-VE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.134.1.6 NAME 'caseIgnoreSubstringMa tch-es-VE' DESC 'es-VE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.135.1 NAME 'caseIgnoreOrderingMatch -fa' DESC 'fa' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.135.1.6 NAME 'caseIgnoreSubstringMa tch-fa' DESC 'fa' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.136.1 NAME 'caseIgnoreOrderingMatch -fil' DESC 'fil' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.136.1.6 NAME 'caseIgnoreSubstringMa tch-fil' DESC 'fil' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.137.1 NAME 'caseIgnoreOrderingMatch -fo' DESC 'fo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.137.1.6 NAME 'caseIgnoreSubstringMa tch-fo' DESC 'fo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.138.1 NAME 'caseIgnoreOrderingMatch -fr-BF' DESC 'fr-BF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.138.1.6 NAME 'caseIgnoreSubstringMa tch-fr-BF' DESC 'fr-BF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.139.1 NAME 'caseIgnoreOrderingMatch -fr-BI' DESC 'fr-BI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.139.1.6 NAME 'caseIgnoreSubstringMa tch-fr-BI' DESC 'fr-BI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.140.1 NAME 'caseIgnoreOrderingMatch -fr-BJ' DESC 'fr-BJ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.140.1.6 NAME 'caseIgnoreSubstringMa tch-fr-BJ' DESC 'fr-BJ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.141.1 NAME 'caseIgnoreOrderingMatch -fr-BL' DESC 'fr-BL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.141.1.6 NAME 'caseIgnoreSubstringMa tch-fr-BL' DESC 'fr-BL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.142.1 NAME 'caseIgnoreOrderingMatch -fr-CD' DESC 'fr-CD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.142.1.6 NAME 'caseIgnoreSubstringMa tch-fr-CD' DESC 'fr-CD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.143.1 NAME 'caseIgnoreOrderingMatch -fr-CF' DESC 'fr-CF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.143.1.6 NAME 'caseIgnoreSubstringMa tch-fr-CF' DESC 'fr-CF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.144.1 NAME 'caseIgnoreOrderingMatch -fr-CG' DESC 'fr-CG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.144.1.6 NAME 'caseIgnoreSubstringMa tch-fr-CG' DESC 'fr-CG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.145.1 NAME 'caseIgnoreOrderingMatch -fr-CI' DESC 'fr-CI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.145.1.6 NAME 'caseIgnoreSubstringMa tch-fr-CI' DESC 'fr-CI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.146.1 NAME 'caseIgnoreOrderingMatch -fr-CM' DESC 'fr-CM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.146.1.6 NAME 'caseIgnoreSubstringMa tch-fr-CM' DESC 'fr-CM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.147.1 NAME 'caseIgnoreOrderingMatch -fr-DJ' DESC 'fr-DJ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.147.1.6 NAME 'caseIgnoreSubstringMa tch-fr-DJ' DESC 'fr-DJ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.148.1 NAME 'caseIgnoreOrderingMatch -fr-GA' DESC 'fr-GA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.148.1.6 NAME 'caseIgnoreSubstringMa tch-fr-GA' DESC 'fr-GA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.149.1 NAME 'caseIgnoreOrderingMatch -fr-GN' DESC 'fr-GN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.149.1.6 NAME 'caseIgnoreSubstringMa tch-fr-GN' DESC 'fr-GN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.150.1 NAME 'caseIgnoreOrderingMatch -fr-GP' DESC 'fr-GP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.150.1.6 NAME 'caseIgnoreSubstringMa tch-fr-GP' DESC 'fr-GP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.151.1 NAME 'caseIgnoreOrderingMatch -fr-GQ' DESC 'fr-GQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.151.1.6 NAME 'caseIgnoreSubstringMa tch-fr-GQ' DESC 'fr-GQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.152.1 NAME 'caseIgnoreOrderingMatch -fr-KM' DESC 'fr-KM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.152.1.6 NAME 'caseIgnoreSubstringMa tch-fr-KM' DESC 'fr-KM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.153.1 NAME 'caseIgnoreOrderingMatch -fr-LU' DESC 'fr-LU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.153.1.6 NAME 'caseIgnoreSubstringMa tch-fr-LU' DESC 'fr-LU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.154.1 NAME 'caseIgnoreOrderingMatch -fr-MC' DESC 'fr-MC' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.154.1.6 NAME 'caseIgnoreSubstringMa tch-fr-MC' DESC 'fr-MC' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.155.1 NAME 'caseIgnoreOrderingMatch -fr-MF' DESC 'fr-MF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.155.1.6 NAME 'caseIgnoreSubstringMa tch-fr-MF' DESC 'fr-MF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.156.1 NAME 'caseIgnoreOrderingMatch -fr-MG' DESC 'fr-MG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.156.1.6 NAME 'caseIgnoreSubstringMa tch-fr-MG' DESC 'fr-MG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.157.1 NAME 'caseIgnoreOrderingMatch -fr-ML' DESC 'fr-ML' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.157.1.6 NAME 'caseIgnoreSubstringMa tch-fr-ML' DESC 'fr-ML' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.158.1 NAME 'caseIgnoreOrderingMatch -fr-MQ' DESC 'fr-MQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.158.1.6 NAME 'caseIgnoreSubstringMa tch-fr-MQ' DESC 'fr-MQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.159.1 NAME 'caseIgnoreOrderingMatch -fr-NE' DESC 'fr-NE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.159.1.6 NAME 'caseIgnoreSubstringMa tch-fr-NE' DESC 'fr-NE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.160.1 NAME 'caseIgnoreOrderingMatch -fr-RE' DESC 'fr-RE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.160.1.6 NAME 'caseIgnoreSubstringMa tch-fr-RE' DESC 'fr-RE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.161.1 NAME 'caseIgnoreOrderingMatch -fr-RW' DESC 'fr-RW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.161.1.6 NAME 'caseIgnoreSubstringMa tch-fr-RW' DESC 'fr-RW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.162.1 NAME 'caseIgnoreOrderingMatch -fr-SN' DESC 'fr-SN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.162.1.6 NAME 'caseIgnoreSubstringMa tch-fr-SN' DESC 'fr-SN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.163.1 NAME 'caseIgnoreOrderingMatch -fr-TD' DESC 'fr-TD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.163.1.6 NAME 'caseIgnoreSubstringMa tch-fr-TD' DESC 'fr-TD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.164.1 NAME 'caseIgnoreOrderingMatch -fr-TG' DESC 'fr-TG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.164.1.6 NAME 'caseIgnoreSubstringMa tch-fr-TG' DESC 'fr-TG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.165.1 NAME 'caseIgnoreOrderingMatch -ga' DESC 'ga' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.165.1.6 NAME 'caseIgnoreSubstringMa tch-ga' DESC 'ga' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.166.1 NAME 'caseIgnoreOrderingMatch -ga-IE' DESC 'ga-IE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.166.1.6 NAME 'caseIgnoreSubstringMa tch-ga-IE' DESC 'ga-IE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.167.1 NAME 'caseIgnoreOrderingMatch -ga-IN' DESC 'ga-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.167.1.6 NAME 'caseIgnoreSubstringMa tch-ga-IN' DESC 'ga-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.168.1 NAME 'caseIgnoreOrderingMatch -ha' DESC 'ha' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.168.1.6 NAME 'caseIgnoreSubstringMa tch-ha' DESC 'ha' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.169.1 NAME 'caseIgnoreOrderingMatch -ha-Latn' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.169.1.6 NAME 'caseIgnoreSubstringMa tch-ha-Latn' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.170.1 NAME 'caseIgnoreOrderingMatch -ha-Latn-GH' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.170.1.6 NAME 'caseIgnoreSubstringMa tch-ha-Latn-GH' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.171.1 NAME 'caseIgnoreOrderingMatch -ha-Latn-NE' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.171.1.6 NAME 'caseIgnoreSubstringMa tch-ha-Latn-NE' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.172.1 NAME 'caseIgnoreOrderingMatch -ha-Latn-NG' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.172.1.6 NAME 'caseIgnoreSubstringMa tch-ha-Latn-NG' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.173.1 NAME 'caseIgnoreOrderingMatch -he' DESC 'he' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.173.1.6 NAME 'caseIgnoreSubstringMa tch-he' DESC 'he' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.174.1 NAME 'caseIgnoreOrderingMatch -hi' DESC 'hi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.174.1.6 NAME 'caseIgnoreSubstringMa tch-hi' DESC 'hi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.175.1 NAME 'caseIgnoreOrderingMatch -hy' DESC 'hy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.175.1.6 NAME 'caseIgnoreSubstringMa tch-hy' DESC 'hy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.176.1 NAME 'caseIgnoreOrderingMatch -id' DESC 'id' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.176.1.6 NAME 'caseIgnoreSubstringMa tch-id' DESC 'id' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.177.1 NAME 'caseIgnoreOrderingMatch -ig' DESC 'ig' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.177.1.6 NAME 'caseIgnoreSubstringMa tch-ig' DESC 'ig' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.178.1 NAME 'caseIgnoreOrderingMatch -it-IT' DESC 'it-IT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.178.1.6 NAME 'caseIgnoreSubstringMa tch-it-IT' DESC 'it-IT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.179.1 NAME 'caseIgnoreOrderingMatch -ka' DESC 'ka' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.179.1.6 NAME 'caseIgnoreSubstringMa tch-ka' DESC 'ka' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.180.1 NAME 'caseIgnoreOrderingMatch -ka-GE' DESC 'ka-GE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.180.1.6 NAME 'caseIgnoreSubstringMa tch-ka-GE' DESC 'ka-GE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.181.1 NAME 'caseIgnoreOrderingMatch -kk' DESC 'kk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.181.1.6 NAME 'caseIgnoreSubstringMa tch-kk' DESC 'kk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.182.1 NAME 'caseIgnoreOrderingMatch -kl' DESC 'kl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.182.1.6 NAME 'caseIgnoreSubstringMa tch-kl' DESC 'kl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.183.1 NAME 'caseIgnoreOrderingMatch -kn' DESC 'kn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.183.1.6 NAME 'caseIgnoreSubstringMa tch-kn' DESC 'kn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.184.1 NAME 'caseIgnoreOrderingMatch -kok' DESC 'kok' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.184.1.6 NAME 'caseIgnoreSubstringMa tch-kok' DESC 'kok' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.185.1 NAME 'caseIgnoreOrderingMatch -ml' DESC 'ml' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.185.1.6 NAME 'caseIgnoreSubstringMa tch-ml' DESC 'ml' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.186.1 NAME 'caseIgnoreOrderingMatch -ms' DESC 'ms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.186.1.6 NAME 'caseIgnoreSubstringMa tch-ms' DESC 'ms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.187.1 NAME 'caseIgnoreOrderingMatch -ms-BN' DESC 'ms-BN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.187.1.6 NAME 'caseIgnoreSubstringMa tch-ms-BN' DESC 'ms-BN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.188.1 NAME 'caseIgnoreOrderingMatch -ms-MY' DESC 'ms-MY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.188.1.6 NAME 'caseIgnoreSubstringMa tch-ms-MY' DESC 'ms-MY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.189.1 NAME 'caseIgnoreOrderingMatch -mt' DESC 'mt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.189.1.6 NAME 'caseIgnoreSubstringMa tch-mt' DESC 'mt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.190.1 NAME 'caseIgnoreOrderingMatch -nl-NL' DESC 'nl-NL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.190.1.6 NAME 'caseIgnoreSubstringMa tch-nl-NL' DESC 'nl-NL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.191.1 NAME 'caseIgnoreOrderingMatch -nn' DESC 'nn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.191.1.6 NAME 'caseIgnoreSubstringMa tch-nn' DESC 'nn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.192.1 NAME 'caseIgnoreOrderingMatch -om' DESC 'om' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.192.1.6 NAME 'caseIgnoreSubstringMa tch-om' DESC 'om' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.193.1 NAME 'caseIgnoreOrderingMatch -om-ET' DESC 'om-ET' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.193.1.6 NAME 'caseIgnoreSubstringMa tch-om-ET' DESC 'om-ET' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.194.1 NAME 'caseIgnoreOrderingMatch -om-KE' DESC 'om-KE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.194.1.6 NAME 'caseIgnoreSubstringMa tch-om-KE' DESC 'om-KE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.195.1 NAME 'caseIgnoreOrderingMatch -or' DESC 'or' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.195.1.6 NAME 'caseIgnoreSubstringMa tch-or' DESC 'or' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.196.1 NAME 'caseIgnoreOrderingMatch -pa' DESC 'pa' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.196.1.6 NAME 'caseIgnoreSubstringMa tch-pa' DESC 'pa' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.197.1 NAME 'caseIgnoreOrderingMatch -pa-Arab' DESC 'pa-Arab' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.197.1.6 NAME 'caseIgnoreSubstringMa tch-pa-Arab' DESC 'pa-Arab' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.198.1 NAME 'caseIgnoreOrderingMatch -pa-Arab-PK' DESC 'pa-Arab' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.198.1.6 NAME 'caseIgnoreSubstringMa tch-pa-Arab-PK' DESC 'pa-Arab' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.199.1 NAME 'caseIgnoreOrderingMatch -pa-Guru' DESC 'pa-Guru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.199.1.6 NAME 'caseIgnoreSubstringMa tch-pa-Guru' DESC 'pa-Guru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.200.1 NAME 'caseIgnoreOrderingMatch -pa-Guru-IN' DESC 'pa-Guru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.200.1.6 NAME 'caseIgnoreSubstringMa tch-pa-Guru-IN' DESC 'pa-Guru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.201.1 NAME 'caseIgnoreOrderingMatch -ps' DESC 'ps' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.201.1.6 NAME 'caseIgnoreSubstringMa tch-ps' DESC 'ps' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.202.1 NAME 'caseIgnoreOrderingMatch -pt' DESC 'pt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.202.1.6 NAME 'caseIgnoreSubstringMa tch-pt' DESC 'pt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.203.1 NAME 'caseIgnoreOrderingMatch -pt-BR' DESC 'pt-BR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.203.1.6 NAME 'caseIgnoreSubstringMa tch-pt-BR' DESC 'pt-BR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.204.1 NAME 'caseIgnoreOrderingMatch -pt-PT' DESC 'pt-PT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.204.1.6 NAME 'caseIgnoreSubstringMa tch-pt-PT' DESC 'pt-PT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.205.1 NAME 'caseIgnoreOrderingMatch -ro-MD' DESC 'ro-MD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.205.1.6 NAME 'caseIgnoreSubstringMa tch-ro-MD' DESC 'ro-MD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.206.1 NAME 'caseIgnoreOrderingMatch -ro-RO' DESC 'ro-RO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.206.1.6 NAME 'caseIgnoreSubstringMa tch-ro-RO' DESC 'ro-RO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.207.1 NAME 'caseIgnoreOrderingMatch -ru-MD' DESC 'ru-MD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.207.1.6 NAME 'caseIgnoreSubstringMa tch-ru-MD' DESC 'ru-MD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.208.1 NAME 'caseIgnoreOrderingMatch -ru-RU' DESC 'ru-RU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.208.1.6 NAME 'caseIgnoreSubstringMa tch-ru-RU' DESC 'ru-RU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.209.1 NAME 'caseIgnoreOrderingMatch -ru-UA' DESC 'ru-UA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.209.1.6 NAME 'caseIgnoreSubstringMa tch-ru-UA' DESC 'ru-UA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.210.1 NAME 'caseIgnoreOrderingMatch -si' DESC 'si' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.210.1.6 NAME 'caseIgnoreSubstringMa tch-si' DESC 'si' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.211.1 NAME 'caseIgnoreOrderingMatch -sk-SK' DESC 'sk-SK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.211.1.6 NAME 'caseIgnoreSubstringMa tch-sk-SK' DESC 'sk-SK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.212.1 NAME 'caseIgnoreOrderingMatch -sl-SI' DESC 'sl-SI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.212.1.6 NAME 'caseIgnoreSubstringMa tch-sl-SI' DESC 'sl-SI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.213.1 NAME 'caseIgnoreOrderingMatch -sq-AL' DESC 'sq-AL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.213.1.6 NAME 'caseIgnoreSubstringMa tch-sq-AL' DESC 'sq-AL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.214.1 NAME 'caseIgnoreOrderingMatch -sr-Cyrl' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.214.1.6 NAME 'caseIgnoreSubstringMa tch-sr-Cyrl' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.215.1 NAME 'caseIgnoreOrderingMatch -sr-Cyrl-BA' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.215.1.6 NAME 'caseIgnoreSubstringMa tch-sr-Cyrl-BA' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.216.1 NAME 'caseIgnoreOrderingMatch -sr-Cyrl-ME' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.216.1.6 NAME 'caseIgnoreSubstringMa tch-sr-Cyrl-ME' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.217.1 NAME 'caseIgnoreOrderingMatch -sr-Cyrl-RS' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.217.1.6 NAME 'caseIgnoreSubstringMa tch-sr-Cyrl-RS' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.218.1 NAME 'caseIgnoreOrderingMatch -sr-Latn' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.218.1.6 NAME 'caseIgnoreSubstringMa tch-sr-Latn' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.219.1 NAME 'caseIgnoreOrderingMatch -sr-Latn-BA' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.219.1.6 NAME 'caseIgnoreSubstringMa tch-sr-Latn-BA' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.220.1 NAME 'caseIgnoreOrderingMatch -sr-Latn-ME' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.220.1.6 NAME 'caseIgnoreSubstringMa tch-sr-Latn-ME' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.221.1 NAME 'caseIgnoreOrderingMatch -sr-Latn-RS' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.221.1.6 NAME 'caseIgnoreSubstringMa tch-sr-Latn-RS' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.222.1 NAME 'caseIgnoreOrderingMatch -sv-FI' DESC 'sv-FI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.222.1.6 NAME 'caseIgnoreSubstringMa tch-sv-FI' DESC 'sv-FI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.223.1 NAME 'caseIgnoreOrderingMatch -sv-SE' DESC 'sv-SE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.223.1.6 NAME 'caseIgnoreSubstringMa tch-sv-SE' DESC 'sv-SE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.224.1 NAME 'caseIgnoreOrderingMatch -sw' DESC 'sw' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.224.1.6 NAME 'caseIgnoreSubstringMa tch-sw' DESC 'sw' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.225.1 NAME 'caseIgnoreOrderingMatch -sw-KE' DESC 'sw-KE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.225.1.6 NAME 'caseIgnoreSubstringMa tch-sw-KE' DESC 'sw-KE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.226.1 NAME 'caseIgnoreOrderingMatch -sw-TZ' DESC 'sw-TZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.226.1.6 NAME 'caseIgnoreSubstringMa tch-sw-TZ' DESC 'sw-TZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.227.1 NAME 'caseIgnoreOrderingMatch -ta' DESC 'ta' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.227.1.6 NAME 'caseIgnoreSubstringMa tch-ta' DESC 'ta' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.228.1 NAME 'caseIgnoreOrderingMatch -ta-IN' DESC 'ta-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.228.1.6 NAME 'caseIgnoreSubstringMa tch-ta-IN' DESC 'ta-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.229.1 NAME 'caseIgnoreOrderingMatch -ta-LK' DESC 'ta-LK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.229.1.6 NAME 'caseIgnoreSubstringMa tch-ta-LK' DESC 'ta-LK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.230.1 NAME 'caseIgnoreOrderingMatch -te' DESC 'te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.230.1.6 NAME 'caseIgnoreSubstringMa tch-te' DESC 'te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.231.1 NAME 'caseIgnoreOrderingMatch -th' DESC 'th' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.231.1.6 NAME 'caseIgnoreSubstringMa tch-th' DESC 'th' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.232.1 NAME 'caseIgnoreOrderingMatch -ur' DESC 'ur' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.232.1.6 NAME 'caseIgnoreSubstringMa tch-ur' DESC 'ur' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.233.1 NAME 'caseIgnoreOrderingMatch -ur-IN' DESC 'ur-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.233.1.6 NAME 'caseIgnoreSubstringMa tch-ur-IN' DESC 'ur-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.234.1 NAME 'caseIgnoreOrderingMatch -ur-PK' DESC 'ur-PK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.234.1.6 NAME 'caseIgnoreSubstringMa tch-ur-PK' DESC 'ur-PK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.235.1 NAME 'caseIgnoreOrderingMatch -vi' DESC 'vi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.235.1.6 NAME 'caseIgnoreSubstringMa tch-vi' DESC 'vi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.236.1 NAME 'caseIgnoreOrderingMatch -yo' DESC 'yo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.236.1.6 NAME 'caseIgnoreSubstringMa tch-yo' DESC 'yo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.237.1 NAME 'caseIgnoreOrderingMatch -zh-Hans' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.237.1.6 NAME 'caseIgnoreSubstringMa tch-zh-Hans' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.238.1 NAME 'caseIgnoreOrderingMatch -zh-Hans-CN' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.238.1.6 NAME 'caseIgnoreSubstringMa tch-zh-Hans-CN' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.239.1 NAME 'caseIgnoreOrderingMatch -zh-Hans-SG' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.239.1.6 NAME 'caseIgnoreSubstringMa tch-zh-Hans-SG' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.240.1 NAME 'caseIgnoreOrderingMatch -zh-Hant-HK' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.240.1.6 NAME 'caseIgnoreSubstringMa tch-zh-Hant-HK' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.241.1 NAME 'caseIgnoreOrderingMatch -zh-Hant-MO' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.241.1.6 NAME 'caseIgnoreSubstringMa tch-zh-Hant-MO' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.242.1 NAME 'caseIgnoreOrderingMatch -zh-Hant-TW' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.242.1.6 NAME 'caseIgnoreSubstringMa tch-zh-Hant-TW' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.243.1 NAME 'caseIgnoreOrderingMatch -zu' DESC 'zu' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.243.1.6 NAME 'caseIgnoreSubstringMa tch-zu' DESC 'zu' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.244.1 NAME 'caseIgnoreOrderingMatch -zu-ZA' DESC 'zu-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.244.1.6 NAME 'caseIgnoreSubstringMa tch-zu-ZA' DESC 'zu-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.0.3 SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.0.3.6 SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.11.3 NAME 'caseExactOrderingMatch-e n' DESC 'en' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.16.840.1.113730.3.3.2.11.3.6 NAME 'caseExactSubstringMatc h-en' DESC 'en' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) matchingRules: ( 2.5.13.23 NAME 'uniqueMemberMatch' DESC 'The uniqueMemberMa tch rule compares an assertion value of the Name And Optional UID syntax to an attribute value of a syntax (e.g., the Name And Optional UID syntax) wh ose corresponding ASN.1 type is NameAndOptionalUID. The rule evaluates to TRUE if and only if the components of the assertion val ue and attribute value match according to the distinguishedNameMatch rule a nd either, (1) the component is absent from both the attribute value and assertion value, or (2) the component is present in b oth the attribute value and the assertion value and the compone nt of the assertion value matches the component of the attribut e value according to the bitStringMatch rule. Note that this matching rule has been altered from its description in X.520 [X.520] in order to make th e matching rule commutative. Server implementors should consider using the original X.520 semantics (where the matching was less exact) for approxima te matching of attributes with uniqueMemberMatch as the equality matching r ule.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) matchingRules: ( 2.5.13.8 NAME 'numericStringMatch' DESC 'The rule evaluates to TRUE if and only if the prepared attribute value character string and t he prepared assertion value character string have the same number of charac ters and corresponding characters have the same code point.' SYNTAX 1.3.6.1 .4.1.1466.115.121.1.36 ) matchingRules: ( 2.5.13.9 NAME 'numericStringOrderingMatch' DESC 'The rule e valuates to TRUE if and only if, in the code point collation order, the pre pared attribute value character string appears earlier than the prepared as sertion value character string; i.e., the attribute value is less than the assertion value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 ) matchingRules: ( 2.5.13.10 NAME 'numericStringSubstringsMatch' DESC 'The rul e evaluates to TRUE if and only if (1) the prepared substrings of the asser tion value match disjoint portions of the prepared attribute value, (2) an initial substring, if present, matches the beginning of the prepared attrib ute value character string, and (3) a final substring, if present, matches the end of the prepared attribute value character string.' SYNTAX 1.3.6.1.4 .1.1466.115.121.1.58 ) matchingRules: ( 2.5.13.20 NAME 'telephoneNumberMatch' DESC 'The telephoneNu mberMatch rule compares an assertion value of the Telephone Number syntax t o an attribute value of a syntax (e.g., the Telephone Number syntax) whose corresponding ASN.1 type is a PrintableString representing a telephone numb er. The rule evaluates to TRUE if and only if the prepared attribute value character string and the prepared assertion value character string have the same number of characters and corresponding characters have the same code point. In preparing the attribute value and assertion value for comparison, characters are case folded in the Map preparation step, and only telephone Number Insignificant Character Handling is applied in the Insignificant Cha racter Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) matchingRules: ( 2.5.13.21 NAME 'telephoneNumberSubstringsMatch' DESC 'The t elephoneNumberSubstringsMatch rule compares an assertion value of the Subst ring Assertion syntax to an attribute value of a syntax (e.g., the Telephon e Number syntax) whose corresponding ASN.1 type is a PrintableString repres enting a telephone number. The rule evaluates to TRUE if and only if (1) th e prepared substrings of the assertion value match disjoint portions of the prepared attribute value character string in the order of the substrings i n the assertion value, (2) an substring, if present, matches the beginning of the prepared attribute value character string, and (3) a substring, if present, matches the end of the prepared attribute value c haracter string. A prepared substring matches a portion of the prepared at tribute value character string if corresponding characters have the same co de point. In preparing the attribute value and assertion value substrings f or comparison, characters are case folded in the Map preparation step, and only telephoneNumber Insignificant Character Handling is applied in the Ins ignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) objectClass: top objectClass: ldapSubentry objectClass: subschema objectClasses: ( 2.5.6.0 NAME 'top' ABSTRACT MUST objectClass X-ORIGIN 'RFC 4512' ) objectClasses: ( 2.5.6.1 NAME 'alias' SUP top STRUCTURAL MUST aliasedObjectN ame X-ORIGIN 'RFC 4512' ) objectClasses: ( 2.5.20.1 NAME 'subschema' AUXILIARY MAY ( dITStructureRules $ nameForms $ dITContentRules $ objectClasses $ attributeTypes $ matchingR ules $ matchingRuleUse ) X-ORIGIN 'RFC 4512' ) objectClasses: ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject' SUP to p AUXILIARY X-ORIGIN 'RFC 4512' ) objectClasses: ( 2.5.6.11 NAME 'applicationProcess' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $ description ) X-ORIGIN 'RFC 4519' ) objectClasses: ( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c MAY ( sear chGuide $ description ) X-ORIGIN 'RFC 4519' ) objectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'Standard LDAP ob jectclass' SUP top AUXILIARY MUST dc X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) objectClasses: ( 2.5.6.14 NAME 'device' SUP top STRUCTURAL MUST cn MAY ( ser ialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) X-ORIGIN 'RFC 4519 ' ) objectClasses: ( 2.5.6.9 NAME 'groupOfNames' SUP top STRUCTURAL MUST cn MAY ( member $ businessCategory $ seeAlso $ owner $ ou $ o $ description ) X-OR IGIN 'RFC 4519' ) objectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames' SUP top STRUCTURAL MUST cn MAY ( uniqueMember $ businessCategory $ seeAlso $ owner $ ou $ o $ descr iption ) X-ORIGIN 'RFC 4519' ) objectClasses: ( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL MAY ( street $ s eeAlso $ searchGuide $ st $ l $ description ) X-ORIGIN 'RFC 4519' ) objectClasses: ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ re gisteredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNum ber $ teletexTerminalIdentifier $ telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalA ddress $ physicalDeliveryOfficeName $ st $ l $ description ) X-ORIGIN 'RFC 4519' ) objectClasses: ( 2.5.6.6 NAME 'person' SUP top STRUCTURAL MUST ( sn $ cn ) M AY ( userPassword $ telephoneNumber $ seeAlso $ description ) X-ORIGIN 'RFC 4519' ) objectClasses: ( 2.5.6.7 NAME 'organizationalPerson' SUP person STRUCTURAL M AY ( title $ x121Address $ registeredAddress $ destinationIndicator $ prefe rredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ internationa lISDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCod e $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) X-ORIGIN 'RF C 4519' ) objectClasses: ( 2.5.6.8 NAME 'organizationalRole' SUP top STRUCTURAL MUST c n MAY ( x121Address $ registeredAddress $ destinationIndicator $ preferredD eliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ seeAlso $ roleOccupan t $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryO fficeName $ ou $ st $ l $ description ) X-ORIGIN 'RFC 4519' ) objectClasses: ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST o u MAY ( businessCategory $ description $ destinationIndicator $ facsimileTe lephoneNumber $ internationalISDNNumber $ l $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ preferredDeliveryMethod $ regi steredAddress $ searchGuide $ seeAlso $ st $ street $ telephoneNumber $ tel etexTerminalIdentifier $ telexNumber $ userPassword $ x121Address ) X-ORIGI N 'RFC 4519' ) objectClasses: ( 2.5.6.10 NAME 'residentialPerson' SUP person STRUCTURAL MUS T l MAY ( businessCategory $ x121Address $ registeredAddress $ destinationI ndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifie r $ internationalISDNNumber $ facsimileTelephoneNumber $ street $ postOffic eBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l ) X -ORIGIN 'RFC 4519' ) objectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject' SUP top AUXILIARY MUST uid X -ORIGIN 'RFC 4519' ) objectClasses: ( 2.16.840.1.113719.2.142.6.1.1 NAME 'ldapSubEntry' DESC 'LDA P Subentry class, version 1' SUP top STRUCTURAL MAY cn X-ORIGIN 'LDAP Suben try Internet Draft' ) objectClasses: ( 2.16.840.1.113730.3.2.40 NAME 'directoryServerFeature' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MAY ( oid $ cn $ multiLi neDescription ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.41 NAME 'nsslapdPlugin' DESC 'Netscap e defined objectclass' SUP top STRUCTURAL MUST ( cn $ nsslapd-pluginPath $ nsslapd-pluginInitfunc $ nsslapd-pluginType $ nsslapd-pluginId $ nsslapd-pl uginVersion $ nsslapd-pluginVendor $ nsslapd-pluginDescription $ nsslapd-pl uginEnabled ) MAY ( nsslapd-pluginConfigArea $ nsslapd-plugin-depends-on-ty pe ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.44 NAME 'nsIndex' DESC 'Netscape defi ned objectclass' SUP top STRUCTURAL MUST ( cn $ nsSystemIndex ) MAY ( descr iption $ nsIndexType $ nsMatchingRule $ nsIndexIDListScanLimit ) X-ORIGIN ' Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.109 NAME 'nsBackendInstance' DESC 'Ne tscape defined objectclass' SUP top STRUCTURAL MUST cn X-ORIGIN 'Netscape D irectory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.110 NAME 'nsMappingTree' DESC 'Netsca pe defined objectclass' SUP top STRUCTURAL MUST cn X-ORIGIN 'Netscape Direc tory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.104 NAME 'nsContainer' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn X-ORIGIN 'Netscape Directo ry Server' ) objectClasses: ( 2.16.840.1.113730.3.2.108 NAME 'nsDS5Replica' DESC 'Netscap e defined objectclass' SUP top STRUCTURAL MUST ( nsDS5ReplicaRoot $ nsDS5Re plicaId ) MAY ( cn $ nsds5ReplicaPreciseTombstonePurging $ nsds5ReplicaClea nRUV $ nsds5ReplicaAbortCleanRUV $ nsDS5ReplicaType $ nsDS5ReplicaBindDN $ nsState $ nsDS5ReplicaName $ nsDS5Flags $ nsDS5Task $ nsDS5ReplicaReferral $ nsDS5ReplicaAutoReferral $ nsds5ReplicaPurgeDelay $ nsds5ReplicaTombstone PurgeInterval $ nsds5ReplicaChangeCount $ nsds5ReplicaLegacyConsumer $ nsds 5ReplicaProtocolTimeout $ nsds5ReplicaBackoffMin $ nsds5ReplicaBackoffMax $ nsds5ReplicaReleaseTimeout ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.113 NAME 'nsTombstone' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MAY ( nstombstonecsn $ nsParentUni queId $ nscpEntryDN ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.103 NAME 'nsDS5ReplicationAgreement' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsds5R eplicaCleanRUVNotified $ nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5Replica TransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5Replica BindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5Replica tedAttributeListTotal $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefre sh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5replicaTimeo ut $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds 5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdate InProgress $ nsds5replicaLastInitEnd $ nsds5ReplicaEnabled $ nsds5replicaLa stInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5 replicaBusyWaitTime $ nsds5ReplicaStripAttrs $ nsds5replicaSessionPauseTime $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaFlowControlWindow $ nsds5Repli caFlowControlPause $ nsDS5ReplicaWaitForAsyncResults ) X-ORIGIN 'Netscape D irectory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.39 NAME 'nsslapdConfig' DESC 'Netscap e defined objectclass' SUP top STRUCTURAL MAY cn X-ORIGIN 'Netscape Directo ry Server' ) objectClasses: ( 2.16.840.1.113730.3.2.317 NAME 'nsSaslMapping' DESC 'Netsca pe defined objectclass' SUP top STRUCTURAL MUST ( cn $ nsSaslMapRegexString $ nsSaslMapBaseDNTemplate $ nsSaslMapFilterTemplate ) MAY nsSaslMapPriorit y X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.43 NAME 'nsSNMP' DESC 'Netscape defin ed objectclass' SUP top STRUCTURAL MUST ( cn $ nsSNMPEnabled ) MAY ( nsSNMP Organization $ nsSNMPLocation $ nsSNMPContact $ nsSNMPDescription $ nsSNMPN ame $ nsSNMPMasterHost $ nsSNMPMasterPort ) X-ORIGIN 'Netscape Directory Se rver' ) objectClasses: ( nsEncryptionConfig-oid NAME 'nsEncryptionConfig' DESC 'Nets cape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsCertfile $ nsK eyfile $ nsSSL2 $ nsSSL3 $ nsTLS1 $ sslVersionMin $ sslVersionMax $ nsSSLSe ssionTimeout $ nsSSL3SessionTimeout $ nsSSLClientAuth $ nsSSL2Ciphers $ nsS SL3Ciphers $ nsSSLSupportedCiphers $ allowWeakCipher $ CACertExtractFile $ allowWeakDHParam ) X-ORIGIN 'Netscape' ) objectClasses: ( nsEncryptionModule-oid NAME 'nsEncryptionModule' DESC 'Nets cape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsSSLToken $ nsS SLPersonalitySSL $ nsSSLActivation $ ServerKeyExtractFile $ ServerCertExtra ctFile ) X-ORIGIN 'Netscape' ) objectClasses: ( 2.16.840.1.113730.3.2.327 NAME 'rootDNPluginConfig' DESC 'N etscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( rootdn-open-t ime $ rootdn-close-time $ rootdn-days-allowed $ rootdn-allow-host $ rootdn- deny-host $ rootdn-allow-ip $ rootdn-deny-ip ) X-ORIGIN 'Netscape' ) objectClasses: ( 2.16.840.1.113730.3.2.328 NAME 'nsSchemaPolicy' DESC 'Netsc ape defined objectclass' SUP top STRUCTURAL MAY ( cn $ schemaUpdateObjectcl assAccept $ schemaUpdateObjectclassReject $ schemaUpdateAttributeAccept $ s chemaUpdateAttributeReject ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.31 NAME 'groupOfCertificates' DESC 'N etscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( memberCertifi cateDescription $ businessCategory $ description $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.33 NAME 'groupOfURLs' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( memberURL $ businessC ategory $ description $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Direc tory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.35 NAME 'LDAPServer' DESC 'Netscape d efined objectclass' SUP top STRUCTURAL MUST cn MAY ( description $ l $ ou $ seeAlso $ generation $ changeLogMaximumAge $ changeLogMaximumSize ) X-ORIG IN 'Netscape Directory Server' ) objectClasses: ( 1.3.6.1.4.1.250.3.18 NAME 'cacheObject' DESC 'object that c ontains the TTL (time to live) attribute type' SUP top STRUCTURAL MAY ttl X -ORIGIN 'LDAP Caching Internet Draft' ) objectClasses: ( 2.16.840.1.113730.3.2.10 NAME 'netscapeServer' DESC 'Netsca pe defined objectclass' SUP top STRUCTURAL MUST cn MAY ( description $ serv erRoot $ serverProductName $ serverVersionNumber $ installationTimeStamp $ administratorContactInfo $ userPassword $ adminUrl $ serverHostName ) X-ORI GIN 'Netscape Administration Services' ) objectClasses: ( 2.16.840.1.113730.3.2.7 NAME 'nsLicenseUser' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MAY ( nsLicensedFor $ nsLicenseSta rtTime $ nsLicenseEndTime ) X-ORIGIN 'Netscape Administration Services' ) objectClasses: ( 2.16.840.1.113730.3.2.1 NAME 'changeLogEntry' DESC 'LDAP ch angelog objectclass' SUP top STRUCTURAL MUST ( targetDn $ changeTime $ chan geNumber $ changeType ) MAY ( changes $ newRdn $ deleteOldRdn $ newSuperior ) X-ORIGIN 'Changelog Internet Draft' ) objectClasses: ( 2.16.840.1.113730.3.2.6 NAME 'referral' DESC 'LDAP referral s objectclass' SUP top STRUCTURAL MAY ref X-ORIGIN 'LDAPv3 referrals Intern et Draft' ) objectClasses: ( 2.16.840.1.113730.3.2.12 NAME 'passwordObject' DESC 'Netsca pe defined password policy objectclass' SUP top STRUCTURAL MAY ( pwdpolicys ubentry $ passwordExpirationTime $ passwordExpWarned $ passwordRetryCount $ retryCountResetTime $ accountUnlockTime $ passwordHistory $ passwordAllowC hangeTime $ passwordGraceUserTime ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.13 NAME 'passwordPolicy' DESC 'Netsca pe defined password policy objectclass' SUP top STRUCTURAL MAY ( passwordMa xAge $ passwordExp $ passwordMinLength $ passwordKeepHistory $ passwordInHi story $ passwordChange $ passwordWarning $ passwordLockout $ passwordMaxFai lure $ passwordResetDuration $ passwordUnlock $ passwordLockoutDuration $ p asswordCheckSyntax $ passwordMustChange $ passwordStorageScheme $ passwordM inAge $ passwordResetFailureCount $ passwordGraceLimit $ passwordMinDigits $ passwordMinAlphas $ passwordMinUppers $ passwordMinLowers $ passwordMinSp ecials $ passwordMin8bit $ passwordMaxRepeats $ passwordMinCategories $ pas swordMinTokenLength $ passwordTrackUpdateTime $ passwordAdminDN ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.30 NAME 'glue' DESC 'Netscape defined objectclass' SUP top STRUCTURAL X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.32 NAME 'netscapeMachineData' DESC 'N etscape defined objectclass' SUP top STRUCTURAL X-ORIGIN 'Netscape Director y Server' ) objectClasses: ( 2.16.840.1.113730.3.2.38 NAME 'vlvSearch' DESC 'Netscape de fined objectclass' SUP top STRUCTURAL MUST ( cn $ vlvBase $ vlvScope $ vlvF ilter ) MAY multiLineDescription X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.42 NAME 'vlvIndex' DESC 'Netscape def ined objectclass' SUP top STRUCTURAL MUST ( cn $ vlvSort ) MAY ( vlvEnabled $ vlvUses ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.84 NAME 'cosDefinition' DESC 'Netscap e defined objectclass' SUP top STRUCTURAL MAY ( costargettree $ costemplate dn $ cosspecifier $ cosAttribute $ aci $ cn $ uid ) X-ORIGIN 'Netscape Dire ctory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.93 NAME 'nsRoleDefinition' DESC 'Nets cape defined objectclass' SUP ldapSubEntry STRUCTURAL MAY ( description $ n sRoleScopeDN ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.94 NAME 'nsSimpleRoleDefinition' DESC 'Netscape defined objectclass' SUP nsRoleDefinition STRUCTURAL X-ORIGIN 'N etscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.95 NAME 'nsComplexRoleDefinition' DES C 'Netscape defined objectclass' SUP nsRoleDefinition STRUCTURAL X-ORIGIN ' Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.96 NAME 'nsManagedRoleDefinition' DES C 'Netscape defined objectclass' SUP nsSimpleRoleDefinition STRUCTURAL X-OR IGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.97 NAME 'nsFilteredRoleDefinition' DE SC 'Netscape defined objectclass' SUP nsComplexRoleDefinition STRUCTURAL MU ST nsRoleFilter X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.98 NAME 'nsNestedRoleDefinition' DESC 'Netscape defined objectclass' SUP nsComplexRoleDefinition STRUCTURAL MUST nsRoleDN X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.99 NAME 'cosSuperDefinition' DESC 'Ne tscape defined objectclass' SUP ldapSubEntry STRUCTURAL MUST cosAttribute M AY description X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.100 NAME 'cosClassicDefinition' DESC 'Netscape defined objectclass' SUP cosSuperDefinition STRUCTURAL MAY ( cost emplatedn $ cosspecifier ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.101 NAME 'cosPointerDefinition' DESC 'Netscape defined objectclass' SUP cosSuperDefinition STRUCTURAL MAY costem platedn X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.102 NAME 'cosIndirectDefinition' DESC 'Netscape defined objectclass' SUP cosSuperDefinition STRUCTURAL MAY cosIn directSpecifier X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.503 NAME 'nsDSWindowsReplicationAgree ment' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5Repl icaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5Replica Root $ nsDS5ReplicatedAttributeList $ nsDS5ReplicaUpdateSchedule $ nsds5Beg inReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsd s5replicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUp dateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds 5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5replicaLastInitSt art $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaB usyWaitTime $ nsds5replicaSessionPauseTime $ nsds7WindowsReplicaSubtree $ n sds7DirectoryReplicaSubtree $ nsds7NewWinUserSyncEnabled $ nsds7NewWinGroup SyncEnabled $ nsds7WindowsDomain $ nsds7DirsyncCookie $ winSyncInterval $ o neWaySync $ winSyncMoveAction $ nsds5ReplicaEnabled $ winSyncDirectoryFilte r $ winSyncWindowsFilter $ winSyncSubtreePair ) X-ORIGIN 'Netscape Director y Server' ) objectClasses: ( 2.16.840.1.113730.3.2.128 NAME 'costemplate' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MAY ( cn $ cosPriority ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.304 NAME 'nsView' DESC 'Netscape defi ned objectclass' SUP top AUXILIARY MAY ( nsViewFilter $ description ) X-ORI GIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.316 NAME 'nsAttributeEncryption' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST ( cn $ nsEncryption Algorithm ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.5.6.21 NAME 'pkiUser' DESC 'X.509 PKI User' SUP top AUXIL IARY MAY userCertificate X-ORIGIN 'RFC 4523' ) objectClasses: ( 2.5.6.22 NAME 'pkiCA' DESC 'X.509 PKI Certificate Authority ' SUP top AUXILIARY MAY ( cACertificate $ certificateRevocationList $ autho rityRevocationList $ crossCertificatePair ) X-ORIGIN 'RFC 4523' ) objectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint' DESC 'X.509 CRL distri bution point' SUP top STRUCTURAL MUST cn MAY ( certificateRevocationList $ authorityRevocationList $ deltaRevocationList ) X-ORIGIN 'RFC 4523' ) objectClasses: ( 2.5.6.23 NAME 'deltaCRL' DESC 'X.509 delta CRL' SUP top AUX ILIARY MAY deltaRevocationList X-ORIGIN 'RFC 4523' ) objectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser' DESC 'X.521 strong authentication user' SUP top AUXILIARY MUST userCertificate X-ORIGIN 'RFC 4523' ) objectClasses: ( 2.5.6.18 NAME 'userSecurityInformation' DESC 'X.521 user se curity information' SUP top AUXILIARY MAY supportedAlgorithms X-ORIGIN 'RFC 4523' ) objectClasses: ( 2.5.6.16 NAME 'certificationAuthority' DESC 'X.509 certific ate authority' SUP top AUXILIARY MUST ( authorityRevocationList $ certifica teRevocationList $ cACertificate ) MAY crossCertificatePair X-ORIGIN 'RFC 4 523' ) objectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2' DESC 'X.509 cer tificate authority, version 2' SUP certificationAuthority AUXILIARY MAY del taRevocationList X-ORIGIN 'RFC 4523' ) objectClasses: ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCTURAL MUST uid MAY ( description $ seeAlso $ l $ o $ ou $ host ) X-ORIGIN 'RFC 4 524' ) objectClasses: ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUCTURA L MUST documentIdentifier MAY ( cn $ description $ seeAlso $ l $ o $ ou $ d ocumentTitle $ documentVersion $ documentAuthor $ documentLocation $ docume ntPublisher ) X-ORIGIN 'RFC 4524' ) objectClasses: ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top STR UCTURAL MUST cn MAY ( description $ l $ o $ ou $ seeAlso $ telephoneNumber ) X-ORIGIN 'RFC 4524' ) objectClasses: ( 0.9.2342.19200300.100.4.13 NAME 'domain' DESC 'Standard LDA P objectclass' SUP top STRUCTURAL MUST dc MAY ( associatedName $ businessCa tegory $ description $ destinationIndicator $ facsimileTelephoneNumber $ in ternationalISDNNumber $ l $ o $ physicalDeliveryOfficeName $ postOfficeBox $ postalAddress $ postalCode $ preferredDeliveryMethod $ registeredAddress $ searchGuide $ seeAlso $ st $ street $ telephoneNumber $ teletexTerminalId entifier $ telexNumber $ userPassword $ x121Address ) X-ORIGIN ( 'IPA v4.4. 2' 'user defined' ) ) objectClasses: ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' SUP t op AUXILIARY MUST associatedDomain X-ORIGIN 'RFC 4524' ) objectClasses: ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP count ry STRUCTURAL MUST co X-ORIGIN 'RFC 4524' ) objectClasses: ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' DESC 'Pil ot objectclass' SUP domain STRUCTURAL MAY ( cn $ sn ) X-ORIGIN ( 'IPA v4.4. 2' 'user defined' ) ) objectClasses: ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURAL MU ST cn MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) X-ORIGIN 'RFC 4524' ) objectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' SUP top AUXILIARY MUST userPassword X-ORIGIN 'RFC 4524' ) objectClasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' SUP organizati onalPerson STRUCTURAL MAY ( audio $ businessCategory $ carLicense $ departm entNumber $ displayName $ employeeNumber $ employeeType $ givenName $ homeP hone $ homePostalAddress $ initials $ jpegPhoto $ labeledURI $ mail $ manag er $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid $ userCertif icate $ x500UniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ u serPKCS12 ) X-ORIGIN 'RFC 2798' ) objectClasses: ( 2.16.840.1.113730.3.2.322 NAME 'autoMemberDefinition' DESC 'Auto Membership Config Definition Entry' SUP top STRUCTURAL MUST ( cn $ au toMemberScope $ autoMemberFilter $ autoMemberGroupingAttr ) MAY ( autoMembe rDefaultGroup $ autoMemberDisabled ) X-ORIGIN '389 Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.323 NAME 'autoMemberRegexRule' DESC ' Auto Membership Regex Rule Entry' SUP top STRUCTURAL MUST ( cn $ autoMember TargetGroup ) MAY ( autoMemberExclusiveRegex $ autoMemberInclusiveRegex $ d escription ) X-ORIGIN '389 Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.324 NAME 'dnaPluginConfig' DESC 'DNA plugin configuration' SUP top AUXILIARY MAY ( dnaType $ dnaPrefix $ dnaNext Value $ dnaMaxValue $ dnaInterval $ dnaMagicRegen $ dnaFilter $ dnaScope $ dnaExcludeScope $ dnaSharedCfgDN $ dnaThreshold $ dnaNextRange $ dnaRangeRe questTimeout $ dnaRemoteBindDN $ dnaRemoteBindCred $ cn ) X-ORIGIN '389 Dir ectory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.325 NAME 'dnaSharedConfig' DESC 'DNA Shared Configuration' SUP top AUXILIARY MAY ( dnaHostname $ dnaPortNum $ dn aSecurePortNum $ dnaRemoteBindMethod $ dnaRemoteConnProtocol $ dnaRemaining Values ) X-ORIGIN '389 Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.319 NAME 'mepManagedEntry' DESC 'Mana ged Entries Managed Entry' SUP top AUXILIARY MAY mepManagedBy X-ORIGIN '389 Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.320 NAME 'mepOriginEntry' DESC 'Manag ed Entries Origin Entry' SUP top AUXILIARY MAY mepManagedEntry X-ORIGIN '38 9 Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.321 NAME 'mepTemplateEntry' DESC 'Man aged Entries Template Entry' SUP top AUXILIARY MAY ( cn $ mepStaticAttr $ m epMappedAttr $ mepRDNAttr ) X-ORIGIN '389 Directory Server' ) objectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Standard LDAP obj ectclass' SUP top AUXILIARY MUST ( cn $ uid $ uidNumber $ gidNumber $ homeD irectory ) MAY ( userPassword $ loginShell $ gecos $ description ) X-ORIGIN 'RFC 2307' ) objectClasses: ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Standard LDAP ob jectclass' SUP top AUXILIARY MUST uid MAY ( userPassword $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ description ) X-ORIGIN 'RFC 2307' ) objectClasses: ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Standard LDAP objec tclass' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPassword $ mem berUid $ description ) X-ORIGIN 'RFC 2307' ) objectClasses: ( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Standard LDAP object class' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipServiceProtocol ) M AY description X-ORIGIN 'RFC 2307' ) objectClasses: ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Standard LDAP objec tclass' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber ) MAY description X -ORIGIN 'RFC 2307' ) objectClasses: ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Standard LDAP objectcla ss' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber ) MAY description X-ORIGIN 'RFC 2307' ) objectClasses: ( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Standard LDAP objectcla ss' SUP top AUXILIARY MUST ( ipHostNumber $ cn ) MAY ( manager $ descriptio n $ l $ o $ ou $ owner $ seeAlso $ serialNumber ) X-ORIGIN 'RFC 2307' ) objectClasses: ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Standard LDAP object class' SUP top STRUCTURAL MUST ( ipNetworkNumber $ cn ) MAY ( ipNetmaskNumb er $ manager $ l $ description ) X-ORIGIN 'RFC 2307' ) objectClasses: ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Standard LDAP obje ctclass' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNetg roup $ description ) X-ORIGIN 'RFC 2307' ) objectClasses: ( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'Standard LDAP objec tclass' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY descr iption X-ORIGIN 'RFC 2307' ) objectClasses: ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'Standard LDAP o bjectclass' SUP top AUXILIARY MUST cn MAY ( macAddress $ description $ l $ o $ ou $ owner $ seeAlso $ serialNumber ) X-ORIGIN 'RFC 2307' ) objectClasses: ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'Standard LDAP objectclass' SUP top AUXILIARY MUST cn MAY ( bootFile $ bootParameter $ des cription $ l $ o $ ou $ owner $ seeAlso $ serialNumber ) X-ORIGIN 'RFC 2307 ' ) objectClasses: ( 1.3.6.1.1.1.2.13 NAME 'nisMap' DESC 'Standard LDAP objectcl ass' SUP top STRUCTURAL MUST nisMapName MAY description X-ORIGIN 'RFC 2307' ) objectClasses: ( 2.16.840.1.113730.3.2.129 NAME 'inetDomain' DESC 'Auxiliary class for virtual domain nodes' SUP top AUXILIARY MAY ( inetDomainBaseDN $ inetDomainStatus ) X-ORIGIN 'Netscape subscriber interoperability' ) objectClasses: ( 2.16.840.1.113730.3.2.130 NAME 'inetUser' DESC 'Auxiliary c lass which must be present in an entry for delivery of subscriber services' SUP top AUXILIARY MAY ( uid $ inetUserStatus $ inetUserHttpURL $ userPassw ord $ memberOf ) X-ORIGIN 'Netscape subscriber interoperability' ) objectClasses: ( 1.3.6.1.4.1.1466.101.120.141 NAME 'NetscapeLinkedOrganizati on' AUXILIARY MAY parentOrganization X-ORIGIN 'Netscape' ) objectClasses: ( 1.3.6.1.4.1.1466.101.120.142 NAME 'NetscapePreferences' AUX ILIARY MAY ( preferredLanguage $ preferredLocale $ preferredTimeZone ) X-OR IGIN 'Netscape' ) objectClasses: ( 2.16.840.1.113730.3.2.134 NAME 'inetSubscriber' SUP top AUX ILIARY MAY ( inetSubscriberAccountId $ inetSubscriberChallenge $ inetSubscr iberResponse ) X-ORIGIN 'Netscape subscriber interoperability' ) objectClasses: ( 2.16.840.1.113730.3.2.112 NAME 'inetAdmin' DESC 'Marker for an administrative group or user' SUP top AUXILIARY MAY ( aci $ memberOf $ adminRole ) X-ORIGIN 'Netscape Delegated Administrator' ) objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.1 NAME 'javaContainer' DESC 'Contai ner for a Java object' SUP top STRUCTURAL MUST cn X-ORIGIN 'RFC 2713' ) objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.4 NAME 'javaObject' DESC 'Java obje ct representation' SUP top ABSTRACT MUST javaClassName MAY ( javaClassNames $ javaCodebase $ javaDoc $ description ) X-ORIGIN 'RFC 2713' ) objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.5 NAME 'javaSerializedObject' DESC 'Java serialized object' SUP javaObject AUXILIARY MUST javaSerializedData X -ORIGIN 'RFC 2713' ) objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.7 NAME 'javaNamingReference' DESC ' JNDI reference' SUP javaObject AUXILIARY MAY ( javaReferenceAddress $ javaF actory ) X-ORIGIN 'RFC 2713' ) objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.8 NAME 'javaMarshalledObject' DESC 'Java marshalled object' SUP javaObject AUXILIARY MUST javaSerializedData X -ORIGIN 'RFC 2713' ) objectClasses: ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject' DESC 'Standard LDAP objectclass' SUP top STRUCTURAL MAY ( audio $ ditRedirect $ info $ jp egPhoto $ lastModifiedBy $ lastModifiedTime $ manager $ photo $ uniqueIdent ifier ) X-ORIGIN 'RFC 1274' ) objectClasses: ( nsAdminDomain-oid NAME 'nsAdminDomain' DESC 'Netscape defin ed objectclass' SUP organizationalUnit STRUCTURAL MAY nsAdminDomainName X-O RIGIN 'Netscape' ) objectClasses: ( nsHost-oid NAME 'nsHost' DESC 'Netscape defined objectclass ' SUP top STRUCTURAL MUST cn MAY ( serverHostName $ description $ l $ nsHos tLocation $ nsHardwarePlatform $ nsOsVersion ) X-ORIGIN 'Netscape' ) objectClasses: ( nsAdminGroup-oid NAME 'nsAdminGroup' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsAdminGroupName $ descripti on $ nsConfigRoot $ nsAdminSIEDN ) X-ORIGIN 'Netscape' ) objectClasses: ( nsApplication-oid NAME 'nsApplication' DESC 'Netscape defin ed objectclass' SUP top STRUCTURAL MUST cn MAY ( nsVendor $ description $ n sProductName $ nsNickName $ nsProductVersion $ nsBuildNumber $ nsRevisionNu mber $ nsSerialNumber $ nsInstalledLocation $ installationTimeStamp $ nsExp irationDate $ nsBuildSecurity $ nsLdapSchemaVersion $ nsServerMigrationClas sname $ nsServerCreationClassname ) X-ORIGIN 'Netscape' ) objectClasses: ( nsResourceRef-oid NAME 'nsResourceRef' DESC 'Netscape defin ed objectclass' SUP top STRUCTURAL MUST cn MAY seeAlso X-ORIGIN 'Netscape' ) objectClasses: ( nsTask-oid NAME 'nsTask' DESC 'Netscape defined objectclass ' SUP top STRUCTURAL MUST cn MAY ( nsTaskLabel $ nsHelpRef $ nsExecRef $ ns LogSuppress ) X-ORIGIN 'Netscape' ) objectClasses: ( nsTaskGroup-oid NAME 'nsTaskGroup' DESC 'Netscape defined o bjectclass' SUP top STRUCTURAL MUST cn MAY nsTaskLabel X-ORIGIN 'Netscape' ) objectClasses: ( nsAdminObject-oid NAME 'nsAdminObject' DESC 'Netscape defin ed objectclass' SUP top STRUCTURAL MUST cn MAY ( nsJarfilename $ nsClassnam e ) X-ORIGIN 'Netscape' ) objectClasses: ( nsConfig-oid NAME 'nsConfig' DESC 'Netscape defined objectc lass' SUP top STRUCTURAL MUST cn MAY ( description $ nsServerPort $ nsServe rAddress $ nsSuiteSpotUser $ nsErrorLog $ nsPidLog $ nsAccessLog $ nsDefaul tAcceptLanguage $ nsServerSecurity ) X-ORIGIN 'Netscape' ) objectClasses: ( nsDirectoryInfo-oid NAME 'nsDirectoryInfo' DESC 'Netscape d efined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsBindDN $ nsBindPassw ord $ nsDirectoryURL $ nsDirectoryFailoverList $ nsDirectoryInfoRef ) X-ORI GIN 'Netscape' ) objectClasses: ( nsAdminServer-oid NAME 'nsAdminServer' DESC 'Netscape defin ed objectclass' SUP top STRUCTURAL MUST ( cn $ nsServerID ) MAY description X-ORIGIN 'Netscape Administration Services' ) objectClasses: ( nsAdminConfig-oid NAME 'nsAdminConfig' DESC 'Netscape defin ed objectclass' SUP nsConfig STRUCTURAL MAY ( nsAdminCgiWaitPid $ nsAdminUs ers $ nsAdminAccessHosts $ nsAdminAccessAddresses $ nsAdminOneACLDir $ nsAd minEnableDSGW $ nsAdminEnableEnduser $ nsAdminCacheLifetime ) X-ORIGIN 'Net scape Administration Services' ) objectClasses: ( nsAdminResourceEditorExtension-oid NAME 'nsAdminResourceEdi torExtension' DESC 'Netscape defined objectclass' SUP nsAdminObject STRUCTU RAL MAY ( nsAdminAccountInfo $ nsDeleteclassname ) X-ORIGIN 'Netscape Admin istration Services' ) objectClasses: ( nsAdminGlobalParameters-oid NAME 'nsAdminGlobalParameters' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsAdmi nEndUserHTMLIndex $ nsNickName ) X-ORIGIN 'Netscape Administration Services ' ) objectClasses: ( nsGlobalParameters-oid NAME 'nsGlobalParameters' DESC 'Nets cape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsUniqueAttribut e $ nsUserIDFormat $ nsUserRDNComponent $ nsGroupRDNComponent $ nsWellKnown Jarfiles $ nsNYR ) X-ORIGIN 'Netscape Administration Services' ) objectClasses: ( nsDefaultObjectClasses-oid NAME 'nsDefaultObjectClasses' DE SC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY nsDefaultO bjectClass X-ORIGIN 'Netscape Administration Services' ) objectClasses: ( nsAdminConsoleUser-oid NAME 'nsAdminConsoleUser' DESC 'Nets cape defined objectclass' SUP top STRUCTURAL MUST cn MAY nsPreference X-ORI GIN 'Netscape Administration Services' ) objectClasses: ( nsCustomView-oid NAME 'nsCustomView' DESC 'Netscape defined objectclass' SUP nsAdminObject STRUCTURAL MAY nsDisplayName X-ORIGIN 'Nets cape Administration Services' ) objectClasses: ( nsTopologyCustomView-oid NAME 'nsTopologyCustomView' DESC ' Netscape defined objectclass' SUP nsCustomView STRUCTURAL MAY nsViewConfigu ration X-ORIGIN 'Netscape Administration Services' ) objectClasses: ( nsTopologyPlugin-oid NAME 'nsTopologyPlugin' DESC 'Netscape defined objectclass' SUP nsAdminObject STRUCTURAL X-ORIGIN 'Netscape Admin istration Services' ) objectClasses: ( 2.16.840.1.113730.3.2.18 NAME 'netscapeCertificateServer' D ESC 'Netscape defined objectclass' SUP top STRUCTURAL X-ORIGIN 'Netscape Ce rtificate Management System' ) objectClasses: ( nsCertificateServer-oid NAME 'nsCertificateServer' DESC 'Ne tscape defined objectclass' SUP top STRUCTURAL MUST nsServerID MAY ( server HostName $ nsServerPort $ nsCertConfig ) X-ORIGIN 'Netscape Certificate Man agement System' ) objectClasses: ( 2.16.840.1.113730.3.2.23 NAME 'netscapeDirectoryServer' DES C 'Netscape defined objectclass' SUP top STRUCTURAL X-ORIGIN 'Netscape Dire ctory Server' ) objectClasses: ( nsDirectoryServer-oid NAME 'nsDirectoryServer' DESC 'Netsca pe defined objectclass' SUP top STRUCTURAL MUST nsServerID MAY ( serverHost Name $ nsServerPort $ nsSecureServerPort $ nsBindPassword $ nsBindDN $ nsBa seDN ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.8 NAME 'ntUser' DESC 'Netscape define d objectclass' SUP top STRUCTURAL MUST ntUserDomainId MAY ( description $ l $ ou $ seeAlso $ ntUserPriv $ ntUserHomeDir $ ntUserComment $ ntUserFlags $ ntUserScriptPath $ ntUserAuthFlags $ ntUserUsrComment $ ntUserParms $ ntU serWorkstations $ ntUserLastLogon $ ntUserLastLogoff $ ntUserAcctExpires $ ntUserMaxStorage $ ntUserUnitsPerWeek $ ntUserLogonHours $ ntUserBadPwCount $ ntUserNumLogons $ ntUserLogonServer $ ntUserCountryCode $ ntUserCodePage $ ntUserUniqueId $ ntUserPrimaryGroupId $ ntUserProfile $ ntUserHomeDirDri ve $ ntUserPasswordExpired $ ntUserCreateNewAccount $ ntUserDeleteAccount $ ntUniqueId $ ntUserNtPassword ) X-ORIGIN 'Netscape NT Synchronization' ) objectClasses: ( 2.16.840.1.113730.3.2.9 NAME 'ntGroup' DESC 'Netscape defin ed objectclass' SUP top STRUCTURAL MUST ntUserDomainId MAY ( description $ l $ ou $ seeAlso $ ntGroupId $ ntGroupAttributes $ ntGroupCreateNewGroup $ ntGroupDeleteGroup $ ntGroupType $ ntUniqueId $ mail ) X-ORIGIN 'Netscape N T Synchronization' ) objectClasses: ( 2.16.840.1.113730.3.2.82 NAME 'nsChangelog4Config' DESC 'Ne tscape defined objectclass' SUP top STRUCTURAL MAY cn X-ORIGIN 'Netscape Di rectory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.114 NAME 'nsConsumer4Config' DESC 'Ne tscape defined objectclass' SUP top STRUCTURAL MAY cn X-ORIGIN 'Netscape Di rectory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.36 NAME 'LDAPReplica' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( description $ l $ ou $ seeAlso $ replicaRoot $ replicaHost $ replicaPort $ replicaBindDn $ repli caCredentials $ replicaBindMethod $ replicaUseSSL $ replicaUpdateSchedule $ replicaUpdateReplayed $ replicaUpdateFailedAt $ replicaBeginOrc $ replicaN ickName $ replicaEntryFilter $ replicatedattributelist $ replicaCFUpdated $ replicaAbandonedChanges $ replicaLastRelevantChange ) X-ORIGIN 'Netscape D irectory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.11 NAME 'cirReplicaSource' DESC 'Nets cape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( cirReplicaRoot $ cirHost $ cirPort $ cirBindDn $ cirUsePersistentSearch $ cirUseSsl $ cirBi ndCredentials $ cirLastUpdateApplied $ cirUpdateSchedule $ cirSyncInterval $ cirUpdateFailedat $ cirBeginORC $ replicaNickName $ replicaEntryFilter $ replicatedattributelist ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.3 NAME 'mailRecipient' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MAY ( cn $ mai l $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForward ingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ multi LineDescription $ uid $ userPassword ) X-ORIGIN 'Netscape Messaging Server 4.x' ) objectClasses: ( 2.16.840.113730.3.2.37 NAME 'nsMessagingServerUser' DESC 'N etscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MAY ( c n $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDelivery Option $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ nsmsgDisallowAccess $ nsmsgNumMsgQuota $ nswmExtendedUserPre fs $ vacationstartdate $ vacationenddate ) X-ORIGIN 'Netscape Messaging Ser ver 4.x' ) objectClasses: ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' DESC 'mailGroup' S UP top STRUCTURAL MUST mail MAY ( cn $ mgrpRFC822MailMember ) X-ORIGIN ( 'I PA v4.4.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.2.5 NAME 'groupOfMailEnhancedUniqueName s' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIA RY MUST cn MAY ( businessCategory $ description $ mailEnhancedUniqueMember $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Messaging Server 4.x' ) objectClasses: ( 2.16.840.1.113730.3.2.24 NAME 'netscapeMailServer' DESC 'Ne tscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY X-ORIGIN 'Netscape Messaging Server 4.x' ) objectClasses: ( 2.16.840.1.113730.3.2.45 NAME 'nsValueItem' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsValueCIS $ nsValueC ES $ nsValueTel $ nsValueInt $ nsValueBin $ nsValueDN $ nsValueType $ nsVal ueSyntax $ nsValueDescription $ nsValueHelpURL $ nsValueFlags $ nsValueDefa ult ) X-ORIGIN 'Netscape servers - value item' ) objectClasses: ( 2.16.840.1.113730.3.2.29 NAME 'netscapeWebServer' DESC 'Net scape defined objectclass' SUP top STRUCTURAL MUST ( cn $ nsServerID ) MAY ( description $ nsServerPort ) X-ORIGIN 'Netscape Web Server' ) objectClasses: ( 2.16.840.1.113730.3.2.154 NAME 'netscapeReversiblePasswordO bject' DESC 'object that contains an netscapeReversiblePassword' AUXILIARY MAY netscapeReversiblePassword X-ORIGIN 'Netscape Web Server' ) objectClasses: ( 1.3.6.1.4.1.11.1.3.2.2.1 NAME 'accountPolicy' DESC 'Account policy entry' SUP top AUXILIARY MAY accountInactivityLimit X-ORIGIN 'Accou nt Policy Plugin' ) objectClasses: ( 1.3.6.1.1.1.2.17 NAME 'automount' DESC 'Automount informati on' SUP top STRUCTURAL MUST ( automountKey $ automountInformation ) MAY des cription X-ORIGIN ( 'RFC 2307bis' 'user defined' ) ) objectClasses: ( 1.3.6.1.1.1.2.16 NAME 'automountMap' DESC 'Automount Map in formation' SUP top STRUCTURAL MUST automountMapName MAY description X-ORIGI N ( 'RFC 2307bis' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.4.1 NAME 'ipaHost' AUXILIARY MUST fqd n MAY ( userPassword $ ipaClientVersion $ enrolledBy $ memberOf $ userClass $ ipaAssignedIDView ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.4.12 NAME 'ipaObject' DESC 'IPA objec tclass' AUXILIARY MUST ipaUniqueID X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.4.14 NAME 'ipaEntitlement' DESC 'IPA Entitlement object' AUXILIARY MUST ipaEntitlementId MAY ( userPKCS12 $ user Certificate ) X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.4.15 NAME 'ipaPermission' DESC 'IPA P ermission objectclass' AUXILIARY MAY ipaPermissionType X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.4.2 NAME 'ipaService' DESC 'IPA servi ce objectclass' AUXILIARY MAY ( memberOf $ managedBy $ ipaKrbAuthzData ) X- ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.4.3 NAME 'nestedGroup' DESC 'Group th at supports nesting' SUP groupOfNames STRUCTURAL MAY memberOf X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.4.4 NAME 'ipaUserGroup' DESC 'IPA use r group object class' SUP nestedGroup STRUCTURAL X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.4.5 NAME 'ipaHostGroup' DESC 'IPA hos t group object class' SUP nestedGroup STRUCTURAL X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.4.6 NAME 'ipaAssociation' ABSTRACT MU ST ( ipaUniqueID $ cn ) MAY ( memberUser $ userCategory $ memberHost $ host Category $ ipaEnabledFlag $ description ) X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.4.7 NAME 'ipaHBACRule' SUP ipaAssocia tion STRUCTURAL MUST accessRuleType MAY ( sourceHost $ sourceHostCategory $ serviceCategory $ memberService $ externalHost $ accessTime ) X-ORIGIN 'IP A v2' ) objectClasses: ( 2.16.840.1.113730.3.8.4.8 NAME 'ipaNISNetgroup' DESC 'IPA v ersion of NIS netgroup' SUP ipaAssociation STRUCTURAL MAY ( externalHost $ nisDomainName $ member $ memberOf ) X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.4.9 NAME 'ipaCAaccess' STRUCTURAL MAY ( member $ hostCApolicy ) X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.4.10 NAME 'ipaHBACService' STRUCTURAL MUST cn MAY ( description $ memberOf ) X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.4.11 NAME 'ipaHBACServiceGroup' DESC 'IPA HBAC service group object class' SUP groupOfNames STRUCTURAL X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.12.1 NAME 'ipaExternalGroup' SUP top STRUCTURAL MUST cn MAY ( ipaExternalMember $ memberOf $ description $ owner ) X-ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.2 NAME 'ipaNTUserAttrs' SUP top AU XILIARY MUST ipaNTSecurityIdentifier MAY ( ipaNTHash $ ipaNTLogonScript $ i paNTProfilePath $ ipaNTHomeDirectory $ ipaNTHomeDirectoryDrive ) X-ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.3 NAME 'ipaNTGroupAttrs' SUP top A UXILIARY MUST ipaNTSecurityIdentifier X-ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.4 NAME 'ipaNTDomainAttrs' SUP top AUXILIARY MUST ( ipaNTSecurityIdentifier $ ipaNTFlatName $ ipaNTDomainGUID ) MAY ipaNTFallbackPrimaryGroup X-ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.5 NAME 'ipaNTTrustedDomain' DESC ' Trusted Domain Object' SUP top STRUCTURAL MUST cn MAY ( ipaNTTrustType $ ip aNTTrustAttributes $ ipaNTTrustDirection $ ipaNTTrustPartner $ ipaNTFlatNam e $ ipaNTTrustAuthOutgoing $ ipaNTTrustAuthIncoming $ ipaNTTrustedDomainSID $ ipaNTTrustForestTrustInfo $ ipaNTTrustPosixOffset $ ipaNTSupportedEncryp tionTypes $ ipaNTSIDBlacklistIncoming $ ipaNTSIDBlacklistOutgoing $ ipaNTAd ditionalSuffixes ) X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.6 NAME 'groupOfPrincipals' SUP top AUXILIARY MUST cn MAY memberPrincipal X-ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.7 NAME 'ipaKrb5DelegationACL' SUP groupOfPrincipals STRUCTURAL MAY ( ipaAllowToImpersonate $ ipaAllowedTarget ) X-ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.10 NAME 'ipaSELinuxUserMap' SUP ip aAssociation STRUCTURAL MUST ipaSELinuxUser MAY ( accessTime $ seeAlso ) X- ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.11 NAME 'ipaSshGroupOfPubKeys' ABS TRACT MAY ipaSshPubKey X-ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.12 NAME 'ipaSshUser' SUP ipaSshGro upOfPubKeys AUXILIARY X-ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.13 NAME 'ipaSshHost' SUP ipaSshGro upOfPubKeys AUXILIARY X-ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.14 NAME 'ipaIDobject' SUP top AUXI LIARY MAY ( uidNumber $ gidNumber $ ipaNTSecurityIdentifier ) X-ORIGIN ( 'I PA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.15 NAME 'ipaIDrange' ABSTRACT MUST ( cn $ ipaBaseID $ ipaIDRangeSize $ ipaRangeType ) X-ORIGIN ( 'IPA v3' 'us er defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.16 NAME 'ipaDomainIDRange' SUP ipa IDrange STRUCTURAL MAY ( ipaBaseRID $ ipaSecondaryBaseRID ) X-ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.17 NAME 'ipaTrustedADDomainRange' SUP ipaIDrange STRUCTURAL MUST ( ipaBaseRID $ ipaNTTrustedDomainSID ) X-ORI GIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.19 NAME 'ipaUserAuthTypeClass' DES C 'Class for authentication methods definition' SUP top AUXILIARY MAY ipaUs erAuthType X-ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 1.3.6.1.4.1.5923.1.1.2 NAME 'eduPerson' AUXILIARY MAY ( edu PersonAffiliation $ eduPersonNickName $ eduPersonOrgDN $ eduPersonOrgUnitDN $ eduPersonPrimaryAffiliation $ eduPersonPrincipalName $ eduPersonEntitlem ent $ eduPersonPrimaryOrgUnitDN $ eduPersonScopedAffiliation ) X-ORIGIN 'ht tp://middleware.internet2.edu/eduperson/' ) objectClasses: ( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( ipaUserSearchFields $ ipaGroupSearchFields $ ipaSearchTimeLimit $ ipaSea rchRecordsLimit $ ipaCustomFields $ ipaHomesRootDir $ ipaDefaultLoginShell $ ipaDefaultPrimaryGroup $ ipaMaxUsernameLength $ ipaPwdExpAdvNotify $ ipaU serObjectClasses $ ipaGroupObjectClasses $ ipaDefaultEmailDomain $ ipaMigra tionEnabled $ ipaCertificateSubjectBase $ ipaSELinuxUserMapDefault $ ipaSEL inuxUserMapOrder $ ipaKrbAuthzData ) X-ORIGIN 'user defined' ) objectClasses: ( 2.16.840.1.113730.3.8.4.13 NAME 'ipaConfigObject' DESC 'gen eric config object for IPA' AUXILIARY MAY ipaConfigString X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC 'dns Recor d, usually a host' SUP top STRUCTURAL MUST idnsName MAY ( cn $ idnsAllowDyn Update $ dNSTTL $ dNSClass $ aRecord $ aAAARecord $ a6Record $ nSRecord $ c NAMERecord $ pTRRecord $ sRVRecord $ tXTRecord $ mXRecord $ mDRecord $ hInf oRecord $ mInfoRecord $ aFSDBRecord $ SigRecord $ KeyRecord $ LocRecord $ n XTRecord $ nAPTRRecord $ kXRecord $ certRecord $ dNameRecord $ dSRecord $ s SHFPRecord $ rRSIGRecord $ nSECRecord $ DLVRecord $ TLSARecord $ UnknownRec ord $ RPRecord $ APLRecord $ IPSECKEYRecord $ DHCIDRecord $ HIPRecord $ SPF Record ) X-ORIGIN ( 'IPA v4.2.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' SUP idnsRecord STRUCTURAL MUST ( idnsZoneActive $ idnsSOAmName $ idnsSOArN ame $ idnsSOAserial $ idnsSOArefresh $ idnsSOAretry $ idnsSOAexpire $ idnsS OAminimum ) MAY ( idnsUpdatePolicy $ idnsAllowQuery $ idnsAllowTransfer $ i dnsAllowSyncPTR $ idnsForwardPolicy $ idnsForwarders $ idnsSecInlineSigning $ nSEC3PARAMRecord $ dNSdefaultTTL ) X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.6.2 NAME 'idnsConfigObject' DESC 'DNS global config options' STRUCTURAL MAY ( idnsForwardPolicy $ idnsForwarders $ idnsAllowSyncPTR $ idnsZoneRefresh $ idnsPersistentSearch ) X-ORIGIN 'us er defined' ) objectClasses: ( 2.16.840.1.113730.3.8.12.18 NAME 'ipaDNSZone' SUP top AUXIL IARY MUST idnsName MAY managedBy X-ORIGIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113719.1.301.6.1.1 NAME 'krbContainer' SUP top S TRUCTURAL MUST cn ) objectClasses: ( 2.16.840.1.113719.1.301.6.2.1 NAME 'krbRealmContainer' SUP top STRUCTURAL MUST cn MAY ( krbMKey $ krbUPEnabled $ krbSubTrees $ krbSear chScope $ krbLdapServers $ krbSupportedEncSaltTypes $ krbDefaultEncSaltType s $ krbTicketPolicyReference $ krbKdcServers $ krbPwdServers $ krbAdmServer s $ krbPrincNamingAttr $ krbPwdPolicyReference $ krbPrincContainerRef ) ) objectClasses: ( 2.16.840.1.113719.1.301.6.3.1 NAME 'krbService' SUP top ABS TRACT MUST cn MAY ( krbHostServer $ krbRealmReferences ) ) objectClasses: ( 2.16.840.1.113719.1.301.6.4.1 NAME 'krbKdcService' SUP krbS ervice STRUCTURAL ) objectClasses: ( 2.16.840.1.113719.1.301.6.5.1 NAME 'krbPwdService' SUP krbS ervice STRUCTURAL ) objectClasses: ( 2.16.840.1.113719.1.301.6.8.1 NAME 'krbPrincipalAux' AUXILI ARY MAY ( krbPrincipalName $ krbCanonicalName $ krbUPEnabled $ krbPrincipal Key $ krbTicketPolicyReference $ krbPrincipalExpiration $ krbPasswordExpira tion $ krbPwdPolicyReference $ krbPrincipalType $ krbPwdHistory $ krbLastPw dChange $ krbPrincipalAliases $ krbLastSuccessfulAuth $ krbLastFailedAuth $ krbLoginFailedCount $ krbExtraData $ krbLastAdminUnlock $ krbAllowedToDele gateTo $ krbPrincipalAuthInd ) X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined ' ) ) objectClasses: ( 2.16.840.1.113719.1.301.6.9.1 NAME 'krbPrincipal' SUP top S TRUCTURAL MUST krbPrincipalName MAY krbObjectReferences ) objectClasses: ( 2.16.840.1.113719.1.301.6.11.1 NAME 'krbPrincRefAux' SUP to p AUXILIARY MAY krbPrincipalReferences ) objectClasses: ( 2.16.840.1.113719.1.301.6.13.1 NAME 'krbAdmService' SUP krb Service STRUCTURAL ) objectClasses: ( 2.16.840.1.113719.1.301.6.14.1 NAME 'krbPwdPolicy' SUP top STRUCTURAL MUST cn MAY ( krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars $ krbPwdMinLength $ krbPwdHistoryLength $ krbPwdMaxFailure $ krbPwdFailure CountInterval $ krbPwdLockoutDuration $ krbPwdAttributes $ krbPwdMaxLife $ krbPwdMaxRenewableLife $ krbPwdAllowedKeysalts ) X-ORIGIN ( 'IPA v4.3.0' 'u ser defined' ) ) objectClasses: ( 2.16.840.1.113719.1.301.6.16.1 NAME 'krbTicketPolicyAux' AU XILIARY MAY ( krbTicketFlags $ krbMaxTicketLife $ krbMaxRenewableAge ) ) objectClasses: ( 2.16.840.1.113719.1.301.6.17.1 NAME 'krbTicketPolicy' SUP t op STRUCTURAL MUST cn ) objectClasses: ( 1.3.6.1.4.1.13769.9.1 NAME 'mozillaAbPersonAlpha' SUP top A UXILIARY MUST cn MAY ( c $ description $ displayName $ facsimileTelephoneNu mber $ givenName $ homePhone $ l $ mail $ mobile $ mozillaCustom1 $ mozilla Custom2 $ mozillaCustom3 $ mozillaCustom4 $ mozillaHomeCountryName $ mozill aHomeLocalityName $ mozillaHomePostalCode $ mozillaHomeState $ mozillaHomeS treet $ mozillaHomeStreet2 $ mozillaHomeUrl $ mozillaNickname $ mozillaSeco ndEmail $ mozillaUseHtmlMail $ mozillaWorkStreet2 $ mozillaWorkUrl $ nsAIMi d $ o $ ou $ pager $ postalCode $ postOfficeBox $ sn $ st $ street $ teleph oneNumber $ title ) X-ORIGIN 'Mozilla Address Book' ) objectClasses: ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject' DESC 'Auxiliary object class for adding authorizedService attribute' SUP top AU XILIARY MAY authorizedService X-ORIGIN 'NSS LDAP schema' ) objectClasses: ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject' DESC 'Auxiliary o bject class for adding host attribute' SUP top AUXILIARY MAY host X-ORIGIN 'NSS LDAP schema' ) objectClasses: ( 2.16.840.1.113730.3.2.318 NAME 'pamConfig' DESC 'PAM plugin configuration' SUP top AUXILIARY MAY ( cn $ pamMissingSuffix $ pamExcludeS uffix $ pamIncludeSuffix $ pamIDAttr $ pamIDMapMethod $ pamFallback $ pamSe cure $ pamService $ pamFilter ) X-ORIGIN 'Red Hat Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.326 NAME 'dynamicGroup' DESC 'Group c ontaining internal dynamically-generated members' SUP posixGroup AUXILIARY MAY dsOnlyMemberUid X-ORIGIN 'Red Hat Directory Server' ) objectClasses: ( 1.3.6.1.4.1.6981.11.2.3 NAME 'PureFTPdUser' DESC 'PureFTPd user with optional quota, throttling and ratio' STRUCTURAL MAY ( FTPStatus $ FTPQuotaFiles $ FTPQuotaMBytes $ FTPUploadRatio $ FTPDownloadRatio $ FTPU ploadBandwidth $ FTPDownloadBandwidth $ FTPuid $ FTPgid ) X-ORIGIN 'Pure-FT Pd' ) objectClasses: ( 1.2.840.113556.1.5.87 NAME 'calEntry' DESC 'RFC2739: Calend ar Entry' SUP top AUXILIARY MAY ( calCalURI $ calFBURL $ calOtherCalURIs $ calOtherFBURLs $ calCAPURI $ calOtherCAPURIs ) X-ORIGIN 'rfc2739' ) objectClasses: ( 1.3.18.0.2.6.258 NAME 'printerAbstract' DESC 'Printer relat ed information.' SUP top ABSTRACT MAY ( printer-name $ printer-natural-lang uage-configured $ printer-location $ printer-info $ printer-more-info $ pri nter-make-and-model $ printer-multiple-document-jobs-supported $ printer-ch arset-configured $ printer-charset-supported $ printer-generated-natural-la nguage-supported $ printer-document-format-supported $ printer-color-suppor ted $ printer-compression-supported $ printer-pages-per-minute $ printer-pa ges-per-minute-color $ printer-finishings-supported $ printer-number-up-sup ported $ printer-sides-supported $ printer-media-supported $ printer-media- local-supported $ printer-resolution-supported $ printer-print-quality-supp orted $ printer-job-priority-supported $ printer-copies-supported $ printer -job-k-octets-supported $ printer-current-operator $ printer-service-person $ printer-delivery-orientation-supported $ printer-stacking-order-supporte d $ printer-output-features-supported ) X-ORIGIN 'rfc3712' ) objectClasses: ( 1.3.18.0.2.6.255 NAME 'printerService' DESC 'Printer inform ation.' SUP printerAbstract STRUCTURAL MAY ( printer-uri $ printer-xri-supp orted ) X-ORIGIN 'rfc3712' ) objectClasses: ( 1.3.18.0.2.6.257 NAME 'printerServiceAuxClass' DESC 'Printe r information.' SUP printerAbstract AUXILIARY MAY ( printer-uri $ printer-x ri-supported ) X-ORIGIN 'rfc3712' ) objectClasses: ( 1.3.18.0.2.6.256 NAME 'printerIPP' DESC 'Internet Printing Protocol (IPP) information.' SUP top AUXILIARY MAY ( printer-ipp-versions-s upported $ printer-multiple-document-jobs-supported ) X-ORIGIN 'rfc3712' ) objectClasses: ( 1.3.18.0.2.6.253 NAME 'printerLPR' DESC 'LPR information.' SUP top AUXILIARY MUST printer-name MAY printer-aliases X-ORIGIN 'rfc3712' ) objectClasses: ( 1.3.6.1.4.1.2312.4.3.4.1 NAME 'sabayonProfile' DESC 'sabayo n profile' SUP top STRUCTURAL MUST cn MAY ( sabayonProfileURL $ description ) X-ORIGIN 'Sabayon' ) objectClasses: ( 1.3.6.1.4.1.2312.4.3.4.2 NAME 'sabayonProfileNameObject' DE SC 'contains sabayon profile name' SUP top AUXILIARY MUST sabayonProfileNam e X-ORIGIN 'Sabayon' ) objectClasses: ( 1.3.6.1.4.1.2312.4.3.4.3 NAME 'sabayonProfileURLObject' DES C 'contains sabayon profile' SUP top AUXILIARY MUST cn MAY sabayonProfileUR L X-ORIGIN 'Sabayon' ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'Samba 3 .0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ s ambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogo nScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPri maryGroupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ sambaBadPasswordTime $ sambaPasswordHistory $ sambaLogonHours ) ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' DESC 'Samba Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $ sambaGroupT ype ) MAY ( displayName $ description $ sambaSIDList ) ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' DESC 'Sam ba Trust Password' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaNTPassw ord $ sambaTrustFlags ) MAY ( sambaSID $ sambaPwdLastSet ) ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba Domai n Information' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidB ase $ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $ samb aMaxPwdAge $ sambaMinPwdAge $ sambaLockoutDuration $ sambaLockoutObservatio nWindow $ sambaLockoutThreshold $ sambaForceLogoff $ sambaRefuseMachinePwdC hange ) ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' DESC 'Pool fo r allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gidNumber ) ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' DESC 'Mapping from a SID to an ID' SUP top AUXILIARY MUST sambaSID MAY ( uidNumber $ gid Number ) ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' DESC 'Structura l Class for a SID' SUP top STRUCTURAL MUST sambaSID ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' DESC 'Samba Conf iguration Section' SUP top AUXILIARY MAY description ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' DESC 'Samba Share Section' SUP top STRUCTURAL MUST sambaShareName MAY description ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' DESC 'Samb a Configuration Option' SUP top STRUCTURAL MUST sambaOptionName MAY ( samba BoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListOption $ description ) ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' D ESC 'Samba Trusted Domain Password' SUP top STRUCTURAL MUST ( sambaDomainNa me $ sambaSID $ sambaClearTextPassword $ sambaPwdLastSet ) MAY sambaPreviou sClearTextPassword ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' DESC 'Sam ba Trusted Domain Object' SUP top STRUCTURAL MUST cn MAY ( sambaTrustType $ sambaTrustAttributes $ sambaTrustDirection $ sambaTrustPartner $ sambaFlat Name $ sambaTrustAuthOutgoing $ sambaTrustAuthIncoming $ sambaSecurityIdent ifier $ sambaTrustForestTrustInfo $ sambaTrustPosixOffset $ sambaSupportedE ncryptionTypes ) ) objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' DESC 'Sudoer Entrie s' SUP top STRUCTURAL MUST cn MAY ( sudoUser $ sudoHost $ sudoCommand $ sud oRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ sudoNotBefore $ sudo NotAfter $ sudoOrder $ description ) X-ORIGIN 'SUDO' ) objectClasses: ( 5.3.6.1.1.1.2.0 NAME 'trustAccount' DESC 'Sets trust accoun ts information' SUP top AUXILIARY MUST trustModel MAY accessTo X-ORIGIN 'ns s_ldap/pam_ldap' ) objectClasses: ( 2.16.840.1.113730.3.8.12.8 NAME 'ipaKrbPrincipal' SUP krbPr incipalAux AUXILIARY MUST ( krbPrincipalName $ ipaKrbPrincipalAlias ) X-ORI GIN ( 'IPA v3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.8.1 NAME 'ipaSudoRule' SUP ipaAssocia tion STRUCTURAL MAY ( externalUser $ externalHost $ hostMask $ memberAllowC md $ memberDenyCmd $ cmdCategory $ ipaSudoOpt $ ipaSudoRunAs $ ipaSudoRunAs ExtUser $ ipaSudoRunAsUserCategory $ ipaSudoRunAsGroup $ ipaSudoRunAsExtGro up $ ipaSudoRunAsGroupCategory $ sudoNotBefore $ sudoNotAfter $ sudoOrder $ ipaSudoRunAsExtUserGroup ) X-ORIGIN ( 'IPA v4.0.0' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.8.2 NAME 'ipaSudoCmd' DESC 'IPA objec t class for SUDO command' STRUCTURAL MUST ( ipaUniqueID $ sudoCmd ) MAY ( m emberOf $ description ) X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.8.3 NAME 'ipaSudoCmdGrp' DESC 'IPA ob ject class to store groups of SUDO commands' SUP groupOfNames STRUCTURAL MU ST ipaUniqueID X-ORIGIN 'IPA v2' ) objectClasses: ( 2.16.840.1.113730.3.8.16.2.1 NAME 'ipaToken' DESC 'Abstract token class for tokens' SUP top ABSTRACT MUST ipatokenUniqueID MAY ( descr iption $ managedBy $ ipatokenOwner $ ipatokenDisabled $ ipatokenNotBefore $ ipatokenNotAfter $ ipatokenVendor $ ipatokenModel $ ipatokenSerial ) X-ORI GIN ( 'IPA v4.0.0' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.16.2.2 NAME 'ipatokenTOTP' DESC 'TOTP Token Type' SUP ipaToken STRUCTURAL MAY ( ipatokenOTPkey $ ipatokenOTPalgo rithm $ ipatokenOTPdigits $ ipatokenTOTPclockOffset $ ipatokenTOTPtimeStep $ ipatokenTOTPwatermark ) X-ORIGIN ( 'IPA v4.1.3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.16.2.3 NAME 'ipatokenRadiusProxyUser' DESC 'Radius Proxy User' SUP top AUXILIARY MAY ( ipatokenRadiusConfigLink $ ipatokenRadiusUserName ) X-ORIGIN ( 'IPA v4.0.0' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.16.2.4 NAME 'ipatokenRadiusConfigurat ion' DESC 'Proxy Radius Configuration' SUP top STRUCTURAL MUST ( cn $ ipato kenRadiusServer $ ipatokenRadiusSecret ) MAY ( description $ ipatokenRadius Timeout $ ipatokenRadiusRetries $ ipatokenUserMapAttribute ) X-ORIGIN ( 'IP A OTP' 'user defined' ) ) objectClasses: ( cmsuser-oid NAME 'cmsuser' DESC 'CMS User' SUP top STRUCTUR AL MUST usertype MAY userstate X-ORIGIN 'user defined' ) objectClasses: ( CertACLS-oid NAME 'CertACLS' DESC 'CMS defined class' SUP t op STRUCTURAL MUST cn MAY resourceACLS X-ORIGIN 'user defined' ) objectClasses: ( repository-oid NAME 'repository' DESC 'CMS defined class' S UP top STRUCTURAL MUST ou MAY ( serialno $ description $ nextRange $ publis hingStatus ) X-ORIGIN 'user defined' ) objectClasses: ( request-oid NAME 'request' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( requestId $ dateOfCreate $ dateOfModify $ request State $ requestResult $ requestOwner $ requestAgentGroup $ requestSourceId $ requestType $ requestFlag $ requestError $ userMessages $ adminMessages ) X-ORIGIN 'user defined' ) objectClasses: ( transaction-oid NAME 'transaction' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( transId $ description $ transName $ trans Status $ transOps ) X-ORIGIN 'user defined' ) objectClasses: ( crlIssuingPointRecord-oid NAME 'crlIssuingPointRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOf Modify $ crlNumber $ crlSize $ thisUpdate $ nextUpdate $ deltaNumber $ delt aSize $ firstUnsaved $ certificateRevocationList $ deltaRevocationList $ cr lCache $ revokedCerts $ unrevokedCerts $ expiredCerts $ cACertificate ) X-O RIGIN 'user defined' ) objectClasses: ( certificateRecord-oid NAME 'certificateRecord' DESC 'CMS de fined class' SUP top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dat eOfModify $ certStatus $ autoRenew $ issueInfo $ metaInfo $ revInfo $ versi on $ duration $ notAfter $ notBefore $ algorithmId $ subjectName $ signingA lgorithmId $ userCertificate $ issuedBy $ revokedBy $ revokedOn $ extension $ publicKeyData $ issuerName ) X-ORIGIN 'user defined' ) objectClasses: ( userDetails-oid NAME 'userDetails' DESC 'CMS defined class' SUP top STRUCTURAL MUST userDN MAY ( dateOfCreate $ dateOfModify $ passwor d $ p12Expiration ) X-ORIGIN 'user defined' ) objectClasses: ( keyRecord-oid NAME 'keyRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dateOfModify $ keyS tate $ privateKeyData $ ownerName $ keySize $ metaInfo $ dateOfArchival $ d ateOfRecovery $ algorithm $ publicKeyFormat $ publicKeyData $ archivedBy $ clientId $ dataType $ status ) X-ORIGIN 'user defined' ) objectClasses: ( pkiSecurityDomain-oid NAME 'pkiSecurityDomain' DESC 'CMS de fined class' SUP top STRUCTURAL MUST ( ou $ name ) X-ORIGIN 'user defined' ) objectClasses: ( pkiSecurityGroup-oid NAME 'pkiSecurityGroup' DESC 'CMS defi ned class' SUP top STRUCTURAL MUST cn X-ORIGIN 'user defined' ) objectClasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined clas s' SUP top STRUCTURAL MUST ( cn $ host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager $ SecureAgentPort $ SecureAdminPort $ SecureEEClient AuthPort $ UnSecurePort ) X-ORIGIN 'user defined' ) objectClasses: ( pkiRange-oid NAME 'pkiRange' DESC 'CMS defined class' SUP t op STRUCTURAL MUST ( cn $ beginRange $ endRange $ host $ SecurePort ) X-ORI GIN 'user defined' ) objectClasses: ( securityDomainSessionEntry-oid NAME 'securityDomainSessionE ntry' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ host $ uid $ cmsUserGroup $ dateOfCreate ) X-ORIGIN 'user defined' ) objectClasses: ( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' DESC 'nisKeyObject' SU P top STRUCTURAL MUST ( cn $ nisPublickey $ nisSecretkey ) MAY ( uidNumber $ description ) X-ORIGIN 'user defined' ) objectClasses: ( 1.3.1.6.1.1.1.2.15 NAME 'nisDomainObject' DESC 'nisDomainOb ject' SUP top AUXILIARY MUST nisDomain X-ORIGIN 'user defined' ) objectClasses: ( 1.3.6.1.4.1.42.2.27.1.2.6 NAME 'nisNetId' DESC 'nisNetId' S UP top STRUCTURAL MUST cn MAY ( nisNetIdUser $ nisNetIdGroup $ nisNetIdHost ) X-ORIGIN 'user defined' ) objectClasses: ( 1.3.6.1.4.1.11.1.3.1.2.5 NAME 'DUAConfigProfile' DESC 'Abst raction of a base configuration for a DUA' SUP top STRUCTURAL MUST cn MAY ( defaultServerList $ preferredServerList $ defaultSearchBase $ defaultSearc hScope $ searchTimeLimit $ bindTimeLimit $ credentialLevel $ authentication Method $ followReferrals $ dereferenceAliases $ serviceSearchDescriptor $ s erviceCredentialLevel $ serviceAuthenticationMethod $ objectclassMap $ attr ibuteMap $ profileTTL ) X-ORIGIN ( 'RFC4876' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.22 NAME 'ipaAllowedOperations' DES C 'Class to apply access controls to arbitrary operations' SUP top AUXILIAR Y MAY ( ipaAllowedToPerform $ ipaProtectedOperation ) X-ORIGIN ( 'IPA v4.0. 0' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.21 NAME 'ipaPermissionV2' DESC 'IP A Permission objectclass, version 2' SUP ipaPermission AUXILIARY MUST ( ipa PermBindRuleType $ ipaPermLocation ) MAY ( ipaPermDefaultAttr $ ipaPermIncl udedAttr $ ipaPermExcludedAttr $ ipaPermRight $ ipaPermTargetFilter $ ipaPe rmTarget $ ipaPermTargetTo $ ipaPermTargetFrom ) X-ORIGIN ( 'IPA v4.2.2' 'u ser defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.20 NAME 'ipaUser' AUXILIARY MUST u id MAY ( userClass $ ipaKrbAuthzData ) X-ORIGIN ( 'IPA v4.3.1' 'user define d' ) ) objectClasses: ( 2.16.840.1.113730.3.8.6.3 NAME 'idnsForwardZone' DESC 'Forw ard Zone class' SUP top STRUCTURAL MUST ( idnsName $ idnsZoneActive ) MAY ( idnsForwarders $ idnsForwardPolicy ) X-ORIGIN ( 'IPA v4.0.0' 'user defined ' ) ) objectClasses: ( 2.16.840.1.113730.3.8.16.2.5 NAME 'ipatokenHOTP' DESC 'HOTP Token Type' SUP ipaToken STRUCTURAL MUST ( ipatokenOTPkey $ ipatokenOTPalg orithm $ ipatokenOTPdigits $ ipatokenHOTPcounter ) X-ORIGIN ( 'IPA v4.0.0' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.25 NAME 'ipaPrivateKeyObject' DESC 'Wrapped private keys' SUP top AUXILIARY MUST ( ipaPrivateKey $ ipaWrappin gKey $ ipaWrappingMech ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.24 NAME 'ipaPublicKeyObject' DESC 'Wrapped public keys' SUP top AUXILIARY MUST ipaPublicKey X-ORIGIN ( 'IPA v 4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.34 NAME 'ipaSecretKeyRefObject' DE SC 'Indirect storage for encoded key material' SUP top AUXILIARY MUST ipaSe cretKeyRef X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.26 NAME 'ipaSecretKeyObject' DESC 'Wrapped secret keys' SUP top AUXILIARY MUST ( ipaSecretKey $ ipaWrappingKe y $ ipaWrappingMech ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.17.2.1 NAME 'ipk11Object' DESC 'Objec t' SUP top STRUCTURAL MUST ipk11UniqueId X-ORIGIN ( 'IPA v4.1.2' 'user defi ned' ) ) objectClasses: ( 2.16.840.1.113730.3.8.17.2.2 NAME 'ipk11StorageObject' DESC 'Storage object' SUP top ABSTRACT MAY ( ipk11Private $ ipk11Modifiable $ i pk11Label $ ipk11Copyable $ ipk11Destroyable ) X-ORIGIN ( 'IPA v4.1.2' 'use r defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.17.2.5 NAME 'ipk11Key' DESC 'Key' SUP ipk11StorageObject ABSTRACT MAY ( ipk11KeyType $ ipk11Id $ ipk11StartDate $ ipk11EndDate $ ipk11Derive $ ipk11Local $ ipk11KeyGenMechanism $ ipk11All owedMechanisms ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.17.2.7 NAME 'ipk11PrivateKey' DESC 'P rivate key' SUP ipk11Key AUXILIARY MAY ( ipk11Subject $ ipk11Sensitive $ ip k11Decrypt $ ipk11Sign $ ipk11SignRecover $ ipk11Unwrap $ ipk11Extractable $ ipk11AlwaysSensitive $ ipk11NeverExtractable $ ipk11WrapWithTrusted $ ipk 11UnwrapTemplate $ ipk11AlwaysAuthenticate $ ipk11PublicKeyInfo ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.17.2.8 NAME 'ipk11SecretKey' DESC 'Se cret key' SUP ipk11Key AUXILIARY MAY ( ipk11Sensitive $ ipk11Encrypt $ ipk1 1Decrypt $ ipk11Sign $ ipk11Verify $ ipk11Wrap $ ipk11Unwrap $ ipk11Extract able $ ipk11AlwaysSensitive $ ipk11NeverExtractable $ ipk11CheckValue $ ipk 11WrapWithTrusted $ ipk11Trusted $ ipk11WrapTemplate $ ipk11UnwrapTemplate ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.17.2.6 NAME 'ipk11PublicKey' DESC 'Pu blic key' SUP ipk11Key AUXILIARY MAY ( ipk11Subject $ ipk11Encrypt $ ipk11V erify $ ipk11VerifyRecover $ ipk11Wrap $ ipk11Trusted $ ipk11WrapTemplate $ ipk11Distrusted $ ipk11PublicKeyInfo ) X-ORIGIN ( 'IPA v4.1.2' 'user defin ed' ) ) objectClasses: ( 2.16.840.1.113730.3.8.6.4 NAME 'idnsSecKey' DESC 'DNSSEC ke y metadata' SUP top STRUCTURAL MUST ( idnsSecKeyRef $ idnsSecKeyCreated $ i dnsSecAlgorithm ) MAY ( idnsSecKeyPublish $ idnsSecKeyActivate $ idnsSecKey Inactive $ idnsSecKeyDelete $ idnsSecKeyZone $ idnsSecKeyRevoke $ idnsSecKe ySep $ cn ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.27 NAME 'ipaCertificate' SUP top S TRUCTURAL MUST ( cn $ ipaCertIssuerSerial $ ipaCertSubject $ ipaPublicKey ) MAY ipaConfigString X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.28 NAME 'ipaKeyPolicy' SUP top AUX ILIARY MAY ( ipaKeyTrust $ ipaKeyUsage $ ipaKeyExtUsage ) X-ORIGIN ( 'IPA v 4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.29 NAME 'ipaIDView' SUP nsContaine r STRUCTURAL MAY description X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.35 NAME 'ipaOverrideTarget' SUP to p STRUCTURAL MUST ipaAnchorUUID X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.30 NAME 'ipaOverrideAnchor' SUP to p STRUCTURAL MUST ipaAnchorUUID MAY description X-ORIGIN ( 'IPA v4.1.2' 'us er defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.31 NAME 'ipaUserOverride' DESC 'Ov erride for User Attributes' SUP ipaOverrideAnchor STRUCTURAL MAY ( uid $ ui dNumber $ gidNumber $ homeDirectory $ loginShell $ gecos $ ipaOriginalUid $ userCertificate ) X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.32 NAME 'ipaGroupOverride' DESC 'O verride for Group Attributes' SUP ipaOverrideAnchor STRUCTURAL MAY ( gidNum ber $ cn ) X-ORIGIN ( 'IPA v4.1.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.16.2.6 NAME 'ipatokenOTPConfig' DESC 'OTP Global Configuration' SUP top STRUCTURAL MUST cn MAY ( ipatokenTOTPaut hWindow $ ipatokenTOTPsyncWindow $ ipatokenHOTPauthWindow $ ipatokenHOTPsyn cWindow ) X-ORIGIN ( 'IPA v4.1.3' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.18.1.1 NAME 'ipaVault' DESC 'IPA vaul t' SUP top STRUCTURAL MUST cn MAY ( description $ ipaVaultType $ ipaVaultSa lt $ ipaVaultPublicKey $ owner $ member ) X-ORIGIN ( 'IPA v4.2.2' 'user def ined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.18.1.2 NAME 'ipaVaultContainer' DESC 'IPA vault container' SUP top STRUCTURAL MUST cn MAY ( description $ owner ) X-ORIGIN ( 'IPA v4.2.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.21.2.1 NAME 'ipaCertProfile' SUP top STRUCTURAL MUST ( cn $ description $ ipaCertProfileStoreIssued ) X-ORIGIN ( 'IPA v4.2.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.21.2.2 NAME 'ipaCaAcl' SUP ipaAssocia tion STRUCTURAL MAY ( ipaCaCategory $ ipaCertProfileCategory $ serviceCateg ory $ ipaMemberCa $ ipaMemberCertProfile $ memberService ) X-ORIGIN ( 'IPA v4.4.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.20.1.2 NAME 'ipaReplTopoSegment' DESC 'IPA defined objectclass' SUP top STRUCTURAL MUST ( ipaReplTopoSegmentDire ction $ ipaReplTopoSegmentLeftNode $ ipaReplTopoSegmentRightNode ) MAY ( cn $ ipaReplTopoSegmentStatus $ ipaReplTopoSegmentGenerated $ nsDS5Replicated AttributeList $ nsDS5ReplicatedAttributeListTotal $ nsds5BeginReplicaRefres h $ description $ nsds5replicaTimeout $ nsds5ReplicaEnabled $ nsds5ReplicaS tripAttrs $ nsds5replicaSessionPauseTime $ nsds5ReplicaProtocolTimeout ) X- ORIGIN ( 'IPA v4.2.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.20.1.1 NAME 'ipaReplTopoConf' DESC 'I PA defined objectclass' SUP top STRUCTURAL MUST ipaReplTopoConfRoot MAY ( c n $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicatedAttrib uteListTotal $ nsds5ReplicaStripAttrs ) X-ORIGIN ( 'IPA v4.3.0' 'user defin ed' ) ) objectClasses: ( 2.16.840.1.113730.3.8.20.1.4 NAME 'ipaReplTopoManagedServer ' DESC 'part of managed replication topology' SUP top AUXILIARY MAY ipaRepl TopoManagedSuffix X-ORIGIN ( 'IPA v4.2.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.20.1.3 NAME 'ipaReplTopoManagedAgreem ent' DESC 'marker objectclass for managed replication agreements' SUP top A UXILIARY MAY ipaReplTopoManagedAgreementState X-ORIGIN ( 'IPA v4.2.2' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.19.1.2 NAME 'ipaSupportedDomainLevelC onfig' DESC 'Supported Domain Level Configuration' SUP ipaConfigObject AUXI LIARY MUST ( ipaMinDomainLevel $ ipaMaxDomainLevel ) X-ORIGIN ( 'IPA v4.2.2 ' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.19.1.1 NAME 'ipaDomainLevelConfig' DE SC 'Domain Level Configuration' SUP ipaConfigObject AUXILIARY MUST ipaDomai nLevel X-ORIGIN ( 'IPA v4.2.2' 'user defined' ) ) objectClasses: ( certProfile-oid NAME 'certProfile' DESC 'Certificate profil e' SUP top STRUCTURAL MUST cn MAY ( classId $ certProfileConfig ) X-ORIGIN 'user defined' ) objectClasses: ( tokenRecord-oid NAME 'tokenRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ modified $ tokenReason $ tokenUserID $ tokenStatus $ tokenAppletID $ keyInfo $ tokenPo licy $ extensions $ numberOfResets $ numberOfEnrollments $ numberOfRenewals $ numberOfRecoveries $ userCertificate $ tokenType ) X-ORIGIN 'user define d' ) objectClasses: ( tokenActivity-oid NAME 'tokenActivity' DESC 'CMS defined cl ass' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ tokenOp $ tokenIP $ tokenResult $ tokenID $ tokenUserID $ tokenMsg $ extensions $ tokenType ) X-ORIGIN 'user defined' ) objectClasses: ( tokenCert-oid NAME 'tokenCert' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ userCertificate $ tokenUserID $ tokenID $ tokenIssuer $ tokenOrigin $ tokenSubject $ token Serial $ tokenStatus $ tokenType $ tokenKeyType $ tokenNotBefore $ tokenNot After $ extensions ) X-ORIGIN 'user defined' ) objectClasses: ( tpsProfileID-oid NAME 'tpsProfileID' DESC 'CMS defined clas s' SUP top AUXILIARY MAY profileID X-ORIGIN ( 'user-defined' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.6.7 NAME 'ipaLocationObject' DESC 'Ob ject for storing IPA server location' SUP top STRUCTURAL MUST idnsName MAY description X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.36 NAME 'ipaDNSContainer' DESC 'IP A DNS container' AUXILIARY MUST ipaDNSVersion X-ORIGIN ( 'IPA v4.4.0.alpha1 ' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.6.6 NAME 'idnsServerConfigObject' DES C 'DNS server configuration options' SUP top STRUCTURAL MUST idnsServerId M AY ( idnsSubstitutionVariable $ idnsSOAmName $ idnsForwarders $ idnsForward Policy ) X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.6.5 NAME 'idnsTemplateObject' DESC 'T emplate object for dynamic DNS attribute generation' AUXILIARY MUST idnsTem plateAttribute X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.6.8 NAME 'ipaLocationMember' DESC 'Me mber object of IPA location' AUXILIARY MAY ( ipaLocation $ ipaServiceWeight ) X-ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) objectClasses: ( 2.16.840.1.113730.3.8.21.2.3 NAME 'ipaCa' SUP top STRUCTURA L MUST ( cn $ ipaCaId $ ipaCaSubjectDN $ ipaCaIssuerDN ) MAY description X- ORIGIN ( 'IPA v4.4.0.alpha1' 'user defined' ) ) objectClasses: ( authority-oid NAME 'authority' DESC 'Certificate Authority' SUP top STRUCTURAL MUST ( cn $ authorityID $ authorityKeyNickname $ author ityEnabled $ authorityDN ) MAY ( authoritySerial $ authorityParentID $ auth orityParentDN $ authorityKeyHost $ description ) X-ORIGIN ( 'IPA v4.4.0.alp ha1' 'user defined' ) ) ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1698971579.0 python-ldap-3.4.4/Tests/data/subschema-openldap-all.ldif0000644000175000017500000203673414521037673023453 0ustar00spichugispichugi######################################################################## # LDIF export by web2ldap 1.2.80, see http://www.web2ldap.de # Date and time: Saturday, 2017-02-18 17:09:50 GMT # Bind-DN: u'cn=Michael Str\xf6der+mail=michael@stroeder.com,ou=Private,dc=stroeder,dc=de' # LDAP-URL of search: # ldapi:///cn%3DSubschema?matchingRuleUse,ldapSyntaxes,nameForms,dITStructureRules,attributeTypes,matchingRules,dITContentRules,objectClasses,objectClass,cn?base?%28objectClass%3D%2A%29?x-saslmech=EXTERNAL ######################################################################## version: 1 dn: cn=Subschema attributeTypes: ( 2.5.4.0 NAME 'objectClass' DESC 'RFC4512: object classes o f the entity' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.38 ) attributeTypes: ( 2.5.21.9 NAME 'structuralObjectClass' DESC 'RFC4512: struc tural object class of entry' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOper ation ) attributeTypes: ( 2.5.18.1 NAME 'createTimestamp' DESC 'RFC4512: time which object was created' EQUALITY generalizedTimeMatch ORDERING generalizedTimeO rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODI FICATION USAGE directoryOperation ) attributeTypes: ( 2.5.18.2 NAME 'modifyTimestamp' DESC 'RFC4512: time which object was last modified' EQUALITY generalizedTimeMatch ORDERING generalize dTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USE R-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 2.5.18.3 NAME 'creatorsName' DESC 'RFC4512: name of creato r' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SIN GLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 2.5.18.4 NAME 'modifiersName' DESC 'RFC4512: name of last modifier' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 2.5.18.9 NAME 'hasSubordinates' DESC 'X.501: entry has chi ldren' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VAL UE NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 2.5.18.10 NAME 'subschemaSubentry' DESC 'RFC4512: name of controlling subschema entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOpe ration ) attributeTypes: ( 2.5.18.12 NAME 'collectiveAttributeSubentries' DESC 'RFC36 71: collective attribute subentries' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE directoryOperatio n ) attributeTypes: ( 2.5.18.7 NAME 'collectiveExclusions' DESC 'RFC3671: collec tive attribute exclusions' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.38 USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.1.20 NAME 'entryDN' DESC 'DN of the entry' EQUALIT Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC 'UUID of the entry' E QUALITY UUIDMatch ORDERING UUIDOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-V ALUE NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN' DESC 'change sequ ence number of the entry content' EQUALITY CSNMatch ORDERING CSNOrderingMat ch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.13 NAME 'namingCSN' DESC 'change se quence number of the entry naming (RDN)' EQUALITY CSNMatch ORDERING CSNOrde ringMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIF ICATION USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.23 NAME 'syncreplCookie' DESC 'sync repl Cookie for shadow copy' EQUALITY octetStringMatch ORDERING octetString OrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE NO-USER-MOD IFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.25 NAME 'contextCSN' DESC 'the larg est committed CSN of a context' EQUALITY CSNMatch ORDERING CSNOrderingMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} NO-USER-MODIFICATION USAGE dSAOpera tion ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' DESC 'RFC4512: alternative servers' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperati on ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' DESC 'RFC 4512: naming contexts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperat ion ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' DESC ' RFC4512: supported controls' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSA Operation ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' DESC 'RFC4512: supported extended operations' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 38 USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' DE SC 'RFC4512: supported LDAP versions' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms' DESC 'RFC4512: supported SASL mechanisms' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' DESC 'RFC4 512: features supported by the server' EQUALITY objectIdentifierMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.10 NAME 'monitorContext' DESC 'moni tor context' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.1 NAME 'configContext' DESC 'confi g context' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.1.4 NAME 'vendorName' DESC 'RFC3045: name of imple mentation vendor' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.1.5 NAME 'vendorVersion' DESC 'RFC3045: version of implementation' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 2.5.18.5 NAME 'administrativeRole' DESC 'RFC3672: administ rative role' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.38 USAGE directoryOperation ) attributeTypes: ( 2.5.18.6 NAME 'subtreeSpecification' DESC 'RFC3672: subtre e specification' SYNTAX 1.3.6.1.4.1.1466.115.121.1.45 SINGLE-VALUE USAGE di rectoryOperation ) attributeTypes: ( 2.5.21.1 NAME 'dITStructureRules' DESC 'RFC4512: DIT struc ture rules' EQUALITY integerFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.17 USAGE directoryOperation ) attributeTypes: ( 2.5.21.2 NAME 'dITContentRules' DESC 'RFC4512: DIT content rules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.16 USAGE directoryOperation ) attributeTypes: ( 2.5.21.4 NAME 'matchingRules' DESC 'RFC4512: matching rule s' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.30 USAGE directoryOperation ) attributeTypes: ( 2.5.21.5 NAME 'attributeTypes' DESC 'RFC4512: attribute ty pes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.3 USAGE directoryOperation ) attributeTypes: ( 2.5.21.6 NAME 'objectClasses' DESC 'RFC4512: object classe s' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.37 USAGE directoryOperation ) attributeTypes: ( 2.5.21.7 NAME 'nameForms' DESC 'RFC4512: name forms ' EQUA LITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 35 USAGE directoryOperation ) attributeTypes: ( 2.5.21.8 NAME 'matchingRuleUse' DESC 'RFC4512: matching ru le uses' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.31 USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' DESC 'RFC4 512: LDAP syntaxes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.54 USAGE directoryOperation ) attributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) DE SC 'RFC4512: name of aliased object' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'RFC3296: subordi nate referral URL' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 USAGE distributedOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.1.3.1 NAME 'entry' DESC 'OpenLDAP ACL ent ry pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE NO-USER-MOD IFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.1.3.2 NAME 'children' DESC 'OpenLDAP ACL children pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE NO-US ER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.8 NAME ( 'authzTo' 'saslAuthzTo' ) DESC 'proxy authorization targets' EQUALITY authzMatch SYNTAX 1.3.6.1.4.1.4 203.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.9 NAME ( 'authzFrom' 'saslAuthzFrom ' ) DESC 'proxy authorization sources' EQUALITY authzMatch SYNTAX 1.3.6.1.4 .1.4203.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' DESC 'RFC2589: entry time-to-live' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-US ER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.1466.101.119.4 NAME 'dynamicSubtrees' DESC 'RF C2589: dynamic subtrees' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIF ICATION USAGE dSAOperation ) attributeTypes: ( 2.5.4.49 NAME 'distinguishedName' DESC 'RFC4519: common su pertype of DN attributes' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.12 ) attributeTypes: ( 2.5.4.41 NAME 'name' DESC 'RFC4519: common supertype of na me attributes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) attributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) DESC 'RFC4519: common n ame(s) for which the entity is known by' SUP name ) attributeTypes: ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) DESC 'RF C4519: user identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'RFC2307: An integer uniquely identifying a user in an administrative domain' EQUALITY integerM atch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN GLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' DESC 'RFC2307: An integer uniquely identifying a group in an administrative domain' EQUALITY integer Match ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SI NGLE-VALUE ) attributeTypes: ( 2.5.4.35 NAME 'userPassword' DESC 'RFC4519/2307: password of user' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128 } ) attributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' DESC 'RFC2079: Unif orm Resource Identifier with optional label' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.5.4.13 NAME 'description' DESC 'RFC4519: descriptive inf ormation' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) attributeTypes: ( 2.5.4.34 NAME 'seeAlso' DESC 'RFC4519: DN of related objec t' SUP distinguishedName ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.78 NAME 'olcConfigFile' DESC ' File for slapd configuration directives' EQUALITY caseIgnoreMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.79 NAME 'olcConfigDir' DESC 'D irectory for slapd configuration backend' EQUALITY caseIgnoreMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.1 NAME 'olcAccess' DESC 'Acces s Control List' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.86 NAME 'olcAddContentAcl' DES C 'Check ACLs against content of Add ops' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.2 NAME 'olcAllows' DESC 'Allow ed set of deprecated features' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.3 NAME 'olcArgsFile' DESC 'Fil e for slapd command line options' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.5 NAME 'olcAttributeOptions' E QUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.4 NAME 'olcAttributeTypes' DES C 'OpenLDAP attributeTypes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.6 NAME 'olcAuthIDRewrite' EQUA LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES ' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.7 NAME 'olcAuthzPolicy' EQUALI TY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.8 NAME 'olcAuthzRegexp' EQUALI TY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.9 NAME 'olcBackend' DESC 'A ty pe of backend' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 SINGLE-VALUE X-ORDERED 'SIBLINGS' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.10 NAME 'olcConcurrency' SYNTA X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.11 NAME 'olcConnMaxPending' SY NTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.12 NAME 'olcConnMaxPendingAuth ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.13 NAME 'olcDatabase' DESC 'Th e backend type for a database instance' SUP olcBackend SINGLE-VALUE X-ORDER ED 'SIBLINGS' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.14 NAME 'olcDefaultSearchBase' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.15 NAME 'olcDisallows' EQUALIT Y caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.16 NAME 'olcDitContentRules' D ESC 'OpenLDAP DIT content rules' EQUALITY caseIgnoreMatch SUBSTR caseIgnore SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.20 NAME 'olcExtraAttrs' EQUA LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.17 NAME 'olcGentleHUP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.17 NAME 'olcHidden' SYNTAX 1 .3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.18 NAME 'olcIdleTimeout' SYNTA X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.19 NAME 'olcInclude' SUP label edURI ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.20 NAME 'olcIndexSubstrIfMinLe n' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.21 NAME 'olcIndexSubstrIfMaxLe n' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.22 NAME 'olcIndexSubstrAnyLen' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.23 NAME 'olcIndexSubstrAnyStep ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.84 NAME 'olcIndexIntLen' SYNTA X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.4 NAME 'olcLastMod' SYNTAX 1 .3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.85 NAME 'olcLdapSyntaxes' DESC 'OpenLDAP ldapSyntax' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.5 NAME 'olcLimits' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.93 NAME 'olcListenerThreads' S YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.26 NAME 'olcLocalSSF' SYNTAX 1 .3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.27 NAME 'olcLogFile' SYNTAX 1. 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.28 NAME 'olcLogLevel' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.6 NAME 'olcMaxDerefDepth' SY NTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.16 NAME 'olcMirrorMode' SYNT AX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.30 NAME 'olcModuleLoad' EQUALI TY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.31 NAME 'olcModulePath' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.18 NAME 'olcMonitoring' SYNT AX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.32 NAME 'olcObjectClasses' DES C 'OpenLDAP object classes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.33 NAME 'olcObjectIdentifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.34 NAME 'olcOverlay' SUP olcDa tabase SINGLE-VALUE X-ORDERED 'SIBLINGS' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.35 NAME 'olcPasswordCryptSaltF ormat' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.36 NAME 'olcPasswordHash' EQUA LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.37 NAME 'olcPidFile' SYNTAX 1. 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.38 NAME 'olcPlugin' EQUALITY c aseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.39 NAME 'olcPluginLogFile' SYN TAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.40 NAME 'olcReadOnly' SYNTAX 1 .3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.41 NAME 'olcReferral' SUP labe ledURI SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.7 NAME 'olcReplica' SUP labe ledURI EQUALITY caseIgnoreMatch X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.43 NAME 'olcReplicaArgsFile' S YNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.44 NAME 'olcReplicaPidFile' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.45 NAME 'olcReplicationInterva l' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.46 NAME 'olcReplogFile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.47 NAME 'olcRequires' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.48 NAME 'olcRestrict' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.49 NAME 'olcReverseLookup' SYN TAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.8 NAME 'olcRootDN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.51 NAME 'olcRootDSE' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.9 NAME 'olcRootPW' SYNTAX 1. 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.89 NAME 'olcSaslAuxprops' SYNT AX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.53 NAME 'olcSaslHost' SYNTAX 1 .3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.54 NAME 'olcSaslRealm' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.56 NAME 'olcSaslSecProps' SYNT AX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.58 NAME 'olcSchemaDN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.59 NAME 'olcSecurity' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.81 NAME 'olcServerID' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.60 NAME 'olcSizeLimit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.61 NAME 'olcSockbufMaxIncoming ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.62 NAME 'olcSockbufMaxIncoming Auth' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.83 NAME 'olcSortVals' DESC 'At tributes whose values will always be sorted' EQUALITY caseIgnoreMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.15 NAME 'olcSubordinate' SYN TAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.10 NAME 'olcSuffix' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.19 NAME 'olcSyncUseSubentry' DESC 'Store sync context in a subentry' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.11 NAME 'olcSyncrepl' EQUALI TY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.90 NAME 'olcTCPBuffer' DESC 'C ustom TCP buffer size' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.66 NAME 'olcThreads' SYNTAX 1. 3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.67 NAME 'olcTimeLimit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.68 NAME 'olcTLSCACertificateFi le' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.69 NAME 'olcTLSCACertificatePa th' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.70 NAME 'olcTLSCertificateFile ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.71 NAME 'olcTLSCertificateKeyF ile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.72 NAME 'olcTLSCipherSuite' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.73 NAME 'olcTLSCRLCheck' SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.82 NAME 'olcTLSCRLFile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.74 NAME 'olcTLSRandFile' SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.75 NAME 'olcTLSVerifyClient' S YNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.77 NAME 'olcTLSDHParamFile' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.87 NAME 'olcTLSProtocolMin' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.80 NAME 'olcToolThreads' SYNTA X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.12 NAME 'olcUpdateDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.13 NAME 'olcUpdateRef' SUP l abeledURI EQUALITY caseIgnoreMatch ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.88 NAME 'olcWriteTimeout' SYNT AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.1 NAME 'olcDbDirectory' DESC 'Directory for database content' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.5 NAME 'OpenLDAPaci' DESC 'OpenLDAP access control information (experimental)' EQUALITY OpenLDAPaciMatch SYNTA X 1.3.6.1.4.1.4203.666.2.1 USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.2 NAME 'olcDbCheckpoint' DES C 'Database checkpoint interval in kbytes and minutes' SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.4 NAME 'olcDbNoSync' DESC 'D isable synchronous database writes' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SIN GLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.12.3 NAME 'olcDbEnvFlags' DESC 'Database environment flags' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.2 NAME 'olcDbIndex' DESC 'At tribute index parameters' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.12.1 NAME 'olcDbMaxReaders' DE SC 'Maximum number of threads that may access the DB concurrently' SYNTAX 1 .3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.12.2 NAME 'olcDbMaxSize' DESC 'Maximum size of DB in bytes' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-V ALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.3 NAME 'olcDbMode' DESC 'Uni x permissions of database files' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.12.5 NAME 'olcDbRtxnSize' DESC 'Number of entries to process in one read transaction' SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.9 NAME 'olcDbSearchStack' DE SC 'Depth of search stack in IDLs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN GLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.11 NAME 'olcDbCacheFree' DES C 'Number of extra entries to free when max is reached' SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.1 NAME 'olcDbCacheSize' DESC 'Entry cache size in entries' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.16 NAME 'olcDbChecksum' DESC 'Enable database checksum validation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.13 NAME 'olcDbCryptFile' DES C 'Pathname of file containing the DB encryption key' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.14 NAME 'olcDbCryptKey' DESC 'DB encryption key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.3 NAME 'olcDbConfig' DESC 'B erkeleyDB DB_CONFIG configuration directives' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.26 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.15 NAME 'olcDbPageSize' DESC 'Page size of specified DB, in Kbytes' EQUALITY caseExactMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.5 NAME 'olcDbDirtyRead' DESC 'Allow reads of uncommitted data' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SING LE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.12 NAME 'olcDbDNcacheSize' D ESC 'DN cache size' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.6 NAME 'olcDbIDLcacheSize' D ESC 'IDL cache size in IDLs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VA LUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.7 NAME 'olcDbLinearIndex' DE SC 'Index attributes one at a time' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SIN GLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.8 NAME 'olcDbLockDetect' DES C 'Deadlock detection algorithm' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL E-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.10 NAME 'olcDbShmKey' DESC ' Key for shared memory region' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-V ALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.14 NAME 'olcDbURI' DESC 'URI (list) for remote DSA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.1 NAME 'olcDbStartTLS' DESC 'StartTLS' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.2 NAME 'olcDbACLAuthcDn' DES C 'Remote ACL administrative identity' OBSOLETE SYNTAX 1.3.6.1.4.1.1466.115 .121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.3 NAME 'olcDbACLPasswd' DESC 'Remote ACL administrative identity credentials' OBSOLETE SYNTAX 1.3.6.1.4 .1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.4 NAME 'olcDbACLBind' DESC ' Remote ACL administrative identity auth bind configuration' SYNTAX 1.3.6.1. 4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.5 NAME 'olcDbIDAssertAuthcDn ' DESC 'Remote Identity Assertion administrative identity' OBSOLETE SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.6 NAME 'olcDbIDAssertPasswd' DESC 'Remote Identity Assertion administrative identity credentials' OBSOL ETE SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.7 NAME 'olcDbIDAssertBind' D ESC 'Remote Identity Assertion administrative identity auth bind configurat ion' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.8 NAME 'olcDbIDAssertMode' D ESC 'Remote Identity Assertion mode' OBSOLETE SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.9 NAME 'olcDbIDAssertAuthzFr om' DESC 'Remote Identity Assertion authz rules' EQUALITY caseIgnoreMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.10 NAME 'olcDbRebindAsUser' DESC 'Rebind as user' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.11 NAME 'olcDbChaseReferrals ' DESC 'Chase referrals' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.12 NAME 'olcDbTFSupport' DES C 'Absolute filters support' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA LUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.13 NAME 'olcDbProxyWhoAmI' D ESC 'Proxy whoAmI exop' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.14 NAME 'olcDbTimeout' DESC 'Per-operation timeouts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.15 NAME 'olcDbIdleTimeout' D ESC 'connection idle timeout' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.16 NAME 'olcDbConnTtl' DESC 'connection ttl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.17 NAME 'olcDbNetworkTimeout ' DESC 'connection network timeout' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.18 NAME 'olcDbProtocolVersio n' DESC 'protocol version' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALU E ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.19 NAME 'olcDbSingleConn' DE SC 'cache a single connection per identity' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.20 NAME 'olcDbCancel' DESC ' abandon/ignore/exop operations when appropriate' SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.21 NAME 'olcDbQuarantine' DE SC 'Quarantine database if connection fails and retry according to rule' SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.22 NAME 'olcDbUseTemporaryCo nn' DESC 'Use temporary connections if the cached one is busy' SYNTAX 1.3.6 .1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.23 NAME 'olcDbConnectionPool Max' DESC 'Max size of privileged connections pool' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.24 NAME 'olcDbSessionTrackin gRequest' DESC 'Add session tracking control to proxied requests' SYNTAX 1. 3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.25 NAME 'olcDbNoRefs' DESC ' Do not return search reference responses' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.26 NAME 'olcDbNoUndefFilter' DESC 'Do not propagate undefined search filters' SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.108 NAME 'olcDbOnErr' DESC ' error handling' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.27 NAME 'olcDbIDAssertPassTh ru' DESC 'Remote Identity Assertion passthru rules' EQUALITY caseIgnoreMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.29 NAME 'olcDbKeepalive' DES C 'TCP keepalive' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.3.1 NAME 'olcChainingBehavior' DESC 'Chaining behavior control parameters (draft-sermersheim-ldap-chainin g)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.3.2 NAME 'olcChainCacheURI' DE SC 'Enables caching of URIs not present in configuration' SYNTAX 1.3.6.1.4. 1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.3.3 NAME 'olcChainMaxReferralD epth' DESC 'max referral depth' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.3.4 NAME 'olcChainReturnError' DESC 'Errors are returned instead of the original referral' SYNTAX 1.3.6.1 .4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.101 NAME 'olcDbRewrite' DESC 'DN rewriting rules' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.102 NAME 'olcDbMap' DESC 'Ma p attribute and objectclass names' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.103 NAME 'olcDbSubtreeExclud e' DESC 'DN of subtree to exclude from target' EQUALITY caseIgnoreMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.104 NAME 'olcDbSubtreeInclud e' DESC 'DN of subtree to include in target' EQUALITY caseIgnoreMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.105 NAME 'olcDbDefaultTarget ' DESC 'Specify the default target' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.106 NAME 'olcDbDnCacheTtl' D ESC 'dncache ttl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.107 NAME 'olcDbBindTimeout' DESC 'bind timeout' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.109 NAME 'olcDbPseudoRootBin dDefer' DESC 'error handling' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VA LUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.110 NAME 'olcDbNretries' DES C 'retry handling' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.111 NAME 'olcDbClientPr' DES C 'PagedResults handling' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.100 NAME 'olcMetaSub' DESC ' Placeholder to name a Target entry' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.15 SINGLE-VALUE X-ORDERED 'SIBLINGS' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.3.112 NAME 'olcDbFilter' DESC 'Filter regex pattern to include in target' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.1 NAME 'monitoredInfo' DESC 'mon itored info' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.15{32768} NO-USER-MODIFICATION USAGE dSAOpera tion ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.2 NAME 'managedInfo' DESC 'monit or managed info' SUP name ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.3 NAME 'monitorCounter' DESC 'mo nitor counter' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.27 NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.4 NAME 'monitorOpCompleted' DESC 'monitor completed operations' SUP monitorCounter NO-USER-MODIFICATION USA GE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.5 NAME 'monitorOpInitiated' DESC 'monitor initiated operations' SUP monitorCounter NO-USER-MODIFICATION USA GE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.6 NAME 'monitorConnectionNumber' DESC 'monitor connection number' SUP monitorCounter NO-USER-MODIFICATION U SAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.7 NAME 'monitorConnectionAuthzDN ' DESC 'monitor connection authorization DN' EQUALITY distinguishedNameMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE dSAOperat ion ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.8 NAME 'monitorConnectionLocalAd dress' DESC 'monitor connection local address' SUP monitoredInfo NO-USER-MO DIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.9 NAME 'monitorConnectionPeerAdd ress' DESC 'monitor connection peer address' SUP monitoredInfo NO-USER-MODI FICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.10 NAME 'monitorTimestamp' DESC 'monitor timestamp' EQUALITY generalizedTimeMatch ORDERING generalizedTimeO rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODI FICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.11 NAME 'monitorOverlay' DESC 'n ame of overlays defined for a given database' SUP monitoredInfo NO-USER-MOD IFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.12 NAME 'readOnly' DESC 'read/wr ite status of a given database' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.7 SINGLE-VALUE USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.13 NAME 'restrictedOperation' DE SC 'name of restricted operation for a given database' SUP managedInfo ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.14 NAME 'monitorConnectionProtoc ol' DESC 'monitor connection protocol' SUP monitoredInfo NO-USER-MODIFICATI ON USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.15 NAME 'monitorConnectionOpsRec eived' DESC 'monitor number of operations received by the connection' SUP m onitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.16 NAME 'monitorConnectionOpsExe cuting' DESC 'monitor number of operations in execution within the connecti on' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.17 NAME 'monitorConnectionOpsPen ding' DESC 'monitor number of pending operations within the connection' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.18 NAME 'monitorConnectionOpsCom pleted' DESC 'monitor number of operations completed within the connection' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.19 NAME 'monitorConnectionGet' D ESC 'number of times connection_get() was called so far' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.20 NAME 'monitorConnectionRead' DESC 'number of times connection_read() was called so far' SUP monitorCount er NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.21 NAME 'monitorConnectionWrite' DESC 'number of times connection_write() was called so far' SUP monitorCou nter NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.22 NAME 'monitorConnectionMask' DESC 'monitor connection mask' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.23 NAME 'monitorConnectionListen er' DESC 'monitor connection listener' SUP monitoredInfo NO-USER-MODIFICATI ON USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.24 NAME 'monitorConnectionPeerDo main' DESC 'monitor connection peer domain' SUP monitoredInfo NO-USER-MODIF ICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.25 NAME 'monitorConnectionStartT ime' DESC 'monitor connection start time' SUP monitorTimestamp SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.26 NAME 'monitorConnectionActivi tyTime' DESC 'monitor connection activity time' SUP monitorTimestamp SINGLE -VALUE NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.27 NAME 'monitorIsShadow' DESC ' TRUE if the database is shadow' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.7 SINGLE-VALUE USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.28 NAME 'monitorUpdateRef' DESC 'update referral for shadow databases' SUP monitoredInfo SINGLE-VALUE USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.29 NAME 'monitorRuntimeConfig' D ESC 'TRUE if component allows runtime configuration' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.30 NAME 'monitorSuperiorDN' DESC 'monitor superior DN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.12 NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.2.5.1 NAME 'olcRelay' DESC 'Rela y DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.15.1 NAME 'olcAuditlogFile' DE SC 'Filename for auditlogging' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.1 NAME 'olcAccessLogDB' DESC 'Suffix of database for log content' SUP distinguishedName SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.2 NAME 'olcAccessLogOps' DES C 'Operation types to log' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.3 NAME 'olcAccessLogPurge' D ESC 'Log cleanup parameters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA LUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.4 NAME 'olcAccessLogSuccess' DESC 'Log successful ops only' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE- VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.5 NAME 'olcAccessLogOld' DES C 'Log old values when modifying entries matching the filter' SYNTAX 1.3.6. 1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.6 NAME 'olcAccessLogOldAttr' DESC 'Log old values of these attributes even if unmodified' EQUALITY case IgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.4.7 NAME 'olcAccessLogBase' DE SC 'Operation types to log under a specific branch' EQUALITY caseIgnoreMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.1 NAME 'reqDN' DESC 'Target DN of request' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.2 NAME 'reqStart' DESC 'Start time of request' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrde ringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.3 NAME 'reqEnd' DESC 'End time of request' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrdering Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.4 NAME 'reqType' DESC 'Type of request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN GLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.5 NAME 'reqSession' DESC 'Sess ion ID of request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.6 NAME 'reqAuthzID' DESC 'Auth orization ID of requestor' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.7 NAME 'reqResult' DESC 'Resul t code of request' EQUALITY integerMatch ORDERING integerOrderingMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.8 NAME 'reqMessage' DESC 'Erro r text of request' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.9 NAME 'reqReferral' DESC 'Ref errals returned for request' SUP labeledURI ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.10 NAME 'reqControls' DESC 'Re quest controls' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1 .4.1.4203.666.11.5.3.1 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.11 NAME 'reqRespControls' DESC 'Response controls of request' EQUALITY objectIdentifierFirstComponentMatc h SYNTAX 1.3.6.1.4.1.4203.666.11.5.3.1 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.12 NAME 'reqId' DESC 'ID of Re quest to Abandon' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.13 NAME 'reqVersion' DESC 'Pro tocol version of Bind request' EQUALITY integerMatch ORDERING integerOrderi ngMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.14 NAME 'reqMethod' DESC 'Bind method of request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.15 NAME 'reqAssertion' DESC 'C ompare Assertion of request' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA LUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.16 NAME 'reqMod' DESC 'Modific ations of request' EQUALITY octetStringMatch SUBSTR octetStringSubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.17 NAME 'reqOld' DESC 'Old val ues of entry before request completed' EQUALITY octetStringMatch SUBSTR oct etStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.18 NAME 'reqNewRDN' DESC 'New RDN of request' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.19 NAME 'reqDeleteOldRDN' DESC 'Delete old RDN' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.20 NAME 'reqNewSuperior' DESC 'New superior DN of request' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.21 NAME 'reqScope' DESC 'Scope of request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.22 NAME 'reqDerefAliases' DESC 'Disposition of Aliases in request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.23 NAME 'reqAttrsOnly' DESC 'A ttributes and values of request' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.24 NAME 'reqFilter' DESC 'Filt er of request' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.25 NAME 'reqAttr' DESC 'Attrib utes of request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.26 NAME 'reqSizeLimit' DESC 'S ize limit of request' EQUALITY integerMatch ORDERING integerOrderingMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.27 NAME 'reqTimeLimit' DESC 'T ime limit of request' EQUALITY integerMatch ORDERING integerOrderingMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.28 NAME 'reqEntries' DESC 'Num ber of entries returned' EQUALITY integerMatch ORDERING integerOrderingMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.29 NAME 'reqData' DESC 'Data o f extended request' EQUALITY octetStringMatch SUBSTR octetStringSubstringsM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.30 NAME 'auditContext' DESC 'D N of auditContainer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-U SER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.31 NAME 'reqEntryUUID' DESC 'U UID of entry' EQUALITY UUIDMatch ORDERING UUIDOrderingMatch SYNTAX 1.3.6.1. 1.16.1 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.19.1 NAME 'olcCollectInfo' DES C 'DN of entry and attribute to distribute' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.8.1 NAME 'olcDlAttrSet' DESC ' Dynamic list: , , ' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.11.1 NAME 'olcRefintAttribute' DESC 'Attributes for referential integrity' EQUALITY caseIgnoreMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.11.2 NAME 'olcRefintNothing' D ESC 'Replacement DN to supply when needed' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.11.3 NAME 'olcRefintModifiersN ame' DESC 'The DN to use as modifiersName' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.12 SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.102 NAME 'memberOf' DESC 'Group that th e entry belongs to' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.12 USAGE dSAOperation X-ORIGIN 'iPlanet Delegated Administrator' ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.0 NAME 'olcMemberOfDN' DESC 'DN to be used as modifiersName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SING LE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.1 NAME 'olcMemberOfDangling ' DESC 'Behavior with respect to dangling members, constrained to ignore, d rop, error' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.2 NAME 'olcMemberOfRefInt' DESC 'Take care of referential integrity' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.3 NAME 'olcMemberOfGroupOC' DESC 'Group objectClass' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.4 NAME 'olcMemberOfMemberAD ' DESC 'member attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.5 NAME 'olcMemberOfMemberOf AD' DESC 'memberOf attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.18.7 NAME 'olcMemberOfDangling Error' DESC 'Error code returned in case of dangling back reference' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.1.1 NAME 'olcSpCheckpoint' DES C 'ContextCSN checkpoint interval in ops and minutes' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.1.2 NAME 'olcSpSessionlog' DES C 'Session log size in ops' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VAL UE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.1.3 NAME 'olcSpNoPresent' DESC 'Omit Present phase processing' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE -VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.1.4 NAME 'olcSpReloadHint' DES C 'Observe Reload Hint in Request control' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.14.1 NAME 'olcTranslucentStric t' DESC 'Reveal attribute deletion constraint violations' SYNTAX 1.3.6.1.4. 1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.14.2 NAME 'olcTranslucentNoGlu e' DESC 'Disable automatic glue records for ADD and MODRDN' SYNTAX 1.3.6.1. 4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.14.3 NAME 'olcTranslucentLocal ' DESC 'Attributes to use in local search filter' SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.14.4 NAME 'olcTranslucentRemot e' DESC 'Attributes to use in remote search filter' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.14.5 NAME 'olcTranslucentBindL ocal' DESC 'Enable local bind' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-V ALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.14.6 NAME 'olcTranslucentPwMod Local' DESC 'Enable local RFC 3062 Password Modify extended operation' SYNT AX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.10.1 NAME 'olcUniqueBase' DESC 'Subtree for uniqueness searches' EQUALITY distinguishedNameMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.10.2 NAME 'olcUniqueIgnore' DE SC 'Attributes for which uniqueness shall not be enforced' EQUALITY caseIgn oreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.10.3 NAME 'olcUniqueAttribute' DESC 'Attributes for which uniqueness shall be enforced' EQUALITY caseIgno reMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.10.4 NAME 'olcUniqueStrict' DE SC 'Enforce uniqueness of null values' EQUALITY booleanMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.10.5 NAME 'olcUniqueURI' DESC 'List of keywords and LDAP URIs for a uniqueness domain' EQUALITY caseExact Match ORDERING caseExactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.13.1 NAME 'olcConstraintAttrib ute' DESC 'constraint for list of attributes' EQUALITY caseIgnoreMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.5.1 NAME 'olcValSortAttr' DESC 'Sorting rule for attribute under given DN' EQUALITY caseIgnoreMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.21.1 NAME 'olcSssVlvMax' DESC 'Maximum number of concurrent Sort requests' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.21.2 NAME 'olcSssVlvMaxKeys' D ESC 'Maximum number of Keys in a Sort request' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.21.3 NAME 'olcSssVlvMaxPerConn ' DESC 'Maximum number of concurrent paged search requests per connection' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.16 NAME 'pwdChangedTime' DESC 'The time the password was last changed' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-V ALUE NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.17 NAME 'pwdAccountLockedTime' DES C 'The time an user account was locked' EQUALITY generalizedTimeMatch ORDER ING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGL E-VALUE USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.19 NAME 'pwdFailureTime' DESC 'The timestamps of the last consecutive authentication failures' EQUALITY gener alizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.24 NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.20 NAME 'pwdHistory' DESC 'The his tory of users passwords' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.40 NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.21 NAME 'pwdGraceUseTime' DESC 'Th e timestamps of the grace login once the password has expired' EQUALITY gen eralizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 NO-USER-MODIFICATION USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.22 NAME 'pwdReset' DESC 'The indic ation that the password has been reset' EQUALITY booleanMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE directoryOperation ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.23 NAME 'pwdPolicySubentry' DESC ' The pwdPolicy subentry in effect for this object' EQUALITY distinguishedNam eMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE USAGE directoryOpe ration ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.12.1 NAME 'olcPPolicyDefault' DESC 'DN of a pwdPolicy object for uncustomized objects' SYNTAX 1.3.6.1.4.1 .1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.12.2 NAME 'olcPPolicyHashClear text' DESC 'Hash passwords on add or modify' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.12.4 NAME 'olcPPolicyForwardUp dates' DESC 'Allow policy state updates to be forwarded via updateref' SYNT AX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.12.3 NAME 'olcPPolicyUseLockou t' DESC 'Warn clients with AccountLocked' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.57 NAME 'entryExpireTimestamp' DESC 'RFC2589 OpenLDAP extension: expire time of a dynamic object, computed as now + entryTtl' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrder ingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICA TION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.1 NAME 'olcDDSstate' DESC 'R FC2589 Dynamic directory services state' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.2 NAME 'olcDDSmaxTtl' DESC ' RFC2589 Dynamic directory services max TTL' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.3 NAME 'olcDDSminTtl' DESC ' RFC2589 Dynamic directory services min TTL' SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.4 NAME 'olcDDSdefaultTtl' DE SC 'RFC2589 Dynamic directory services default TTL' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.5 NAME 'olcDDSinterval' DESC 'RFC2589 Dynamic directory services expiration task run interval' SYNTAX 1 .3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.6 NAME 'olcDDStolerance' DES C 'RFC2589 Dynamic directory services additional TTL in expiration scheduli ng' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.3.9.7 NAME 'olcDDSmaxDynamicObje cts' DESC 'RFC2589 Dynamic directory services max number of dynamic objects ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.453.16.2.188 NAME 'authTimestamp' DESC 'last s uccessful authentication using any method/mech' EQUALITY generalizedTimeMat ch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 24 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.4.5.1 NAME 'olcLastBindPrecision ' DESC 'Precision of authTimestamp attribute' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.0.1.1 NAME 'olmDbDirectory' DESC 'Path name of the directory where the database environment resides' SUP mo nitoredInfo NO-USER-MODIFICATION USAGE dSAOperation ) attributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: knowled ge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15{32768} ) attributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (famil y) name(s) for which the entity is known by' SUP name ) attributeTypes: ( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial number o f the entity' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) attributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC4519: two-lett er ISO-3166 country code' SUP name SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 SIN GLE-VALUE ) attributeTypes: ( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256: localit y which this object resides in' SUP name ) attributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'RFC2256: state or province which this object resides in' SUP name ) attributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC 'RFC2256: s treet address of this object' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) attributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC2256: or ganization this object belongs to' SUP name ) attributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC 'RFC2 256: organizational unit this object belongs to' SUP name ) attributeTypes: ( 2.5.4.12 NAME 'title' DESC 'RFC2256: title associated with the entity' SUP name ) attributeTypes: ( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search guide, d eprecated by enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) attributeTypes: ( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256: business c ategory' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.15{128} ) attributeTypes: ( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256: postal addres s' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) attributeTypes: ( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal code' EQU ALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15{40} ) attributeTypes: ( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post Office B ox' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.15{40} ) attributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'RFC2256: Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) attributeTypes: ( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256: Telephone N umber' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) attributeTypes: ( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex Number' S YNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) attributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'RFC2256: T eletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) attributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DESC 'R FC2256: Facsimile (Fax) Telephone Number' SYNTAX 1.3.6.1.4.1.1466.115.121.1 .22 ) attributeTypes: ( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121 Address' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.36{15} ) attributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber' DESC 'RFC2256: int ernational ISDN number' EQUALITY numericStringMatch SUBSTR numericStringSub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) attributeTypes: ( 2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256: registere d postal address' SUP postalAddress SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) attributeTypes: ( 2.5.4.27 NAME 'destinationIndicator' DESC 'RFC2256: destin ation indicator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) attributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC 'RFC2256: pre ferred delivery method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SINGLE-VALUE ) attributeTypes: ( 2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256: present ation address' EQUALITY presentationAddressMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.43 SINGLE-VALUE ) attributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'RFC2256: supported application context' EQUALITY objectIdentifierMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.38 ) attributeTypes: ( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a group' S UP distinguishedName ) attributeTypes: ( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the object) ' SUP distinguishedName ) attributeTypes: ( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256: occupant of ro le' SUP distinguishedName ) attributeTypes: ( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256: X.509 user certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.8 ) attributeTypes: ( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256: X.509 CA cert ificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.8 ) attributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList' DESC 'RFC2256: X.5 09 authority revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.9 ) attributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList' DESC 'RFC2256: X .509 certificate revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115. 121.1.9 ) attributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair' DESC 'RFC2256: X.509 cross certificate pair, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 ) attributeTypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: first na me(s) for which the entity is known by' SUP name ) attributeTypes: ( 2.5.4.43 NAME 'initials' DESC 'RFC2256: initials of some o r all of names, but not the surname(s).' SUP name ) attributeTypes: ( 2.5.4.44 NAME 'generationQualifier' DESC 'RFC2256: name qu alifier indicating a generation' SUP name ) attributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'RFC2256: X.500 unique identifier' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.6 ) attributeTypes: ( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN qualifier' E QUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreS ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) attributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'RFC2256: enhance d search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) attributeTypes: ( 2.5.4.48 NAME 'protocolInformation' DESC 'RFC2256: protoco l information' EQUALITY protocolInformationMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.42 ) attributeTypes: ( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique member of a group' EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) attributeTypes: ( 2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256: house ident ifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.15{32768} ) attributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'RFC2256: support ed algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) attributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList' DESC 'RFC2256: delta r evocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) attributeTypes: ( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name of DMD' SUP na me ) attributeTypes: ( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th): pseudonym for the object' SUP name ) attributeTypes: ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' ) DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnor eIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' ) DESC 'RFC1274/2247: domain component' EQUALITY caseIgnoreIA5Match SUBSTR c aseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VAL UE ) attributeTypes: ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' DESC 'R FC1274: domain associated with object' EQUALITY caseIgnoreIA5Match SUBSTR c aseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.840.113549.1.9.1 NAME ( 'email' 'emailAddress' 'pkcs9e mail' ) DESC 'RFC3280: legacy attribute for email addresses in DNs' EQUALIT Y caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.26{128} ) attributeTypes: ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' EQUA LITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: gener al information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) attributeTypes: ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDrink' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgnore SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274: phot o (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) attributeTypes: ( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC1274: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: host computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC1274: D N of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.12 ) attributeTypes: ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' DESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR ca seIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC 'RFC1 274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DESC 'RF C1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC 'RFC 1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DESC 'R FC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR case IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTelepho neNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumberM atch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.50 ) attributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.12 ) attributeTypes: ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX 1.3. 6.1.4.1.1466.115.121.1.39 ) attributeTypes: ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY caseIgn oreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY caseIg noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY caseIg noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY caseIg noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY caseI gnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALITY cas eIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC 'RFC 1274: DN of entry associated with domain' EQUALITY distinguishedNameMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' DESC ' RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIgnor eListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) attributeTypes: ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC 'RFC1 274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTelephon eNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNumber Match SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.50 ) attributeTypes: ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelephoneN umber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumberMat ch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 50 ) attributeTypes: ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCountryNam e' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DESC 'R FC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus' DES C 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseIgno reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC 'RFC12 74: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption' DES C 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC 'RFC12 74: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RFC1274 : DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ) attributeTypes: ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE -VALUE ) attributeTypes: ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality' DE SC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) attributeTypes: ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality' DE SC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) attributeTypes: ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' DESC ' RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 ) attributeTypes: ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'RFC127 4: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.12 ) attributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274: aud io (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ) attributeTypes: ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' DESC ' RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC2798: v ehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR caseI gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC 'RFC2 798: identifies a department within an organization' EQUALITY caseIgnoreMat ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC2798 : preferred name to be used when displaying entries' EQUALITY caseIgnoreMat ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RFC279 8: numerically identifies an employee within an organization' EQUALITY case IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgnor eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) attributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC 'RF C2798: preferred written or spoken language for a person' EQUALITY caseIgno reMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.5 ) attributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.115 .121.1.5 ) attributeTypes: ( 2.16.840.1.113730.3.1.13 NAME 'mailLocalAddress' DESC 'RFC 822 email address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3 .6.1.4.1.1466.115.121.1.26{256} ) attributeTypes: ( 2.16.840.1.113730.3.1.18 NAME 'mailHost' DESC 'FQDN of the SMTP/MTA of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 .1466.115.121.1.26{256} SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113730.3.1.47 NAME 'mailRoutingAddress' DESC 'R FC822 routing address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.2.1.15 NAME 'rfc822MailMember' DESC 'r fc822 mail address of group member(s)' EQUALITY caseIgnoreIA5Match SYNTAX 1 .3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; the co mmon name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolute pa th to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.146 6.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to the lo gin shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integerMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integerMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactIA5Mat ch SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY caseExa ctIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.26 ) attributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgroup t riple' SYNTAX 1.3.6.1.1.1.0.0 ) attributeTypes: ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY integerMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name ) attributeTypes: ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY integerM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP address' EQU ALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) attributeTypes: ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP network' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGL E-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netmask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGL E-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address' EQUA LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) attributeTypes: ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootparamd parameter' SYNTAX 1.3.6.1.1.1.0.1 ) attributeTypes: ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image name' EQ UALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name ) attributeTypes: ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseExactIA5M atch SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 6{1024} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.6 NAME 'javaClassName' DESC 'Fully qualified name of distinguished Java class or interface' EQUALITY caseExac tMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.7 NAME 'javaCodebase' DESC 'URL(s) specifying the location of class definition' EQUALITY caseExactIA5Match SY NTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.13 NAME 'javaClassNames' DESC 'Ful ly qualified Java class or interface name' EQUALITY caseExactMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.8 NAME 'javaSerializedData' DESC ' Serialized form of a Java object' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SING LE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.10 NAME 'javaFactory' DESC 'Fully qualified Java class name of a JNDI object factory' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.11 NAME 'javaReferenceAddress' DES C 'Addresses associated with a JNDI Reference' EQUALITY caseExactMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.12 NAME 'javaDoc' DESC 'The Java d ocumentation for the class' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1 466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.14 NAME 'corbaIor' DESC 'Stringifi ed interoperable object reference of a CORBA object' EQUALITY caseIgnoreIA5 Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.15 NAME 'corbaRepositoryId' DESC ' Repository ids of interfaces implemented by a CORBA object' EQUALITY caseEx actMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.16.840.1.113730.3.1.198 NAME 'memberURL' DESC 'Identifie s an URL associated with each member of a group. Any type of labeled URL ca n be used.' SUP labeledURI ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.8.1.1 NAME 'dgIdentity' DESC 'Iden tity to use when processing the memberURL' SUP distinguishedName SINGLE-VAL UE ) attributeTypes: ( 1.3.6.1.4.1.4203.666.11.8.1.2 NAME 'dgAuthz' DESC 'Optiona l authorization rules that determine who is allowed to assume the dgIdentit y' EQUALITY authzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 X-ORDERED 'VALUES' ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.1 NAME 'pwdAttribute' EQUALITY obj ectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.2 NAME 'pwdMinAge' EQUALITY intege rMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S INGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.3 NAME 'pwdMaxAge' EQUALITY intege rMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S INGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.4 NAME 'pwdInHistory' EQUALITY int egerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.5 NAME 'pwdCheckQuality' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.6 NAME 'pwdMinLength' EQUALITY int egerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.7 NAME 'pwdExpireWarning' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.8 NAME 'pwdGraceAuthNLimit' EQUALI TY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.9 NAME 'pwdLockout' EQUALITY boole anMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.10 NAME 'pwdLockoutDuration' EQUAL ITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.11 NAME 'pwdMaxFailure' EQUALITY i ntegerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.12 NAME 'pwdFailureCountInterval' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.13 NAME 'pwdMustChange' EQUALITY b ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.14 NAME 'pwdAllowUserChange' EQUAL ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.15 NAME 'pwdSafeModify' EQUALITY b ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.30 NAME 'pwdMaxRecordedFailure' EQ UALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.4754.1.99.1 NAME 'pwdCheckModule' DESC 'Loadab le module that instantiates check_password() function' EQUALITY caseExactIA 5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.5.4.72 NAME 'role' DESC 'X.509 Role attribute, use ;bina ry' SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.6 ) attributeTypes: ( 2.5.4.75 NAME 'xmlPrivilegeInfo' DESC 'X.509 XML privilege information attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.5.4.58 NAME 'attributeCertificateAttribute' DESC 'X.509 Attribute certificate attribute, use ;binary' EQUALITY attributeCertificate ExactMatch SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.1 ) attributeTypes: ( 2.5.4.61 NAME 'aACertificate' DESC 'X.509 AA certificate a ttribute, use ;binary' EQUALITY attributeCertificateExactMatch SYNTAX 1.3.6 .1.4.1.4203.666.11.10.2.1 ) attributeTypes: ( 2.5.4.62 NAME 'attributeDescriptorCertificate' DESC 'X.509 Attribute descriptor certificate attribute, use ;binary' EQUALITY attribut eCertificateExactMatch SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.1 ) attributeTypes: ( 2.5.4.59 NAME 'attributeCertificateRevocationList' DESC 'X .509 Attribute certificate revocation list attribute, use ;binary' SYNTAX 1 .3.6.1.4.1.1466.115.121.1.9 X-EQUALITY 'certificateListExactMatch, not impl emented yet' ) attributeTypes: ( 2.5.4.63 NAME 'attributeAuthorityRevocationList' DESC 'X.5 09 AA certificate revocation list attribute, use ;binary' SYNTAX 1.3.6.1.4. 1.1466.115.121.1.9 X-EQUALITY 'certificateListExactMatch, not implemented y et' ) attributeTypes: ( 2.5.4.73 NAME 'delegationPath' DESC 'X.509 Delegation path attribute, use ;binary' SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.4 ) attributeTypes: ( 2.5.4.71 NAME 'privPolicy' DESC 'X.509 Privilege policy at tribute, use ;binary' SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.5 ) attributeTypes: ( 2.5.4.74 NAME 'protPrivPolicy' DESC 'X.509 Protected privi lege policy attribute, use ;binary' EQUALITY attributeCertificateExactMatch SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.1 ) attributeTypes: ( 2.5.4.76 NAME 'xmlPrivPolicy' DESC 'X.509 XML Protected pr ivilege policy attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.5.4.7.1 NAME 'c-l' SUP l COLLECTIVE ) attributeTypes: ( 2.5.4.8.1 NAME 'c-st' SUP st COLLECTIVE ) attributeTypes: ( 2.5.4.9.1 NAME 'c-street' SUP street COLLECTIVE ) attributeTypes: ( 2.5.4.10.1 NAME 'c-o' SUP o COLLECTIVE ) attributeTypes: ( 2.5.4.11.1 NAME 'c-ou' SUP ou COLLECTIVE ) attributeTypes: ( 2.5.4.16.1 NAME 'c-PostalAddress' SUP postalAddress COLLEC TIVE ) attributeTypes: ( 2.5.4.17.1 NAME 'c-PostalCode' SUP postalCode COLLECTIVE ) attributeTypes: ( 2.5.4.18.1 NAME 'c-PostOfficeBox' SUP postOfficeBox COLLEC TIVE ) attributeTypes: ( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName' SUP physica lDeliveryOfficeName COLLECTIVE ) attributeTypes: ( 2.5.4.20.1 NAME 'c-TelephoneNumber' SUP telephoneNumber CO LLECTIVE ) attributeTypes: ( 2.5.4.21.1 NAME 'c-TelexNumber' SUP telexNumber COLLECTIVE ) attributeTypes: ( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber' SUP facsimile TelephoneNumber COLLECTIVE ) attributeTypes: ( 2.5.4.25.1 NAME 'c-InternationalISDNNumber' SUP internatio nalISDNNumber COLLECTIVE ) attributeTypes: ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' DESC 'IAN A GSS-API authorized service name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.15{256} ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.0 NAME 'defaultServerList' DESC 'De fault LDAP server host address used by a DUA' EQUALITY caseIgnoreMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 NAME 'defaultSearchBase' DESC 'De fault LDAP base DN used by a DUA' EQUALITY distinguishedNameMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 NAME 'preferredServerList' DESC ' Preferred LDAP server host addresses to be used by a DUA' EQUALI TY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.3 NAME 'searchTimeLimit' DESC 'Maxi mum time in seconds a DUA should allow for a search to complete' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.4 NAME 'bindTimeLimit' DESC 'Maximu m time in seconds a DUA should allow for the bind operation to c omplete' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- VALUE ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.5 NAME 'followReferrals' DESC 'Tell s DUA if it should follow referrals returned by a DSA search res ult' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.16 NAME 'dereferenceAliases' DESC ' Tells DUA if it should dereference aliases' EQUALITY booleanMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 NAME 'authenticationMethod' DESC 'A keystring which identifies the type of authentication method used to contact the DSA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.7 NAME 'profileTTL' DESC 'Time to l ive, in seconds, before a client DUA should re-read this configu ration profile' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.14 NAME 'serviceSearchDescriptor' D ESC 'LDAP search descriptor list used by a DUA' EQUALITY caseExactMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.9 NAME 'attributeMap' DESC 'Attribu te mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.10 NAME 'credentialLevel' DESC 'Ide ntifies type of credentials a DUA should use when binding to the LDAP server' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1 .26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.11 NAME 'objectclassMap' DESC 'Obje ctclass mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1. 4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.12 NAME 'defaultSearchScope' DESC ' Default search scope used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3. 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.13 NAME 'serviceCredentialLevel' DE SC 'Identifies type of credentials a DUA should use when binding to the LDAP server for a specific service' EQUALITY caseIgnoreI A5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.15 NAME 'serviceAuthenticationMetho d' DESC 'Authentication method used by a service of the DUA' EQUALITY caseI gnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.2.840.113533.7.68.10 NAME 'attributeCertificate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) attributeTypes: ( 1.2.840.113533.7.68.0 NAME 'entrustCAInfo' SYNTAX 1.3.6.1. 4.1.1466.115.121.1.5 ) attributeTypes: ( 1.2.840.113533.7.68.30 NAME 'entrustPolicyCertificate' SYN TAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.2.840.113533.7.68.22 NAME 'entrustRoamFileEncInfo' EQUAL ITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.2.840.113533.7.79.0 NAME 'entrustRoamingCAPAB' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.2.840.113533.7.68.28 NAME 'entrustRoamingEOP' EQUALITY o ctetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.2.840.113533.7.68.24 NAME 'entrustRoamingPAB' EQUALITY o ctetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.2.840.113533.7.68.27 NAME 'entrustRoamingPRV' EQUALITY o ctetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.2.840.113533.7.68.23 NAME 'entrustRoamingProfile' EQUALI TY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.2.840.113533.7.68.25 NAME 'entrustRoamingRecipList' EQUA LITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.2.840.113533.7.68.26 NAME 'entrustRoamingSLA' EQUALITY o ctetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 2.16.840.1.114027.22.4 NAME 'entrustAttributeCertificate' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.2.840.113533.7.79.1 NAME 'entrustRoamingId' SUP uid ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.1 NAME 'eduPersonAffiliation' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SUBSTR case IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.2 NAME 'eduPersonNickname' DESC 'ed uPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SUBSTR caseIgn oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.3 NAME 'eduPersonOrgDN' DESC 'eduPe rson per Internet2 and EDUCAUSE' EQUALITY distinguishedNameMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.4 NAME 'eduPersonOrgUnitDN' DESC 'e duPerson per Internet2 and EDUCAUSE' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.5 NAME 'eduPersonPrimaryAffiliation ' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SUBS TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA LUE ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.6 NAME 'eduPersonPrincipalName' DES C 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SUBSTR ca seIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.7 NAME 'eduPersonEntitlement' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseExactMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.8 NAME 'eduPersonPrimaryOrgUnitDN' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.9 NAME 'eduPersonScopedAffiliation' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5923.1.2.1.2 NAME 'eduOrgHomePageURI' DESC 'ed uOrg per Internet2 and EDUCAUSE' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1. 4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.5923.1.2.1.3 NAME 'eduOrgIdentityAuthNPolicyUR I' DESC 'eduOrg per Internet2 and EDUCAUSE' EQUALITY caseExactIA5Match SYNT AX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.5923.1.2.1.4 NAME 'eduOrgLegalName' DESC 'eduO rg per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.5923.1.2.1.5 NAME 'eduOrgSuperiorURI' DESC 'ed uOrg per Internet2 and EDUCAUSE' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1. 4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.5923.1.2.1.6 NAME 'eduOrgWhitePagesURI' DESC ' eduOrg per Internet2 and EDUCAUSE' EQUALITY caseExactIA5Match SYNTAX 1.3.6. 1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.1 NAME 'schacMotherTongue' DESC 'RFC 3066 code for prefered language of communication' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.2 NAME 'schacGender' DESC 'Represent ation of human sex (see ISO 5218)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.3 NAME 'schacDateOfBirth' DESC 'Date of birth (format YYYYMMDD, only numeric chars)' EQUALITY numericStringMatc h ORDERING numericStringOrderingMatch SUBSTR numericStringSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.4 NAME 'schacPlaceOfBirth' DESC 'Bir th place of a person' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingM atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.5 NAME 'schacCountryOfCitizenship' D ESC 'Country of citizenship of a person. Format two-letter acronym accordin g to ISO 3166' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.6 NAME 'schacSn1' DESC 'First surnam e of a person' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SU BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.7 NAME 'schacSn2' DESC 'Second surna me of a person' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch S UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.8 NAME 'schacPersonalTitle' DESC 'RF C1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.9 NAME 'schacHomeOrganization' DESC 'Domain name of the home organization' EQUALITY caseIgnoreMatch SUBSTR case IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.10 NAME 'schacHomeOrganizationType' DESC 'Type of the home organization' EQUALITY caseIgnoreMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.11 NAME 'schacCountryOfResidence' DE SC 'Country of citizenship of a person. Format two-letter acronym according to ISO 3166' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.12 NAME 'schacUserPresenceID' DESC ' Used to store a set of values related to the network presence' EQUALITY cas eExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.13 NAME 'schacPersonalPosition' DESC 'Position inside an institution' EQUALITY caseIgnoreMatch SUBSTR caseIgnor eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.14 NAME 'schacPersonalUniqueCode' DE SC 'unique code for the subject' EQUALITY caseIgnoreMatch ORDERING caseIgno reOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.15 NAME 'schacPersonalUniqueID' DESC 'Unique identifier for the subject' EQUALITY caseExactMatch ORDERING caseE xactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.17 NAME 'schacExpiryDate' DESC 'Date from which the set of data is to be considered invalid (format YYYYMMDDhhm mssZ)' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.18 NAME 'schacUserPrivateAttribute' DESC 'Set of denied access attributes' EQUALITY caseIgnoreIA5Match SUBSTR c aseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.19 NAME 'schacUserStatus' DESC 'Used to store a set of status of a person as user of services' EQUALITY caseIgn oreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.20 NAME 'schacProjectMembership' DES C 'Name of the project' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.2.21 NAME 'schacProjectSpecificRole' D ESC 'Used to store a set of roles of a person inside a project' EQUALITY ca seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.25178.1.0.2.3 NAME 'schacYearOfBirth' DESC 'Ye ar of birth (format YYYY, only numeric chars)' EQUALITY numericStringMatch ORDERING numericStringOrderingMatch SUBSTR numericStringSubstringsMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' DESC 'An integer den oting time to live' EQUALITY integerMatch ORDERING integerOrderingMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' DESC 'The class of a resource record' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115 .121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.11 NAME 'wKSRecord' DESC 'a well kno wn service description, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIg noreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' DESC 'domain nam e pointer, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord' DESC 'host inf ormation, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substri ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord' DESC 'mailbox or mail list information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR case IgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord' DESC 'text strin g, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.17 NAME 'rPRecord' DESC 'for Respons ible Person, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subs tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord' DESC 'for AFS Data Base location, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnore IA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord' DESC 'Signature, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord' DESC 'Key, RFC 2 535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.27 NAME 'gPosRecord' DESC 'Geographi cal Position, RFC 1712' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Sub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord' DESC 'IPv6 addr ess, RFC 1886' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord' DESC 'Location, RFC 1876' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord' DESC 'non-exista nt, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord' DESC 'service lo cation, RFC 2782' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord' DESC 'Naming A uthority Pointer, RFC 2915' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA 5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord' DESC 'Key Exchang e Delegation, RFC 2230' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Sub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord' DESC 'certifica te, RFC 2538' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record' DESC 'A6 Record T ype, RFC 2874' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' DESC 'Non-Term inal DNS Name Redirection, RFC 2672' EQUALITY caseIgnoreIA5Match SUBSTR cas eIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.42 NAME 'aPLRecord' DESC 'Lists of A ddress Prefixes, RFC 3123' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5 SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord' DESC 'Delegation Signer, RFC 3658' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord' DESC 'SSH Key Fingerprint, RFC 4255' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subs tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.45 NAME 'iPSecKeyRecord' DESC 'SSH K ey Fingerprint, RFC 4025' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5S ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord' DESC 'RRSIG, R FC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord' DESC 'NSEC, RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.48 NAME 'dNSKeyRecord' DESC 'DNSKEY, RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.49 NAME 'dHCIDRecord' DESC 'DHCID, R FC 4701' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.51 NAME 'nSec3ParamRecord' DESC 'par ameters for NSEC3, RFC 5155' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreI A5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.52 NAME 'TLSARecord' DESC 'DNS-Based Authentication of Named Entities - Transport Layer Security Protocol, RFC 6698' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.99 NAME 'sPFRecord' DESC 'Sender Pol icy Framework, RFC 4408' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Su bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.257 NAME 'CAARecord' DESC 'Certifica tion Authority Authorization, RFC 6844' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.20.1.32769 NAME 'DLVRecord' DESC 'RFC 443 1: DNSSEC Lookaside Validation' EQUALITY caseIgnoreIA5Match SUBSTR caseIgno reIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.1.1.28 NAME 'nisPublickey' DESC 'nisPublickey' E QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.1.1.29 NAME 'nisSecretkey' DESC 'nisSecretkey' E QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.1.1.30 NAME 'nisDomain' SUP name ) attributeTypes: ( 2.16.840.1.113730.3.1.30 NAME 'mgrpRFC822MailMember' DESC 'mgrpRFC822MailMember' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466. 115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.12 NAME 'nisNetIdUser' DESC 'nisNe tIdUser' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.13 NAME 'nisNetIdGroup' DESC 'nisN etIdGroup' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.1.1.14 NAME 'nisNetIdHost' DESC 'nisNe tIdHost' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.15 NAME 'SolarisLDAPServers' DESC 'SolarisLDAPServers' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.16 NAME 'SolarisSearchBaseDN' DESC 'SolarisSearchBaseDN' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.17 NAME 'SolarisCacheTTL' DESC 'So larisCacheTTL' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S INGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.18 NAME 'SolarisBindDN' DESC 'Sola risBindDN' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.19 NAME 'SolarisBindPassword' DESC 'SolarisBindPassword' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.20 NAME 'SolarisAuthMethod' DESC ' SolarisAuthMethod' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.21 NAME 'SolarisTransportSecurity' DESC 'SolarisTransportSecurity' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.24 NAME 'SolarisDataSearchDN' DESC 'SolarisDataSearchDN' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.25 NAME 'SolarisSearchScope' DESC 'SolarisSearchScope' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.26 NAME 'SolarisSearchTimeLimit' D ESC 'SolarisSearchTimeLimit' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.27 NAME 'SolarisPreferedServer' DE SC 'SolarisPreferedServer' SUP name ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.28 NAME 'SolarisPreferedServerOnly ' DESC 'SolarisPreferedServerOnly' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.29 NAME 'SolarisSearchReferral' DE SC 'SolarisSearchReferral' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.31 NAME 'homeFax' SYNTAX 1.3.6.1. 4.1.1466.115.121.1.22 ) attributeTypes: ( 2.16.128.113533.1.1400.1 NAME 'thumbnailPhoto' SYNTAX 1.3. 6.1.4.1.1466.115.121.1.28 ) attributeTypes: ( 2.16.128.113533.1.1400.2 NAME 'thumbnailLogo' SYNTAX 1.3.6 .1.4.1.1466.115.121.1.28 ) attributeTypes: ( 1.3.6.1.4.1.1466.101.120.34 NAME 'middleName' SUP name ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.1 NAME ( 'xmozillanickname' 'mozilla Nickname' ) SUP name ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.2 NAME ( 'xmozillausehtmlmail' 'mozi llaUseHtmlMail' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.3 NAME 'mozillaSecondEmail' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.26{256} ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.4 NAME 'mozillaHomeLocalityName' EQU ALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15{128} ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.5 NAME 'mozillaPostalAddress2' EQUAL ITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.41 ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.6 NAME 'mozillaHomePostalAddress2' E QUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.41 ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.7 NAME 'mozillaHomeState' SUP name ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.8 NAME 'mozillaHomePostalCode' EQUAL ITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.15{40} ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.9 NAME 'mozillaHomeCountryName' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.10 NAME 'mozillaHomeFriendlyCountryN ame' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.11 NAME ( 'homeurl' 'mozillaHomeUrl' ) EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.26{256} ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.12 NAME ( 'workurl' 'mozillaWorkUrl' ) EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.26{256} ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.13 NAME 'nsAIMid' DESC 'AOL Instant Messenger (AIM) Identity' EQUALITY telephoneNumberMatch SUBSTR telephoneNum berSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.96 NAME ( 'custom1' 'mozillaCustom1' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.97 NAME ( 'custom2' 'mozillaCustom2' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.98 NAME ( 'custom3' 'mozillaCustom3' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.13769.2.1.99 NAME ( 'custom4' 'mozillaCustom4' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'LanMa nager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121 .1.26{32} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 h ash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 .1466.115.121.1.26{32} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Accoun t Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1 6} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'Times tamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC 'Tim estamp of when the user is allowed to update the password' EQUALITY integer Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC 'Ti mestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Timest amp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'Times tamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC 'Time stamp of when the user will be logged off automatically' EQUALITY integerMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' DESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' DESC ' Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC 'Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42 } SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'Driver letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 .1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC 'Logo n script path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5{255} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC 'Roam ing profile path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15{255} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' DESC 'List of user workstations the user is allowed to logon to' EQUALITY caseIg noreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Home di rectory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15{128} ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC 'Windo ws NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.15{128} ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC 'Base6 4 encoded user parameter string' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.15{1050} ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC ' Concatenated MD5 hashes of the salted NT passwords used on this account' EQ UALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' DESC ' Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 466.115.121.1.26{64} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' DESC 'Security ID List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 64} ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'NT Gro up Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC 'Next NT rid to give our for users' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC 'Nex t NT rid to give out for groups' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Next NT rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DES C 'Base at which the samba RID generation algorithm should operate' EQUALIT Y integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC 'Share Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC 'Optio n Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' DESC 'A boo lean option' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SING LE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' DESC 'An integer option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' DESC 'A s tring option' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. 26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' DESC 'A string list option' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC 'Trust Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.26 ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' DESC 'Min imal password length (default: 5)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength' DESC 'Length of Password History Entries (default: 0 => off)' EQUALITY integerMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' DESC 'Fo rce Users to logon for password change (default: 0 => off, 2 => on)' EQUALI TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC 'Maximu m password age, in seconds (default: -1 => never expire passwords)' EQUALIT Y integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC 'Minimu m password age, in seconds (default: 0 => allow immediate password change)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' DESC ' Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY integerM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindo w' DESC 'Reset time after lockout in minutes (default: 30)' EQUALITY intege rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold' DESC 'Lockout users after bad logon attempts (default: 0 => off)' EQUALITY integ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DESC 'Disc onnect Users outside logon hours (default: -1 => off, 0 => on)' EQUALITY in tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange' DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY integer Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword' DESC 'Clear text password (used for trusted domain passwords)' EQUALITY octetSt ringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPasswo rd' DESC 'Previous clear text password (used for trusted domain passwords)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.70 NAME 'sambaTrustType' DESC 'Type o f trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE- VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.71 NAME 'sambaTrustAttributes' DESC ' Trust attributes for a trusted domain' EQUALITY integerMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.72 NAME 'sambaTrustDirection' DESC 'D irection of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.73 NAME 'sambaTrustPartner' DESC 'Ful ly qualified name of the domain with which a trust exists' EQUALITY caseIgn oreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.74 NAME 'sambaFlatName' DESC 'NetBIOS name of a domain' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15{128} ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.75 NAME 'sambaTrustAuthOutgoing' DESC 'Authentication information for the outgoing portion of a trust' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.76 NAME 'sambaTrustAuthIncoming' DESC 'Authentication information for the incoming portion of a trust' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.77 NAME 'sambaSecurityIdentifier' DES C 'SID of a trusted domain' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5 SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.78 NAME 'sambaTrustForestTrustInfo' D ESC 'Forest trust information for a trusted domain object' EQUALITY caseExa ctMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.79 NAME 'sambaTrustPosixOffset' DESC 'POSIX offset of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.80 NAME 'sambaSupportedEncryptionType s' DESC 'Supported encryption types of a trust' EQUALITY integerMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5322.10.1.1 NAME 'krb5PrincipalName' DESC 'The unparsed Kerberos principal name' EQUALITY caseExactIA5Match SYNTAX 1.3.6. 1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5322.10.1.2 NAME 'krb5KeyVersionNumber' EQUALI TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5322.10.1.3 NAME 'krb5MaxLife' EQUALITY intege rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5322.10.1.4 NAME 'krb5MaxRenew' EQUALITY integ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5322.10.1.5 NAME 'krb5KDCFlags' EQUALITY integ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5322.10.1.6 NAME 'krb5EncryptionType' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 1.3.6.1.4.1.5322.10.1.7 NAME 'krb5ValidStart' EQUALITY gen eralizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5322.10.1.8 NAME 'krb5ValidEnd' EQUALITY gener alizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5322.10.1.9 NAME 'krb5PasswordEnd' EQUALITY ge neralizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5322.10.1.10 NAME 'krb5Key' DESC 'Encoded ASN1 Key as an octet string' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) attributeTypes: ( 1.3.6.1.4.1.5322.10.1.11 NAME 'krb5PrincipalRealm' DESC 'D istinguished name of krb5Realm entry' SUP distinguishedName ) attributeTypes: ( 1.3.6.1.4.1.5322.10.1.12 NAME 'krb5RealmName' EQUALITY oct etStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) attributeTypes: ( 2.16.840.1.113719.1.301.4.1.1 NAME 'krbPrincipalName' EQUA LITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.26 ) attributeTypes: ( 1.2.840.113554.1.4.1.6.1 NAME 'krbCanonicalName' EQUALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.3.1 NAME 'krbPrincipalType' EQUA LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.5.1 NAME 'krbUPEnabled' DESC 'Bo olean' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.6.1 NAME 'krbPrincipalExpiration ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE -VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.8.1 NAME 'krbTicketFlags' EQUALI TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.9.1 NAME 'krbMaxTicketLife' EQUA LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.10.1 NAME 'krbMaxRenewableAge' E QUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.14.1 NAME 'krbRealmReferences' E QUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.15.1 NAME 'krbLdapServers' EQUAL ITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.17.1 NAME 'krbKdcServers' EQUALI TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.18.1 NAME 'krbPwdServers' EQUALI TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.24.1 NAME 'krbHostServer' EQUALI TY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.25.1 NAME 'krbSearchScope' EQUAL ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.26.1 NAME 'krbPrincipalReference s' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.28.1 NAME 'krbPrincNamingAttr' E QUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.29.1 NAME 'krbAdmServers' EQUALI TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.30.1 NAME 'krbMaxPwdLife' EQUALI TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.31.1 NAME 'krbMinPwdLife' EQUALI TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.32.1 NAME 'krbPwdMinDiffChars' E QUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.33.1 NAME 'krbPwdMinLength' EQUA LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.34.1 NAME 'krbPwdHistoryLength' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5322.21.2.1 NAME 'krbPwdMaxFailure' EQUALITY i ntegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5322.21.2.2 NAME 'krbPwdFailureCountInterval' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5322.21.2.3 NAME 'krbPwdLockoutDuration' EQUAL ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.2.840.113554.1.4.1.6.2 NAME 'krbPwdAttributes' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.2.840.113554.1.4.1.6.3 NAME 'krbPwdMaxLife' EQUALITY int egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.2.840.113554.1.4.1.6.4 NAME 'krbPwdMaxRenewableLife' EQU ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.2.840.113554.1.4.1.6.5 NAME 'krbPwdAllowedKeysalts' EQUA LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.36.1 NAME 'krbPwdPolicyReference ' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SING LE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.37.1 NAME 'krbPasswordExpiration ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE -VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.39.1 NAME 'krbPrincipalKey' EQUA LITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.40.1 NAME 'krbTicketPolicyRefere nce' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 S INGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.41.1 NAME 'krbSubTrees' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.42.1 NAME 'krbDefaultEncSaltType s' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.43.1 NAME 'krbSupportedEncSaltTy pes' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.44.1 NAME 'krbPwdHistory' EQUALI TY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.45.1 NAME 'krbLastPwdChange' EQU ALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALU E ) attributeTypes: ( 1.3.6.1.4.1.5322.21.2.5 NAME 'krbLastAdminUnlock' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.46.1 NAME 'krbMKey' EQUALITY oct etStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.47.1 NAME 'krbPrincipalAliases' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.48.1 NAME 'krbLastSuccessfulAuth ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE -VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.49.1 NAME 'krbLastFailedAuth' EQ UALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VAL UE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.50.1 NAME 'krbLoginFailedCount' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.301.4.51.1 NAME 'krbExtraData' EQUALIT Y octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.52.1 NAME 'krbObjectReferences' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.301.4.53.1 NAME 'krbPrincContainerRef' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113730.3.8.15.2.1 NAME 'krbPrincipalAuthInd' EQ UALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.5322.21.2.4 NAME 'krbAllowedToDelegateTo' EQUA LITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.1 NAME ( 'esgSid' 'esgStreamId' ) DESC 'String uniquely identifying each stream' EQUALITY caseExactMatch SUBS TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA LUE ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.2 NAME ( 'esgSN' 'esgSessionName' ) DESC 'Session name/title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.3 NAME ( 'esgInfo' 'esgInformation ' ) DESC 'Short description' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.4 NAME 'esgInfoUri' DESC 'URI to m ore Information' SUP labeledURI ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.4.1 NAME 'esgContact' DESC 'Other co ntact Information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.4.2 NAME 'esgContactMail' DESC 'Emai l-address to contact-person' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreI A5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.4.3 NAME 'esgContactPhone' DESC 'Pho ne number to contact-person' EQUALITY telephoneNumberMatch SUBSTR telephone NumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.4.4 NAME 'esgContactDN' DESC 'LDAP D N to contact-person' SUP distinguishedName ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.6 NAME ( 'esgCategory' 'esgCat' ) DESC 'Meta-category: meeting, broadcast, test etc.' EQUALITY caseIgnoreMatc h SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.7 NAME 'esgTool' DESC 'Tool that m ade the announcement (SDP: a=tool:...)' EQUALITY caseIgnoreMatch SUBSTR cas eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.8 NAME 'esgSource' DESC 'How the a nnouncement entered the system' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.3.1 NAME 'esgFormat' DESC 'Media for mat' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.3.10 NAME 'esgStreamUri' DESC 'Direc t absolute url to stream' SUP labeledURI ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.3.11 NAME 'esgSdpUri' DESC 'Url to f ile in sdp-format, if any' SUP labeledURI ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.1 NAME 'esgAlwaysOn' DESC 'Whether the stream is permanent/on-demand or temporary/live' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.2 NAME 'esgFirstShown' DESC 'When the stream starts to be transmitted for the first time' EQUALITY generalize dTimeMatch ORDERING generalizedTimeOrderingMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.3 NAME 'esgFinalEnd' DESC 'When th e stream will no longer be transmitted' EQUALITY generalizedTimeMatch ORDER ING generalizedTimeOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.24 ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.4 NAME 'esgDuration' DESC 'Duratio n of stream if temporary' EQUALITY numericStringMatch SUBSTR numericStringS ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.5 NAME 'esgRepeatInterval' DESC 'F rom SDP: r=repeatinterval duration offset [offset [offset ...]]' EQUALITY n umericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.36 ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.6 NAME 'esgIntervalOffset' DESC 'F rom SDP: r=repeatinterval duration offset [offset [offset ...]]' EQUALITY n umericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.36 ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.2.8 NAME 'esgTotalDuration' DESC 'Le ngth if on-demand stream, else: finalend - firsthown' EQUALITY numericStrin gMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.36 ) attributeTypes: ( 1.3.6.1.4.1.2428.70.1.1.255 NAME 'esgSdp' DESC 'File in sd p-format, if any' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.1 NAME 'dhcpPrimaryDN' DESC 'The DN of the dhcpServer which is the primary server for the configuration.' E QUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE- VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.2 NAME 'dhcpSecondaryDN' DESC 'T he DN of dhcpServer(s) which provide backup service for the configuration.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.3 NAME 'dhcpStatements' DESC 'Fl exible storage for specific data depending on what object this exists in. L ike conditional statements, server parameters, etc. This allows the standar d to evolve without needing to adjust the schema.' EQUALITY caseIgnoreIA5Ma tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.4 NAME 'dhcpRange' DESC 'The sta rting & ending IP Addresses in the range (inclusive), separated by a hyphen ; if the range only contains one address, then just the address can be spec ified with no hyphen. Each range is defined as a separate value.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.5 NAME 'dhcpPermitList' DESC 'Th is attribute contains the permit lists associated with a pool. Each permit list is defined as a separate value.' EQUALITY caseIgnoreIA5Match SYNTAX 1. 3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.6 NAME 'dhcpNetMask' DESC 'The s ubnet mask length for the subnet. The mask can be easily computed from thi s length.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGL E-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.7 NAME 'dhcpOption' DESC 'Encode d option values to be sent to clients. Each value represents a single opti on and contains (OptionTag, Length, OptionValue) encoded in the format used by DHCP.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.8 NAME 'dhcpClassData' DESC 'Enc oded text string or list of bytes expressed in hexadecimal, separated by co lons. Clients match subclasses based on matching the class data with the r esults of match or spawn with statements in the class name declarations.' E QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALU E ) attributeTypes: ( 2.16.840.1.113719.1.203.4.9 NAME 'dhcpOptionsDN' DESC 'The distinguished name(s) of the dhcpOption objects containing the configurati on options provided by the server.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.10 NAME 'dhcpHostDN' DESC 'the d istinguished name(s) of the dhcpHost objects.' EQUALITY distinguishedNameMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.11 NAME 'dhcpPoolDN' DESC 'The d istinguished name(s) of pools.' EQUALITY distinguishedNameMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.12 NAME 'dhcpGroupDN' DESC 'The distinguished name(s) of the groups.' EQUALITY distinguishedNameMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.13 NAME 'dhcpSubnetDN' DESC 'The distinguished name(s) of the subnets.' EQUALITY distinguishedNameMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.14 NAME 'dhcpLeaseDN' DESC 'The distinguished name of a client address.' EQUALITY distinguishedNameMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.15 NAME 'dhcpLeasesDN' DESC 'The distinguished name(s) client addresses.' EQUALITY distinguishedNameMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.16 NAME 'dhcpClassesDN' DESC 'Th e distinguished name(s) of a class(es) in a subclass.' EQUALITY distinguish edNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.17 NAME 'dhcpSubclassesDN' DESC 'The distinguished name(s) of subclass(es).' EQUALITY distinguishedNameMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.18 NAME 'dhcpSharedNetworkDN' DE SC 'The distinguished name(s) of sharedNetworks.' EQUALITY distinguishedNam eMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.19 NAME 'dhcpServiceDN' DESC 'Th e DN of dhcpService object(s)which contain the configuration information. E ach dhcpServer object has this attribute identifying the DHCP configuration (s) that the server is associated with.' EQUALITY distinguishedNameMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.20 NAME 'dhcpVersion' DESC 'The version attribute of this object.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 .1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.21 NAME 'dhcpImplementation' DES C 'Description of the DHCP Server implementation e.g. DHCP Servers vendor.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VA LUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.22 NAME 'dhcpAddressState' DESC 'This stores information about the current binding-status of an address. F or dynamic addresses managed by DHCP, the values should be restricted to th e following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET", "ABANDONED", "BACKUP". For other addresses, it SHOULD be one of the following: "UNKNOW N", "RESERVED" (an address that is managed by DHCP that is reserved for a s pecific client), "RESERVED-ACTIVE" (same as reserved, but address is curren tly in use), "ASSIGNED" (assigned manually or by some other mechanism), "UN ASSIGNED", "NOTASSIGNABLE".' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 .1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.23 NAME 'dhcpExpirationTime' DES C 'This is the time the current lease for an address expires.' EQUALITY gen eralizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.24 NAME 'dhcpStartTimeOfState' D ESC 'This is the time of the last state change for a leased address.' EQUAL ITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.25 NAME 'dhcpLastTransactionTime ' DESC 'This is the last time a valid DHCP packet was received from the cli ent.' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SI NGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.26 NAME 'dhcpBootpFlag' DESC 'Th is indicates whether the address was assigned via BOOTP.' EQUALITY booleanM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.27 NAME 'dhcpDomainName' DESC 'T his is the name of the domain sent to the client by the server. It is esse ntially the same as the value for DHCP option 15 sent to the client, and re presents only the domain - not the full FQDN. To obtain the full FQDN assi gned to the client you must prepend the "dhcpAssignedHostName" to this valu e with a ".".' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121. 1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.28 NAME 'dhcpDnsStatus' DESC 'Th is indicates the status of updating DNS resource records on behalf of the c lient by the DHCP server for this address. The value is a 16-bit bitmask.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.29 NAME 'dhcpRequestedHostName' DESC 'This is the hostname that was requested by the client.' EQUALITY case IgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.30 NAME 'dhcpAssignedHostName' D ESC 'This is the actual hostname that was assigned to a client. It may not be the name that was requested by the client. The fully qualified domain n ame can be determined by appending the value of "dhcpDomainName" (with a do t separator) to this name.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1. 1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.31 NAME 'dhcpReservedForClient' DESC 'The distinguished name of a "dhcpClient" that an address is reserved for. This may not be the same as the "dhcpAssignedToClient" attribute if t he address is being reassigned but the current lease has not yet expired.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE -VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.32 NAME 'dhcpAssignedToClient' D ESC 'This is the distinguished name of a "dhcpClient" that an address is cu rrently assigned to. This attribute is only present in the class when the address is leased.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.33 NAME 'dhcpRelayAgentInfo' DES C 'If the client request was received via a relay agent, this contains info rmation about the relay agent that was available from the DHCP request. Th is is a hex-encoded option value.' EQUALITY octetStringMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.34 NAME 'dhcpHWAddress' DESC 'Th e clients hardware address that requested this IP address.' EQUALITY caseIg noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.35 NAME 'dhcpHashBucketAssignmen t' DESC 'HashBucketAssignment bit map for the DHCP Server, as defined in DH C Load Balancing Algorithm [RFC 3074].' EQUALITY octetStringMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.36 NAME 'dhcpDelayedServiceParam eter' DESC 'Delay in seconds corresponding to Delayed Service Parameter con figuration, as defined in DHC Load Balancing Algorithm [RFC 3074]. ' EQUAL ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.37 NAME 'dhcpMaxClientLeadTime' DESC 'Maximum Client Lead Time configuration in seconds, as defined in DHCP Failover Protocol [FAILOVR]' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.38 NAME 'dhcpFailOverEndpointSta te' DESC 'Server (Failover Endpoint) state, as defined in DHCP Failover Pro tocol [FAILOVR]' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.39 NAME 'dhcpErrorLog' DESC 'Gen eric error log attribute that allows logging error conditions within a dhcp Service or a dhcpSubnet, like no IP addresses available for lease.' EQUALIT Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.40 NAME 'dhcpLocatorDN' DESC 'Th e DN of dhcpLocator object which contain the DNs of all DHCP configuration objects. There will be a single dhcpLocator object in the tree with links t o all the DHCP objects in the tree' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.41 NAME 'dhcpKeyAlgorithm' DESC 'Algorithm to generate TSIG Key' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1 .4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.42 NAME 'dhcpKeySecret' DESC 'Se cret to generate TSIG Key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.43 NAME 'dhcpDnsZoneServer' DESC 'Master server of the DNS Zone' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1 .4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 2.16.840.1.113719.1.203.4.44 NAME 'dhcpKeyDN' DESC 'The DN s of TSIG Key to use in secure dynamic updates. In case of locator object, this will be list of TSIG keys. In case of DHCP Service, Shared Network, S ubnet and DNS Zone, it will be a single key.' EQUALITY distinguishedNameMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.45 NAME 'dhcpZoneDN' DESC 'The D Ns of DNS Zone. In case of locator object, this will be list of DNS Zones i n the tree. In case of DHCP Service, Shared Network and Subnet, it will be a single DNS Zone.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.46 NAME 'dhcpFailOverPrimaryServ er' DESC 'IP address or DNS name of the server playing primary role in DHC Load Balancing and Fail over.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 .1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.47 NAME 'dhcpFailOverSecondarySe rver' DESC 'IP address or DNS name of the server playing secondary role in DHC Load Balancing and Fail over.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 .1.4.1.1466.115.121.1.26 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.48 NAME 'dhcpFailOverPrimaryPort ' DESC 'Port on which primary server listens for connections from its fail over peer (secondary server)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.49 NAME 'dhcpFailOverSecondaryPo rt' DESC 'Port on which secondary server listens for connections from its f ail over peer (primary server)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.27 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.50 NAME 'dhcpFailOverResponseDel ay' DESC 'Maximum response time in seconds, before Server assumes that conn ection to fail over peer has failed' EQUALITY integerMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.27 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.51 NAME 'dhcpFailOverUnackedUpda tes' DESC 'Number of BNDUPD messages that server can send before it receive s BNDACK from its fail over peer' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.52 NAME 'dhcpFailOverSplit' DESC 'Split between the primary and secondary servers for fail over purpose' EQ UALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.53 NAME 'dhcpFailOverLoadBalance Time' DESC 'Cutoff time in seconds, after which load balance is disabled' E QUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.54 NAME 'dhcpFailOverPeerDN' DES C 'The DNs of Fail over peers. In case of locator object, this will be list of fail over peers in the tree. In case of Subnet and pool, it will be a s ingle Fail Over Peer' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.55 NAME 'dhcpServerDN' DESC 'Lis t of all DHCP Servers in the tree. Used by dhcpLocatorObject' EQUALITY dis tinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 2.16.840.1.113719.1.203.4.56 NAME 'dhcpComments' DESC 'Gen eric attribute that allows coments within any DHCP object' EQUALITY caseIg noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.10 NAME 'dlzZoneName' DESC 'DNS zone name - domain name not including host name' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.20 NAME 'dlzHostName' DESC 'Host por tion of a domain name' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.30 NAME 'dlzData' DESC 'Data for the resource record' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.40 NAME 'dlzType' DESC 'DNS record t ype - A, SOA, NS, MX, etc...' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.50 NAME 'dlzSerial' DESC 'SOA record serial number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.60 NAME 'dlzRefresh' DESC 'SOA recor d refresh time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.70 NAME 'dlzRetry' DESC 'SOA retry t ime in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.80 NAME 'dlzExpire' DESC 'SOA expire time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.90 NAME 'dlzMinimum' DESC 'SOA minim um time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.100 NAME 'dlzAdminEmail' DESC 'E-mai l address of person responsible for this zone - @ should be replaced with . (period)' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.110 NAME 'dlzPrimaryNS' DESC 'Primar y name server for this zone - should be host name not IP address' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.120 NAME 'dlzIPAddr' DESC 'IP addres s - IPV4 should be in dot notation xxx.xxx.xxx.xxx IPV6 should be in colon notation xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx' EQUALITY caseExactIA5Matc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{40} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.130 NAME 'dlzCName' DESC 'DNS cname' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.140 NAME 'dlzPreference' DESC 'DNS M X record preference. Lower numbers have higher preference' EQUALITY intege rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.150 NAME 'dlzTTL' DESC 'DNS time to live - how long this record can be cached by caching DNS servers' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.18420.1.1.160 NAME 'dlzRecordID' DESC 'Unique ID for each DLZ resource record' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'automount M ap Name' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.32 NAME 'automountKey' DESC 'Automount Key v alue' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC 'Automou nt information' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.37 NAME 'x509CRLThisUpdate' DESC ' Date at which this revocation list was issued - see RFC3280 5.1.2.4' EQUALI TY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.38 NAME 'x509CRLNextUpdate' DESC ' Date by which the next revocation list in this series will be issued, see - RFC3280 5.1.2.5' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOr deringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.102 NAME 'x509CRLNumber' DESC 'seq uence number of issued CRL - see RFC3280 5.2.3' EQUALITY integerMatch ORDER ING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.48 NAME 'x509CRLDPRfc822Name' DESC 'Internet electronic mail address of the issuing distribution point, se e RFC3280 5.2.5' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.49 NAME 'x509CRLDPDnsName' DESC 'I nternet domain name of the issuing distribution point, see RFC3280 5.2.5' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.50 NAME 'x509CRLDPDN' DESC 'Distin guished name of the issuing distribution point, see RFC3280 5.2.5' EQUALIT Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.51 NAME 'x509CRLDPURI' DESC 'Unifo rm Resource Identifier of the issuing distribution point, see RFC3280 5.2 .5' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.52 NAME 'x509CRLDPIpAddress' DESC 'Internet Protocol address, of the issuing distribution point, see RFC3280 5.2.5' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.53 NAME 'x509CRLDPRegisteredID' DE SC 'Any registered OID of the certificate issuer, see RFC3280 5.2.5' EQUAL ITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.54 NAME 'x509CRLDPOnlyUserCerts' D ESC 'If true, the CRL only contains revocations for end-entity certs, see RFC3280 5.2.5' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.55 NAME 'x509CRLDPOnlyCACerts' DES C 'If true, the CRL only contains revocations for CA certs, see RFC3280 5. 2.5' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.56 NAME 'x509CRLDPOnlySomeReasons' DESC 'If true, the CRL only contains some revocation reason codes, see RF C3280 5.2.5' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.57 NAME 'x509CRLDPOnlyAttCerts' DE SC 'If true, the CRL only contains revocations for attribute certs, see RF C3280 5.2.5' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.58 NAME 'x509CRLDPindirect' DESC ' If true, the CRL is an indirect CRL, see RFC3280 5.2.5' EQUALITY booleanMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.59 NAME 'x509CRLDeltaIndicator' DE SC 'Indicates this is a delta CRL, and the value points to the sequence nu mber of the issued base CRL to which this is a delta - see RFC3280 5.2.4' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.27 SINGLE-VALUE ) attributeTypes:: KCAxLjIuODI2LjAuMS4zMzQ0ODEwLjEuMS4zOSBOQU1FICd4NTA5Q1JMQ2V ydFJldm9jYXRpb25EYXRlJyBERVNDICdEYXRlL3RpbWUgdGhlIENBIGFjdHVhbGx5IHJldm9rZW QgdGhlIGNlcnRpZmljYXRlLCBzZWUg4oCTICAJUkZDMzI4MCA1LjEuMi42JyBFUVVBTElUWSBnZ W5lcmFsaXplZFRpbWVNYXRjaCBPUkRFUklORyBnZW5lcmFsaXplZFRpbWVPcmRlcmluZ01hdGNo IFNZTlRBWCAxLjMuNi4xLjQuMS4xNDY2LjExNS4xMjEuMS4yNCBTSU5HTEUtVkFMVUUgKQ== attributeTypes: ( 1.2.826.0.1.3344810.1.1.40 NAME 'x509CRLCertInvalidityDate ' DESC 'date at which it is known or suspected that the private key was co mpromised, see RFC3280 5.3.3' EQUALITY generalizedTimeMatch ORDERING genera lizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.41 NAME 'x509CRLCertIssuerRfc822Na me' DESC 'Internet electronic mail address of the certificate issuer, see RFC3280 5.3.4' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.42 NAME 'x509CRLCertIssuerDnsName' DESC 'Internet domain name of the certificate issuer, see RFC3280 5.3.4' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.43 NAME 'x509CRLCertIssuerDN' DESC 'Distinguished name of the certificate issuer, see RFC3280 5.3.4' EQUALIT Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.44 NAME 'x509CRLCertIssuerURI' DES C 'Uniform Resource Identifier of the certificate issuer, see RFC3280 5.3. 4' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.45 NAME 'x509CRLCertIssuerIpAddres s' DESC 'Internet Protocol address, of the certificate issuer, see RFC3280 5.3.4' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.46 NAME 'x509CRLCertIssuerRegister edID' DESC 'Any registered OID of the certificate issuer, see RFC3280 5.3. 4' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.47 NAME 'x509CRLCertReasonCode' DE SC 'An integer code indicating the reason for the revocation, see RFC3280 5.3.1' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.27 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.103 NAME 'x509CRLCertHoldInstructi onCode' DESC 'Any registered OID indicating a hold instruction, see RFC328 0 5.3.2' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 8 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.1 NAME 'x509version' DESC 'X.509 V ersion of the certificate, or of the CRL' EQUALITY integerMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.2 NAME 'x509serialNumber' DESC 'Un ique integer for each certificate issued by a particular CA' EQUALITY inte gerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.3 NAME 'x509signatureAlgorithm' DE SC 'OID of the algorithm used by the CA in signing the CRL or the certific ate' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SI NGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.4 NAME 'x509issuer' DESC 'Distingu ished name of the entity who has signed and issued the certificate' EQUALI TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.5 NAME 'x509validityNotBefore' DES C 'Date on which the certificate validity period begins' EQUALITY generaliz edTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.24 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.6 NAME 'x509validityNotAfter' DESC 'Date on which the certificate validity period ends' EQUALITY generalizedT imeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.24 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.7 NAME 'x509subject' DESC 'Disting uished name of the entity associated with this public-key' EQUALITY distin guishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.8 NAME 'x509subjectPublicKeyInfoAl gorithm' DESC 'OID identifying the algorithm associated with the certified public key' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.38 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.11 NAME 'x509authorityKeyIdentifie r' DESC 'Key Identifier field of the Authority Key Identifier extension' E QUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.12 NAME 'x509authorityCertIssuer' DESC 'Authority Cert Issuer field of the Authority Key Identifier extensio n' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SIN GLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.13 NAME 'x509authorityCertSerialNu mber' DESC 'Authority Cert Serial Number field of the Authority Key Identi fier extension' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.14 NAME 'x509subjectKeyIdentifier' DESC 'Key identifier which must be unique with respect to all key identif iers for the subject' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.15 NAME 'x509keyUsage' DESC 'Purpo se for which the certified public key is used' EQUALITY caseIgnoreMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.16 NAME 'x509policyInformationIden tifier' DESC 'OID which indicates the policy under which the certificate h as been issued and the purposes for which the certificate may be used' EQU ALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VAL UE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.17 NAME 'x509subjectRfc822Name' DE SC 'Internet electronic mail address of the entity associated with this pu blic-key' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.18 NAME 'x509subjectDnsName' DESC 'Internet domain name of the entity associated with this public-key' EQUAL ITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.19 NAME 'x509subjectDirectoryName' DESC 'Distinguished name of the entity associated with this public-key' E QUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.20 NAME 'x509subjectUniformResourc eIdentifier' DESC 'Uniform Resource Identifier for the World-Wide Web of t he entity associated with this public-key' EQUALITY caseExactIA5Match SUBST R caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.21 NAME 'x509subjectIpAddress' DES C 'Internet Protocol address of the entity associated with this public-key ' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.22 NAME 'x509subjectRegisteredID' DESC 'OID of any registered object identifying the entity associated with this public-key' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.38 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.23 NAME 'x509issuerRfc822Name' DES C 'Internet electronic mail address of the entity who has signed and issue d the certificate' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.24 NAME 'x509issuerDnsName' DESC ' Internet domain name of the entity who has signed and issued the certifica te' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.25 NAME 'x509issuerDirectoryName' DESC 'Distinguished name of the entity who has signed and issued the certi ficate' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 2 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.26 NAME 'x509issuerUniformResource Identifier' DESC 'Uniform Resource Identifier for the World-Wide Web of th e entity who has signed and issued the certificate' EQUALITY caseExactIA5Ma tch SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.27 NAME 'x509issuerIpAddress' DESC 'Internet Protocol address of the entity who has signed and issued the ce rtificate' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.28 NAME 'x509issuerRegisteredID' D ESC 'OID of any registered object identifying the entity who has signed an d issued the certificate' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.38 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.29 NAME 'x509basicConstraintsCa' D ESC 'Identifies whether the subject of the certificate is a CA' EQUALITY b ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.30 NAME 'x509extKeyUsage' DESC 'Pu rposes for which the certified public key may be used, identified by an OI D' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.3.32 NAME 'x509fullCRLDistributionPo intURI' DESC 'URI type of DistributionPointName for the full CRL' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.4.74 NAME 'x509certLocation' DESC 'P ointer to a x509certificate Entry' EQUALITY distinguishedNameMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.4.75 NAME 'x509certHolder' DESC 'Poi nter to the directory entry of the end entity to which this certificate wa s issued' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .12 ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.4.76 NAME 'x509userCert' DESC 'Compl ete x.509 user certificate' SUP userCertificate SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.1.5.4.77 NAME 'x509caCert' DESC 'Complet e x.509 CA certificate' SUP caCertificate SINGLE-VALUE ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.60 NAME 'x509issuerSerial' DESC 'U sed to hold the RDN of a certificate entry, formed by concatenating the AC serial number and issuer fields ' EQUALITY distinguishedNameMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.61 NAME 'x509ACHolderPKCSerialNumb er' DESC 'The serial number of the PKC of the AC holder - see RFC3281 4.2. 2' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.62 NAME 'x509ACHolderPKCissuerDN' DESC 'Distinguished name of the issuer of the PKC belonging to the AC hold er - see RFC3281 4.2.2' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.12 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.63 NAME 'x509ACHolderRfc822Name' D ESC 'Internet electronic mail address of the AC holder - see RFC3281 4.2. 2' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.64 NAME 'x509ACHolderDNSName' DESC 'Internet domain name of the AC Holder, see RFC3281 4.2.2' EQUALITY caseI gnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.65 NAME 'x509ACHolderDN' DESC 'Dis tinguished name of the AC Holder, see RFC3281 4.2.2' EQUALITY distinguishe dNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.66 NAME 'x509ACHolderURI' DESC 'Un iform Resource Identifier of the AC Holder - see RFC3281 4.2.2' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.67 NAME 'x509ACHolderIPAddress' DE SC 'Internet Protocol address of the AC Holder, see RFC3281 4.2.2' EQUALIT Y caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.68 NAME 'x509ACHolderRegisteredID' DESC 'Any registered OID of the AC holder, see RFC3281 4.2.2' EQUALITY ob jectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) attributeTypes:: KCAxLjIuODI2LjAuMS4zMzQ0ODEwLjEuMS42OSBOQU1FICd4NTA5QUNPYmp lY3REaWdlc3QnIERFU0MgJ0hvbGRzIHRoZSBoYXNoIHZhbHVlIG9mIHRoZSBvYmplY3QgaWRlbn RpZmllZCBieSAJeDUwOUFDRGlnZXN0ZWRPYmplY3RUeXBlIOKAkyBzZWUgUkZDIDMyODEsIHNlY 3Rpb24gNy4zJyBFUVVBTElUWSBiaXRTdHJpbmdNYXRjaCBTWU5UQVggMS4zLjYuMS40LjEuMTQ2 Ni4xMTUuMTIxLjEuNiBTSU5HTEUtVkFMVUUgKQ== attributeTypes: ( 1.2.826.0.1.3344810.1.1.70 NAME 'x509ACDigestAlgorithm' DE SC 'OID of the hashing algorithm used to create the Object digest, see RFC 3281, section 7.3' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.38 SINGLE-VALUE ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.71 NAME 'x509ACDigestedObjectType' DESC 'Type of object being digested - see RFC3281, section 7.3' EQUALITY i ntegerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .27 SINGLE-VALUE ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.72 NAME 'x509ACAuditID' DESC 'Iden tity of holder used in audit trails - see RFC3281 4.3.1' EQUALITY octetStri ngMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.73 NAME 'x509ACTargetRfc822Name' D ESC 'Internet electronic mail address of the ACs Target - see RFC3281 4.3 .2' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.74 NAME 'x509ACTargetDNSName' DESC 'Internet domain name of the ACs Target, see RFC3281 4.3.2' EQUALITY case IgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.75 NAME 'x509ACTargetDN' DESC 'Dis tinguished name of the ACs Target, see RFC3281 4.3.2' EQUALITY distinguishe dNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.76 NAME 'x509ACTargetURI' DESC 'Un iform Resource Identifier of the ACs Target - see RFC3281 4.3.2' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.77 NAME 'x509ACTargetIPAddress' DE SC 'Internet Protocol address of the ACs Target, see RFC3281 4.3.2' EQUALI TY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.78 NAME 'x509ACTargetRegisteredID' DESC 'Any registered OID of the ACs Target, see RFC3281 4.3.2' EQUALITY o bjectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.79 NAME 'x509ACTargetGroupRfc822Na me' DESC 'Internet electronic mail address of the ACs Target group - see RFC3281 4.3.2' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.80 NAME 'x509ACTargetGroupDNSName' DESC 'Internet domain name of the ACs Target group, see RFC3281 4.3.2' EQ UALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.26 ) attributeTypes:: KCAxLjIuODI2LjAuMS4zMzQ0ODEwLjEuMS44MSBOQU1FICd4NTA5QUNUYXJ nZXRHcm91cEROJyBERVNDICdEaXN0aW5ndWlzaGVkIG5hbWUgb2YgdGhlIEFD4oCZcyBUYXJnZX QgZ3JvdXAsIHNlZSAJUkZDMzI4MSA0LjMuMicgRVFVQUxJVFkgZGlzdGluZ3Vpc2hlZE5hbWVNY XRjaCBTWU5UQVggMS4zLjYuMS40LjEuMTQ2Ni4xMTUuMTIxLjEuMTIgKQ== attributeTypes:: KCAxLjIuODI2LjAuMS4zMzQ0ODEwLjEuMS44MiBOQU1FICd4NTA5QUNUYXJ nZXRHcm91cFVSSScgREVTQyAnVW5pZm9ybSBSZXNvdXJjZSBJZGVudGlmaWVyIG9mIHRoZSBBQ+ KAmXMgVGFyZ2V0IGdyb3VwICAJLSBzZWUgUkZDMzI4MSA0LjMuMicgRVFVQUxJVFkgY2FzZUV4Y WN0SUE1TWF0Y2ggU1VCU1RSIGNhc2VFeGFjdElBNVN1YnN0cmluZ3NNYXRjaCBTWU5UQVggMS4z LjYuMS40LjEuMTQ2Ni4xMTUuMTIxLjEuMjYgKQ== attributeTypes: ( 1.2.826.0.1.3344810.1.1.83 NAME 'x509ACTargetGroupIPAddres s' DESC 'Internet Protocol address of the ACs Target group, see RFC3281 4. 3.2' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.84 NAME 'x509ACTargetGroupRegister edID' DESC 'Any registered OID of the ACs Target group, see RFC3281 4.3.2' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.85 NAME 'x509ACNoRevocation' DESC 'If true, the AC will never be revoked, see RFC3281 section 4.3.6' EQUALIT Y booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.86 NAME 'x509DPRfc822Name' DESC 'I nternet electronic mail address of the distribution point, see RFC3280 section 4.2.1.14' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.87 NAME 'x509DPDNSName' DESC 'Inte rnet domain name of the distribution point, see RFC3280 section 4.2.1.14' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.88 NAME 'x509DPDN' DESC 'Distingui shed name of the distribution point, see RFC3280 section 4.2.1.14' EQUALIT Y distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.89 NAME 'x509DPURI' DESC 'Uniform Resource Identifier of the distribution point, see RFC3280 section 4.2.1. 14' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.90 NAME 'x509DPIPAddress' DESC 'In ternet Protocol address of the distribution point, see RFC3280 section 4.2 .1.14' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.91 NAME 'x509DPRegisteredID' DESC 'Any registered OID of the distribution point, see RFC3280 section 4.2.1.1 4' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.92 NAME 'x509DPrelativeToIssuer' D ESC 'RDN of the distribution point, relative to the issuer, see RFC3280 s ection 4.2.1.14' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.12 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.93 NAME 'x509DPissuerRfc822Name' D ESC 'Internet electronic mail address of the distribution point CRL iss uer, see RFC3280 section 4.2.1.14' EQUALITY caseIgnoreIA5Match SUBSTR caseI gnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.94 NAME 'x509DPissuerDNSName' DESC 'Internet domain name of the distribution point CRL issuer, see RFC3280 s ection 4.2.1.14' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.95 NAME 'x509DPissuerDN' DESC 'Dis tinguished name of the distribution point CRL issuer, see RFC3280 section 4.2.1.14' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.12 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.96 NAME 'x509DPissuerURI' DESC 'Un iform Resource Identifier of the distribution point CRL issuer, see RFC32 80 section 4.2.1.14' EQUALITY caseExactIA5Match SUBSTR caseExactIA5Substrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.97 NAME 'x509DPissuerIPAddress' DE SC 'Internet Protocol address of the distribution point CRL issuer, see RF C3280 section 4.2.1.14' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Sub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.98 NAME 'x509DPissuerRegisteredID' DESC 'Any registered OID of the distribution point CRL issuer, see RFC32 80 section 4.2.1.14' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.38 ) attributeTypes: ( 1.2.826.0.1.3344810.1.1.99 NAME 'x509DPReasonCodes' DESC ' The reason codes used by a DP, see RFC3280 section 4.2.1.14' EQUALITY bitS tringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) attributeTypes: ( 1.3.6.1.1.11.1.2.1 NAME 'vPIMTelephoneNumber' DESC 'draft- ietf-vpim-vpimdir: The full E.164 form of the telephone number, including a ny sub-addressing portion' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.44{20} ) attributeTypes: ( 1.3.6.1.1.11.1.2.2 NAME 'vPIMRfc822Mailbox' DESC 'draft-ie tf-vpim-vpimdir: stores the inter-domain SMTP address of the voice mailbox associated with a given telephone number' EQUALITY caseIgnoreIA5Match SYNTA X 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributeTypes: ( 1.3.6.1.1.11.1.2.3 NAME 'vPIMSpokenName' DESC 'draft-ietf- vpim-vpimdir: the spoken name of the user in the voice of the user' EQUALIT Y octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{20000} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.11.1.2.4 NAME 'vPIMTextName' DESC 'draft-ietf-vp im-vpimdir: consistent with the unstructured text name databases used for c alling name delivery service of caller ID' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{20} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.11.1.2.5 NAME 'vPIMSupportedAudioMediaTypes' DES C 'draft-ietf-vpim-vpimdir: MIME audio subtype(s) of encodings that can be received at the address specified in vPIMRfc822Mailbox' EQUALITY caseIgnore IA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.11.1.2.6 NAME 'vPIMSupportedMessageContext' DESC 'draft-ietf-vpim-vpimdir: provides guidance to the sender about the messag e contexts the recipient is likely to accept' EQUALITY caseIgnoreIA5Match S YNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.11.1.2.7 NAME 'vPIMExtendedAbsenceStatus' DESC ' draft-ietf-vpim-vpimdir: indicates to the subscriber whether the recipient is accepting messages during his absence' EQUALITY caseIgnoreIA5Match SYNTA X 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.11.1.2.8 NAME 'vPIMSupportedUABehaviors' DESC 'd raft-ietf-vpim-vpimdir: list of the attributes considered optional by VPIM and other vendor-specific attributes maybe supported by the recipient' EQUA LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.1.11.1.2.9 NAME 'vPIMMaxMessageSize' DESC 'draft-i etf-vpim-vpimdir: maximum message length in seconds the receiving mailbox a ccepts' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-V ALUE ) attributeTypes: ( 1.3.6.1.1.11.1.2.10 NAME 'vPIMSubMailboxes' DESC 'draft-ie tf-vpim-vpimdir: indicates the presence of sub-mailboxes' EQUALITY numericS tringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{4} ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.1 NAME 'AstContext' DESC 'Asterisk C ontext' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.2 NAME 'AstExtension' DESC 'Asterisk Extension' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.3 NAME 'AstPriority' DESC 'Asterisk Priority' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.4 NAME 'AstApplication' DESC 'Asteri sk Application' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.5 NAME 'AstApplicationData' DESC 'As terisk Application Data' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.6 NAME 'AstAccountAMAFlags' DESC 'As terisk Account AMA Flags' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.7 NAME 'AstAccountCallerID' DESC 'As terisk Account CallerID' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.8 NAME 'AstAccountContext' DESC 'Ast erisk Account Context' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.9 NAME 'AstAccountMailbox' DESC 'Ast erisk Account Mailbox' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.10 NAME 'AstMD5secret' DESC 'Asteris k Account MD5 Secret' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.11 NAME 'AstAccountDeny' DESC 'Aster isk Account Deny' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.12 NAME 'AstAccountPermit' DESC 'Ast erisk Account Permit' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.13 NAME 'AstAccountQualify' DESC 'As terisk Account Qualify' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.14 NAME 'AstAccountType' DESC 'Aster isk Account Type' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.15 NAME 'AstAccountDisallowedCodec' DESC 'Asterisk Account Disallowed Codec' EQUALITY caseIgnoreMatch SUBSTR ca seIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.16 NAME 'AstAccountExpirationTimesta mp' DESC 'Asterisk Account Expiration Timestamp' EQUALITY caseIgnoreMatch S UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.17 NAME 'AstAccountRegistrationConte xt' DESC 'Asterisk Account Registration Context' EQUALITY caseIgnoreMatch S UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.18 NAME 'AstAccountRegistrationExten ' DESC 'Asterisk Account Registration Extension' EQUALITY caseIgnoreMatch S UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.19 NAME 'AstAccountNoTransfer' DESC 'Asterisk Account No Transfer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.20 NAME 'AstAccountCallGroup' DESC ' Asterisk Account Call Group' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.21 NAME 'AstAccountCanReinvite' DESC 'Asterisk Account Can Reinvite' EQUALITY caseIgnoreMatch SUBSTR caseIgnore SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.22 NAME 'AstAccountDTMFMode' DESC 'A sterisk Account DTMF Flags' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.23 NAME 'AstAccountFromUser' DESC 'A sterisk Account From User' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.24 NAME 'AstAccountFromDomain' DESC 'Asterisk Account From Domain' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.25 NAME 'AstAccountFullContact' DESC 'Asterisk Account Full Contact' EQUALITY caseIgnoreMatch SUBSTR caseIgnore SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.26 NAME 'AstAccountHost' DESC 'Aster isk Account Host' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.27 NAME 'AstAccountInsecure' DESC 'A sterisk Account Insecure' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.28 NAME 'AstAccountNAT' DESC 'Asteri sk Account NAT' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.29 NAME 'AstAccountPickupGroup' DESC 'Asterisk Account PickupGroup' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.30 NAME 'AstAccountPort' DESC 'Aster isk Account Port' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.31 NAME 'AstAccountRestrictCID' DESC 'Asterisk Account Restrict CallerID' EQUALITY caseIgnoreMatch SUBSTR caseI gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.32 NAME 'AstAccountRTPTimeout' DESC 'Asterisk Account RTP Timeout' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.33 NAME 'AstAccountRTPHoldTimeout' D ESC 'Asterisk Account RTP Hold Timeout' EQUALITY caseIgnoreMatch SUBSTR cas eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.34 NAME 'AstAccountRealmedPassword' DESC 'Asterisk Account Realmed Password' EQUALITY caseIgnoreMatch SUBSTR ca seIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.35 NAME 'AstAccountAllowedCodec' DES C 'Asterisk Account Allowed Codec' EQUALITY caseIgnoreMatch SUBSTR caseIgno reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.36 NAME 'AstAccountMusicOnHold' DESC 'Asterisk Account Music On Hold' EQUALITY caseIgnoreMatch SUBSTR caseIgnor eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.37 NAME 'AstAccountCanCallForward' D ESC 'Asterisk Account Can Call Forward' EQUALITY caseIgnoreMatch SUBSTR cas eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.38 NAME 'AstAccountSecret' DESC 'Ast erisk Account Secret' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.39 NAME 'AstAccountName' DESC 'Aster isk Account Username' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.40 NAME 'AstConfigFilename' DESC 'As terisk LDAP Configuration Filename' EQUALITY caseIgnoreMatch SUBSTR caseIgn oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.41 NAME 'AstConfigCategory' DESC 'As terisk LDAP Configuration Category' EQUALITY caseIgnoreMatch SUBSTR caseIgn oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.42 NAME 'AstConfigCategoryMetric' DE SC 'Asterisk LDAP Configuration Category Metric' EQUALITY caseIgnoreMatch S UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.43 NAME 'AstConfigVariableName' DESC 'Asterisk LDAP Configuration Variable Name' EQUALITY caseIgnoreMatch SUBST R caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.44 NAME 'AstConfigVariableValue' DES C 'Asterisk LDAP Configuration Variable Value' EQUALITY caseIgnoreMatch SUB STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.45 NAME 'AstConfigCommented' DESC 'A sterisk LDAP Configuration Commented' EQUALITY caseIgnoreMatch SUBSTR caseI gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.46 NAME 'AstAccountIPAddress' DESC ' Asterisk Account IP Address' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.47 NAME 'AstAccountDefaultUser' DESC 'Asterisk Account Default User' EQUALITY caseIgnoreMatch SUBSTR caseIgnore SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.48 NAME 'AstAccountRegistrationServe r' DESC 'Asterisk Account Registration Server' EQUALITY caseIgnoreMatch SUB STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.49 NAME 'AstAccountLastQualifyMillis econds' DESC 'Asterisk Account Last Qualify Milliseconds' EQUALITY caseIgno reMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.50 NAME 'AstAccountCallLimit' DESC ' Asterisk Account Call Limit' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.51 NAME 'AstVoicemailMailbox' DESC ' Asterisk voicemail mailbox' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.52 NAME 'AstVoicemailPassword' DESC 'Asterisk voicemail password' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.53 NAME 'AstVoicemailFullname' DESC 'Asterisk voicemail fullname' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.54 NAME 'AstVoicemailEmail' DESC 'As terisk voicemail email' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.55 NAME 'AstVoicemailPager' DESC 'As terisk voicemail pager' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.56 NAME 'AstVoicemailOptions' DESC ' Asterisk voicemail options' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.57 NAME 'AstVoicemailTimestamp' DESC 'Asterisk voicemail timestamp' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.58 NAME 'AstVoicemailContext' DESC ' Asterisk voicemail context' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.59 NAME 'AstAccountSubscribeContext' DESC 'Asterisk subscribe context' EQUALITY caseIgnoreMatch SUBSTR caseIgno reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.61 NAME 'AstAccountUserAgent' DESC ' Asterisk account user context' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.62 NAME 'AstAccountLanguage' DESC 'A sterisk account user language' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.63 NAME 'AstAccountTransport' DESC ' Asterisk account transport type' EQUALITY caseIgnoreMatch SUBSTR caseIgnore SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.64 NAME 'AstAccountPromiscRedir' DES C 'Asterisk account promiscous redirects' EQUALITY caseIgnoreMatch SUBSTR c aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.65 NAME 'AstAccountAccountCode' DESC 'Asterisk account billing code' EQUALITY caseIgnoreMatch SUBSTR caseIgnore SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.66 NAME 'AstAccountSetVar' DESC 'Ast erisk account setvar' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.67 NAME 'AstAccountAllowOverlap' DES C 'Asterisk account allow overlap dialing' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.68 NAME 'AstAccountVideoSupport' DES C 'Asterisk account video support' EQUALITY caseIgnoreMatch SUBSTR caseIgno reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.69 NAME 'AstAccountIgnoreSDPVersion' DESC 'Asterisk account ignore SDP version' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.22736.5.4.70 NAME 'AstAccountPathSupport' DESC 'Asterisk account support Path RFC 3327' EQUALITY caseIgnoreMatch SUBSTR c aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.8 NAME 'pgpBaseKeySpaceDN' DESC 'Poin ts to DN of the object that will store the PGP keys.' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.9 NAME 'pgpSoftware' DESC 'pgpSoftwar e attribute for PGP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-OR IGIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.10 NAME 'pgpVersion' DESC 'pgpVersion attribute for PGP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORI GIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.11 NAME 'pgpKey' DESC 'pgpKey attribu te for PGP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Pre tty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.12 NAME 'pgpCertID' DESC 'pgpCertID a ttribute for PGP' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Pr ivacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.13 NAME 'pgpDisabled' DESC 'pgpDisabl ed attribute for PGP' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.14 NAME 'pgpKeyID' DESC 'pgpKeyID att ribute for PGP' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Priv acy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.15 NAME 'pgpKeyType' DESC 'pgpKeyType attribute for PGP' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.16 NAME 'pgpUserID' DESC 'User ID(s) associated with the PGP key.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Pretty Good Pri vacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.17 NAME 'pgpKeyCreateTime' DESC 'pgpK eyCreateTime attribute for PGP' EQUALITY caseIgnoreMatch ORDERING caseIgnor eOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.18 NAME 'pgpSignerID' DESC 'pgpSigner ID attribute for PGP' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Pretty Good Privacy (PG P)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.19 NAME 'pgpRevoked' DESC 'pgpRevoked attribute for PGP' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.20 NAME 'pgpSubKeyID' DESC 'Sub-key I D(s) of the PGP key.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Pretty Good Privacy (PG P)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.21 NAME 'pgpKeySize' DESC 'pgpKeySize attribute for PGP' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMat ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X- ORIGIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.22 NAME 'pgpKeyExpireTime' DESC 'pgpK eyExpireTime attribute for PGP' EQUALITY caseIgnoreMatch ORDERING caseIgnor eOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.6 NAME 'pgpReconData' DESC 'PGP defin ed attributed containing reconstruction data' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.40 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.7 NAME 'pgpReconCertID' DESC 'PGP def ined attribute containing the certID of the key' EQUALITY caseIgnoreMatch S UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE -VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.2 NAME 'pgpElementType' DESC 'PGP def ined attribute containing the type of the pref object' EQUALITY caseIgnoreM atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.3.6.1.4.1.3401.8.2.3 NAME 'pgpData' DESC 'PGP defined at tribute containing the admin pref data' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4 0 SINGLE-VALUE X-ORIGIN 'Pretty Good Privacy (PGP)' ) attributeTypes: ( 1.2.840.113556.1.4.478 NAME 'calCalURI' DESC 'URI to a sna pshot of the users entire default calendar' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALU E ) attributeTypes: ( 1.2.840.113556.1.4.479 NAME 'calFBURL' DESC 'URI to the us ers default free/busy time data' EQUALITY caseIgnoreMatch SUBSTR caseIgnore SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.480 NAME 'calCAPURI' DESC 'URI used to communicate with the users calendar' EQUALITY caseIgnoreMatch SUBSTR caseIg noreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.481 NAME 'calCalAdrURI' DESC 'URI to wh ich event requests should be sent for the user' EQUALITY caseIgnoreMatch SU BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- VALUE ) attributeTypes: ( 1.2.840.113556.1.4.482 NAME 'calOtherCalURIs' DESC 'URIs t o snapshots of non-default calendars belonging to the user' EQUALITY caseIg noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15 ) attributeTypes: ( 1.2.840.113556.1.4.483 NAME 'calOtherFBURLs' DESC 'URIs to non-default free/busy data belonging to the user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.2.840.113556.1.4.484 NAME 'calOtherCAPURIs' DESC 'URIs t o non-default calendars belonging to the user' EQUALITY caseIgnoreMatch SUB STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.2.840.113556.1.4.485 NAME 'calOtherCalAdrURIs' DESC 'URI s of destinations for event requests to non-default calendars' EQUALITY cas eIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 ) attributeTypes: ( 1.3.6.1.4.1.13040.2.1.1 NAME 'hordePrefs' DESC 'Horde Pref erences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1 024} ) attributeTypes: ( 1.3.6.1.4.1.13040.3.1.1 NAME 'impPrefs' DESC 'IMP Preferen ces' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.4.1.1 NAME 'turbaPrefs' DESC 'Turba Pref erences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1 024} ) attributeTypes: ( 1.3.6.1.4.1.13040.4.1.2 NAME 'turbaType' DESC 'Turba Objec t Type: Contact/List' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{8} ) attributeTypes: ( 1.3.6.1.4.1.13040.4.1.3 NAME 'turbaMembers' DESC 'Encoded members of a Turba list' SUP name ) attributeTypes: ( 1.3.6.1.4.1.13040.4.1.4 NAME 'turbaPGPPublicKey' DESC 'PGP /GPG Public Key' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.26{4000} ) attributeTypes: ( 1.3.6.1.4.1.13040.5.1.1 NAME 'kronolithPrefs' DESC 'Kronol ith Preferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.26{1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.6.1.1 NAME 'nagPrefs' DESC 'Nag Preferen ces' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.7.1.1 NAME 'gollemPrefs' DESC 'Gollem Pr eferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 {1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.8.1.1 NAME 'choraPrefs' DESC 'Chora Pref erences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1 024} ) attributeTypes: ( 1.3.6.1.4.1.13040.9.1.1 NAME 'mnemoPrefs' DESC 'Mnemo Pref erences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1 024} ) attributeTypes: ( 1.3.6.1.4.1.13040.10.1.1 NAME 'trollPrefs' DESC 'Troll Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.11.1.1 NAME 'klutzPrefs' DESC 'Klutz Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.12.1.1 NAME 'jonahPrefs' DESC 'Jonah Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.13.1.1 NAME 'hermesPrefs' DESC 'Hermes P references' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 6{1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.14.1.1 NAME 'junoPrefs' DESC 'Juno Prefe rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 24} ) attributeTypes: ( 1.3.6.1.4.1.13040.15.1.1 NAME 'treanPrefs' DESC 'Trean Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.16.1.1 NAME 'whupsPrefs' DESC 'Whups Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.17.1.1 NAME 'ingoPrefs' DESC 'Ingo Prefe rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 24} ) attributeTypes: ( 1.3.6.1.4.1.13040.18.1.1 NAME 'anselPrefs' DESC 'Ansel Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.19.1.1 NAME 'geniePrefs' DESC 'Genie Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.20.1.1 NAME 'scryPrefs' DESC 'Scry Prefe rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 24} ) attributeTypes: ( 1.3.6.1.4.1.13040.21.1.1 NAME 'wickedPrefs' DESC 'Wicked P references' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 6{1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.22.1.1 NAME 'agoraPrefs' DESC 'Agora Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.24.1.1 NAME 'goopsPrefs' DESC 'Goops Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.25.1.1 NAME 'merkPrefs' DESC 'Merk Prefe rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 24} ) attributeTypes: ( 1.3.6.1.4.1.13040.26.1.1 NAME 'mimpPrefs' DESC 'MIMP Prefe rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 24} ) attributeTypes: ( 1.3.6.1.4.1.13040.27.1.1 NAME 'mottlePrefs' DESC 'Mottle P references' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 6{1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.28.1.1 NAME 'nicPrefs' DESC 'NIC Prefere nces' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024 } ) attributeTypes: ( 1.3.6.1.4.1.13040.29.1.1 NAME 'occamPrefs' DESC 'Occam Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.30.1.1 NAME 'odinPrefs' DESC 'Odin Prefe rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 24} ) attributeTypes: ( 1.3.6.1.4.1.13040.31.1.1 NAME 'rakimPrefs' DESC 'Rakim Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.32.1.1 NAME 'seshaPrefs' DESC 'Sesha Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.33.1.1 NAME 'swooshPrefs' DESC 'Swoosh P references' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 6{1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.34.1.1 NAME 'thorPrefs' DESC 'Thor Prefe rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 24} ) attributeTypes: ( 1.3.6.1.4.1.13040.35.1.1 NAME 'ulaformPrefs' DESC 'Ulaform Preferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1 .26{1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.36.1.1 NAME 'volosPrefs' DESC 'Volos Pre ferences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{ 1024} ) attributeTypes: ( 1.3.6.1.4.1.13040.37.1.1 NAME 'jetaPrefs' DESC 'Jeta Prefe rences' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10 24} ) attributeTypes: ( 1.3.6.1.4.1.412.100.1.2.5 NAME 'arrayIndex' DESC 'the inde x of this child' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.101 NAME 'dlmIdentifyingDescriptio n' DESC 'A free-form string providing explanation and details be hind the entries in the dlmOtherIdentifyingInfo attribute.' EQUA LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.112 NAME 'dlmOtherIdentifyingInfo' DESC 'OtherIdentifyingInfo captures additional data, beyond tha t of Tag information, that could be used to identify a Physical Element. One example is bar code data associated with an Element that also has an asset tag. Note that if only bar code data is available and is unique/able to be used as an Element key, this property would be NULL and the bar code data used as the class key, in the Tag property.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.1.2.1 NAME 'orderedCimKeys' DESC 'The model path for the instance (without propagated keys). May be us ed as an RDN' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.1.2.2 NAME 'orderedCimModelPath' DESC 'The model path for the instance (with propagated keys). May be used as an RDN' OBSOLETE EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.103 NAME 'dlmCaption' DESC 'The Ca ption property is a short textual description (oneline string) o f the object.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5{64} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.104 NAME 'dlmDescription' DESC 'Th e Description property provides a textual description of the obje ct.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.105 NAME 'dlmInstallDate' DESC 'A datetime value indicating when the object was installed. A lack of a value does not indicate that the object is not installed.' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-V ALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.106 NAME 'dlmName' DESC 'The Name property defines the label by which the object is known. When su bclassed, the Name property can be overridden to be a Key proper ty.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SIN GLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.107 NAME 'dlmStatus' DESC 'A strin g indicating the current status of the object. Various operation al and non-operational statuses are defined. Operational statuse s are "OK", "Degraded", "Stressed" and "Pred Fail". "Stressed" indicates that the Element is functioning, but needs a ttention. Examples of "Stressed" states are overload, overheate d, etc. The condition "Pred Fail" (failure predicted) indicates that an Element is functioning properly but predicting a failure in the near future. An example is a SMART-enabled hard drive. [...]' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15{10} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.108 NAME 'dlmCreationClassName' DE SC 'CreationClassName indicates the name of the class or the su bclass used in the creation of an instance. When used with the o ther key properties of this class, this property allows all ins tances of this class and its subclasses to be uniquely identifie d.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SING LE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.119 NAME 'dlmNameFormat' DESC 'The System object and its derivatives are Top Level Objects of CIM. They provide the scope for numerous components. Having unique S ystem keys is required. A heuristic can be defined in individual System subclasses to attempt to always generate the same System Name Key. The NameFormat property identifies how the System name was generated, using the subclass" heuristic.' EQUA LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.120 NAME 'dlmPrimaryOwnerContact' DESC 'A string that provides information on how the primary syst em owner can be reached (e.g. phone number, email address, ...). ' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE -VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.121 NAME 'dlmPrimaryOwnerName' DES C 'The name of the primary system owner.' EQUALITY caseIgnoreMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.15{64} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.122 NAME 'dlmRoles' DESC 'An array (bag) of strings that specify the roles this System plays in th e IT-environment. Subclasses of System may override this proper ty to define explicit Roles values. Alternately, a Working Group may describe the heuristics, conventions and guidelines for specifying Roles. For example, for an instance of a netw orking system, the Roles property might contain the string, "Swi tch" or "Bridge".' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.123 NAME 'dlmDedicated' DESC 'Enum eration indicating whether the ComputerSystem is a special-purp ose System (ie, dedicated to a particular use), versus being "ge neral purpose". For example, one could specify that the System i s dedicated to "Print" (value=11) or acts as a "Hub" (value=8). Values are 0="Not Dedicated", 1="Unknown", 2="Other" , 3="Storage", 4="Router", 5="Switch", 6="Layer 3 Switch", 7="Ce ntral Office Switch", 8="Hub", 9="Access Server", 10="Firewall", 11="Print", 12="I/O", 13="Web Caching", 14="Manageme nt"' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.136 NAME 'dlmStartMode' DESC 'Star tMode is a string value indicating whether the Service is automa tically started by a System, Operating System, etc. or only star ted upon request. Value Mapping are "Automatic", "Manual"' EQUA LITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.137 NAME 'dlmStarted' DESC 'Starte d is a boolean indicating whether the Service has been started ( TRUE), or stopped (FALSE).' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALU E ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.139 NAME 'dlmSettingID' DESC 'The identifier by which the Setting object is known.' EQUALITY caseI gnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.159 NAME 'dlmElementSettingElement Ref' DESC 'The ManagedSystemElement. Values of this attribute po int to entries of class dlmManagedSystemElement.' EQUALITY disti nguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.160 NAME 'dlmElementSettingSetting Ref' DESC 'The Setting object associated with the ManagedSystem Element. Values of this attribute point to entries of class dlmS etting.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 12 ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.186 NAME 'dlmMemberOfCollectionCol lectionRef' DESC 'The Collection that aggregates members. Values of this attribute point to entries of class dlmCollection.' EQUALITY dist inguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.412.100.2.2.187 NAME 'dlmMemberOfCollectionMem berRef' DESC 'The aggregated member of the collection. Values of this attribute point to entries of class dlmManagedElement.' EQ UALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.8 NAME 'dlm1FilterListDirection' DESC 'This defines whether the FilterList is used for input, outp ut, or both input and output filtering. All values are used with r espect to the interface for which the FilterList applies. "Not Applicable" (0) is used when there is no direction applicabl e to the FilterList. "Input" (1) is used when the FilterList appli es to packets that are inbound on the related interface. "Output" (2) is used when the FilterList applies to packe ts that are outbound on the related interface. "Both" (3) is used to indicate that the direction is immaterial, e.g., to fi lter on a source subnet regardless of whether the flow is inbound or outbound. "Mirrored" (4) is also applicable to both inbound and outbound flow processing, but indicates that th e filter criteria are applied asymmetrically to traffic in both di rections and, thus, specifies the reversal of source and destination criteria (as opposed to the equality of these criteria as indicated by "Both"). The match conditions in the aggregated FilterEntryBase subclass instances are defined from the pe rspective of outbound flows and applied to inbound flows as well b y reversing the source and destination criteria. So, for example, consider a FilterList with 3 FilterEntries indicating des tination port = 80, and source and destination addresses of a and b, respectively. Then, for the outbound direction, the filter entries match as specified and the mirror (for the inbound di rection) matches on source port = 80 and source and destination ad dresses of b and a, respectively.), Values are "Not Appli cable", "Input", "Output", "Both", "Mirrored"' EQUALITY caseIgnore Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.1 NAME 'dlm1FilterEntryBaseIsNeg ated' DESC 'Boolean indicating that the match condition described in the properties of the FilterEntryBase subclass should be negate d.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.2 NAME 'dlmProtocolType' DESC 'P rotocolType is an enumeration that provides additional information that can be used to help categorize and classify different instan ces of this class. Values are "Unknown", "Other", "IPv4", "IPv6", "IPX", "AppleTalk", "DECnet", "SNA", "CONP", "CLNP", "VINES", "XNS", "ATM", "Frame Relay", "Ethernet", "TokenRing", "FDDI", "Infiniband", "Fibre Channel", "ISDN BRI Endpoint", "ISDN B Chann el Endpoint", "ISDN D Channel Endpoint"' EQUALITY caseIgnoreMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.3 NAME 'dlmOtherTypeDescription' DESC 'A string describing the type of ProtocolEndpoint that this instance is when the Type property of this class (or any of its s ubclasses) is set to "Other". The format of the string inserted in this property should be similar in format to the values defined f or the Type property. This property should be set to NULL when the Type property is any value other than "Other".' EQUALITY caseIgno reMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.4 NAME 'dlmIPAddress' DESC 'The IP address that this ProtocolEndpoint represents, formatted accord ing to the appropriate convention as defined in the AddressType pr operty of this class (e.g., 171.79.6.40).' EQUALITY caseIgnoreMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.5 NAME 'dlmIPSubnetMask' DESC 'T he mask for the IP address of this ProtocolEndpoint, formatted acc ording to the appropriate convention as defined in the AddressType property of this class (e.g., 255.255.252.0).' EQUALITY caseIgnor eMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.6 NAME 'dlmIPAddressType' DESC ' An enumeration that describes the format of the address property. Whenever possible, IPv4-compatible addresses should be used instea d of native IPv6 addresses (see RFC 2373, section 2.5.4). In order to have a consistent format for IPv4 addresses in a mixed IPv4/v6 environment, all IPv4 addresses and both IPv4-compatible IPv6 add resses and IPv4-mapped IPv6 addresses, per RFC 2373, section 2.5.4, should be formatted in standard IPv4 format. However, t his (the 2.2) version of the Network Common Model will not explici tly support mixed IPv4/IPv6 environments. This will be added in a future release. Values are "Unknown", "IPv4", "IPv6".' EQUALITY ca seIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.10126.7.1.3.1.7 NAME 'dlmIPVersionSupport' DES C 'It is not possible to tell from the address alone if a given IP ProtocolEndpoint can support IPv4 and IPv6, or just one of these. This property explicitly defines the support for different version s of IP that this IPProtocolEndpoint has. More implementa tion experience is needed in order to correctly model mixed IPv4/I Pv6 networks; therefore, this version (2.2) of the Network Common Model will not support mixed IPv4/IPv6 environments. This will be looked at further in a future version. Values are "Unknow n", "IPv4 Only", "IPv6 Only".' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.18 NAME 'dlmBiometric' DESC 'Biome tric information used to identify a person. The property value is left null or set to "N/A" for non-human user or a user not u sing biometric information for authentication. Values are 0="N/ A", 1="Other", 2="Facial", 3="Retina", 4="Mark", 5="F inger", 6="Voice", 7="DNA-RNA", 8="EEG".' EQUALITY integerMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.19 NAME 'dlmElementID' DESC 'The E lementID property uniquely specifies the ManagedElement object i nstance that is the user represented by the UsersAccess object i nstance. The ElementID is formatted similarly to a model path except that the property-value pairs are ordered in al phabetical order (US ASCII lexical order).' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.41 NAME 'dlmElementAsUserAnteceden tRef' DESC 'The ManagedElement that has UsersAccess. The value of this attribute points to an entry of class dlm1ManagedElement .' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SIN GLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.42 NAME 'dlmElementAsUserDependent Ref' DESC 'The "owned" UsersAccess. Values of this attribute poi nt to entries of class dlm1UsersAccess.' EQUALITY distinguishedNameMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.57 NAME 'dlmUsersCredentialAnteced entRef' DESC 'The issued credential that may be used. Values of this attribute point to entries of class dlm1Credential.' EQUALI TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.58 NAME 'dlmUsersCredentialDepende ntRef' DESC 'The UsersAccess that has use of a credential. Value s of this attribute point to entries of class dlm1UsersAccess.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.26 NAME 'dlmRemoteID' DESC 'Remote ID is the name by which the user is known at the KDC security ser vice.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} S INGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.28 NAME 'dlmAlgorithm' DESC 'algor ithm names the transformation algorithm, if any, used to protect passwords before use in the protocol. For instance, Kerberos doe sn"t store passwords as the shared secret, but rather, a hash of the password.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.29 NAME 'dlmProtocol' DESC 'protoc ol names the protocol with which the SharedSecret is used.' EQUAL ITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.412.100.4.2.30 NAME 'dlmSecret' DESC 'secret i s the secret known by the Users Access.' EQUALITY caseIgnoreMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.6.2.15 NAME 'pcimRoles' DESC 'RFC 3703: Each val ue of this attribute represents a role-combination.' EQUALITY caseIgnoreMat ch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.1.6.2.3 NAME 'pcimKeywords' DESC 'RFC 3703: A set of keywords to assist directory clients in locating the policy objects appl icable to them.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.1.6.2.4 NAME 'pcimGroupName' DESC 'RFC 3703: The u ser-friendly name of this policy group.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.6.2.5 NAME 'pcimRuleName' DESC 'RFC 3703: The us er-friendly name of this policy rule.' EQUALITY caseIgnoreMatch ORDERING ca seIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.6.2.6 NAME 'pcimRuleEnabled' DESC 'RFC 3703: An integer indicating whether a policy rule is administratively enabled (value =1), disabled (value=2), or enabled for debug (value=3).' EQUALITY integerM atch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN GLE-VALUE ) attributeTypes: ( 1.3.6.1.1.6.2.11 NAME 'pcimRuleUsage' DESC 'RFC 3703: This attribute is a free-form sting providing guidelines on how this policy sho uld be used.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUB STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-V ALUE ) attributeTypes: ( 1.3.6.1.1.6.2.13 NAME 'pcimRuleMandatory' DESC 'RFC 3703: If TRUE, indicates that for this policy rule, the evaluation of its conditi ons and execution of its actions (if the condition is satisfied) is require d.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.6.2.16 NAME 'pcimConditionGroupNumber' DESC 'RFC 3703: The number of the group to which a policy condition belongs. This i s used to form the DNF or CNF expression associated with a policy rule.' EQ UALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.6.2.17 NAME 'pcimConditionNegated' DESC 'RFC 370 3: If TRUE (FALSE), it indicates that a policy condition IS (IS NOT) negate d in the DNF or CNF expression associated with a policy rule.' EQUALITY boo leanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.6.2.18 NAME 'pcimConditionName' DESC 'RFC 3703: A user-friendly name for a policy condition.' EQUALITY caseIgnoreMatch ORDE RING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.6.2.19 NAME 'pcimConditionDN' DESC 'RFC 3703: A DN that references an instance of a reusable policy condition.' EQUALITY di stinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.6.2.23 NAME 'pcimActionOrder' DESC 'RFC 3703: An integer indicating the relative order of an action in the context of a pol icy rule.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.6.2.22 NAME 'pcimActionName' DESC 'RFC 3703: A u ser-friendly name for a policy action.' EQUALITY caseIgnoreMatch ORDERING c aseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.6.2.24 NAME 'pcimActionDN' DESC 'RFC 3703: A DN that references a reusable policy action.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.6.2.36 NAME 'pcimRepositoryName' DESC 'RFC 3703: The user-friendly name of this policy repository.' EQUALITY caseIgnoreMatc h ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.1 NAME 'pcelsPolicySetName' DESC 'RFC 4104: User-friendly name of a policy set' EQUALITY caseIgnoreMatch ORDERING caseI gnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.2 NAME 'pcelsDecisionStrategy' DESC 'RFC 410 4: Evaluation method for the components of a pcelsPolicySet' EQUALITY integ erMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.3 NAME 'pcelsPolicySetList' DESC 'RFC 4104: Unordered set of DNs of pcelsPolicySetAssociation entries' EQUALITY disting uishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.1.9.2.4 NAME 'pcelsPriority' DESC 'RFC 4104: Prior ity of a component' EQUALITY integerMatch ORDERING integerOrderingMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.5 NAME 'pcelsPolicySetDN' DESC 'RFC 4104: DN of a pcelsPolicySet entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.62 NAME 'pcelsRuleValidityPeriodList' DESC ' RFC 4104: Unordered set of DNs of pcimRuleValidityAssociation entries' EQUA LITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.1.9.2.6 NAME 'pcelsConditionListType' DESC 'RFC 41 04: Indicates the type of condition aggregation' EQUALITY integerMatch ORDE RING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.7 NAME 'pcelsConditionList' DESC 'RFC 4104: Unordered set of DNs of pcelsConditionAssociation entries' EQUALITY disting uishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.1.9.2.8 NAME 'pcelsActionList' DESC 'RFC 4104: Uno rdered set of DNs of pcelsActionAssociation entries' EQUALITY distinguished NameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.1.9.2.9 NAME 'pcelsSequencedActions' DESC 'RFC 410 4: Indicates the importance of action sequencing' EQUALITY integerMatch ORD ERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALU E ) attributeTypes: ( 1.3.6.1.1.9.2.10 NAME 'pcelsExecutionStrategy' DESC 'RFC 4 104: Indicates the action execution strategy' EQUALITY integerMatch ORDERIN G integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.11 NAME 'pcelsVariableDN' DESC 'RFC 4104: DN of a pcelsVariable entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.12 NAME 'pcelsValueDN' DESC 'RFC 4104: DN of a pcelsValueAuxClass entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.13 NAME 'pcelsIsMirrored' DESC 'RFC 4104: In dicates whether the mirrored traffic matches' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.14 NAME 'pcelsVariableName' DESC 'RFC 4104: The user-friendly name of a variable.' EQUALITY caseIgnoreMatch ORDERING ca seIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.15 NAME 'pcelsExpectedValueList' DESC 'RFC 4 104: Unordered set of DNs of pcelsValueAuxClass entries representing expected values for a policy variable' EQUALITY distinguishedNameMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.1.9.2.16 NAME 'pcelsVariableModelClass' DESC 'RFC 4104: Identifies a CIM class' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.17 NAME 'pcelsVariableModelProperty' DESC 'R FC 4104: Identifies the property of a CIM class.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.18 NAME 'pcelsExpectedValueTypes' DESC 'RFC 4104: Identifies subclasses of pcelsValueAuxClass by name' EQUALITY caseIgn oreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.1.9.2.19 NAME 'pcelsValueName' DESC 'RFC 4104: The user-friendly name of a value' EQUALITY caseIgnoreMatch ORDERING caseIgnor eOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.20 NAME 'pcelsIPv4AddrList' DESC 'RFC 4104: Unordered set of IPv4 addresses, IPv4 address ranges or hosts' EQUAL ITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.1.9.2.21 NAME 'pcelsIPv6AddrList' DESC 'RFC 4104: Unordered set of IPv6 addresses, IPv6 address ranges or hosts' EQUAL ITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.1.9.2.22 NAME 'pcelsMACAddrList' DESC 'RFC 4104: U nordered set of MAC addresses or MAC address ranges' EQUALITY caseIgnoreMat ch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.1.9.2.23 NAME 'pcelsStringList' DESC 'RFC 4104: Un ordered set of strings with wildcards' EQUALITY caseIgnoreMatch ORDERING ca seIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.1.9.2.24 NAME 'pcelsBitStringList' DESC 'RFC 4104: Unordered set of bit strings or bit string ranges' EQUALITY caseIgnoreMatc h ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.1.9.2.25 NAME 'pcelsIntegerList' DESC 'RFC 4104: U nordered set of integers or integer ranges' EQUALITY caseIgnoreMatch ORDERI NG caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.15 ) attributeTypes: ( 1.3.6.1.1.9.2.26 NAME 'pcelsBoolean' DESC 'RFC 4104: Boole an value' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE- VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.27 NAME 'pcelsReusableContainerName' DESC 'R FC 4104: User-friendly name of a reusable policy container' EQUALITY caseIg noreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.28 NAME 'pcelsReusableContainerList' DESC 'R FC 4104: Unordered set of DNs of pcelsReusableContainer entries' EQUALITY d istinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.1.9.2.29 NAME 'pcelsRole' DESC 'RFC 4104: String r epresenting a role.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMa tch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S INGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.30 NAME 'pcelsRoleCollectionName' DESC 'RFC 4104: User-friendly name of a role collection' EQUALITY caseIgnoreMatch ORD ERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.31 NAME 'pcelsElementList' DESC 'RFC 4104: U nordered set of managed elements' EQUALITY distinguishedNameMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.1.9.2.32 NAME 'pcelsFilterName' DESC 'RFC 4104: Us er-friendly name of a filter entry' EQUALITY caseIgnoreMatch ORDERING caseI gnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.33 NAME 'pcelsFilterIsNegated' DESC 'RFC 410 4: Indicates whether the filter is negated' EQUALITY booleanMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.34 NAME 'pcelsIPHdrVersion' DESC 'RFC 4104: IP version' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.35 NAME 'pcelsIPHdrSourceAddress' DESC 'RFC 4104: Source IP address' EQUALITY octetStringMatch ORDERING octetStringOrde ringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.36 NAME 'pcelsIPHdrSourceAddressEndOfRange' DESC 'RFC 4104: End of a range of source IP addresses' EQUALITY octetString Match ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.4 0 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.37 NAME 'pcelsIPHdrSourceMask' DESC 'RFC 410 4: Mask to be used in comparing the source IP address' EQUALITY octetString Match ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.4 0 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.38 NAME 'pcelsIPHdrDestAddress' DESC 'RFC 41 04: Destination IP address' EQUALITY octetStringMatch ORDERING octetStringO rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.39 NAME 'pcelsIPHdrDestAddressEndOfRange' DE SC 'RFC 4104: End of a range of destination IP addresses' EQUALITY octetStr ingMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.40 NAME 'pcelsIPHdrDestMask' DESC 'RFC 4104: Mask to be used in comparing the destination IP address' EQUALITY octetStr ingMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.41 NAME 'pcelsIPHdrProtocolID' DESC 'RFC 410 4: IP protocol type' EQUALITY integerMatch ORDERING integerOrderingMatch SY NTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.42 NAME 'pcelsIPHdrSourcePortStart' DESC 'RF C 4104: Lower end of a range of UDP or TCP source ports' EQUALITY integerMa tch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING LE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.43 NAME 'pcelsIPHdrSourcePortEnd' DESC 'RFC 4104: Upper end of a range of UDP or TCP source ports' EQUALITY integerMatc h ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE -VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.44 NAME 'pcelsIPHdrDestPortStart' DESC 'RFC 4104: Lower end of a range of UDP or TCP destination ports' EQUALITY intege rMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S INGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.45 NAME 'pcelsIPHdrDestPortEnd' DESC 'RFC 41 04: Upper end of a range of UDP or TCP destination ports' EQUALITY integerM atch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN GLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.46 NAME 'pcelsIPHdrDSCPList' DESC 'RFC 4104: DSCP values' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 1.3.6.1.1.9.2.47 NAME 'pcelsIPHdrFlowLabel' DESC 'RFC 4104 : IP flow label' EQUALITY octetStringMatch ORDERING octetStringOrderingMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.48 NAME 'pcels8021HdrSourceMACAddress' DESC 'RFC 4104: Source MAC address' EQUALITY octetStringMatch ORDERING octetStri ngOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.49 NAME 'pcels8021HdrSourceMACMask' DESC 'RF C 4104: Source MAC address mask' EQUALITY octetStringMatch ORDERING octetSt ringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.50 NAME 'pcels8021HdrDestMACAddress' DESC 'R FC 4104: Destination MAC address' EQUALITY octetStringMatch ORDERING octetS tringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.51 NAME 'pcels8021HdrDestMACMask' DESC 'RFC 4104: Destination MAC address mask' EQUALITY octetStringMatch ORDERING octe tStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.52 NAME 'pcels8021HdrProtocolID' DESC 'RFC 4 104: Ethernet protocol ID' EQUALITY integerMatch ORDERING integerOrderingMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 1.3.6.1.1.9.2.53 NAME 'pcels8021HdrPriority' DESC 'RFC 410 4: 802.1Q priority' EQUALITY integerMatch ORDERING integerOrderingMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 1.3.6.1.1.9.2.54 NAME 'pcels8021HdrVLANID' DESC 'RFC 4104: 802.1Q VLAN ID' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 1.3.6.1.1.9.2.55 NAME 'pcelsFilterListName' DESC 'RFC 4104 : User-friendly name of a FilterList' EQUALITY caseIgnoreMatch ORDERING cas eIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.56 NAME 'pcelsFilterDirection' DESC 'RFC 410 4: Direction to which this filter is applied' EQUALITY integerMatch ORDERIN G integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.57 NAME 'pcelsFilterEntryList' DESC 'RFC 410 4: Unordered set of DNs of pcelsFilterEntryBase entries' EQUALITY distingui shedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.1.9.2.58 NAME 'pcelsVendorVariableData' DESC 'RFC 4104: Mechanism for representing variables that have not been specif ically modeled' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.3.6.1.1.9.2.59 NAME 'pcelsVendorVariableEncoding' DESC ' RFC 4104: Identifies the format and semantics for policy variables' EQUALIT Y objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.1.9.2.60 NAME 'pcelsVendorValueData' DESC 'RFC 410 4: Mechanism for representing values that have not been specifically modeled' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.3.6.1.1.9.2.61 NAME 'pcelsVendorValueEncoding' DESC 'RFC 4104: Identifies the format and semantics for policy values' EQUALITY obje ctIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.7924.2.1.1.1 NAME 'demailMaxAuthLevel' DESC 'd escribes the maximum authentification the person is capable of (NORMAL/HIGH /VERY HIGH)' SUP name SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s ) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.146 6.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) imp ersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.26 ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.26 ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group( s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466 .115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.8 NAME 'sudoNotBefore' DESC 'Start o f time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.9 NAME 'sudoNotAfter' DESC 'End of t ime interval for which the entry is valid' EQUALITY generalizedTimeMatch OR DERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.10 NAME 'sudoOrder' DESC 'an integer to order the sudoRole entries' EQUALITY integerMatch ORDERING integerOrder ingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' DESC 'M ANDATORY: OpenSSH Public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.40 ) attributeTypes: ( 1.3.6.1.4.1.34380.1.1.3.10 NAME 'puppetClass' DESC 'Puppet Node Class' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. 26 ) attributeTypes: ( 1.3.6.1.4.1.34380.1.1.3.9 NAME 'parentNode' DESC 'Puppet P arent Node' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 6 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.34380.1.1.3.11 NAME 'environment' DESC 'Puppet Node Environment' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115. 121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.34380.1.1.3.12 NAME 'puppetVar' DESC 'A variab le setting for puppet' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466. 115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.29426.2.2.1.1 NAME 'DKIMSelector' DESC 'Select or name associated with DKIM signing key' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.29426.2.2.1.2 NAME 'DKIMKey' DESC 'DKIM signin g key' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SING LE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.29426.2.2.1.3 NAME 'DKIMIdentity' DESC 'The Ag ent or User Identifier (AUID)' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4. 1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.29426.2.2.1.4 NAME 'DKIMDomain' DESC 'DKIM sen der domain' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.19937.1.1.1 NAME 'quota' DESC 'Quotas (FileSys tem:BlocksSoft,BlocksHard,InodesSoft,InodesHard)' EQUALITY caseIgnoreIA5Mat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} ) attributeTypes: ( 1.3.6.1.3.1.1.1.1.2.1 NAME 'tacacsClient' DESC 'Valid clie nt address range for this user, in CIDR notation' EQUALITY caseExactIA5Matc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{20} ) attributeTypes: ( 1.3.6.1.3.1.1.1.1.2.2 NAME 'tacacsMember' DESC 'Tacacs gro up membership' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1 .26{40} ) attributeTypes: ( 1.3.6.1.3.1.1.1.1.2.3 NAME 'tacacsProfile' DESC 'Tacacs us er profile' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 {1024} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.3.1.1.1.1.2.8 NAME 'tacacsFlag' DESC 'Arbitrary te xt, may be used by LDAP filters' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1. 4.1.1466.115.121.1.26{40} ) attributeTypes: ( 1.3.6.1.4.1.3.8.1.1.1 NAME 'cmusaslsecretCRAM-MD5' DESC 'P rehashed password as described in CRAM-MD5' EQUALITY octetStringMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.40{32} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.3.8.1.1.2 NAME 'cmusaslsecretDIGEST-MD5' DESC 'Shared secret for DIGEST-MD5' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.40{16} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.3.8.1.1.3 NAME 'cmusaslsecretOTP' DESC 'OTP se cret' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.3.6.1.4.1.3.8.1.1.4 NAME 'cmusaslsecretSRP' DESC 'base64 encoded SRP secret' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.40 ) attributeTypes: ( 1.3.6.1.4.1.3.8.1.1.5 NAME 'cmusaslsecretPLAIN' DESC 'PLAI N secret' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributeTypes: ( 1.3.6.1.4.1.31103.1.1 NAME 'fedfsUuid' DESC 'A UUID used b y NSDB' EQUALITY uuidMatch ORDERING uuidOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.4 NAME 'fedfsFsnUuid' DESC 'The FSN UU ID component of an FSN' SUP fedfsUuid SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.11 NAME 'fedfsFsnTTL' DESC 'Time to li ve of an FSN tree' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.14 NAME 'fedfsNceDN' DESC 'NCE Disting uished Name' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.12 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.8 NAME 'fedfsFslUuid' DESC 'UUID of an FSL' SUP fedfsUuid SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.12 NAME 'fedfsAnnotation' DESC 'Annota tion of an object' SUP name ) attributeTypes: ( 1.3.6.1.4.1.31103.1.13 NAME 'fedfsDescr' DESC 'Description of an object' SUP name ) attributeTypes: ( 1.3.6.1.4.1.31103.1.120 NAME 'fedfsNfsURI' DESC 'Location of fileset' SUP labeledURI SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.103 NAME 'fedfsNfsCurrency' DESC 'up-t o-date measure of the data' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.104 NAME 'fedfsNfsGenFlagWritable' DES C 'Indicates if the file system is writable' EQUALITY booleanMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.105 NAME 'fedfsNfsGenFlagGoing' DESC ' Indicates if the file system is going' EQUALITY booleanMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.106 NAME 'fedfsNfsGenFlagSplit' DESC ' Indicates if there are multiple file systems' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.107 NAME 'fedfsNfsTransFlagRdma' DESC 'Indicates if the transport supports RDMA' EQUALITY booleanMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.108 NAME 'fedfsNfsClassSimul' DESC 'Th e simultaneous-use class of the file system' EQUALITY integerMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.109 NAME 'fedfsNfsClassHandle' DESC 'T he handle class of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.110 NAME 'fedfsNfsClassFileid' DESC 'T he fileid class of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.111 NAME 'fedfsNfsClassWritever' DESC 'The write-verifier class of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.112 NAME 'fedfsNfsClassChange' DESC 'T he change class of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.113 NAME 'fedfsNfsClassReaddir' DESC ' The readdir class of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.114 NAME 'fedfsNfsReadRank' DESC 'The read rank of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.115 NAME 'fedfsNfsReadOrder' DESC 'The read order of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.116 NAME 'fedfsNfsWriteRank' DESC 'The write rank of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.117 NAME 'fedfsNfsWriteOrder' DESC 'Th e write order of the file system' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.118 NAME 'fedfsNfsVarSub' DESC 'Indica tes if variable substitution is present' EQUALITY booleanMatch SYNTAX 1.3.6 .1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.31103.1.19 NAME 'fedfsNfsValidFor' DESC 'Valid for time' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGL E-VALUE ) attributeTypes: ( 0.0.8.350.1.1.1.1.1 NAME 'commURI' DESC 'Labeled URI forma t to point to the distinguished name of the commUniqueId' EQUALITY caseExac tMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 0.0.8.350.1.1.2.1.1 NAME 'commUniqueId' DESC 'To hold the endpoints unique Id' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 0.0.8.350.1.1.2.1.2 NAME 'commOwner' DESC 'Labeled URI to point back to the original owner' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15 ) attributeTypes: ( 0.0.8.350.1.1.2.1.3 NAME 'commPrivate' DESC 'To decide whe ther the entry is visible to world or not' SYNTAX 1.3.6.1.4.1.1466.115.121. 1.26 ) attributeTypes: ( 0.0.8.350.1.1.6.1.1 NAME 'SIPIdentitySIPURI' DESC 'Univers al Resource Indicator of the SIP UA' EQUALITY caseExactMatch SUBSTR caseExa ctSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 0.0.8.350.1.1.6.1.2 NAME 'SIPIdentityRegistrarAddress' DES C 'specifies the location of the registrar' EQUALITY caseIgnoreIA5Match SYN TAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 0.0.8.350.1.1.6.1.3 NAME 'SIPIdentityProxyAddress' DESC 'S pecifies the location of the SIP Proxy' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 0.0.8.350.1.1.6.1.4 NAME 'SIPIdentityAddress' DESC 'IP add ress of the UA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121 .1.26 ) attributeTypes: ( 0.0.8.350.1.1.6.1.5 NAME 'SIPIdentityPassword' DESC 'The u ser agent SIP password ' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.40 ) attributeTypes: ( 0.0.8.350.1.1.6.1.6 NAME 'SIPIdentityUserName' DESC 'The u ser agent user name.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeTypes: ( 0.0.8.350.1.1.6.1.7 NAME 'SIPIdentityServiceLevel' DESC 'T o define services that a user can belong to.' EQUALITY caseIgnoreIA5Match S UBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.1 NAME 'radiusArapFeatures' EQUALI TY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.2 NAME 'radiusArapSecurity' EQUALI TY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.3 NAME 'radiusArapZoneAccess' EQUA LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.44 NAME 'radiusAuthType' DESC 'con trolItem: Auth-Type' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.4 NAME 'radiusCallbackId' DESC 're plyItem: Callback-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.5 NAME 'radiusCallbackNumber' DESC 'replyItem: Callback-Number' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4. 1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.6 NAME 'radiusCalledStationId' DES C 'controlItem: Called-Station-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 .1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.7 NAME 'radiusCallingStationId' DE SC 'controlItem: Calling-Station-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3 .6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.8 NAME 'radiusClass' DESC 'replyIt em: Class' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.45 NAME 'radiusClientIPAddress' EQ UALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.9 NAME 'radiusFilterId' DESC 'repl yItem: Filter-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.10 NAME 'radiusFramedAppleTalkLink ' DESC 'replyItem: Framed-AppleTalk-Link' EQUALITY caseIgnoreIA5Match SYNTA X 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.11 NAME 'radiusFramedAppleTalkNetw ork' DESC 'replyItem: Framed-AppleTalk-Network' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.12 NAME 'radiusFramedAppleTalkZone ' DESC 'replyItem: Framed-AppleTalk-Zone' EQUALITY caseIgnoreIA5Match SYNTA X 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.13 NAME 'radiusFramedCompression' DESC 'replyItem: Framed-Compression' EQUALITY caseIgnoreIA5Match SYNTAX 1.3 .6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.14 NAME 'radiusFramedIPAddress' DE SC 'replyItem: Framed-IP-Address' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6. 1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.15 NAME 'radiusFramedIPNetmask' DE SC 'replyItem: Framed-IP-Netmask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6. 1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.16 NAME 'radiusFramedIPXNetwork' D ESC 'replyItem: Framed-IPX-Network' EQUALITY caseIgnoreIA5Match SYNTAX 1.3. 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.17 NAME 'radiusFramedMTU' DESC 're plyItem: Framed-MTU' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.18 NAME 'radiusFramedProtocol' DES C 'replyItem: Framed-Protocol' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 .1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.19 NAME 'radiusFramedRoute' DESC ' replyItem: Framed-Route' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.146 6.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.20 NAME 'radiusFramedRouting' DESC 'replyItem: Framed-Routing' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 .1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.46 NAME 'radiusGroupName' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.47 NAME 'radiusHint' EQUALITY case IgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.48 NAME 'radiusHuntgroupName' EQUA LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.21 NAME 'radiusIdleTimeout' DESC ' replyItem: Idle-Timeout' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.146 6.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.22 NAME 'radiusLoginIPHost' DESC ' replyItem: Login-IP-Host' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.14 66.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.23 NAME 'radiusLoginLATGroup' DESC 'replyItem: Login-LAT-Group' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4. 1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.24 NAME 'radiusLoginLATNode' DESC 'replyItem: Login-LAT-Node' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1. 1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.25 NAME 'radiusLoginLATPort' DESC 'replyItem: Login-LAT-Port' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1. 1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.26 NAME 'radiusLoginLATService' DE SC 'replyItem: Login-LAT-Service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6. 1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.27 NAME 'radiusLoginService' DESC 'replyItem: Login-Service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.28 NAME 'radiusLoginTCPPort' DESC 'replyItem: Login-TCP-Port' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1. 1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.29 NAME 'radiusPasswordRetry' EQUA LITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.30 NAME 'radiusPortLimit' DESC 're plyItem: Port-Limit' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.49 NAME 'radiusProfileDN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.31 NAME 'radiusPrompt' EQUALITY ca seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.50 NAME 'radiusProxyToRealm' EQUAL ITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.51 NAME 'radiusReplicateToRealm' D ESC 'control:Replicate-To-Realm' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1 .4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.52 NAME 'radiusRealm' EQUALITY cas eIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.32 NAME 'radiusServiceType' DESC ' replyItem: Service-Type' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.146 6.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.33 NAME 'radiusSessionTimeout' DES C 'replyItem: Session-Timeout' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 .1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.34 NAME 'radiusTerminationAction' DESC 'replyItem: Termination-Action' EQUALITY caseIgnoreIA5Match SYNTAX 1.3 .6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.35 NAME 'radiusTunnelAssignmentId' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.36 NAME 'radiusTunnelMediumType' E QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.37 NAME 'radiusTunnelPassword' EQU ALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.38 NAME 'radiusTunnelPreference' E QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.39 NAME 'radiusTunnelPrivateGroupI d' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.40 NAME 'radiusTunnelServerEndpoin t' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.41 NAME 'radiusTunnelType' EQUALIT Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.42 NAME 'radiusVSA' EQUALITY caseI gnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.43 NAME 'radiusTunnelClientEndpoin t' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.53 NAME 'radiusSimultaneousUse' DE SC 'controlItem: Simultaneous-Use' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN GLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.54 NAME 'radiusLoginTime' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.55 NAME 'radiusUserCategory' EQUAL ITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.56 NAME 'radiusStripUserName' SYNT AX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.57 NAME 'dialupAccess' EQUALITY ca seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.58 NAME 'radiusExpiration' DESC 'c ontrolItem: Expiration' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466 .115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.59 NAME 'radiusAttribute' DESC 'co ntrolItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.61 NAME 'radiusNASIpAddress' EQUAL ITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.62 NAME 'radiusReplyMessage' DESC 'replyItem: Reply-Message' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.63 NAME 'radiusControlAttribute' D ESC 'controlItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 .1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.64 NAME 'radiusReplyAttribute' DES C 'replyItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.146 6.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.65 NAME 'radiusRequestAttribute' D ESC 'requestItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 .1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.1 NAME 'radiusClientIdentifier' DESC 'Client Identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.2 NAME 'radiusClientSecret' DESC 'Client Secret' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.3 NAME 'radiusClientShortname' D ESC 'Client Shortname' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.4 NAME 'radiusClientVirtualServe r' DESC 'VirtualServer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.5 NAME 'radiusClientType' DESC ' Client Type' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.6 NAME 'radiusClientRequireMa' D ESC 'Require Message Authenticator' EQUALITY booleanMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.7 NAME 'radiusClientComment' DES C 'Client comment' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.15 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.2 NAME 'dateOfBirth' DESC 'Date o f birth (format YYYY-MM-DD, see ISO 8601)' EQUALITY caseExactIA5Match SUBST R caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{10} SING LE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.12 NAME 'birthPlace' DESC 'Place of birth' SUP l SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.14 NAME 'birthName' DESC 'Last na me at time of birth, e.g. maiden name' SUP sn SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.7 NAME 'gender' DESC 'Representat ion of human sex (see ISO 5218)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.27{1} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.9 NAME 'businessTitle' DESC 'Busi ness title describing the kind of job a person does' SUP title ) attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.15 NAME 'academicTitle' DESC 'Aca demic title a person is allowed to use' SUP title ) attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.10 NAME 'nickName' DESC 'A nick n ame of a person' SUP name ) attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.11 NAME 'euVATId' DESC 'value add ed tax ID of company within EU' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1. 4.1.1466.115.121.1.26{20} ) attributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.13 NAME 'labeledBICandIBAN' DESC 'international bank arrangement consisting of BIC, IBAN and optional label (format: "BIC:,IBAN:#